You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by David Diaz <da...@leals.com> on 2003/10/08 17:50:08 UTC
JNDI: LDAP Protocol Error (Microsoft LDAP)
Hi all,
I am trying to authenticate my webapps via a JNDI Realm, which connects
to Microsoft Site Server (LDAP).
As I am getting [LDAP: error code 2 - Protocol Error] (See below), I
would like to know if that Micro$oft product is a certified LDAP server.
If it is not so, do you advise me any solution to manage autenticating
these webapps via JNDI-Microsoft Site Server?. Maybe develop a special
Realm?.
Regards,
Davi Leal
2003-10-07 17:42:54 JNDIRealm[Standalone]: Connecting to URL ldap://host:1003
2003-10-07 17:42:54 JNDIRealm[Standalone]: lookupUser(p2796)
2003-10-07 17:42:54 JNDIRealm[Standalone]: dn=cn=p2796,ou=Members,o=org
2003-10-07 17:42:54 JNDIRealm[Standalone]: validating credentials by
binding as the user
2003-10-07 17:42:54 JNDIRealm[Standalone]: binding as
cn=p2796,ou=Members,o=org
2003-10-07 17:42:54 JNDIRealm[Standalone]: Exception to try authentication
javax.naming.CommunicationException: [LDAP: error code 2 - Protocol
Error]; remaining name ''
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2965)
at ...
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: JNDIRealm source code -
Posted by Tim Funk <fu...@joedog.org>.
http://jakarta.apache.org/site/cvsindex.html
JNDIRealm is jakarta-tomcat-catalina for tomcat5,
jakarta-tomcat-4.0/catalina/ for tomcat4
I recommend more exploration before accepting an error code2 as a valid
login. Its a kluge around the MS's ldap implementation and such a kluge
probably won't make it back into the source tree. I have seen problems with
respect to JNDIRealm and MS with respect to commas, or other weird characters
in the DN with respect to escaping. (I don't remember any more details, it is
to horrifing an experience to recall) There might also be a Bugzilla report
with respect to it.
-Tim
Davi Leal wrote:
> Hi,
>
> I am using tomcat 4.1.27, Java sdk-1.4.1_02 and JNDIRealm to use the Micro$oft
> Site Server service to authenticate our webapps.
>
> I get an "error code 2" exception (Protocol Error) only when the user and the
> password is right. That is to say, when an OK is expected. I am thinking
> about modify the JNDIRealm to support that Micro$oft returned 'code', instead
> of raising an exception. It looks easy :) . You can see below the appointed
> catalina log.
>
> Can you supply me any URL, CVS repository, or whatever which points me to the
> JNDI source code?.
>
> I have read the JNDI API I must use is the one included in Java sdk 1.4.2.
>
> Last question: Can we solve the 'M$ protocol' issue just using Tomcat 5.0?.
>
> Regards,
> Davi Leal
>
>
> Tim Funk wrote:
>
>>I have gotten JNDIRealm to work against iPlanet. I have heard others get it
>>working against:
>>- Active Directory (I personally had problems due to some IT policies)
>>- Novell
>>- OpenLDAP
>>
>>But in the worst case - the code is open for change so creating a custom
>>Realm should be simple if one understands JNDI programming. Which is what I
>>had to do with respect to ActiveDirectory and wacky business rules vs
>>domain setup.
>>
>>-Tim
>>
>>
>>David Diaz wrote:
>>
>>>Reference: http://www.weblogic.com/docs51/admindocs/ldap2.html#intro
>>>
>>> The WebLogic LDAP realm has been tested against the following LDAP
>>>servers:
>>> * OpenLDAP
>>> * iPlanet Directory Server
>>> * Microsoft Site Server
>>>
>>>I would like to get a similar Tomcat link to show to my boss.
