Okay, I figured out the problem.
My password had some the '$' characters in it. Originally, back in 5.0, to get this to work, I had to escape the '$' with another '$'. It looks like this 'problem' has been 'fixed' in 5.5. So in summary, if you had a 5.0 password of "$imple" then you had to use "$$imple" in you realm definition. But for 5.5 you just use "$imple" in your realm definition, as there is no need to escape the dollar sign. Hope this helps other who may encounter this problem. |)ave -----Original Message----- From: David Owens Sent: Monday, March 21, 2005 10:41 AM To: 'tomcat-user@jakarta.apache.org' Subject: LDAP/JNDI Realm Tomcat 5.0 vs 5.5 I am doing some investigation into upgrading from our Tomcat 5.0.x servers to Tomcat 5.5.x and I am trying to get everything working. In the old tomcat 5.0.x I was able to create a realm which authenticated against our ADS server. However, I cannot get it to work in Tomcat 5.5.7. The only thing I have changed besides the version of tomcat is the location of the file containing the realm information. Originally I had put it in as $CATALINA_HOME/conf/Catalina/localhost/myapp.xml but for Tomcat 5.5 I have put the realm information in webapps/myapp/META-INF/context.xml. My understanding is that the location/name of the context information should not change how the realm works, but I thought it worth mentioning. Here is the realm definition I used for both Tomcat 5.0.27 and Tomcat 5.5.7 <Context ...> <Realm className="org.apache.catalina.realm.JNDIRealm" debug="1" connectionURL="ldap://test.testtrust.com:389" alternateURL="ldap://192.168.0.10:389" connectionName="CN=ADSAdmin,OU=Service Accounts,DC=testtrust,DC=com" connectionPassword="secretpassword" contextFactory="com.sun.jndi.ldap.LdapCtxFactory" authentication="simple" referrals="follow" userBase="OU=People,DC=testtrust,DC=com" userRoleName="memberOf" userSubtree="true" userSearch="(samaccountname={0})" roleBase="OU=Groups,DC=testtrust,DC=com" roleName="cn" roleSearch="(member={0})" roleSubtree="true" /> . . . </Context> The error I get when deploying the app is: SEVERE: Error deploying web application archive myapp.war java.lang.IllegalStateException: ContainerBase.addChild: start: LifecycleException: Exception opening directory server connection: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 52e, v893 ] at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.ja va:763) . . . My understanding is that it is picking up my realm information, and trying to use it, but his error means it is not properly authenticating. So my question is, why did this exact realm setup work under Tomcat 5.0.x and not 5.5.x? Any help would be greatly appreciated! Thanks in advance, Dave