JNDIRealm why performing two queries against AD

Fri, 10 Mar 2006 02:19:36 -0800 

Sorry I try it again with a better formatted mail. Hope for answers

Hi there 
I authenticate my users against Active directory Windows 2003. 

This is the configuration:
  <Realm  name="TEST_Realm" 
   className="org.apache.catalina.realm.JNDIRealm" debug="99"
                        connectionName="CN=query,OU=Ressourcen,DC=xx,DC=xxx"
                        connectionPassword="xxx"
                        connectionURL="ldap://172.27.17.100:389"; 
                        referrals="follow"                       
                        userBase="DC=xxx,DC=xxx"
                        userSubtree="true" 
                        userSearch="sAMAccountName={0}"
                        userRoleName="memeberOf"

        />     

 

It works. 
But when I take a look with Etherreal, I See the following:

I would expect the communication to finish after frame 6. (After the bind
with the User credentials)
explain what happen in frame 7 to 10 ? 


Thx  


Frame 1 (113 bytes on wire, 113 bytes captured)
Ethernet II, Src: 00:30:05:4e:31:1d, Dst: 00:03:47:9b:28:84
Internet Protocol, Src Addr: 172.27.20.69 (172.27.20.69), Dst Addr:
172.27.17.100 (172.27.17.100)
Transmission Control Protocol, Src Port: 4400 (4400), Dst Port: ldap (389),
Seq: 0, Ack: 0, Len: 59
Lightweight Directory Access Protocol, Bind Request
    Message Id: 5
    Message Type: Bind Request (0x00)
    Message Length: 52
    Response In: 2
    Version: 3
    DN: CN=query,OU=Ressourcen,DC=xxf,DC=xx
    Auth Type: Simple (0x00)
    Password: xxx

 

Frame 2 (76 bytes on wire, 76 bytes captured)
Ethernet II, Src: 00:03:47:9b:28:84, Dst: 00:30:05:4e:31:1d
Internet Protocol, Src Addr: 172.27.17.100 (172.27.17.100), Dst Addr:
172.27.20.69 (172.27.20.69)
Transmission Control Protocol, Src Port: ldap (389), Dst Port: 4400 (4400),
Seq: 0, Ack: 59, Len: 22
Lightweight Directory Access Protocol, Bind Result
    Message Id: 5
    Message Type: Bind Result (0x01)
    Message Length: 7
    Response To: 1
    Time: 0.001871000 seconds
    Result Code: Success (0x00)
    Matched DN: (null)
    Error Message: (null)
 

Frame 3 (130 bytes on wire, 130 bytes captured)
Ethernet II, Src: 00:30:05:4e:31:1d, Dst: 00:03:47:9b:28:84
Internet Protocol, Src Addr: 172.27.20.69 (172.27.20.69), Dst Addr:
172.27.17.100 (172.27.17.100)
Transmission Control Protocol, Src Port: 4400 (4400), Dst Port: ldap (389),
Seq: 59, Ack: 22, Len: 76
Lightweight Directory Access Protocol, Search Request
    Message Id: 6
    Message Type: Search Request (0x03)
    Message Length: 69
    Response In: 4
    Base DN: DC=xx,DC=xx
    Scope: Subtree (0x02)
    Dereference: Always (0x03)
    Size Limit: 0
    Time Limit: 0
    Attributes Only: False
    Filter: (sAMAccountName=tschw)
    Attribute: memberOf
 

Frame 4 (857 bytes on wire, 857 bytes captured)
Ethernet II, Src: 00:03:47:9b:28:84, Dst: 00:30:05:4e:31:1d
Internet Protocol, Src Addr: 172.27.17.100 (172.27.17.100), Dst Addr:
172.27.20.69 (172.27.20.69)
Transmission Control Protocol, Src Port: ldap (389), Dst Port: 4400 (4400),
Seq: 22, Ack: 135, Len: 803
Lightweight Directory Access Protocol, Search Entry
    Message Id: 6
    Message Type: Search Entry (0x04)
    Message Length: 700
    Response To: 3
    Time: 0.001568000 seconds
    Distinguished Name: CN=xx,OU=User SHL,OU=xx,DC=xxDC=xx
    Attribute: memberOf
Lightweight Directory Access Protocol, Search Result Reference
    Message Id: 6
    Message Type: Search Result Reference (0x13)
    Message Length: 51
    Response To: 3
    Time: 0.001568000 seconds
    Reference URL: ldap://xx/CN=Configuration,DC=xx,DC=xx
Lightweight Directory Access Protocol, Search Result
    Message Id: 6
    Message Type: Search Result (0x05)
    Message Length: 7
    Response To: 3
    Time: 0.001568000 seconds
    Result Code: Success (0x00)
    Matched DN: (null)
    Error Message: (null)
 
