-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Neil,
On 3/15/12 1:05 PM, Neil Munro wrote: > <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" > connectionURL="ldap://my.ldap.server.com" > alternateURL="ldap://my.ldap.server.com" userPattern="uid={0},ou=my > company users,dc=mycompany,dc=com" /> > The "debug" attribute does not exist any more. Were you following some kind of old example? I think you may need roleBase, roleName, and roleSearch attributes to have a prayer of making this work. Also, with no userSearch parameter, you are instructing the realm to connect in "bind" mode where the user's credentials are used directly to bind to the LDAP server. Is this appropriate? You might want to re-read this section of the realm-howto: http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html#JNDIRealm Can you run any queries against the LDAP server outside of Tomcat that give you results that you might expect? For instance, can you do a search of the LDAP tree for a particular user? What does that query look like? When you do that search, are you using anonymous bind or are you using user bind? If user, which user? Some administrative user or the user whose credentials should be checked? > <login-config> <auth-method>FORM</auth-method> <form-login-config> > <form-login-page>/login.jsp</form-login-page> > <form-error-page>/fail_login.jsp</form-error-page> > </form-login-config> </login-config> That looks just fine: configuring the credential-gathering system is usually trivial. It's configuring the authentication system that is usually the problem. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk9iM+sACgkQ9CaO5/Lv0PBhjQCePnWAoRuPgmLUnVt1p3sR/SBt 8vwAnib22g8tvT/PpyN2FfUE5Gs7+OVP =9g6k -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org