You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Paul Gier <PG...@shcr.com> on 2004/02/04 23:23:18 UTC

Help with Active directory authentication in tomcat 5

I am trying to authenticate web users against an active directory 
instance, but for some reason the configuration that worked in tomcat 4.1 
is not working in tomcat 5.0.18

Here is the message that I get from the realm authentication with 
debugging turned on:

2004-02-04 16:10:20 JNDIRealm[/lts/corp]:   Searching for corp
2004-02-04 16:10:20 JNDIRealm[/lts/corp]:   base: 
CN=Users,DC=development,DC=com  filter: 
(userPrincipalName=corp@development.com)
2004-02-04 16:10:20 JNDIRealm[/lts/corp]:   entry found for corp with dn 
CN=corp,CN=Users,DC=development,DC=com
2004-02-04 16:10:20 JNDIRealm[/lts/corp]:   retrieving values for 
attribute member
2004-02-04 16:10:20 JNDIRealm[/lts/corp]:   validating credentials by 
binding as the user
2004-02-04 16:10:20 JNDIRealm[/lts/corp]:   binding as 
CN=corp,CN=Users,DC=development,DC=com
2004-02-04 16:10:20 JNDIRealm[/lts/corp]: Username corp successfully 
authenticated
2004-02-04 16:10:20 JNDIRealm[/lts/corp]: 
getRoles(CN=corp,CN=Users,DC=development,DC=com)
2004-02-04 16:10:20 JNDIRealm[/lts/corp]:   Searching role base 
'CN=Users,DC=development,DC=com' for attribute 'cn'
2004-02-04 16:10:20 JNDIRealm[/lts/corp]:   With filter expression 
'\28member=CN=corp,CN=Users,DC=development,DC=com\29'
2004-02-04 16:10:20 JNDIRealm[/lts/corp]:   Returning 0 roles

It appears to successfully authenticate the user, but does not find the 
roles.  In tomcat 4.1 I get very similar information, but it returns 1 
role which is the correct behavior.  I also noticed that instead of "(" 
and ")" the log is showing "\28" and "\29".  Is this part of the problem?
Here is the server.xml excerpt that I am using:

          <Realm className="org.apache.catalina.realm.JNDIRealm" 
debug="99"
                  connectionURL="ldap://dev:389"
                  userBase="cn=users,dc=development,dc=com"
                  userSearch="(userPrincipalName={0}@development.com)"
                  userRoleName="member"
                  roleBase="cn=users,DC=development,DC=com"
                  roleName="cn"
                  roleSearch="(member={0})"
                  connectionName="CN=user,CN=users,DC=development,DC=com"
                  connectionPassword="pass"
                  roleSubtree="true"
                  userSubtree="true" /> 

The same realm configuration seems to work fine for tomcat 4.1 but can't 
find the roles in 5.0.18.
Can anyone help me?

Thanks!!