I'm having a bit of a tough time getting Tomcat5 to authenticate correctly
to our LDAP server. It connects using the service account, and then
attempts to bind using the username and password entered at the login page
to confirm if it is valid.
As it is set up right now, if an invalid username/password is entered,
catalina_log confirms that "bind attempt failed" and "Username XXX NOT
successfully authenticated" just as we expect. However, if we enter in a
correct username/password combination, it binds correctly, however it just
hangs there as if it were awaiting response. The LDAP logs indicate that it
did successfully bind correctly with the username/password combination, but
no search was performed.
Here is the relevent section of my server.xml file:
<Realm className="org.apache.catalina.realm .JNDIRealm" debug="99"
connectionURL="ldap://ldap.domain.com";
connectionName="uid=admin,ou=ldapadmin,o=domain.com"
connectionPassword="xxxxxx"
userPattern="uid={0},ou=it,o=domain.com"
userBase="ou=it,o=domain.com"
/>
Am I missing out on something here? I tried playing around with some of the
different attributes mentioned in the Jakarta Tomcat JNDIRealm
documentation, but still get the same results. We are not using any roles.
How can we get it so that if the correct username/password is entered, it
lets us pass the login page?
