> The user I bind cannot check user's passwords but it can browse the > LDAP tree and see all the available users. I have used ldap.exe with > the same connection/bind and can traverse the LDAP tree. > As far as after the initial connection is made, no I don't see any > packets or new connections after j_security_check is called. >
I'm definitely not and LDAP expert, but would it be possible it's checked beforehand if the user is allowed to check passwords (perform a bind-as if I remember well) and therefor the authentication requests won't be sent (as in, the user ain't allowed to do so anyway) John --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