>
>
>
>
>
>
> APPENDIX
> ========
>
>
>
> The catalina log
> ----------------
>
> 59 JNDIRealm[Standalone]: Connecting to URL ldap://host:1003
>
>
> * Testing with a no-existent user:
>
> 44 JNDIRealm[Standalone]: lookupUser(davi)
> 44 JNDIRealm[Standalone]: dn=cn=davi,ou=Members,o=tpi
> 44 JNDIRealm[Standalone]: validating credentials by binding as the user
> 44 JNDIRealm[Standalone]: binding as cn=davi,ou=Members,o=org
> 44 JNDIRealm[Standalone]: bind attempt failed
> 44 JNDIRealm[Standalone]: Autentificaci¾n fallida para el usuario davi
>
>
> * Testing with an user which is right, but using a worng password:
>
> 36 JNDIRealm[Standalone]: lookupUser(ph32796)
> 36 JNDIRealm[Standalone]: dn=cn=ph32796,ou=Members,o=org
> 36 JNDIRealm[Standalone]: validating credentials by binding as the user
> 36 JNDIRealm[Standalone]: binding as cn=ph32796,ou=Members,o=org
> 36 JNDIRealm[Standalone]: bind attempt failed
> 36 JNDIRealm[Standalone]: Autentificaci¾n fallida para el usuario ph32796
>
>
> * Testing with both user and password right:
>
> 09 JNDIRealm[Standalone]: lookupUser(phe2796)
> 09 JNDIRealm[Standalone]: dn=cn=phe2796,ou=Members,o=org
> 09 JNDIRealm[Standalone]: validating credentials by binding as the user
> 09 JNDIRealm[Standalone]: binding as cn=phe2796,ou=Members,o=org
> 09 JNDIRealm[Standalone]: Excepci¾n al realizar la autentificaci¾n
> javax.naming.CommunicationException: [LDAP: error code 2 - Protocol Error];
> remaining name ''
> at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2965)
> ...
> 09 JNDIRealm[Standalone]: Closing directory context
>
>
>
>
> The realm we are using in server.xml
> ------------------------------------
>
> <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
> connectionName="cn=PHE2796,ou=Members,o=org"
> connectionPassword="****"
> connectionURL="ldap://host:1003"
> userPattern="cn={0},ou=Members,o=org"
> userSubtree="true"
> roleBase="ou=UserCFuncional,ou=CFuncional,ou=Groups,o=org"
> roleName="cn"
> roleSearch="(uniqueMember={0})"
> />
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
JNDIRealm source code - (was: Re: Tomcat vs Bea WebLogic)
Posted by Davi Leal <da...@leals.com>.
Hi,
I am using tomcat 4.1.27, Java sdk-1.4.1_02 and JNDIRealm to use the Micro$oft
Site Server service to authenticate our webapps.
I get an "error code 2" exception (Protocol Error) only when the user and the
password is right. That is to say, when an OK is expected. I am thinking
about modify the JNDIRealm to support that Micro$oft returned 'code', instead
of raising an exception. It looks easy :) . You can see below the appointed
catalina log.
Can you supply me any URL, CVS repository, or whatever which points me to the
JNDI source code?.
I have read the JNDI API I must use is the one included in Java sdk 1.4.2.
Last question: Can we solve the 'M$ protocol' issue just using Tomcat 5.0?.
Regards,
Davi Leal
Tim Funk wrote:
> I have gotten JNDIRealm to work against iPlanet. I have heard others get it
> working against:
> - Active Directory (I personally had problems due to some IT policies)
> - Novell
> - OpenLDAP
>
> But in the worst case - the code is open for change so creating a custom
> Realm should be simple if one understands JNDI programming. Which is what I
> had to do with respect to ActiveDirectory and wacky business rules vs
> domain setup.
>
> -Tim
>
>
> David Diaz wrote:
> > Reference: http://www.weblogic.com/docs51/admindocs/ldap2.html#intro
> >
> > The WebLogic LDAP realm has been tested against the following LDAP
> > servers:
> > * OpenLDAP
> > * iPlanet Directory Server
> > * Microsoft Site Server
> >
> > I would like to get a similar Tomcat link to show to my boss.
APPENDIX
========
The catalina log
----------------
59 JNDIRealm[Standalone]: Connecting to URL ldap://host:1003
* Testing with a no-existent user:
44 JNDIRealm[Standalone]: lookupUser(davi)
44 JNDIRealm[Standalone]: dn=cn=davi,ou=Members,o=tpi
44 JNDIRealm[Standalone]: validating credentials by binding as the user
44 JNDIRealm[Standalone]: binding as cn=davi,ou=Members,o=org
44 JNDIRealm[Standalone]: bind attempt failed
44 JNDIRealm[Standalone]: Autentificaci¾n fallida para el usuario davi
* Testing with an user which is right, but using a worng password:
36 JNDIRealm[Standalone]: lookupUser(ph32796)
36 JNDIRealm[Standalone]: dn=cn=ph32796,ou=Members,o=org
36 JNDIRealm[Standalone]: validating credentials by binding as the user
36 JNDIRealm[Standalone]: binding as cn=ph32796,ou=Members,o=org
36 JNDIRealm[Standalone]: bind attempt failed
36 JNDIRealm[Standalone]: Autentificaci¾n fallida para el usuario ph32796
* Testing with both user and password right:
09 JNDIRealm[Standalone]: lookupUser(phe2796)
09 JNDIRealm[Standalone]: dn=cn=phe2796,ou=Members,o=org
09 JNDIRealm[Standalone]: validating credentials by binding as the user
09 JNDIRealm[Standalone]: binding as cn=phe2796,ou=Members,o=org
09 JNDIRealm[Standalone]: Excepci¾n al realizar la autentificaci¾n
javax.naming.CommunicationException: [LDAP: error code 2 - Protocol Error];
remaining name ''
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2965)
...
