You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by David Owens <Da...@ngt.com> on 2005/03/21 18:41:14 UTC
LDAP/JNDI Realm Tomcat 5.0 vs 5.5
I am doing some investigation into upgrading from our Tomcat 5.0.x
servers to Tomcat 5.5.x and I am
trying to get everything working. In the old tomcat 5.0.x I was able to
create a realm which authenticated
against our ADS server. However, I cannot get it to work in Tomcat
5.5.7.
The only thing I have changed besides the version of tomcat is the
location of the file containing the
realm information. Originally I had put it in as
$CATALINA_HOME/conf/Catalina/localhost/myapp.xml
but for Tomcat 5.5 I have put the realm information in
webapps/myapp/META-INF/context.xml.
My understanding is that the location/name of the context information
should not change how the
realm works, but I thought it worth mentioning.
Here is the realm definition I used for both Tomcat 5.0.27 and Tomcat
5.5.7
<Context ...>
<Realm className="org.apache.catalina.realm.JNDIRealm"
debug="1"
connectionURL="ldap://test.testtrust.com:389"
alternateURL="ldap://192.168.0.10:389"
connectionName="CN=ADSAdmin,OU=Service
Accounts,DC=testtrust,DC=com"
connectionPassword="secretpassword"
contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
authentication="simple"
referrals="follow"
userBase="OU=People,DC=testtrust,DC=com"
userRoleName="memberOf"
userSubtree="true"
userSearch="(samaccountname={0})"
roleBase="OU=Groups,DC=testtrust,DC=com"
roleName="cn"
roleSearch="(member={0})"
roleSubtree="true"
/>
.
.
.
</Context>
The error I get when deploying the app is:
SEVERE: Error deploying web application archive myapp.war
java.lang.IllegalStateException: ContainerBase.addChild: start:
LifecycleException: Exception opening directory server connection:
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308:
LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 52e,
v893 ]
at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.ja
va:763)
.
.
.
My understanding is that it is picking up my realm information, and
trying to use it,
but his error means it is not properly authenticating.
So my question is, why did this exact realm setup work under Tomcat
5.0.x and not 5.5.x?
Any help would be greatly appreciated!
Thanks in advance,
Dave