You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by David Diaz <da...@leals.com> on 2003/10/09 12:43:50 UTC
Tomcat vs Bea WebLogic - (was: Re: What LDAP servers does JNDI
realm support?)
> Davi Leal wrote:
>>jerome moliere wrote:
>>>> As I am getting [LDAP: error code 2 - Protocol Error] (See below), I
>>>>would like to know if that Micro$oft product is a certified LDAP
>>>> server.
>>>>
>>>as fai as i Know, like any other microsoft product, partially... :)
>>
>>I have been told the LDAP protocol is no-100% a standard. That is to say,
>> a
>>lot of providers have realized different offers, which share only 90% of
>> the specification (the core standard).
>>
>>Nowdays, it is said, the Netscape's one being the more
>> recognised/compatible/
>>standard.
>>
>>So, my question is now: What LDAP products does the JNDI Tomcat realm
>> support?
>>
>>
> No problem with OpenLDAP ('from my experience), NDS or Sun
> implementations seem to work nicely.
> For microsoft active directory is quite a LDAP server, but you can't use
> the referral paradigm
Reference: http://www.weblogic.com/docs51/admindocs/ldap2.html#intro
The WebLogic LDAP realm has been tested against the following LDAP servers:
* OpenLDAP
* iPlanet Directory Server
* Microsoft Site Server
I would like to get a similar Tomcat link to show to my boss.
Regards,
Davi Leal
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: JNDIRealm source code -
Posted by Tim Funk <fu...@joedog.org>.
http://jakarta.apache.org/site/cvsindex.html
JNDIRealm is jakarta-tomcat-catalina for tomcat5,
jakarta-tomcat-4.0/catalina/ for tomcat4
I recommend more exploration before accepting an error code2 as a valid
login. Its a kluge around the MS's ldap implementation and such a kluge
probably won't make it back into the source tree. I have seen problems with
respect to JNDIRealm and MS with respect to commas, or other weird characters
in the DN with respect to escaping. (I don't remember any more details, it is
to horrifing an experience to recall) There might also be a Bugzilla report
with respect to it.
-Tim
Davi Leal wrote:
> Hi,
>
> I am using tomcat 4.1.27, Java sdk-1.4.1_02 and JNDIRealm to use the Micro$oft
> Site Server service to authenticate our webapps.
>
> I get an "error code 2" exception (Protocol Error) only when the user and the
> password is right. That is to say, when an OK is expected. I am thinking
> about modify the JNDIRealm to support that Micro$oft returned 'code', instead
> of raising an exception. It looks easy :) . You can see below the appointed
> catalina log.
>
> Can you supply me any URL, CVS repository, or whatever which points me to the
> JNDI source code?.
>
> I have read the JNDI API I must use is the one included in Java sdk 1.4.2.
>
> Last question: Can we solve the 'M$ protocol' issue just using Tomcat 5.0?.
>
> Regards,
> Davi Leal
>
>
> Tim Funk wrote:
>
>>I have gotten JNDIRealm to work against iPlanet. I have heard others get it
>>working against:
>>- Active Directory (I personally had problems due to some IT policies)
>>- Novell
>>- OpenLDAP
>>
>>But in the worst case - the code is open for change so creating a custom
>>Realm should be simple if one understands JNDI programming. Which is what I
>>had to do with respect to ActiveDirectory and wacky business rules vs
>>domain setup.
>>
>>-Tim
>>
>>
>>David Diaz wrote:
>>
>>>Reference: http://www.weblogic.com/docs51/admindocs/ldap2.html#intro
>>>
>>> The WebLogic LDAP realm has been tested against the following LDAP
>>>servers:
>>> * OpenLDAP
>>> * iPlanet Directory Server
>>> * Microsoft Site Server
>>>
>>>I would like to get a similar Tomcat link to show to my boss.
