My ads is on port 389 Robyne K. Vaughn
_____ -----Original Message----- From: Jess Holle [mailto:[EMAIL PROTECTED] Sent: Monday, October 17, 2005 9:45 AM To: Tomcat Users List Subject: Re: Authenticating with LDAP against multiple organizational units My guess is that you need to direct the LDAP URL at the ADS "global catalog", which oddly enough is not on port 389... Brian Bonner wrote: >We're having a problem authenticating with Tomcat 5.5.9 against >multiple organizational units. Our LDAP server is Active Directory. > >Here's our current setup: > ><Realm className="org.apache.catalina.realm.JNDIRealm" debug="3" > connectionURL="ldap://ldapdc.thf.net:389"; > userBase="dc=thf,dc=net" > userPattern="|((cn={0},ou=Users,dc=thf,dc=net)(cn={0},ou=THFUsers,dc=thf ,dc=net))" > userSearch="(cn={0})" > userSubTree="true" > userRoleName="memberOf" > roleBase="cn=Users,dc=thf,dc=net" > roleSearch="(member={0})" > roleName="cn" > connectionName="cn=SecuredUser,cn=Users,dc=thf,dc=net" > connectionPassword="sample" > roleSubtree="true" >/> > >When we search using this criteria, we see the following in the log: > >CA 2005-10-17 11:16:31,283 Thread-1 DEBUG >org.apache.catalina.realm.RealmBase - Register Realm >Catalina:type=Realm CA 2005-10-17 11:16:44,767 http-8080-Processor25 >DEBUG >org.apache.catalina.realm.RealmBase - Checking constraint >'SecurityConstraint[Secured Pages]' against GET /secured/test.html --> >true CA 2005-10-17 11:16:44,767 http-8080-Processor25 DEBUG >org.apache.catalina.realm.RealmBase - Checking constraint >'SecurityConstraint[Secured Pages]' against GET /secured/test.html --> >true >CA 2005-10-17 11:16:44,767 http-8080-Processor25 DEBUG >org.apache.catalina.realm.RealmBase - User data constraint has no >restrictions > > >However, instead, I'm prompted with the authentication form and asked >for my userid/password. > >Can someone suggest what I might be doing wrong in this configuration, >or how I can enable additional logging to tell me what is failing? > >Thanks. > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
