Roles-problem with JNDIRealm and AD

Wed, 06 Oct 2004 04:51:05 -0700 

Hi List

I'm trying to connect Tomcat/5.0.28 to AD on Windows 2003. My problem is that
JNDIRealm fails to get role information, after successfully binding with the
users DN.

My temporary conclusion is that JNDIRealm fails to use the bound connection with
AD when performing the search for the role object. I have verified that the user
object in question can access the group object by using another LDAP client and
binding as that user.

Is my conclusion somewhere close to the mark? If it is, how can I make JNDIRealm
behave; if not, any other ideas?

Here is the relevant section from server.xml:

     <Realm      className="org.apache.catalina.realm.JNDIRealm"
             connectionURL="ldap://dtoslhk001";
                     debug="99"
                  userBase="cn=Users,dc=netlinetest,dc=kol,dc=net"
               userPattern="cn={0},cn=Users,dc=netlinetest,dc=kol,dc=net"
                  roleBase="cn=Users,dc=netlinetest,dc=kol,dc=net"
                roleSearch="(member={0})"
                  roleName="cn" />

And here is the log output I get when I try to authenticate:

JNDIRealm[Catalina]: lookupUser(Per I. Lot)
JNDIRealm[Catalina]:   dn=cn=Per I. Lot,cn=Users,dc=netlinetest,dc=kol,dc=net
JNDIRealm[Catalina]:   validating credentials by binding as the user
JNDIRealm[Catalina]:   binding as cn=Per I.
Lot,cn=Users,dc=netlinetest,dc=kol,dc=net
JNDIRealm[Catalina]: Username Per I. Lot successfully authenticated
JNDIRealm[Catalina]:   getRoles(cn=Per I. Lot,cn=Users,dc=netlinetest,dc=kol,dc=net)
JNDIRealm[Catalina]:   Searching role base
'cn=Users,dc=netlinetest,dc=kol,dc=net' for attribute 'cn'
JNDIRealm[Catalina]:   With filter expression '(member=cn=Per I.
Lot,cn=Users,dc=netlinetest,dc=kol,dc=net)'
JNDIRealm[Catalina]: Exception performing authentication
javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr:
DSID-0C0905FF, comment: In order to perform this operation a successful bind
must be completed on the connection., data 0, vece]; remaining name
'cn=Users,dc=netlinetest,dc=kol,dc=net'

Hope someone can help. Best regards!

-- 
Eivind Trondsen    | http://www.linuxlabs.no 
LinuxLabs AS       | eivind.trondsen at linuxlabs.no  

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to