sjsws 7.0U1 vs. LDAP auth with Active Directory
Hello,
I have been trying to get Active Directory LDAP authentication to work with the web server, but no luck. (ADMIN3132: Error while communicating to the LDAP server)
I have read Jyris blog and did what was described there, still nothing. I made a TCP dump of what was going on, and it has shown that the search filter attribute that redefined "uid" to "sAMAccountName" was being ignored altogether, the search went for UID. Same situation when I tried to search for the users/groups from the ACE administration tool. Ldapsearch works for sAMAccountName with the identity I am using for the web servers LDAP access.
The web server is a fresh install on Solaris 10 x86 current (yesterdays patchlevel). The web server was installed in a zone, I thought that might have had something to do with the error so today I installed in global, and tried there - results are the same.
I would be thankful if someone could give me a tip on how to proceed, I am beginning to get frustrated by this stuff. :-) Why isn't the search attribute being redefined? It is set right in the server.xml and deployed correctly. As far as I can see the bind is also successful, only the filter I need is not being used.
Before the question even arises - yes, I have been a good boy and read the relevant posts in the forum and have seen Jyris blog.
Here is the server.xml section:
<auth-db>
<name>qwe</name>
<url>ldap://10.1.1.10:389/dc%3ddomain,dc%3dhu</url>
<property>
<name>binddn</name>
<value>domain\jtoth</value>
</property>
<property>
<name>digestauthstate</name>
<value>false</value>
</property>
<property>
<name>search-filter</name>
<value>samaccountname</value>
</property>
<property>
<name>bindpw</name>
<value>XXXXXXXXXXXX</value>
<encoded>true</encoded>
</property>
</auth-db>
