Yes you are right. And I find I misused the <user-data-constraint> element which prevented me from accessing the login page. I have changed it and can now access the login page.
I mimic the realm in tomcat wiki and wrote the bellow: <Realm authentication="simple" className="org.apache.catalina.realm.JNDIRealm" connectionName="cn=tomcat,o=University,c=World" connectionPassword="cscw" connectionURL="ldap://172.16.55.167:3268" debug="99" referrals="follow" roleBase="cn=Roles,o=University,c=World" roleName="cn" roleSearch="(member={0})" roleSubtree="true" userBase="o=University,c=World" userSearch="(sAMAccountName={0})" userSubtree="true"/> But the login still fails without printing any error.. I wrote a piece of code JNDIClient to access the same "admin" account and got the right InitialDirContext. Don't know why... And a curious part is that my AD entry has no "sAMAccountName" property. I changed this to "CN={0}" and "userPrincipalName={0}" and also failed to pass the authentication. On Nov 30, 2010, at 12:29 PM, Caldarale, Charles R wrote: >> From: long hong [mailto:longhong1...@gmail.com] >> Subject: Re: authentication fail (JNDI Realm with Tomcat ) > >> the web root context of my web app is "/fs". > > As I suspected. Again, remove the /fs from the <url-pattern>; the webapp > name is never part of any <url-pattern> in web.xml. > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you received > this in error, please contact the sender and delete the e-mail and its > attachments from all computers. > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org