You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Bradley M. Handy" <br...@williamstonfmc.org> on 2003/06/06 17:28:50 UTC
ActiveDirectory not following referrals when using JNDIRealm
I'm using Tomcat 4.1.24 (win32) and I have my JNDIRealm configured like so:
<Realm className="org.apache.catalina.realm.JNDIRealm"
debug="5"
referrals="follow"
connectionURL="ldap://vader.arbor.edu"
alternateURL="ldap://bsod.arbor.edu"
userBase="dc=arbor,dc=edu"
userSearch="(&(objectClass=user) (cn={0}))"
roleBase="dc=arbor,dc=edu"
roleName="cn"
roleSearch="(&(objectClass=group) (member={0}))"
connectionName="< distinguished name >"
connectionPassword="< password >"
roleSubtree="true"
userSubtree="true" />
And I'm getting the following PartialResultException:
2003-06-06 10:25:12 JNDIRealm[Standalone]: Exception performing authentication
javax.naming.PartialResultException. Root exception is
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308:
LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 532, v893·]
at com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:74)
at
com.sun.jndi.ldap.LdapReferralException.getReferralContext(LdapReferralException.java:132)
at
com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreReferrals(LdapNamingEnumeration.java:334)
at
com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:207)
at
com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(LdapNamingEnumeration.java:170)
at org.apache.catalina.realm.JNDIRealm.getUserBySearch(JNDIRealm.java:1036)
at org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:913)
at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:862)
at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:788)
at
org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:161)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:526)
at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2415)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at
org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:171)
at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172)
at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:509)
at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at
org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:376)
at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:223)
at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:261)
at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:360)
at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:604)
at
org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:562)
at org.apache.jk.common.SocketConnection.runIt(ChannelSocket.java:679)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:619)
at java.lang.Thread.run(Thread.java:536)
Can anyone tell where I'm going wrong? This configuration works fine in
4.1.18, but not in 4.1.24. (It works in 4.1.18, because I implemented the
patch that I submitted to Tomcat for the alternateURL stuff.)
Brad Handy
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: ActiveDirectory not following referrals when using
JNDIRealm
Posted by "Bradley M. Handy" <br...@williamstonfmc.org>.
I figured it out. The credentials I was using the creation of the
InitialDirContext didn't have enough permissions (for some weird
reason). I got it to work when I used a different account.
Brad Handy
At 11:28 AM 6/6/2003, you wrote:
>I'm using Tomcat 4.1.24 (win32) and I have my JNDIRealm configured like so:
>
><Realm className="org.apache.catalina.realm.JNDIRealm"
> debug="5"
> referrals="follow"
> connectionURL="ldap://vader.arbor.edu"
> alternateURL="ldap://bsod.arbor.edu"
> userBase="dc=arbor,dc=edu"
> userSearch="(&(objectClass=user) (cn={0}))"
> roleBase="dc=arbor,dc=edu"
> roleName="cn"
> roleSearch="(&(objectClass=group) (member={0}))"
> connectionName="< distinguished name >"
> connectionPassword="< password >"
> roleSubtree="true"
> userSubtree="true" />
>
>And I'm getting the following PartialResultException:
>
>2003-06-06 10:25:12 JNDIRealm[Standalone]: Exception performing authentication
>javax.naming.PartialResultException. Root exception is
>javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308:
>LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 532, v893·]
> at
> com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:74)
> at
> com.sun.jndi.ldap.LdapReferralException.getReferralContext(LdapReferralException.java:132)
> at
> com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreReferrals(LdapNamingEnumeration.java:334)
> at
> com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:207)
> at
> com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(LdapNamingEnumeration.java:170)
> at
> org.apache.catalina.realm.JNDIRealm.getUserBySearch(JNDIRealm.java:1036)
> at org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:913)
> at
> org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:862)
> at
> org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:788)
> at
> org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:161)
> at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:526)
> at
> org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
> at
> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
> at
> org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
> at
> org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2415)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
> at
> org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
> at
> org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:171)
> at
> org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172)
> at
> org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
> at
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:509)
> at
> org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
> at
> org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:376)
> at
> org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
> at
> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
> at
> org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
> at
> org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
> at
> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
> at
> org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
> at
> org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:223)
> at
> org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:261)
> at
> org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:360)
> at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:604)
> at
> org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:562)
> at
> org.apache.jk.common.SocketConnection.runIt(ChannelSocket.java:679)
> at
> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:619)
> at java.lang.Thread.run(Thread.java:536)
>
>Can anyone tell where I'm going wrong? This configuration works fine in
>4.1.18, but not in 4.1.24. (It works in 4.1.18, because I implemented the
>patch that I submitted to Tomcat for the alternateURL stuff.)
>
>Brad Handy
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org