Thanks. It turns out the problem was related to the userPattern:
I had: |((cn={0},ou=Users,dc=thf,dc=net)(cn={0},ou=THFUsers,dc=thf,dc=net))
I had one two many sets of parentheses. I needed:
|(cn={0},ou=Users,dc=thf,dc=net)(cn={0},ou=THFUsers,dc=thf,dc=net)
and it worked fine.
Brian
On 10/17/05, Robyne Vaughn <[EMAIL PROTECTED]> wrote:
>
>
> In fact, it sounds like you are connecting to the ADS, and now you need
> to bind.
> Robyne Vaughn
>
> _____
>
>
>
> -----Original Message-----
> From: Jess Holle [mailto:[EMAIL PROTECTED]
> Sent: Monday, October 17, 2005 9:45 AM
> To: Tomcat Users List
> Subject: Re: Authenticating with LDAP against multiple organizational
> units
>
>
> My guess is that you need to direct the LDAP URL at the ADS "global
> catalog", which oddly enough is not on port 389...
>
> Brian Bonner wrote:
>
> >We're having a problem authenticating with Tomcat 5.5.9 against
> >multiple organizational units. Our LDAP server is Active Directory.
> >
> >Here's our current setup:
> >
> ><Realm className="org.apache.catalina.realm.JNDIRealm" debug="3"
> > connectionURL="ldap://ldapdc.thf.net:389";
> > userBase="dc=thf,dc=net"
> >
> userPattern="|((cn={0},ou=Users,dc=thf,dc=net)(cn={0},ou=THFUsers,dc=thf
> ,dc=net))"
> > userSearch="(cn={0})"
> > userSubTree="true"
> > userRoleName="memberOf"
> > roleBase="cn=Users,dc=thf,dc=net"
> > roleSearch="(member={0})"
> > roleName="cn"
> > connectionName="cn=SecuredUser,cn=Users,dc=thf,dc=net"
> > connectionPassword="sample"
> > roleSubtree="true"
> >/>
> >
> >When we search using this criteria, we see the following in the log:
> >
> >CA 2005-10-17 11:16:31,283 Thread-1 DEBUG
> >org.apache.catalina.realm.RealmBase - Register Realm
> >Catalina:type=Realm CA 2005-10-17 11:16:44,767 http-8080-Processor25
> >DEBUG
> >org.apache.catalina.realm.RealmBase - Checking constraint
> >'SecurityConstraint[Secured Pages]' against GET /secured/test.html -->
> >true CA 2005-10-17 11:16:44,767 http-8080-Processor25 DEBUG
> >org.apache.catalina.realm.RealmBase - Checking constraint
> >'SecurityConstraint[Secured Pages]' against GET /secured/test.html -->
> >true
> >CA 2005-10-17 11:16:44,767 http-8080-Processor25 DEBUG
> >org.apache.catalina.realm.RealmBase - User data constraint has no
> >restrictions
> >
> >
> >However, instead, I'm prompted with the authentication form and asked
> >for my userid/password.
> >
> >Can someone suggest what I might be doing wrong in this configuration,
> >or how I can enable additional logging to tell me what is failing?
> >
> >Thanks.
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: [EMAIL PROTECTED]
> >For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