Frame 5 (138 bytes on wire, 138 bytes captured)
Ethernet II, Src: 00:30:05:4e:31:1d, Dst: 00:03:47:9b:28:84
Internet Protocol, Src Addr: 172.27.20.69 (172.27.20.69), Dst Addr:
172.27.17.100 (172.27.17.100)
Transmission Control Protocol, Src Port: 4400 (4400), Dst Port: ldap (389),
eq: 135, Ack: 825, Len: 84
Lightweight Directory Access Protocol, Bind Request
    Message Id: 7
    Message Type: Bind Request (0x00)
    Message Length: 77
    Response In: 6
    Version: 3
    DN: CN=xx,OU=xx,OU=xxn,DC=xx,DC=xx
    Auth Type: Simple (0x00)
    Password: xxxx
 
Frame 6 (76 bytes on wire, 76 bytes captured)
Ethernet II, Src: 00:03:47:9b:28:84, Dst: 00:30:05:4e:31:1d
Internet Protocol, Src Addr: 172.27.17.100 (172.27.17.100), Dst Addr:
172.27.20.69 (172.27.20.69)
Transmission Control Protocol, Src Port: ldap (389), Dst Port: 4400 (4400),
Seq: 825, Ack: 219, Len: 22
Lightweight Directory Access Protocol, Bind Result
    Message Id: 7
    Message Type: Bind Result (0x01)
    Message Length: 7
    Response To: 5
    Time: 0.002342000 seconds
    Result Code: Success (0x00)
    Matched DN: (null)
    Error Message: (null)
 
Frame 7 (93 bytes on wire, 93 bytes captured)
Ethernet II, Src: 00:30:05:4e:31:1d, Dst: 00:03:47:9b:28:84
Internet Protocol, Src Addr: 172.27.20.69 (172.27.20.69), Dst Addr:
172.27.17.100 (172.27.17.100)

Transmission Control Protocol, Src Port: 4400 (4400), Dst Port: ldap (389),
Seq: 219, Ack: 847, Len: 39
Lightweight Directory Access Protocol, Search Request
    Message Id: 8
    Message Type: Search Request (0x03)
    Message Length: 32
    Response In: 8
    Base DN: (null)
    Scope: Base (0x00)
    Dereference: Always (0x03)
    Size Limit: 0
    Time Limit: 0
    Attributes Only: False
    Filter: (objectClass=*)
 
Frame 8 (1514 bytes on wire, 1514 bytes captured)
Ethernet II, Src: 00:03:47:9b:28:84, Dst: 00:30:05:4e:31:1d
Internet Protocol, Src Addr: 172.27.17.100 (172.27.17.100), Dst Addr:
172.27.20.69 (172.27.20.69)
Transmission Control Protocol, Src Port: ldap (389), Dst Port: 4400 (4400),
Seq: 847, Ack: 258, Len: 1460
Lightweight Directory Access Protocol, Search Entry
   Message Id: 8
    Message Type: Search Entry (0x04)
    Message Length: 1827
    Response To: 7
    Time: 0.001069000 seconds
   Distinguished Name: (null)
    Attribute: currentTime
    Attribute: subschemaSubentry
    Attribute: dsServiceName
    Attribute: namingContexts
    Attribute: defaultNamingContext
    Attribute: schemaNamingContext
    Attribute: configurationNamingContext
    Attribute: rootDomainNamingContext
    Attribute: supportedControl
    Attribute: supportedLDAPVersion
    Attribute: supportedLDAPPolicies
    Attribute: highestCommittedUSN
    Attribute: supportedSASLMechanisms
[Short Frame: LDAP]
 
Frame 9 (458 bytes on wire, 458 bytes captured)

Ethernet II, Src: 00:03:47:9b:28:84, Dst: 00:30:05:4e:31:1d
Internet Protocol, Src Addr: 172.27.17.100 (172.27.17.100), Dst Addr:
172.27.20.69 (172.27.20.69)
Transmission Control Protocol, Src Port: ldap (389), Dst Port: 4400 (4400),
Seq: 2307, Ack: 258, Len: 404
Lightweight Directory Access Protocol, Search Result
    Message Id: 8
    Message Type: Search Result (0x05)
    Message Length: 7
    Result Code: Success (0x00)
    Matched DN: (null)
    Error Message: (null)


Frame 10 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: 00:30:05:4e:31:1d, Dst: 00:03:47:9b:28:84
Internet Protocol, Src Addr: 172.27.20.69 (172.27.20.69), Dst Addr:
172.27.17.100 (172.27.17.100)
Transmission Control Protocol, Src Port: 4400 (4400), Dst Port: ldap (389),
Seq: 258, Ack: 2711, Len: 0  
 
 
 

 

 

 



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to