JNDIRealm source code - 2003-10-11 - By Tim Funk
Back
http://jakarta.apache.org/site/cvsindex.html
JNDIRealm is jakarta-tomcat-catalina for tomcat5,
jakarta-tomcat-4 (See http://cat-4.ora-code.com).0/catalina/ for tomcat4
I recommend more exploration before accepting an error code2 as a valid
login. Its a kluge around the MS's ldap implementation and such a kluge
probably won't make it back into the source tree. I have seen problems with
respect to JNDIRealm and MS with respect to commas, or other weird characters
in the DN with respect to escaping. (I don't remember any more details, it is
to horrifing an experience to recall) There might also be a Bugzilla report
with respect to it.
-Tim
Davi Leal wrote:
> Hi,
>
> I am using tomcat 4.1.27, Java sdk-1 (See http://sdk-1.ora-code.com).4.1_02 and JNDIRealm to use the Micro
$oft
> Site Server service to authenticate our webapps.
>
> I get an "error code 2" exception (Protocol Error) only when the user and the
> password is right. That is to say, when an OK is expected. I am thinking
> about modify the JNDIRealm to support that Micro$oft returned 'code', instead
> of raising an exception. It looks easy :) . You can see below the appointed
> catalina log.
>
> Can you supply me any URL, CVS repository, or whatever which points me to the
> JNDI source code?.
>
> I have read the JNDI API I must use is the one included in Java sdk 1.4.2.
>
> Last question: Can we solve the 'M$ protocol' issue just using Tomcat 5.0?.
>
> Regards,
> Davi Leal
>
>
> Tim Funk wrote:
>
>>I have gotten JNDIRealm to work against iPlanet. I have heard others get it
>>working against:
>>- Active Directory (I personally had problems due to some IT policies)
>>- Novell
>>- OpenLDAP
>>
>>But in the worst case - the code is open for change so creating a custom
>>Realm should be simple if one understands JNDI programming. Which is what I
>>had to do with respect to ActiveDirectory and wacky business rules vs
>>domain setup.
>>
>>-Tim
>>
>>
>>David Diaz wrote:
>>
>>>Reference: http://www.weblogic.com/docs51/admindocs/ldap2.html#intro
>>>
>>> The WebLogic LDAP realm has been tested against the following LDAP
>>>servers:
>>> * OpenLDAP
>>> * iPlanet Directory Server
>>> * Microsoft Site Server
>>>
>>>I would like to get a similar Tomcat link to show to my boss.
>
>
>
>
>
>
> APPENDIX
> ========
>
>
>
> The catalina log
> -- ---- ---- ---
>
> 59 JNDIRealm[Standalone]: Connecting to URL ldap://host:1003
>
>
> * Testing with a no-existent user:
>
> 44 JNDIRealm[Standalone]: lookupUser(davi)
> 44 JNDIRealm[Standalone]: dn=cn=davi,ou=Members,o=tpi
> 44 JNDIRealm[Standalone]: validating credentials by binding as the user
> 44 JNDIRealm[Standalone]: binding as cn=davi,ou=Members,o=org
> 44 JNDIRealm[Standalone]: bind attempt failed
> 44 JNDIRealm[Standalone]: Autentificaci�n fallida para el usuario davi
>
>
> * Testing with an user which is right, but using a worng password:
>
> 36 JNDIRealm[Standalone]: lookupUser(ph32796)
> 36 JNDIRealm[Standalone]: dn=cn=ph32796,ou=Members,o=org
> 36 JNDIRealm[Standalone]: validating credentials by binding as the user
> 36 JNDIRealm[Standalone]: binding as cn=ph32796,ou=Members,o=org
> 36 JNDIRealm[Standalone]: bind attempt failed
> 36 JNDIRealm[Standalone]: Autentificaci�n fallida para el usuario ph32796
>
>
> * Testing with both user and password right:
>
> 09 JNDIRealm[Standalone]: lookupUser(phe2796)
> 09 JNDIRealm[Standalone]: dn=cn=phe2796,ou=Members,o=org
> 09 JNDIRealm[Standalone]: validating credentials by binding as the user
> 09 JNDIRealm[Standalone]: binding as cn=phe2796,ou=Members,o=org
> 09 JNDIRealm[Standalone]: Excepci�n al realizar la autentificaci�n
> javax.naming.CommunicationException  : [LDAP: error code 2 - Protocol Error];
> remaining name ''
> at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2965)
> ...
> 09 JNDIRealm[Standalone]: Closing directory context
>
>
>
>
> The realm we are using in server.xml
> -- ---- ---- ---- ---- ---- ---- ---
>
> <Realm className="org.apache.catalina.realm.JNDIRealm " debug="99"
> connectionName="cn=PHE2796,ou=Members,o=org"
> connectionPassword="****"
> connectionURL="ldap://host:1003"
> userPattern="cn={0},ou=Members,o=org"
> userSubtree="true"
> roleBase="ou=UserCFuncional,ou=CFuncional,ou=Groups,o=org"
> roleName="cn"
> roleSearch="(uniqueMember={0})"
> />
>
>
-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)
|
|