09 JNDIRealm[Standalone]: Closing directory context
The realm we are using in server.xml
------------------------------------
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
connectionName="cn=PHE2796,ou=Members,o=org"
connectionPassword="****"
connectionURL="ldap://host:1003"
userPattern="cn={0},ou=Members,o=org"
userSubtree="true"
roleBase="ou=UserCFuncional,ou=CFuncional,ou=Groups,o=org"
roleName="cn"
roleSearch="(uniqueMember={0})"
/>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
JNDIRealm source code - (was: Re: Tomcat vs Bea WebLogic)
Posted by Davi Leal <da...@leals.com>.
Hi,
I am using tomcat 4.1.27, Java sdk-1.4.1_02 and JNDIRealm to use the Micro$oft
Site Server service to authenticate our webapps.
I get an "error code 2" exception (Protocol Error) only when the user and the
password is right. That is to say, when an OK is expected. I am thinking
about modify the JNDIRealm to support that Micro$oft returned 'code', instead
of raising an exception. It looks easy :) . You can see below the appointed
catalina log.
Can you supply me any URL, CVS repository, or whatever which points me to the
JNDI source code?.
I have read the JNDI API I must use is the one included in Java sdk 1.4.2.
Last question: Can we solve the 'M$ protocol' issue just using Tomcat 5.0?.
Regards,
Davi Leal
Tim Funk wrote:
> I have gotten JNDIRealm to work against iPlanet. I have heard others get it
> working against:
> - Active Directory (I personally had problems due to some IT policies)
> - Novell
> - OpenLDAP
>
> But in the worst case - the code is open for change so creating a custom
> Realm should be simple if one understands JNDI programming. Which is what I
> had to do with respect to ActiveDirectory and wacky business rules vs
> domain setup.
>
> -Tim
>
>
> David Diaz wrote:
> > Reference: http://www.weblogic.com/docs51/admindocs/ldap2.html#intro
> >
> > The WebLogic LDAP realm has been tested against the following LDAP
> > servers:
> > * OpenLDAP
> > * iPlanet Directory Server
> > * Microsoft Site Server
> >
> > I would like to get a similar Tomcat link to show to my boss.
APPENDIX
========
The catalina log
----------------
59 JNDIRealm[Standalone]: Connecting to URL ldap://host:1003
* Testing with a no-existent user:
44 JNDIRealm[Standalone]: lookupUser(davi)
44 JNDIRealm[Standalone]: dn=cn=davi,ou=Members,o=tpi
44 JNDIRealm[Standalone]: validating credentials by binding as the user
44 JNDIRealm[Standalone]: binding as cn=davi,ou=Members,o=org
44 JNDIRealm[Standalone]: bind attempt failed
44 JNDIRealm[Standalone]: Autentificaci¾n fallida para el usuario davi
* Testing with an user which is right, but using a worng password:
36 JNDIRealm[Standalone]: lookupUser(ph32796)
36 JNDIRealm[Standalone]: dn=cn=ph32796,ou=Members,o=org
36 JNDIRealm[Standalone]: validating credentials by binding as the user
36 JNDIRealm[Standalone]: binding as cn=ph32796,ou=Members,o=org
36 JNDIRealm[Standalone]: bind attempt failed
36 JNDIRealm[Standalone]: Autentificaci¾n fallida para el usuario ph32796
* Testing with both user and password right:
09 JNDIRealm[Standalone]: lookupUser(phe2796)
09 JNDIRealm[Standalone]: dn=cn=phe2796,ou=Members,o=org
09 JNDIRealm[Standalone]: validating credentials by binding as the user
09 JNDIRealm[Standalone]: binding as cn=phe2796,ou=Members,o=org
09 JNDIRealm[Standalone]: Excepci¾n al realizar la autentificaci¾n
javax.naming.CommunicationException: [LDAP: error code 2 - Protocol Error];
remaining name ''
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2965)
...
