You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Richard Pearson <Ri...@kcom.com> on 2002/09/10 10:42:45 UTC

Cant get tomcat 4.1.10 to retirve groups from ADS

Hello,
I am having problems getting tomcat 4.1.10 (and previous versions) to
correctly use the JNDI realm with microsoft ADS.
Tomcat will logon the user but does not find any roles so permission to
access the web pages is denied.

Here is the section from the web.xml file.
		
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="3"
connectionURL="ldap://mainserv:389"
roleBase="ou=webgroups,dc=DEV2000"
roleName="CN"
roleSearch="(member={0})"
userPattern="cn={0},cn=Users,dc=DEV2000"/>

I am authenticating as the user because ADS does not return passwords.
Entering a directly in a third party tool works correctly.
I  have developed my own code to read users from ADS that works with the
above settings.
I have compared my code with tomcat source and can not see any major
differences.
The debug shows that tomcat is making the correct queries.

2002-09-09 13:58:56 JNDIRealm[Standalone]:   dn=cn=user1,cn=Users,dc=DEV2000
2002-09-09 13:58:56 JNDIRealm[Standalone]:   validating credentials by
binding as the user
2002-09-09 13:58:56 JNDIRealm[Standalone]:   binding as
cn=user1,cn=Users,dc=DEV2000
2002-09-09 13:58:56 JNDIRealm[Standalone]: Username user1 successfully
authenticated
2002-09-09 13:58:56 JNDIRealm[Standalone]:
getRoles(cn=user1,cn=Users,dc=DEV2000)
2002-09-09 13:58:56 JNDIRealm[Standalone]:   Searching role base
'ou=webgroups,dc=DEV2000' for attribute 'CN'
2002-09-09 13:58:56 JNDIRealm[Standalone]:   With filter expression
'(member=cn=user1,cn=Users,dc=DEV2000)'
2002-09-09 13:58:56 JNDIRealm[Standalone]:   Returning 0 roles
2002-09-09 13:58:56 JNDIRealm[Standalone]: Username user1 does NOT have role
WebUsers

Any help would be greatfully recieved. I have to make this work so my only
option left
is to start modifying tomcat with additional debug information to try and
work out why it is not working.
Thanks
Richard Pearson

Richard Pearson
Software Engineer

Kingston inbusiness
Nashleigh Court
188 Severalls Ave
Chesham
Bucks HP5 3EN

Richard.Pearson@kcom.com

Tel: 01494 606060

Fax: 01494 601601





--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Difference between ajp13 and ajp14

Posted by Marc <mv...@telemako.com>.

Hi everybody!!!

What is the difference between ajp13 and ajp14? is ajp14 an improve over ajp13?
Wich do u think is the best (performance, estability, ...) for connecting
tomcat4.1.10 to apache1.3.26??

Thank u all!!!

Marc


--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>