JNDIRealm why performing two queries against AD

Thomas Schwitter Thu, 09 Mar 2006 01:20:53 -0800

Hi there 

I authenticate my users against Active directory Windows 2003.


 

This is the configuration:

 

             

      <Realm  name="TEST_Realm" 

                        className="org.apache.catalina.realm.JNDIRealm"
debug="99"

                        connectionName="CN=query,OU=Ressourcen,DC=xx,DC=xxx"

                        connectionPassword="xxx"

                        connectionURL="ldap://172.27.17.100:389"; 

                        referrals="follow"                       

                        userBase="DC=xxx,DC=xxx"

                        userSubtree="true" 

                        userSearch="sAMAccountName={0}"


                        userRoleName="memeberOf"

 

        />     

 

It works. but when I take a look with Etherreal I See the following :

I would expect the communication to finish after frame 6. Can someone
explain what happen in frame 7 to 10 ? 

 

Thx  

 

 

 

Frame 1 (113 bytes on wire, 113 bytes captured)

Ethernet II, Src: 00:30:05:4e:31:1d, Dst: 00:03:47:9b:28:84

Internet Protocol, Src Addr: 172.27.20.69 (172.27.20.69), Dst Addr:
172.27.17.100 (172.27.17.100)

Transmission Control Protocol, Src Port: 4400 (4400), Dst Port: ldap (389),
Seq: 0, Ack: 0, Len: 59

Lightweight Directory Access Protocol, Bind Request

    Message Id: 5

    Message Type: Bind Request (0x00)

    Message Length: 52

    Response In: 2

    Version: 3

    DN: CN=query,OU=Ressourcen,DC=xxf,DC=xx

    Auth Type: Simple (0x00)

    Password: xxx

 

Frame 2 (76 bytes on wire, 76 bytes captured)

Ethernet II, Src: 00:03:47:9b:28:84, Dst: 00:30:05:4e:31:1d

Internet Protocol, Src Addr: 172.27.17.100 (172.27.17.100), Dst Addr:
172.27.20.69 (172.27.20.69)

Transmission Control Protocol, Src Port: ldap (389), Dst Port: 4400 (4400),
Seq: 0, Ack: 59, Len: 22

Lightweight Directory Access Protocol, Bind Result

    Message Id: 5

    Message Type: Bind Result (0x01)

    Message Length: 7

    Response To: 1

    Time: 0.001871000 seconds

    Result Code: Success (0x00)

    Matched DN: (null)

    Error Message: (null)

 

Frame 3 (130 bytes on wire, 130 bytes captured)

Ethernet II, Src: 00:30:05:4e:31:1d, Dst: 00:03:47:9b:28:84

Internet Protocol, Src Addr: 172.27.20.69 (172.27.20.69), Dst Addr:
172.27.17.100 (172.27.17.100)

Transmission Control Protocol, Src Port: 4400 (4400), Dst Port: ldap (389),
Seq: 59, Ack: 22, Len: 76

Lightweight Directory Access Protocol, Search Request

    Message Id: 6

    Message Type: Search Request (0x03)

    Message Length: 69

    Response In: 4

    Base DN: DC=xx,DC=xx

    Scope: Subtree (0x02)

    Dereference: Always (0x03)

    Size Limit: 0

    Time Limit: 0

    Attributes Only: False

    Filter: (sAMAccountName=tschw)

    Attribute: memberOf

 

Frame 4 (857 bytes on wire, 857 bytes captured)

Ethernet II, Src: 00:03:47:9b:28:84, Dst: 00:30:05:4e:31:1d

Internet Protocol, Src Addr: 172.27.17.100 (172.27.17.100), Dst Addr:
172.27.20.69 (172.27.20.69)

Transmission Control Protocol, Src Port: ldap (389), Dst Port: 4400 (4400),
Seq: 22, Ack: 135, Len: 803

Lightweight Directory Access Protocol, Search Entry

    Message Id: 6

    Message Type: Search Entry (0x04)

    Message Length: 700

    Response To: 3

    Time: 0.001568000 seconds

    Distinguished Name: CN=xx,OU=User SHL,OU=xx,DC=xxDC=xx

    Attribute: memberOf

Lightweight Directory Access Protocol, Search Result Reference

    Message Id: 6

    Message Type: Search Result Reference (0x13)

    Message Length: 51

    Response To: 3

    Time: 0.001568000 seconds

    Reference URL: ldap://xx/CN=Configuration,DC=xx,DC=xx

Lightweight Directory Access Protocol, Search Result

    Message Id: 6

    Message Type: Search Result (0x05)

    Message Length: 7

    Response To: 3

    Time: 0.001568000 seconds

    Result Code: Success (0x00)

    Matched DN: (null)

    Error Message: (null)

 

Frame 5 (138 bytes on wire, 138 bytes captured)