09 JNDIRealm[Standalone]: Closing directory context
The realm we are using in server.xml
------------------------------------
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
connectionName="cn=PHE2796,ou=Members,o=org"
connectionPassword="****"
connectionURL="ldap://host:1003"
userPattern="cn={0},ou=Members,o=org"
userSubtree="true"
roleBase="ou=UserCFuncional,ou=CFuncional,ou=Groups,o=org"
roleName="cn"
roleSearch="(uniqueMember={0})"
/>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Tomcat vs Bea WebLogic -
Posted by David Diaz <da...@leals.com>.
Thanks Tim for this useful information.
> I have gotten JNDIRealm to work against iPlanet. I have heard others get
> it working against:
> - Active Directory (I personally had problems due to some IT policies)
> - Novell
> - OpenLDAP
>
> But in the worst case - the code is open for change so creating a custom
> Realm should be simple if one understands JNDI programming. Which is what
> I had to do with respect to ActiveDirectory and wacky business rules vs
> domain setup.
> David Diaz wrote:
>
>> Reference: http://www.weblogic.com/docs51/admindocs/ldap2.html#intro
>>
>> The WebLogic LDAP realm has been tested against the following LDAP
>> servers:
>> * OpenLDAP
>> * iPlanet Directory Server
>> * Microsoft Site Server
>>
>>
>> I would like to get a similar Tomcat link to show to my boss.
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Tomcat vs Bea WebLogic -
Posted by Tim Funk <fu...@joedog.org>.
I have gotten JNDIRealm to work against iPlanet. I have heard others get it
working against:
- Active Directory (I personally had problems due to some IT policies)
- Novell
- OpenLDAP
But in the worst case - the code is open for change so creating a custom
Realm should be simple if one understands JNDI programming. Which is what I
had to do with respect to ActiveDirectory and wacky business rules vs domain
setup.
-Tim
David Diaz wrote:
> Reference: http://www.weblogic.com/docs51/admindocs/ldap2.html#intro
>
> The WebLogic LDAP realm has been tested against the following LDAP servers:
> * OpenLDAP
> * iPlanet Directory Server
> * Microsoft Site Server
>
>
> I would like to get a similar Tomcat link to show to my boss.
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Tomcat vs Bea WebLogic - (was: Re: What LDAP servers does JNDI
realm support?)
Posted by David Diaz <da...@leals.com>.
> Davi Leal wrote:
>>jerome moliere wrote:
>>>> As I am getting [LDAP: error code 2 - Protocol Error] (See below), I
>>>>would like to know if that Micro$oft product is a certified LDAP
>>>> server.
>>>>
>>>as fai as i Know, like any other microsoft product, partially... :)
>>
>>I have been told the LDAP protocol is no-100% a standard. That is to say,
>> a
>>lot of providers have realized different offers, which share only 90% of
>> the specification (the core standard).
>>
>>Nowdays, it is said, the Netscape's one being the more
>> recognised/compatible/
>>standard.
>>
>>So, my question is now: What LDAP products does the JNDI Tomcat realm
>> support?
>>
>>
> No problem with OpenLDAP ('from my experience), NDS or Sun
> implementations seem to work nicely.
> For microsoft active directory is quite a LDAP server, but you can't use
> the referral paradigm
Reference: http://www.weblogic.com/docs51/admindocs/ldap2.html#intro
The WebLogic LDAP realm has been tested against the following LDAP servers:
* OpenLDAP
* iPlanet Directory Server
* Microsoft Site Server
I would like to get a similar Tomcat link to show to my boss.
Regards,
Davi Leal
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: What LDAP servers does JNDI realm support? -
Posted by Equipment Lamp <la...@yahoo.com>.
NO I JUST GET THE USERID AND PASSWORD PROMPT, and WHEN I PROVIDE THE CORRECT USERID/PASSWORD IT GET A MESSAGE SAYING INCORRECT USERID/PASSWORD. NO ENTRIES IN LOGS OR ANY EXCEPTIONS.
have you any log entries or anything helpful ?
classnotfound exception or something like this woulmd be great (easy to fix)
Jerome
---------------------------------
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
Re: What LDAP servers does JNDI realm support? -
Posted by jerome moliere <jm...@nerim.net>.
