LDAP connection issue

2012-02-22 Thread vbw 
Hi all,

I am having trouble using FORM based authentication against an LDAP server.

I have configured my web.xml and server.xml and created a Login.jsp
page and can can successfully authenticate against a simple
tomcat-users.xml file.  Therefore I am confident my basic
configurations are okay and my login page is good.  Everything behaves
as expected.  Users are authenticated, authorized, errors are
forwarded appropriately, etc.


However, when I change my server.xml to use LDAP it appears that the
user credentials are not being sent to the LDAP server (Microsoft
Active Directory).

Here is the realm definition from the server.xml, which is defined
under the Catalina service (and is the only configured realm):
ldap://corp.mycompany.net:389";
   userPattern="uid={0},ou='standard
users',ou=users,ou=mycompany,dc=corp,dc=mycompanycorp,dc=net"
   roleBase="dc=corp,dc=mycompanycorp,dc=net"
   roleName="cn"
   roleSearch="memberUid={1}"/>

I do know that I am successfully binding to the LDAP server when
Tomcat starts. If I change "mypassword" to an invalid password then I
get a ConnectException due to the connection being refused. I also see
this connection using a network monitoring tool - it is initiated at
startup and then persists until Tomcat is shut down.

After the initial connection is made, I don't see any packets being
sent to the LDAP server. I've tried using both basic and form
authentication. Here's the web.xml snippet for form authentication:



  MyApplication
  /Dashboard/*
  GET
  POST


  Role1
  Role2

  
  
Role1
  
  
Role2
  
  
FORM

  /Login.jsp
 /Login.jsp?authError=login

  

I have spent hours researching and I can't see where I am going wrong.
 The LDAP connection, user and role information in the server.xml seem
correct.  However, no matter what I key in on the login page I get
back a 404 Page error - user is not authenticated.

I can't understand why I can connect to the LDAP server at server
startup but cannot authenticate users.  Can anyone give me any ideas?

Any help would be much appreciated!

Thanks in advance,
Vaughne

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: LDAP connection issue

2012-02-22 Thread vbw 
Hi,
The user I bind cannot check user's passwords but it can browse the
LDAP tree and see all the available users.  I have used ldap.exe with
the same connection/bind and can traverse the LDAP tree.
As far as after the initial connection is made, no I don't see any
packets or new connections after j_security_check is called.

Thanks,
Vaughne

On Wed, Feb 22, 2012 at 3:47 PM, John Renne  wrote:
>> I do know that I am successfully binding to the LDAP server when
>> Tomcat starts. If I change "mypassword" to an invalid password then I
>> get a ConnectException due to the connection being refused. I also see
>> this connection using a network monitoring tool - it is initiated at
>> startup and then persists until Tomcat is shut down.
>>
>
> Is the user you bind with to LDAP allowed to check other user's passwords? I 
> think it's common practice to supply specific bind-users which have this role.
>
>> After the initial connection is made, I don't see any packets being
>> sent to the LDAP server.
>
> You actually don't see packets or no new connections?
>
> John
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org