You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Robyne Vaughn <rv...@lubbockisd.org> on 2003/08/28 16:03:54 UTC
JNDI realm to access AD
Hi,
I'm new to Tomcat and ADs. I'm trying to configure a JNDI realm (Tomcat
4.1.17 on IBM AS/400) to authenticate to Active Directory(microsoft on a
server). I've found a couple of brief examples to follow, but don't
understand the nomenclature well enough to make mine work on our
installation. I saw on one webpage that I may need an LDAP driver.
However, I thought that was what ADserver accomplished.(?) I followed
this example: http://www.java-internals.com/code/jndi_realm.html
<http://www.java-internals.com/code/jndi_realm.html>
This is my code (with altered user-id, password, and ip address):
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
connectionURL="ldap://19.999.9.9:389"
userBase="CN=Users,dc=Lubbock,dc=isd"
userSearch="(userPrincipalName={0})"
userRoleName="member"
roleBase="CN=Users,dc=Lubbock,dc=isd"
roleName="cn"
roleSearch="(member={0})"
connectionName="CN=TomcatUserId,DC=lubbock,DC=isd"
connectionPassword="TomcatPassword"
roleSubtree="true"
userSubtree="true"/>
This is the error I get:
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308:
LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 525,
v893
I can't figure out if we have a "Users" item. The guys in charge of our
ADs can't tell me its properties. It's new to them. They showed me a
script they used to populate it.
under the column labled objectCategory, the entry is:
CN=Person,CN=Schema,CN=Configuration,DC=lubbock,DC=isd
under the column labled objectClass the entry is: user
The other column headings are:
DN distinguished name name cn descrioption displayNmae mail
givenName sAMAccountName sn userAccountControl userPrincipalName
homeDirectory homeDrive
Under the column labled DN and under the column labled distinguishedName
the entry is the same:
CN=John Doe, OU=CO,DC=lubbock,DC=isd
The AD support guys told me that OU=CO means Organizational Unit =
Central office. I want to be able to search across all OU's.
Any help or suggestions would be greatly appreciated.
Thanks,
Robyne K. Vaughn
Programmer/Analyst
Lubbock ISD
1628 19th St
Lubbock, TX 79401
806-766-1119