-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Brandon,
On 2/3/2011 5:36 PM, Brandon DuRette wrote:
> One of our customers had configured JNDIRealm to authenticate against Active
> Directory using the userPattern="DOMAIN/{0}". This was working great with
> Tomcat 6.0.20 (with my patch for 42579 applied (IIRC, the first time it was
> applied in the trunk it was misapplied)). However, when we upgraded to
> 6.0.29 this began failing:
>
> javax.naming.InvalidNameException: DOMAIN\username: [LDAP: error code 34 -
> 0000208F: LdapErr: DSID-0C090654, comment: Error processing name, data 0,
> vece ]; remaining name 'DOMAIN\username
>
> I've gone through the code trying to figure out if anything has changed in
> JNDIRealm that would affect this, but I couldn't see anything. Has anyone
> had success with this configuration or have any idea what might be causing
> this error?
Take a look at the Changelog: there have been a number of changes to the
JNDIRealm betwene 6.0.20 and 6.0.29, including this one:
"
Various JNDI realm improvements for Active Directory. These include the
ability to specify a default role, optional handling for nested roles
and an option to ignore PartialResultExceptions (markt).
"
Unfortunately, there's no bug number listed and no revision number
mentioned, either, so you might have to dig through the svn logs to find
the appropriate update and see what changed.
I did notice this one, too:
"
Provide debug logging for JNDI lookups. (markt)
"
Have you enabled debug logging for JNDI lookups? It's not clear from the
description if this is for JNDIRealm or for other types of JNDI lookups
(like for DataSources).
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk1MPLMACgkQ9CaO5/Lv0PCgpgCfTaWNpySyRyl8JyOo9GLEFx3w
rpsAnRtx6+uzyjgq9p/7J5RyanySy3cq
=NBfe
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
