I have just seen that it works. But I don't understand it: if tomcat uses bind to authenticate the user accessing the webpage, why does it need a different AD user?
Isn't it a bug in the realm implementation? Michal. > -----Original Message----- > From: George Sexton [mailto:[EMAIL PROTECTED] > Sent: Thursday, August 11, 2005 5:27 PM > To: 'Tomcat Users List' > Subject: RE: tomcat and active directory > > It looks like you are configured for anonymous bind. > > By default, the AD LDAP implementation does not allow > anonymous bind. You have two ways of handling this: > > 1. Configure your AD tree to allow anonymous bind. > Essentially, you will need to create an ACL against the > appropriate object (container) in the tree. > 2. Create a low powered user that has read access to the > directory tree and configure the realm to bind as that user.. > > > > George Sexton > MH Software, Inc. > http://www.mhsoftware.com/ > Voice: 303 438 9585 > > > > -----Original Message----- > > From: Michal Kwiatek [mailto:[EMAIL PROTECTED] > > Sent: Thursday, August 11, 2005 8:17 AM > > To: Tomcat Users List > > Subject: tomcat and active directory > > > > Has any of you managed to configure tomcat JNDIRealm to > talk to Active > > Directory? > > I'm having a hard time setting it up and my wild guess is that the > > JNDIRealm does not support SASL mechanism. > > > > Here's my config: > > > > <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" > > connectionURL="ldap://cern.ch"; > > userBase="OU=Organic Units,DC=cern,DC=ch" > > userSearch="(userPrincipalName={0})" > > userRoleName="memberOf" > > /> > > > > my error message: > > > > 2005-08-11 15:57:06 org.apache.catalina.realm.JNDIRealm authenticate > > SEVERE: Exception performing authentication > > javax.naming.NamingException: [LDAP: error code 1 - > 00000000: LdapErr: > > DSID-0C09 > > 0627, comment: In order to perform this operation a successful bind > > must be comp leted on the connection., data 0, vece ]; > remaining name > > 'OU=Organic Units,DC=ce rn,DC=ch' > > > > At the same time, I can connect to Active Directory with the same > > settings using ldapsearch: > > > > ldapsearch -h cerndc01.cern.ch -p 389 -D [EMAIL PROTECTED] -w > > my_password -b 'OU=Organic Units,DC=cern,DC=ch' > > [EMAIL PROTECTED] > > > > Any ideas? > > > > Thanks in advance, > > Michal. > > > > > -----Original Message----- > > > From: Michal Kwiatek [mailto:[EMAIL PROTECTED] > > > Sent: Thursday, August 11, 2005 4:06 PM > > > To: Tomcat Users List > > > Subject: RE: realm in context in war file > > > > > > I've sorted it out: the problem was in the syntax! I was using > > > "context" > > > instead of "Context", and tomcat (5.0.28) simply ignored > it without > > > writing any error message. > > > > > > But thanks for the tip for 5.5 - I'm going to migrate soon, so it > > > will be useful. > > > > > > Michal. > > > > > > > -----Original Message----- > > > > From: Caldarale, Charles R [mailto:[EMAIL PROTECTED] > > > > Sent: Thursday, August 11, 2005 4:03 PM > > > > To: Tomcat Users List > > > > Subject: RE: realm in context in war file > > > > > > > > > From: Michal Kwiatek [mailto:[EMAIL PROTECTED] > > > > > Subject: realm in context in war file > > > > > > > > > > I have the following context definition: > > > > > > > > > > <context path="/test1" override="true" > > > > docBase="webapps/test1"> <realm > > > > > className="org.apache.catalina.realm.MemoryRealm" > > > > > debug="9999" > > > > > pathname="webapps/test1/META-INF/context-users.xml" > > > > > /> > > > > > </context> > > > > > > > > What level of Tomcat are you using? If it's 5.5, you > > > should not have > > > > a path attribute. If you remove the pathname attribute > from the > > > > <realm> tag, does authentication function with the default > > > > conf/tomcat-users.xml? > > > > > > > > - Chuck > > > > > > > > > > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE > > > > PROPRIETARY MATERIAL and is thus for use only by the intended > > > > recipient. If you received this in error, please contact > > the sender > > > > and delete the e-mail and its attachments from all computers. > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: > [EMAIL PROTECTED] > > > > For additional commands, e-mail: > > [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
