I don't know if you noticed, but, the password has to be stored as a hex string rather than a base64 encoded string in the directory in order for it to work. I think there is a patch that is supposed to fix this that I think is supposed to be included when Tomcat 4.1 comes out. Also, there's supposed to be another method of authentication where it binds as the user themself rather than as the administrator and querying in order to verify the user's password.
Jon ----- Original Message ----- From: "Allen Chesley" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, April 12, 2002 11:20 AM Subject: JNDI Realm with Tomcat 4.0.1 and Netscape LDAP > I am having problems trying to get a Tomcat 4.0.3 installation to > authenticate to a Netscape LDAP server using the "built-in" capability. > Configuration: > Solaris 8, patched to date > Netscape Directory Server 4.16 > Tomcat 4.0.1 > J2SDK v1.4 > Apache 1.3.23 > > I have edited the server.xml file to include a JNDIRealm entry as below: > > <Realm classname="org.apache.catalina.realm.JNDIRealm" > contextFactory="com.netscape.jndi.ldap.LdapContextFactory" > debug="999" > digest="SHA" > connectionName="uid=tomcat,ou=Special Users,o=mydomain.com" > connectionPassword="secret" > connectionURL="ldap://ldapserver.mydoman.com:389"; > roleBase="ou=People,o=mydomain.com" > roleName="cn" > roleSearch="(uniqueMember={0})" > roleSubtree="true" > userpassword="userpassword" > userPattern="uid={0},ou=People,o=mydomain.com" /> > > I have confirmed that I am contacting the LDAP server, finding the user > account, and downloading the userPassword attribute, but authentication > always fails. > > I have tried both th Sun and Netscape context factories with no > difference. > I have confirmed that the DN from the server uses the UID and not the > CN. > I have tried changeing the roleName to UID. > I have tried deleting and changing the digest value. > I have tried setting the roleSubtree to both true and false. > I have confirmed tht my role groups are under ou=People,o=mydomain.com > with the user accounts. > > Any ideas/help? Has any body gotten the JNDIRealm in Tomcat 4 to work > with Netscape? > -- > Allen L. Chesley > Senior Systems Engineer > Raytheon > > > > -- > To unsubscribe: <mailto:[EMAIL PROTECTED]> > For additional commands: <mailto:[EMAIL PROTECTED]> > Troubles with the list: <mailto:[EMAIL PROTECTED]> > -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