>
>
>
>
>
>
> APPENDIX
> ========
>
>
>
> The catalina log
> ----------------
>
> 59 JNDIRealm[Standalone]: Connecting to URL ldap://host:1003
>
>
> * Testing with a no-existent user:
>
> 44 JNDIRealm[Standalone]: lookupUser(davi)
> 44 JNDIRealm[Standalone]: dn=cn=davi,ou=Members,o=tpi
> 44 JNDIRealm[Standalone]: validating credentials by binding as the user
> 44 JNDIRealm[Standalone]: binding as cn=davi,ou=Members,o=org
> 44 JNDIRealm[Standalone]: bind attempt failed
> 44 JNDIRealm[Standalone]: Autentificaci¾n fallida para el usuario davi
>
>
> * Testing with an user which is right, but using a worng password:
>
> 36 JNDIRealm[Standalone]: lookupUser(ph32796)
> 36 JNDIRealm[Standalone]: dn=cn=ph32796,ou=Members,o=org
> 36 JNDIRealm[Standalone]: validating credentials by binding as the user
> 36 JNDIRealm[Standalone]: binding as cn=ph32796,ou=Members,o=org
> 36 JNDIRealm[Standalone]: bind attempt failed
> 36 JNDIRealm[Standalone]: Autentificaci¾n fallida para el usuario ph32796
>
>
> * Testing with both user and password right:
>
> 09 JNDIRealm[Standalone]: lookupUser(phe2796)
> 09 JNDIRealm[Standalone]: dn=cn=phe2796,ou=Members,o=org
> 09 JNDIRealm[Standalone]: validating credentials by binding as the user
> 09 JNDIRealm[Standalone]: binding as cn=phe2796,ou=Members,o=org
> 09 JNDIRealm[Standalone]: Excepci¾n al realizar la autentificaci¾n
> javax.naming.CommunicationException: [LDAP: error code 2 - Protocol Error];
> remaining name ''
> at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2965)
> ...
> 09 JNDIRealm[Standalone]: Closing directory context
>
>
>
>
> The realm we are using in server.xml
> ------------------------------------
>
> <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
> connectionName="cn=PHE2796,ou=Members,o=org"
> connectionPassword="****"
> connectionURL="ldap://host:1003"
> userPattern="cn={0},ou=Members,o=org"
> userSubtree="true"
> roleBase="ou=UserCFuncional,ou=CFuncional,ou=Groups,o=org"
> roleName="cn"
> roleSearch="(uniqueMember={0})"
> />
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
JNDIRealm source code - (was: Re: Tomcat vs Bea WebLogic)
Posted by Davi Leal <da...@leals.com>.
Hi,
I am using tomcat 4.1.27, Java sdk-1.4.1_02 and JNDIRealm to use the Micro$oft
Site Server service to authenticate our webapps.
I get an "error code 2" exception (Protocol Error) only when the user and the
password is right. That is to say, when an OK is expected. I am thinking
about modify the JNDIRealm to support that Micro$oft returned 'code', instead
of raising an exception. It looks easy :) . You can see below the appointed
catalina log.
Can you supply me any URL, CVS repository, or whatever which points me to the
JNDI source code?.
I have read the JNDI API I must use is the one included in Java sdk 1.4.2.
Last question: Can we solve the 'M$ protocol' issue just using Tomcat 5.0?.
Regards,
Davi Leal
Tim Funk wrote:
> I have gotten JNDIRealm to work against iPlanet. I have heard others get it
> working against:
> - Active Directory (I personally had problems due to some IT policies)
> - Novell
> - OpenLDAP
>
> But in the worst case - the code is open for change so creating a custom
> Realm should be simple if one understands JNDI programming. Which is what I
> had to do with respect to ActiveDirectory and wacky business rules vs
> domain setup.
>
> -Tim
>
>
> David Diaz wrote:
> > Reference: http://www.weblogic.com/docs51/admindocs/ldap2.html#intro
> >
> > The WebLogic LDAP realm has been tested against the following LDAP
> > servers:
> > * OpenLDAP
> > * iPlanet Directory Server
> > * Microsoft Site Server
> >
> > I would like to get a similar Tomcat link to show to my boss.
