Hey,
Ok so my jsp site is using an ldap realm to authenticate users. This is working fine but one problem. The users in active directory are in diferrent Units. The arttribute userBase in the realm only works with one OU. Is there a way to have multiple userBases? Is there any have to make this work ?
Thanks.
Sure here's the realm.
<Realm className="com.myCompany.ldap.tomcat.TomcatLDAPRealm" debug="99"
connectionURL="ldap://ip"
connectionUsername="domain\account"
connectionPassword="password"
userBase="OU=Users,OU=city,DC=company,DC=net"
userDisplayNameAttribute="displayName"
userSearch="(sAMAccountName={0})"
userRoleName="memberOf"
RoleName="CN"
groupBase="OU=city,DC=company,DC=net"
groupNameAttribute="cn"
groupSearch="member={0}"
groupSearchDeep="true"
/>
If user exists in the user base it assigns the user all the roles in memberOf. The web.xml has the usual security stuff like login page and witch pages to restrict non authenticated users. Now the question was is there a way to have multiple userBases. In this one i have the city as an organizational Unit. If i have users in 2 city Units can the Realm look in both containers ?
Thanks for the help, sorry the original subject had a typo.
I am getting Following errors Please can anybody help me ?
Trying to Connect a Active directory
SEVERE: Exception performing authentication
javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece ]; remaining name 'cn=user,dc=mycompany,dc=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3025)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2931)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2737)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1808)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1731)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248)
at org.apache.catalina.realm.JNDIRealm.getUserBySearch(JNDIRealm.java:1054)
at org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:958)
at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:907)
at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:808)
at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:181)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:446)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
at java.lang.Thread.run(Thread.java:595)
You can also add:
roleSubtree="true"
to your realm and then it will search the current userBase and any OU's contained within them.
eg. setting your userBase to:
userBase="DC=company,DC=net"
would search through all cities.. this may search through other OUs which you do not want to check through however..
Jamie