Equipment Lamp wrote:
>Hi
>
>Can youguys give some input on the following. I am using the following
>
>Tomcat: 4.1.27-LE-jdk14
>Apache: 2.0.47
>Java : 1.4.2
>Linux OS: 7.3
>iPlanet LDAP Server
>
>I am trying to configure LDAP authentication mechanism to my application.
>
>1) In this regard i have downloaded the latest JNDI API and then copied the ldap.jar file to $CATALINA_HOME/server/lib directory.
>
>2) The i have added the following entry to the server.xml file.
>
> <Realm className="org.apache.catalina.realm.JNDIRealm"
> connectionURL="ldap://ldap.mycompany.com:389"
> userBase="ou=active,ou=employees,ou=people,o=mycompany.com"
> userSearch="(uid={0})"
> roleSearch="(uniqueMember={0})"
> roleName="cn"
> debug="99"
> contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
> />
>
>3) In my application "web.xml" file i have added the following
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Nrt</web-resource-name>
> <url-pattern>/*</url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <role-name>*</role-name>
> </auth-constraint>
> </security-constraint>
> <login-config>
> <auth-method>BASIC</auth-method>
> <realm-name>CEC</realm-name>
> </login-config>
>
>
>But authentication is not working, any debug techniques or methods will be a great help.
>
>
have you any log entries or anything helpful ?
classnotfound exception or something like this woulmd be great (easy to fix)
Jerome
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: What LDAP servers does JNDI realm support? -
Posted by Equipment Lamp <la...@yahoo.com>.
Hi
Can youguys give some input on the following. I am using the following
Tomcat: 4.1.27-LE-jdk14
Apache: 2.0.47
Java : 1.4.2
Linux OS: 7.3
iPlanet LDAP Server
I am trying to configure LDAP authentication mechanism to my application.
1) In this regard i have downloaded the latest JNDI API and then copied the ldap.jar file to $CATALINA_HOME/server/lib directory.
2) The i have added the following entry to the server.xml file.
<Realm className="org.apache.catalina.realm.JNDIRealm"
connectionURL="ldap://ldap.mycompany.com:389"
userBase="ou=active,ou=employees,ou=people,o=mycompany.com"
userSearch="(uid={0})"
roleSearch="(uniqueMember={0})"
roleName="cn"
debug="99"
contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
/>
3) In my application "web.xml" file i have added the following
<security-constraint>
<web-resource-collection>
<web-resource-name>Nrt</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>CEC</realm-name>
</login-config>
But authentication is not working, any debug techniques or methods will be a great help.
Thanks
jerome moliere <jm...@nerim.net> wrote:
Davi Leal wrote:
>jerome moliere wrote:
>
>
>>> I am trying to authenticate my webapps via a JNDI Realm, which connects
>>>to Microsoft Site Server (LDAP).
>>>
>>>
>>:(
>>
>>
>
>
>
>>> As I am getting [LDAP: error code 2 - Protocol Error] (See below), I
>>>would like to know if that Micro$oft product is a certified LDAP server.
>>>
>>>
>>as fai as i Know, like any other microsoft product, partially... :)
>>
>>
>
>I have been told the LDAP protocol is no-100% a standard. That is to say, a
>lot of providers have realized different offers, which share only 90% of the
>specification (the core standard).
>
>Nowdays, it is said, the Netscape's one being the more recognised/compatible/
>standard.
>
>So, my question is now: What LDAP products does the JNDI Tomcat realm support?
>
>
No problem with OpenLDAP ('from my experience), NDS or Sun
implementations seem to work nicely.
For microsoft active directory is quite a LDAP server, but you can't use
the referral paradigm
HTH
Jerome
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
Re: What LDAP servers does JNDI realm support? -
Posted by Equipment Lamp <la...@yahoo.com>.
Hi
Can youguys give some input on the following. I am using the following
Tomcat: 4.1.27-LE-jdk14
Apache: 2.0.47
Java : 1.4.2
Linux OS: 7.3
iPlanet LDAP Server
I am trying to configure LDAP authentication mechanism to my application.
1) In this regard i have downloaded the latest JNDI API and then copied the ldap.jar file to $CATALINA_HOME/server/lib directory.
2) The i have added the following entry to the server.xml file.
<Realm className="org.apache.catalina.realm.JNDIRealm"
connectionURL="ldap://ldap.mycompany.com:389"
userBase="ou=active,ou=employees,ou=people,o=mycompany.com"
userSearch="(uid={0})"
roleSearch="(uniqueMember={0})"
roleName="cn"
debug="99"
contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
/>
3) In my application "web.xml" file i have added the following
<security-constraint>
<web-resource-collection>
<web-resource-name>Nrt</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>CEC</realm-name>
</login-config>
But authentication is not working, any debug techniques or methods will be a great help.
