tags:

views:

172

answers:

1
Q: 

Integrating AD with web application running on Tomcat

Hello all

Am trying to change my web application using AD for authentication. My application uses Tomcat 5.5.17. Currently it uses UserDatabaseRealm to authenticate users of the application. After reading many posts here, I used the following configuration in server.xml. (Since am just getting started, I didn't bother about roles).

But when I actually do try to login, i seem to get this error. (I used JXplorer to navigate through ActiveDirectory and hence I know that the URL works)

 javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece
    INFO   | jvm 1    | 2009/12/21 08:55:31 |   at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3045)
    INFO   | jvm 1    | 2009/12/21 08:55:31 |   at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2951)
    INFO   | jvm 1    | 2009/12/21 08:55:31 |   at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2758)
    INFO   | jvm 1    | 2009/12/21 08:55:31 |   at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1812)

Any ideas about where am getting it wrong?

Thanks K

A: 

Thanks for the response.

I figured out that the ldap server that I was connecting to requires a binding user name and password, which when supplied it worked

For people who need it, here is how my config looks

 <Realm className="org.apache.catalina.realm.CustomLdapUserRealm"
                    debug="99"
      userBase="ou=xx,ou=xx,ou=xx,DC=xx,DC=xx,DC=xx"
      userSearch="(sAMAccountName={0})"
                    connectionURL="ldap://xxx:389"
                    digest="MD5"
                    roleName="cn"
                    roleBase="ou=xx,ou=xx,ou=xx,DC=xx,DC=xx,DC=xx"
                    userRoleName="xx" 
                    />

In CustomLdapUserRelam, i supplied the binding user name and password. Also in my web.xml i had to give permission to the roles that I would receive from LDAP

KB  2009-12-23 18:04:54

related questions

Querying Active Directory with "SQL"?
Can I get more than 1000 records from a DirectorySearcher in Asp.Net?
How to get AD User Groups for user in Asp.Net?
Attempting to update a user's "connect to:" home directory path in AD using C#
Monitoring group membership in Active Directory more efficiently (C# .NET)
How do I speed up data retrieval from .NET AD within ColdFusion
How do you authenticate against an Active Directory server using Spring Security?
Managing large user databases for single-signon.
Move Active Directory Group to Another OU using Powershell
How to move SharePoint sites from one active directory domain to another?
When did I last talk to my Domain Server?
Using ActiveDirectoryMembershipProvider with two domain controllers
I am having trouble getting phpBB to authenticate with our Active Directory
How do I use ADAM to run unit tests?
COMException "Library not registered." while using System.DirectoryServices
Caching Active Directory Data
Windows / Active Directory - User / Groups
Get a list of available domains (NT4 and Active Directory)
How do I use NTLM authentication with Active Directory
I/O permission settings using .net installer
quoting System.DirectoryServices.ResultPropertyCollection
How do you impersonate an Active Directory user in Powershell?
Setting Group Type for new Active Directory Entry in VB.NET
Is there a way for MS Access to grab the current Active Directory user?
Checklist for IIS 6/ASP.NET Windows Authentication?