RE: Connection to ApacheDS LDAP

Mon, 04 Nov 2013 08:10:46 -0800 


-----Original Message-----
From: Daniel Mikusa [mailto:dmik...@gopivotal.com] 
Sent: Monday, November 04, 2013 9:57 AM
To: Tomcat Users List
Subject: Re: Connection to ApacheDS LDAP

On Nov 4, 2013, at 10:49 AM, Shai Levit <redsolar_ecli...@msn.com> wrote:

> My apologies in advance for some of the syntax and verbiage - I am a newbie 
> in all of this, but did do my reading / research / and chat on IRC's.
> 
> The current setup I have is this:
> Apache DS LDAP version 2.0.0-M14 running on Linux with Port 8660. The 
> server instance works fine and I am able to do a search via Apache API in 
> Java (Eclipse). I bind to this server anonymously via connection.bind() 
> Tomcat  version 7.0.47 running on Mac OS X (Maverick) with Port 8080. The 
> Tomcat instance work fine using the installed default values. I am able to 
> run simple REST API and consume them via any browser.
> 
> Issue: I am trying to create a connection to the LDAP server via anonymous 
> binding. I configured the appropriate conf file: server.xml with the REALM as 
> follows:
> 
>   <Realm className="org.apache.catalina.realm.JNDIRealm"
>                       connectionURL="ldap://Integration01.icsl.net:8660"; 
> debug="99"
>                       userBase="dc=sumsmail,dc=com"
>                       userSearch="(mail{0})"
>                       userSearch="(userCertificate{0})"

Why do you have "userSearch" specified twice?  That's what's causing the 
exception below.

>                       userSubtree="true"
>                       roleBase="dc=sumsmail,dc=com"
>                       roleName="cn"
>                       roleSearch="(mail={0})"
>                       roleSearch="(userCertificate={0})"

This will likely cause a similar exception, you can only specify these 
attributes one.

Dan

>                       roleSubtree="true"
>                       />
>      </Realm>
> 
>      <Host name="localhost"  appBase="webapps"
>            unpackWARs="true" autoDeploy="true">
> 


Not that I'm particularly knowledgeable about configuring LDAP, because I'm not 
but looking at the error I wondered what Dan did - why did you have the 
userSearch attribute listed twice? You also have the roleSearch attribute 
listed twice, though it might not show that error since it spits up at the 
first one.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to