Cant get tomcat 4.1.10 to retirve groups from ADS

Tue, 10 Sep 2002 01:18:50 -0700 

Hello,
I am having problems getting tomcat 4.1.10 (and previous versions) to
correctly use the JNDI realm with microsoft ADS.
Tomcat will logon the user but does not find any roles so permission to
access the web pages is denied.

Here is the section from the web.xml file.
                
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="3"
connectionURL="ldap://mainserv:389";
roleBase="ou=webgroups,dc=DEV2000"
roleName="CN"
roleSearch="(member={0})"
userPattern="cn={0},cn=Users,dc=DEV2000"/>

I am authenticating as the user because ADS does not return passwords.
Entering a directly in a third party tool works correctly.
I  have developed my own code to read users from ADS that works with the
above settings.
I have compared my code with tomcat source and can not see any major
differences.
The debug shows that tomcat is making the correct queries.

2002-09-09 13:58:56 JNDIRealm[Standalone]:   dn=cn=user1,cn=Users,dc=DEV2000
2002-09-09 13:58:56 JNDIRealm[Standalone]:   validating credentials by
binding as the user
2002-09-09 13:58:56 JNDIRealm[Standalone]:   binding as
cn=user1,cn=Users,dc=DEV2000
2002-09-09 13:58:56 JNDIRealm[Standalone]: Username user1 successfully
authenticated
2002-09-09 13:58:56 JNDIRealm[Standalone]:
getRoles(cn=user1,cn=Users,dc=DEV2000)
2002-09-09 13:58:56 JNDIRealm[Standalone]:   Searching role base
'ou=webgroups,dc=DEV2000' for attribute 'CN'
2002-09-09 13:58:56 JNDIRealm[Standalone]:   With filter expression
'(member=cn=user1,cn=Users,dc=DEV2000)'
2002-09-09 13:58:56 JNDIRealm[Standalone]:   Returning 0 roles
2002-09-09 13:58:56 JNDIRealm[Standalone]: Username user1 does NOT have role
WebUsers

Any help would be greatfully recieved. I have to make this work so my only
option left
is to start modifying tomcat with additional debug information to try and
work out why it is not working.
Thanks
Richard Pearson

Richard Pearson
Software Engineer

Kingston inbusiness
Nashleigh Court
188 Severalls Ave
Chesham
Bucks HP5 3EN

[EMAIL PROTECTED]

Tel: 01494 606060

Fax: 01494 601601





--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Reply via email to