You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by David Owens <Da...@ngt.com> on 2005/03/21 18:41:14 UTC

LDAP/JNDI Realm Tomcat 5.0 vs 5.5

I am doing some investigation into upgrading from our Tomcat 5.0.x
servers to Tomcat 5.5.x and I am

trying to get everything working.  In the old tomcat 5.0.x I was able to
create a realm which authenticated

against our ADS server.  However, I cannot get it to work in Tomcat
5.5.7.  

 

The only thing I have changed besides the version of tomcat is the
location of the file containing the

realm information. Originally I had put it in as
$CATALINA_HOME/conf/Catalina/localhost/myapp.xml

but for Tomcat 5.5 I have put the realm information in
webapps/myapp/META-INF/context.xml. 

My understanding is that the location/name of the context information
should not change how the

realm works, but I thought it worth mentioning.

 

Here is the realm definition I used for both Tomcat 5.0.27 and Tomcat
5.5.7

 

<Context ...>

            <Realm className="org.apache.catalina.realm.JNDIRealm"

                        debug="1"

                        connectionURL="ldap://test.testtrust.com:389"

                        alternateURL="ldap://192.168.0.10:389"

                        connectionName="CN=ADSAdmin,OU=Service
Accounts,DC=testtrust,DC=com"

                        connectionPassword="secretpassword"

 
contextFactory="com.sun.jndi.ldap.LdapCtxFactory"

                        authentication="simple"

                        referrals="follow"

                        userBase="OU=People,DC=testtrust,DC=com"

                        userRoleName="memberOf"

                        userSubtree="true"

                        userSearch="(samaccountname={0})"

                        roleBase="OU=Groups,DC=testtrust,DC=com"

                        roleName="cn"

                        roleSearch="(member={0})"

                        roleSubtree="true"

            />

        .

        .

        .

</Context>

 

The error I get when deploying the app is:

SEVERE: Error deploying web application archive myapp.war

java.lang.IllegalStateException: ContainerBase.addChild: start:

LifecycleException:  Exception opening directory server connection:
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308:
LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 52e,
v893 ]

        at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.ja
va:763)

      .

      .

      .

 

My understanding is that it is picking up my realm information, and
trying to use it,

but his error means it is not properly authenticating.

 

So my question is, why did this exact realm setup work under Tomcat
5.0.x and not 5.5.x?

 

 

Any help would be greatly appreciated!

 

Thanks in advance,

 

Dave