Is 'mail' the naming value? This means, if you export to an ldif file you should find a line dn: [EMAIL PROTECTED],ou=People,dc=tritus,dc=ca
Hayo Schmidt
Adam Sherman schrieb:
I am trying to get JNDIRealm to authenticate against my LDAP tree:
<Realm className="org.apache.catalina.realm.JNDIRealm"
debug="200"
connectionURL="ldap://localhost:389";
userBase="ou=People,dc=tritus,dc=ca"
userSearch="(mail={0})"
roleBase="ou=Groups,dc=tritus,dc=ca"
roleName="cn"
roleSearch="(member={0})"
/>
Using a user I can authenticate with the OpenLDAP CLI tools:
2003-07-27 13:44:06 JNDIRealm[Standalone]: Searching for [EMAIL PROTECTED]
2003-07-27 13:44:06 JNDIRealm[Standalone]: base: ou=People,dc=tritus,dc=ca filter: ([EMAIL PROTECTED])
2003-07-27 13:44:06 JNDIRealm[Standalone]: entry found for [EMAIL PROTECTED] with dn uid=adam,ou=People,dc=tritus,dc=ca
2003-07-27 13:44:06 JNDIRealm[Standalone]: validating credentials by binding as the user
2003-07-27 13:44:06 JNDIRealm[Standalone]: binding as uid=adam,ou=People,dc=tritus,dc=ca
2003-07-27 13:44:06 JNDIRealm[Standalone]: bind attempt failed
2003-07-27 13:44:06 JNDIRealm[Standalone]: Username [EMAIL PROTECTED] NOT successfully authenticated
The lookup functions correctly, but binding fails. Even though I know the user can bind.
Info:
Tomcat 4.1.24, OpenLDAP 2.1.x
Any ideas?
A.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
