----- "Felix Schumacher" <felix.schumac...@internetallee.de> wrote:
> On Sun, 15 Aug 2010 21:33:09 +0000 (UTC), Igor Galić > <i.ga...@brainsware.org> wrote: > > ----- "Felix Schumacher" <felix.schumac...@internetallee.de> wrote: > > > >> Ok, my patch will not work, since new InitialDirContext(env) will > not > >> create a LdapContext, but a DirContext. You could try to change > new > >> InitialDirContext(env) into InitalLdapContext(env, null) as used > in > >> the > >> sun startssl example. > I have implemented a InitialContextFactory which does startTLS > internally. > > That factory can be used with the standard JNDIRealm implementation. > Just > extend your original Realm with > <Realm > ... > contextFactory="dummy.LdapTlsContextFactory" > ... > /> Following your advise, I compiled the source (within the tree) and extended the configuration to this: <Realm className="org.apache.catalina.realm.JNDIRealm" connectionURL="ldap://mail.brainsware.org:389/" alternateURL="ldap://mail.esotericsystems.at:389" commonRole="admin" connectionName="uid=whatever" connectionPassword="securityisgreat." userBase="ou=people,dc=brainsware,dc=org" userPattern="(uid={0})(postOfficeBox=internal_projects)" startTLS="true" contextFactory="org.apache.naming.factory.LdapTlsContextFactory" userSearch="(uid={0})" /> The wireshark trace still looks the same. But the stacktrace is now two: INFO: Starting Servlet Engine: Apache Tomcat/6.0.0-dev Aug 16, 2010 10:37:25 PM org.apache.catalina.realm.JNDIRealm open WARNING: Exception performing authentication javax.naming.AuthenticationNotSupportedException: [LDAP: error code 13 - confidentiality required] at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3032) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2789) at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2703) at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66) at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288) at javax.naming.InitialContext.init(InitialContext.java:223) at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134) at org.apache.naming.factory.LdapTlsContextFactory$ProxyLdapContext.<init>(LdapTlsContextFactory.java:31) at org.apache.naming.factory.LdapTlsContextFactory$ProxyLdapContext.<init>(LdapTlsContextFactory.java:25) at org.apache.naming.factory.LdapTlsContextFactory.getInitialContext(LdapTlsContextFactory.java:96) at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288) at javax.naming.InitialContext.init(InitialContext.java:223) at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134) at org.apache.catalina.realm.JNDIRealm.open(JNDIRealm.java:1982) at org.apache.catalina.realm.JNDIRealm.start(JNDIRealm.java:2087) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1037) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:445) at org.apache.catalina.core.StandardService.start(StandardService.java:519) at org.apache.catalina.core.StandardServer.start(StandardServer.java:710) at org.apache.catalina.startup.Catalina.start(Catalina.java:581) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414) Aug 16, 2010 10:37:26 PM org.apache.catalina.startup.Catalina start SEVERE: Catalina.start: LifecycleException: Exception opening directory server connection: javax.naming.NotContextException: Not an instance of LdapContext at org.apache.catalina.realm.JNDIRealm.start(JNDIRealm.java:2089) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1037) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:445) at org.apache.catalina.core.StandardService.start(StandardService.java:519) at org.apache.catalina.core.StandardServer.start(StandardServer.java:710) at org.apache.catalina.startup.Catalina.start(Catalina.java:581) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414) Aug 16, 2010 10:37:26 PM org.apache.catalina.startup.Catalina start INFO: Server startup in 538 ms > > Bye > Felix bye, i -- Igor Galić Tel: +43 (0) 664 886 22 883 Mail: i.ga...@brainsware.org URL: http://brainsware.org/ --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org