Fwd: Authenticating with LDAP against multiple organizational units

Mon, 17 Oct 2005 08:44:42 -0700 

I forgot to add.

If I use only a single organizational unit and specify this in the
user base, it works OK.

i.e.


<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
             connectionURL="ldap://ldapdc.thf.net:389";
        userBase="ou=THFUsers,dc=thf,dc=net"
        userSearch="(cn={0})"
        userRoleName="memberOf"
        roleBase="cn=Users,dc=thf,dc=net"
        roleSearch="(member={0})"
        roleName="cn"
        connectionName="cn=SecuredUser,cn=Users,dc=thf,dc=net"
        connectionPassword="sample"
        roleSubtree="true"
/>

The role (StaffBoard) is located in cn=Users,dc=thf,dc=net.

Thanks,

Brian

---------- Forwarded message ----------
From: Brian Bonner <[EMAIL PROTECTED]>
Date: Oct 17, 2005 11:27 AM
Subject: Authenticating with LDAP against multiple organizational units
To: users@tomcat.apache.org


We're having a problem authenticating with Tomcat 5.5.9 against
multiple organizational units.  Our LDAP server is Active Directory.

Here's our current setup:

<Realm className="org.apache.catalina.realm.JNDIRealm" debug="3"
            connectionURL="ldap://ldapdc.thf.net:389";
       userBase="dc=thf,dc=net"
       
userPattern="|((cn={0},ou=Users,dc=thf,dc=net)(cn={0},ou=THFUsers,dc=thf,dc=net))"
       userSearch="(cn={0})"
       userSubTree="true"
       userRoleName="memberOf"
       roleBase="cn=Users,dc=thf,dc=net"
       roleSearch="(member={0})"
       roleName="cn"
       connectionName="cn=SecuredUser,cn=Users,dc=thf,dc=net"
       connectionPassword="sample"
       roleSubtree="true"
/>

When we search using this criteria, we see the following in the log:

CA 2005-10-17 11:16:31,283 Thread-1           DEBUG
org.apache.catalina.realm.RealmBase  - Register Realm
Catalina:type=Realm
CA 2005-10-17 11:16:44,767 http-8080-Processor25 DEBUG
org.apache.catalina.realm.RealmBase  -   Checking constraint
'SecurityConstraint[Secured Pages]' against GET /secured/test.html -->
true
CA 2005-10-17 11:16:44,767 http-8080-Processor25 DEBUG
org.apache.catalina.realm.RealmBase  -   Checking constraint
'SecurityConstraint[Secured Pages]' against GET /secured/test.html -->
true
CA 2005-10-17 11:16:44,767 http-8080-Processor25 DEBUG
org.apache.catalina.realm.RealmBase  -   User data constraint has no
restrictions


However, instead, I'm prompted with the authentication form and asked
for my userid/password.

Can someone suggest what I might be doing wrong in this configuration,
or how I can enable additional logging to tell me what is failing?

Thanks.

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to