Thanks
jerome moliere <jm...@nerim.net> wrote:
Davi Leal wrote:
>jerome moliere wrote:
>
>
>>> I am trying to authenticate my webapps via a JNDI Realm, which connects
>>>to Microsoft Site Server (LDAP).
>>>
>>>
>>:(
>>
>>
>
>
>
>>> As I am getting [LDAP: error code 2 - Protocol Error] (See below), I
>>>would like to know if that Micro$oft product is a certified LDAP server.
>>>
>>>
>>as fai as i Know, like any other microsoft product, partially... :)
>>
>>
>
>I have been told the LDAP protocol is no-100% a standard. That is to say, a
>lot of providers have realized different offers, which share only 90% of the
>specification (the core standard).
>
>Nowdays, it is said, the Netscape's one being the more recognised/compatible/
>standard.
>
>So, my question is now: What LDAP products does the JNDI Tomcat realm support?
>
>
No problem with OpenLDAP ('from my experience), NDS or Sun
implementations seem to work nicely.
For microsoft active directory is quite a LDAP server, but you can't use
the referral paradigm
HTH
Jerome
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
Re: What LDAP servers does JNDI realm support? -
Posted by jerome moliere <jm...@nerim.net>.
Davi Leal wrote:
>jerome moliere wrote:
>
>
>>> I am trying to authenticate my webapps via a JNDI Realm, which connects
>>>to Microsoft Site Server (LDAP).
>>>
>>>
>>:(
>>
>>
>
>
>
>>> As I am getting [LDAP: error code 2 - Protocol Error] (See below), I
>>>would like to know if that Micro$oft product is a certified LDAP server.
>>>
>>>
>>as fai as i Know, like any other microsoft product, partially... :)
>>
>>
>
>I have been told the LDAP protocol is no-100% a standard. That is to say, a
>lot of providers have realized different offers, which share only 90% of the
>specification (the core standard).
>
>Nowdays, it is said, the Netscape's one being the more recognised/compatible/
>standard.
>
>So, my question is now: What LDAP products does the JNDI Tomcat realm support?
>
>
No problem with OpenLDAP ('from my experience), NDS or Sun
implementations seem to work nicely.
For microsoft active directory is quite a LDAP server, but you can't use
the referral paradigm
HTH
Jerome
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
What LDAP servers does JNDI realm support? - (was: Re: JNDI: LDAP Protocol Error (Microsoft LDAP))
Posted by Davi Leal <da...@leals.com>.
jerome moliere wrote:
> > I am trying to authenticate my webapps via a JNDI Realm, which connects
> >to Microsoft Site Server (LDAP).
>
> :(
> > As I am getting [LDAP: error code 2 - Protocol Error] (See below), I
> >would like to know if that Micro$oft product is a certified LDAP server.
>
> as fai as i Know, like any other microsoft product, partially... :)
I have been told the LDAP protocol is no-100% a standard. That is to say, a
lot of providers have realized different offers, which share only 90% of the
specification (the core standard).
Nowdays, it is said, the Netscape's one being the more recognised/compatible/
standard.
So, my question is now: What LDAP products does the JNDI Tomcat realm support?
> >If it is not so, do you advise me any solution to manage autenticating
> >these webapps via JNDI-Microsoft Site Server?. Maybe develop a special
> >Realm?.
>
> humm I think you may investigate any other class used in your factory
> I think that the ContextFactory class is not the right one ...
> I think you use the one for the Netscape Directory Server
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: JNDI: LDAP Protocol Error (Microsoft LDAP)
Posted by jerome moliere <jm...@nerim.net>.
David Diaz wrote:
>Hi all,
>
>
hi david,
> I am trying to authenticate my webapps via a JNDI Realm, which connects
>to Microsoft Site Server (LDAP).
>
>
:(
> As I am getting [LDAP: error code 2 - Protocol Error] (See below), I
>would like to know if that Micro$oft product is a certified LDAP server.
>
as fai as i Know, like any other microsoft product, partially... :)
>If it is not so, do you advise me any solution to manage autenticating
>these webapps via JNDI-Microsoft Site Server?. Maybe develop a special
>Realm?.
>
>
>
humm I think you may investigate any other class used in your factory
I think that the ContextFactory class is not the right one ...
I think you use the one for the Netscape Directory Server
HTH
Jerome
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org