APPENDIX
========
The catalina log
----------------
59 JNDIRealm[Standalone]: Connecting to URL ldap://host:1003
* Testing with a no-existent user:
44 JNDIRealm[Standalone]: lookupUser(davi)
44 JNDIRealm[Standalone]: dn=cn=davi,ou=Members,o=tpi
44 JNDIRealm[Standalone]: validating credentials by binding as the user
44 JNDIRealm[Standalone]: binding as cn=davi,ou=Members,o=org
44 JNDIRealm[Standalone]: bind attempt failed
44 JNDIRealm[Standalone]: Autentificaci¾n fallida para el usuario davi
* Testing with an user which is right, but using a worng password:
36 JNDIRealm[Standalone]: lookupUser(ph32796)
36 JNDIRealm[Standalone]: dn=cn=ph32796,ou=Members,o=org
36 JNDIRealm[Standalone]: validating credentials by binding as the user
36 JNDIRealm[Standalone]: binding as cn=ph32796,ou=Members,o=org
36 JNDIRealm[Standalone]: bind attempt failed
36 JNDIRealm[Standalone]: Autentificaci¾n fallida para el usuario ph32796
* Testing with both user and password right:
09 JNDIRealm[Standalone]: lookupUser(phe2796)
09 JNDIRealm[Standalone]: dn=cn=phe2796,ou=Members,o=org
09 JNDIRealm[Standalone]: validating credentials by binding as the user
09 JNDIRealm[Standalone]: binding as cn=phe2796,ou=Members,o=org
09 JNDIRealm[Standalone]: Excepci¾n al realizar la autentificaci¾n
javax.naming.CommunicationException: [LDAP: error code 2 - Protocol Error];
remaining name ''
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2965)
...
09 JNDIRealm[Standalone]: Closing directory context
The realm we are using in server.xml
------------------------------------
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
connectionName="cn=PHE2796,ou=Members,o=org"
connectionPassword="****"
connectionURL="ldap://host:1003"
userPattern="cn={0},ou=Members,o=org"
userSubtree="true"
roleBase="ou=UserCFuncional,ou=CFuncional,ou=Groups,o=org"
roleName="cn"
roleSearch="(uniqueMember={0})"
/>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
JNDIRealm source code - (was: Re: Tomcat vs Bea WebLogic)
Posted by Davi Leal <da...@leals.com>.
Hi,
I am using tomcat 4.1.27, Java sdk-1.4.1_02 and JNDIRealm to use the Micro$oft
Site Server service to authenticate our webapps.
I get an "error code 2" exception (Protocol Error) only when the user and the
password is right. That is to say, when an OK is expected. I am thinking
about modify the JNDIRealm to support that Micro$oft returned 'code', instead
of raising an exception. It looks easy :) . You can see below the appointed
catalina log.
Can you supply me any URL, CVS repository, or whatever which points me to the
JNDI source code?.
I have read the JNDI API I must use is the one included in Java sdk 1.4.2.
Last question: Can we solve the 'M$ protocol' issue just using Tomcat 5.0?.
Regards,
Davi Leal
Tim Funk wrote:
> I have gotten JNDIRealm to work against iPlanet. I have heard others get it
> working against:
> - Active Directory (I personally had problems due to some IT policies)
> - Novell
> - OpenLDAP
>
> But in the worst case - the code is open for change so creating a custom
> Realm should be simple if one understands JNDI programming. Which is what I
> had to do with respect to ActiveDirectory and wacky business rules vs
> domain setup.
>
> -Tim
>
>
> David Diaz wrote:
> > Reference: http://www.weblogic.com/docs51/admindocs/ldap2.html#intro
> >
> > The WebLogic LDAP realm has been tested against the following LDAP
> > servers:
> > * OpenLDAP
> > * iPlanet Directory Server
> > * Microsoft Site Server
> >
> > I would like to get a similar Tomcat link to show to my boss.
