After some further investigation I saw the follwing... If my user is in the first directory i'm binding to then the result. getName() (JNDIRealm.java 1079) statement returns CN=dasquery,OU=Herisau-AR-NET and everything works as expected.
If the user is found in a referral domain than the same statement returns ldap://teufen.ar-net.ch:389/CN=Test-Query,OU=Benutzer,DC=teufen, DC=ar-net,DC=ch. this result is not parsable as the exception says. But for me it is a correct answer from Ad with referral=follow. Is this a bug in JNDIRealm?? ----Ursprüngliche Nachricht---- Von: [EMAIL PROTECTED] Datum: 31.10.2006 15:14 An: "Tomcat Users List"<users@tomcat.apache.org>, <[EMAIL PROTECTED] ch> Betreff: Re: JNDIRealm exception Hello can we please see the statements leading up to NameParser.parse() method call are you able to ldapsearch using DC and OU parameters without CN? M- This e-mail communication and any attachments may contain confidential and privileged information for the use of the designated recipients named above. If you are not the intended recipient, you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it or its contents ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <users@tomcat.apache.org> Sent: Tuesday, October 31, 2006 7:00 AM Subject: JNDIRealm exception > Problem with JNDIRealm > > > > I successfully authenticate my users against active Directory > (single domain). But now I have a setup with trusted domains and the > authentication fails with the following exception. > > Everything is working fine if my user is in the domain ar-net. ch. > > Now I want to authenticate a user in the Domain teufen.ar-net. ch. > As I see with Ethereal, referrals are followed and the user is found. > But the user is not authenticated and the log shows the following > exception. > > Tomcat server is 5.5.15 and java is 1.5.0_06 > > > > Thank you for any clue > > > > > > Exception performing authentication > > javax.naming.InvalidNameException: Invalid name: ldap: > > at javax.naming.ldap.Rfc2253Parser.doParse(Unknown > Source) > > at javax.naming.ldap.Rfc2253Parser.parseDn(Unknown > Source) > > at javax.naming.ldap.LdapName.parse(Unknown Source) > > at javax.naming.ldap.LdapName.<init>(Unknown Source) > > at com.sun.jndi.ldap.LdapNameParser.parse(Unknown > Source) > > at org.apache.catalina.realm.JNDIRealm. getUserBySearch > (JNDIRealm.java:1079) > > at org.apache.catalina.realm.JNDIRealm.getUser > (JNDIRealm.java:958) > > at org.apache.catalina.realm.JNDIRealm.authenticate > (JNDIRealm.java:907) > > at org.apache.catalina.realm.JNDIRealm.authenticate > (JNDIRealm.java:808) > > at org.apache.catalina.authenticator. FormAuthenticator. > authenticate(FormAuthenticator.java:257) > > at org.apache.catalina.authenticator. AuthenticatorBase. > invoke(AuthenticatorBase.java:416) > > at org.apache.catalina.core.StandardHostValve.invoke > (StandardHostValve.java:126) > > at org.apache.catalina.valves.ErrorReportValve.invoke > (ErrorReportValve.java:105) > > at org.apache.catalina.core.StandardEngineValve. invoke > (StandardEngineValve.java:107) > > at org.apache.catalina.connector.CoyoteAdapter. service > (CoyoteAdapter.java:148) > > at org.apache.coyote.http11.Http11Processor.process > (Http11Processor.java:869) > > at org.apache.coyote.http11. > Http11BaseProtocol$Http11ConnectionHandler.processConnection > (Http11BaseProtocol.java:667) > > at org.apache.tomcat.util.net.PoolTcpEndpoint. > processSocket(PoolTcpEndpoint.java:527) > > at org.apache.tomcat.util.net. > LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java: 80) > > at org.apache.tomcat.util.threads. > ThreadPool$ControlRunnable.run(ThreadPool.java:684) > > at java.lang.Thread.run(Unknown Source) > > 31.10.2006 08:57:59 org.apache.catalina.realm.JNDIRealm close > > > > Here is the config? > > > > <Realm name="myrealm" > > className="org.apache.catalina.realm.JNDIRealm" debug="99" > > connectionName="CN=dasquery,OU=Herisau-AR-NET,DC=ar-net,DC=ch" > > connectionPassword="not public" > > connectionURL="ldap://s1.ar-net.ch:389"; > > userBase="DC=ar-net,DC=ch" > > userSubtree="true" > > userSearch="userPrincipalName= > {0}" > > roleName="cn" > > roleSearch="(member={0})" > > roleBase="OU=DASGROUPS,OU=Herisau-AR-NET,DC=ar-net,DC=ch" > > referrals="follow" > > /> > > > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
