Active Directory authentication

[Jill Han]

  

Hi,

I tried to configure tomcat to authenticate against active directory.
Here is the relevant part in server.xml

 

<Realm className="org.apache.catalina.realm.JNDIRealm"

              debug="99"

              connectionName="ad...@tst.mycollege.edu"

              connectionPassword="adminpassword"

              connectionURL="ldap://tst.mycollege.edu:389";

              userBase="DC=tst,DC=mycollege,DC=edu"

              userSearch="(sAMAccountName={0})"

              userRoleName="memberof"

              roleBase="DC=tst,DC=mycollege,DC=edu"

              roleName="cn"

              roleSearch="(uniqueMember={0})"

              userSubtree="true"

              roleSubtree="false"

      />

In the web.xml

...

<security-constraint>

    .....

    <auth-constraint>

      <role-name>OU=EMP,dc=tst,DC=mycollege,DC=edu</role-name>

    </auth-constraint>

  </security-constraint>

 

  <login-config>

    <auth-method>BASIC</auth-method>

    <realm-name>NEWS</realm-name>

  </login-config>

 

  <security-role>

    <role-name>OU=EMP,dc=tst,DC=mycollege,DC=edu</role-name>

  </security-role>

...

The login window will prompt when you access the site, however no
login/password will be accepted, in the log file,

 

Jun 15, 2010 7:14:53 AM org.apache.catalina.realm.JNDIRealm authenticate

SEVERE: Exception performing authentication

javax.naming.PartialResultException: Unprocessed Continuation
Reference(s); remaining name 'DC=tst,DC=mycollege,DC=edu'

        at
com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2763)

        at
com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2737)

        at
com.sun.jndi.ldap.LdapNamingEnumeration.getNextBatch(LdapNamingEnumerati
on.java:129)

        at
com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeratio
n.java:198)

        at
com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(LdapNamingEnumeration.ja
va:171)

        at
org.apache.catalina.realm.JNDIRealm.getUserBySearch(JNDIRealm.java:1067)

        at
org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:958)

        at
org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:907)

        at
org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:808)

        at
org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicA
uthenticator.java:180)

        at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authenticator
Base.java:490)

        at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java
:126)

        at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java
:105)

        at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.
java:107)

        at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:1
48)

        at
org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:199)

        at
org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:282)

        at
org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:754)

        at
org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:
684)

        at
org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.
java:876)

        at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool
.java:684)

        at java.lang.Thread.run(Thread.java:595)

I don't know what could go wrong, AD setup on active directory site, or
the properties in the server.xml. 

Thanks for your help as always,

 

Jill