APPENDIX
========
The catalina log
----------------
59 JNDIRealm[Standalone]: Connecting to URL ldap://host:1003
* Testing with a no-existent user:
44 JNDIRealm[Standalone]: lookupUser(davi)
44 JNDIRealm[Standalone]: dn=cn=davi,ou=Members,o=tpi
44 JNDIRealm[Standalone]: validating credentials by binding as the user
44 JNDIRealm[Standalone]: binding as cn=davi,ou=Members,o=org
44 JNDIRealm[Standalone]: bind attempt failed
44 JNDIRealm[Standalone]: Autentificaci¾n fallida para el usuario davi
* Testing with an user which is right, but using a worng password:
36 JNDIRealm[Standalone]: lookupUser(ph32796)
36 JNDIRealm[Standalone]: dn=cn=ph32796,ou=Members,o=org
36 JNDIRealm[Standalone]: validating credentials by binding as the user
36 JNDIRealm[Standalone]: binding as cn=ph32796,ou=Members,o=org
36 JNDIRealm[Standalone]: bind attempt failed
36 JNDIRealm[Standalone]: Autentificaci¾n fallida para el usuario ph32796
* Testing with both user and password right:
09 JNDIRealm[Standalone]: lookupUser(phe2796)
09 JNDIRealm[Standalone]: dn=cn=phe2796,ou=Members,o=org
09 JNDIRealm[Standalone]: validating credentials by binding as the user
09 JNDIRealm[Standalone]: binding as cn=phe2796,ou=Members,o=org
09 JNDIRealm[Standalone]: Excepci¾n al realizar la autentificaci¾n
javax.naming.CommunicationException: [LDAP: error code 2 - Protocol Error];
remaining name ''
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2965)
...
09 JNDIRealm[Standalone]: Closing directory context
The realm we are using in server.xml
------------------------------------
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
connectionName="cn=PHE2796,ou=Members,o=org"
connectionPassword="****"
connectionURL="ldap://host:1003"
userPattern="cn={0},ou=Members,o=org"
userSubtree="true"
roleBase="ou=UserCFuncional,ou=CFuncional,ou=Groups,o=org"
roleName="cn"
roleSearch="(uniqueMember={0})"
/>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Tomcat vs Bea WebLogic -
Posted by David Diaz <da...@leals.com>.
Thanks Tim for this useful information.
> I have gotten JNDIRealm to work against iPlanet. I have heard others get
> it working against:
> - Active Directory (I personally had problems due to some IT policies)
> - Novell
> - OpenLDAP
>
> But in the worst case - the code is open for change so creating a custom
> Realm should be simple if one understands JNDI programming. Which is what
> I had to do with respect to ActiveDirectory and wacky business rules vs
> domain setup.
> David Diaz wrote:
>
>> Reference: http://www.weblogic.com/docs51/admindocs/ldap2.html#intro
>>
>> The WebLogic LDAP realm has been tested against the following LDAP
>> servers:
>> * OpenLDAP
>> * iPlanet Directory Server
>> * Microsoft Site Server
>>
>>
>> I would like to get a similar Tomcat link to show to my boss.
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Tomcat vs Bea WebLogic -
Posted by Tim Funk <fu...@joedog.org>.
I have gotten JNDIRealm to work against iPlanet. I have heard others get it
working against:
- Active Directory (I personally had problems due to some IT policies)
- Novell
- OpenLDAP
But in the worst case - the code is open for change so creating a custom
Realm should be simple if one understands JNDI programming. Which is what I
had to do with respect to ActiveDirectory and wacky business rules vs domain
setup.
-Tim
David Diaz wrote:
> Reference: http://www.weblogic.com/docs51/admindocs/ldap2.html#intro
>
> The WebLogic LDAP realm has been tested against the following LDAP servers:
> * OpenLDAP
> * iPlanet Directory Server
> * Microsoft Site Server
>
>
> I would like to get a similar Tomcat link to show to my boss.
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org