--- Comment #2 from Michael Osipov <> ---
(In reply to Dave Anuszewski from comment #0)
> Using JNDIRealm to authenticate users against Microsoft Active Directory
> fails if the AD user object has 2 trailing spaces in it's cn.  Realm is
> configured with adCompat="true" and userSearch="(sAMAccountName={0})".  
> Debugging through the code the getUserBySearch() method ldap search returns
> a result with only the last space escaped, but the method
> getDistinquishedName() returns a dn with both spaces escaped.  In this
> scenario the bindAsUser() method will return false resulting in an
> authentication failure.  If I modify the dn returned from
> getDistinquishedName() to only escape the last space in the cn the
> bindAsUser() method will return true and the authentication will be
> successful.

Out of curiousity, why do you plague your users with username and password
where you could use SPNEGO?

You are receiving this mail because:
You are the assignee for the bug.
To unsubscribe, e-mail:
For additional commands, e-mail:

Reply via email to