Ethernet II, Src: 00:30:05:4e:31:1d, Dst: 00:03:47:9b:28:84

Internet Protocol, Src Addr: 172.27.20.69 (172.27.20.69), Dst Addr:
172.27.17.100 (172.27.17.100)

Transmission Control Protocol, Src Port: 4400 (4400), Dst Port: ldap (389),
Seq: 135, Ack: 825, Len: 84

Lightweight Directory Access Protocol, Bind Request

    Message Id: 7

    Message Type: Bind Request (0x00)

    Message Length: 77

    Response In: 6

    Version: 3

    DN: CN=xx,OU=xx,OU=xxn,DC=xx,DC=xx

    Auth Type: Simple (0x00)

    Password: xxxx

 

Frame 6 (76 bytes on wire, 76 bytes captured)

Ethernet II, Src: 00:03:47:9b:28:84, Dst: 00:30:05:4e:31:1d

Internet Protocol, Src Addr: 172.27.17.100 (172.27.17.100), Dst Addr:
172.27.20.69 (172.27.20.69)

Transmission Control Protocol, Src Port: ldap (389), Dst Port: 4400 (4400),
Seq: 825, Ack: 219, Len: 22

Lightweight Directory Access Protocol, Bind Result

    Message Id: 7

    Message Type: Bind Result (0x01)

    Message Length: 7

    Response To: 5

    Time: 0.002342000 seconds

    Result Code: Success (0x00)

    Matched DN: (null)

    Error Message: (null)

 

Frame 7 (93 bytes on wire, 93 bytes captured)

Ethernet II, Src: 00:30:05:4e:31:1d, Dst: 00:03:47:9b:28:84

Internet Protocol, Src Addr: 172.27.20.69 (172.27.20.69), Dst Addr:
172.27.17.100 (172.27.17.100)

Transmission Control Protocol, Src Port: 4400 (4400), Dst Port: ldap (389),
Seq: 219, Ack: 847, Len: 39

Lightweight Directory Access Protocol, Search Request

    Message Id: 8

    Message Type: Search Request (0x03)

    Message Length: 32

    Response In: 8

    Base DN: (null)

    Scope: Base (0x00)

    Dereference: Always (0x03)

    Size Limit: 0

    Time Limit: 0

    Attributes Only: False

    Filter: (objectClass=*)

 

Frame 8 (1514 bytes on wire, 1514 bytes captured)

Ethernet II, Src: 00:03:47:9b:28:84, Dst: 00:30:05:4e:31:1d

Internet Protocol, Src Addr: 172.27.17.100 (172.27.17.100), Dst Addr:
172.27.20.69 (172.27.20.69)

Transmission Control Protocol, Src Port: ldap (389), Dst Port: 4400 (4400),
Seq: 847, Ack: 258, Len: 1460

Lightweight Directory Access Protocol, Search Entry

    Message Id: 8

    Message Type: Search Entry (0x04)

    Message Length: 1827

    Response To: 7

    Time: 0.001069000 seconds

    Distinguished Name: (null)

    Attribute: currentTime

    Attribute: subschemaSubentry

    Attribute: dsServiceName

    Attribute: namingContexts

    Attribute: defaultNamingContext

    Attribute: schemaNamingContext

    Attribute: configurationNamingContext

    Attribute: rootDomainNamingContext

    Attribute: supportedControl

    Attribute: supportedLDAPVersion

    Attribute: supportedLDAPPolicies

    Attribute: highestCommittedUSN

    Attribute: supportedSASLMechanisms

[Short Frame: LDAP]

 

Frame 9 (458 bytes on wire, 458 bytes captured)

Ethernet II, Src: 00:03:47:9b:28:84, Dst: 00:30:05:4e:31:1d

Internet Protocol, Src Addr: 172.27.17.100 (172.27.17.100), Dst Addr:
172.27.20.69 (172.27.20.69)

Transmission Control Protocol, Src Port: ldap (389), Dst Port: 4400 (4400),
Seq: 2307, Ack: 258, Len: 404

Lightweight Directory Access Protocol, Search Result

    Message Id: 8

    Message Type: Search Result (0x05)

    Message Length: 7

    Result Code: Success (0x00)

    Matched DN: (null)

    Error Message: (null)

 

Frame 10 (54 bytes on wire, 54 bytes captured)

Ethernet II, Src: 00:30:05:4e:31:1d, Dst: 00:03:47:9b:28:84

Internet Protocol, Src Addr: 172.27.20.69 (172.27.20.69), Dst Addr:
172.27.17.100 (172.27.17.100)

Transmission Control Protocol, Src Port: 4400 (4400), Dst Port: ldap (389),
Seq: 258, Ack: 2711, Len: 0

JNDIRealm why performing two queries against AD

Reply via email to