I am using Tomcat 5.5.12 and OpenLDAP 2.3.20. I have the following in
my server.xml:
<Realm className="org.apache.catalina.realm.JNDIRealm"
debug="99"
connectionURL="ldap://localhost.localdomain:389";
userBase="dc=nico,dc=com"
userSubtree="true"
userSearch="uid={0}"
userRoleName="givenName"
/>
I am using basic authentication with LDAP. I want to know if I'm
sending my password over in the clear. I configured my OpenLDAP server
to require LDAPv3. I can't find a definitive answer about whether
LDAPv3 by default uses SASL, or what Tomcat uses by default (from
source, it appears not to set Context.SECURITY_AUTHENTICATION at all.
I tried to set it to "DIGEST-MD5" and adding connectionUser and
connectionPassword, but when Tomcat calls open() before bindAsUser(), I get:
Mar 29, 2006 11:11:51 AM org.apache.catalina.realm.JNDIRealm open
WARNING: Exception performing authentication
javax.naming.AuthenticationException: [LDAP: error code 49 - SASL(-13):
user not found: no secret in database]
I used tcpdump and which revealed strings for the uid of the user I'm
logging as, and for the root DN, but I didn't see a password (which
doesn't mean it's not there).
Am I sending the password in the clear? If so, how can I tell tomcat to
use SASL and get it to work? Or should I just configure OpenLDAP over
SSL and use ldaps? There are so many "secure" configurations around;
I'm having trouble figuring out how many and which ones I need.
-Kim.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
