Ended up using wireshark to see traffic back and forth between ldap server and Shiro. never did get ldapRealm = org.apache.shiro.realm.ldap.JndiLdapRealm to authenticate with the server trying various methodologies.
How ever I was able to get shiro working as I required by using the following in the shiro.ini file: activeDirectoryRealm = org.apache.shiro.realm.activedirectory.ActiveDirectoryRealm activeDirectoryRealm.searchBase = "CN=users,DC=<Domain>,DC=<ext>" activeDirectoryRealm.principalSuffix = @<Domain>.<ext> activeDirectoryRealm.systemUsername = <username> activeDirectoryRealm.systemPassword = <password> activeDirectoryRealm.url = ldap://192.168.0.2:389 activeDirectoryRealm.groupRolesMap = "DC=<Domain>,DC=<ext>":"shiro" securityManager.realm = $activeDirectoryRealm hope this helps someone else also in my testing I was not using the fully qualified domain name and this was part of the issue for example I was trying to login using username and password. The first issue was that the system was expecting me to pass username@<domain>.<ext> This was resolved in the activedirectoryrealm by using the principalSuffix. -- View this message in context: http://shiro-user.582556.n2.nabble.com/LDAP-help-not-authenticating-but-no-error-message-either-tp7580267p7580269.html Sent from the Shiro User mailing list archive at Nabble.com.
