You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Paul Gier <PG...@shcr.com> on 2004/02/04 23:23:18 UTC
Help with Active directory authentication in tomcat 5
I am trying to authenticate web users against an active directory
instance, but for some reason the configuration that worked in tomcat 4.1
is not working in tomcat 5.0.18
Here is the message that I get from the realm authentication with
debugging turned on:
2004-02-04 16:10:20 JNDIRealm[/lts/corp]: Searching for corp
2004-02-04 16:10:20 JNDIRealm[/lts/corp]: base:
CN=Users,DC=development,DC=com filter:
(userPrincipalName=corp@development.com)
2004-02-04 16:10:20 JNDIRealm[/lts/corp]: entry found for corp with dn
CN=corp,CN=Users,DC=development,DC=com
2004-02-04 16:10:20 JNDIRealm[/lts/corp]: retrieving values for
attribute member
2004-02-04 16:10:20 JNDIRealm[/lts/corp]: validating credentials by
binding as the user
2004-02-04 16:10:20 JNDIRealm[/lts/corp]: binding as
CN=corp,CN=Users,DC=development,DC=com
2004-02-04 16:10:20 JNDIRealm[/lts/corp]: Username corp successfully
authenticated
2004-02-04 16:10:20 JNDIRealm[/lts/corp]:
getRoles(CN=corp,CN=Users,DC=development,DC=com)
2004-02-04 16:10:20 JNDIRealm[/lts/corp]: Searching role base
'CN=Users,DC=development,DC=com' for attribute 'cn'
2004-02-04 16:10:20 JNDIRealm[/lts/corp]: With filter expression
'\28member=CN=corp,CN=Users,DC=development,DC=com\29'
2004-02-04 16:10:20 JNDIRealm[/lts/corp]: Returning 0 roles
It appears to successfully authenticate the user, but does not find the
roles. In tomcat 4.1 I get very similar information, but it returns 1
role which is the correct behavior. I also noticed that instead of "("
and ")" the log is showing "\28" and "\29". Is this part of the problem?
Here is the server.xml excerpt that I am using:
<Realm className="org.apache.catalina.realm.JNDIRealm"
debug="99"
connectionURL="ldap://dev:389"
userBase="cn=users,dc=development,dc=com"
userSearch="(userPrincipalName={0}@development.com)"
userRoleName="member"
roleBase="cn=users,DC=development,DC=com"
roleName="cn"
roleSearch="(member={0})"
connectionName="CN=user,CN=users,DC=development,DC=com"
connectionPassword="pass"
roleSubtree="true"
userSubtree="true" />
The same realm configuration seems to work fine for tomcat 4.1 but can't
find the roles in 5.0.18.
Can anyone help me?
Thanks!!