Yes you are right. And I find I misused the <user-data-constraint> element
which prevented me from accessing the login page. I have changed it and can now
access the login page.
I mimic the realm in tomcat wiki and wrote the bellow:
<Realm
authentication="simple"
className="org.apache.catalina.realm.JNDIRealm"
connectionName="cn=tomcat,o=University,c=World"
connectionPassword="cscw"
connectionURL="ldap://172.16.55.167:3268";
debug="99"
referrals="follow"
roleBase="cn=Roles,o=University,c=World"
roleName="cn"
roleSearch="(member={0})"
roleSubtree="true"
userBase="o=University,c=World"
userSearch="(sAMAccountName={0})"
userSubtree="true"/>
But the login still fails without printing any error.. I wrote a piece of code
JNDIClient to access the same "admin" account and got the right
InitialDirContext. Don't know why...
And a curious part is that my AD entry has no "sAMAccountName" property. I
changed this to "CN={0}" and "userPrincipalName={0}" and also failed to pass
the authentication.
On Nov 30, 2010, at 12:29 PM, Caldarale, Charles R wrote:
>> From: long hong [mailto:longhong1...@gmail.com]
>> Subject: Re: authentication fail (JNDI Realm with Tomcat )
>
>> the web root context of my web app is "/fs".
>
> As I suspected. Again, remove the /fs from the <url-pattern>; the webapp
> name is never part of any <url-pattern> in web.xml.
>
> - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you received
> this in error, please contact the sender and delete the e-mail and its
> attachments from all computers.
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
