Hi, The user I bind cannot check user's passwords but it can browse the LDAP tree and see all the available users. I have used ldap.exe with the same connection/bind and can traverse the LDAP tree. As far as after the initial connection is made, no I don't see any packets or new connections after j_security_check is called.
Thanks, Vaughne On Wed, Feb 22, 2012 at 3:47 PM, John Renne <j...@gniffelnieuws.net> wrote: >> I do know that I am successfully binding to the LDAP server when >> Tomcat starts. If I change "mypassword" to an invalid password then I >> get a ConnectException due to the connection being refused. I also see >> this connection using a network monitoring tool - it is initiated at >> startup and then persists until Tomcat is shut down. >> > > Is the user you bind with to LDAP allowed to check other user's passwords? I > think it's common practice to supply specific bind-users which have this role. > >> After the initial connection is made, I don't see any packets being >> sent to the LDAP server. > > You actually don't see packets or no new connections? > > John > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
