My guess is that you need to direct the LDAP URL at the ADS "global
catalog", which oddly enough is not on port 389...
Brian Bonner wrote:
We're having a problem authenticating with Tomcat 5.5.9 against
multiple organizational units. Our LDAP server is Active Directory.
Here's our current setup:
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="3"
connectionURL="ldap://ldapdc.thf.net:389";
userBase="dc=thf,dc=net"
userPattern="|((cn={0},ou=Users,dc=thf,dc=net)(cn={0},ou=THFUsers,dc=thf,dc=net))"
userSearch="(cn={0})"
userSubTree="true"
userRoleName="memberOf"
roleBase="cn=Users,dc=thf,dc=net"
roleSearch="(member={0})"
roleName="cn"
connectionName="cn=SecuredUser,cn=Users,dc=thf,dc=net"
connectionPassword="sample"
roleSubtree="true"
/>
When we search using this criteria, we see the following in the log:
CA 2005-10-17 11:16:31,283 Thread-1 DEBUG
org.apache.catalina.realm.RealmBase - Register Realm
Catalina:type=Realm
CA 2005-10-17 11:16:44,767 http-8080-Processor25 DEBUG
org.apache.catalina.realm.RealmBase - Checking constraint
'SecurityConstraint[Secured Pages]' against GET /secured/test.html -->
true
CA 2005-10-17 11:16:44,767 http-8080-Processor25 DEBUG
org.apache.catalina.realm.RealmBase - Checking constraint
'SecurityConstraint[Secured Pages]' against GET /secured/test.html -->
true
CA 2005-10-17 11:16:44,767 http-8080-Processor25 DEBUG
org.apache.catalina.realm.RealmBase - User data constraint has no
restrictions
However, instead, I'm prompted with the authentication form and asked
for my userid/password.
Can someone suggest what I might be doing wrong in this configuration,
or how I can enable additional logging to tell me what is failing?
Thanks.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
