Hi
We use
tomcat 5.0.25 and want to authentication against MS Acitve Directory. In the server.xml we put the realm entry
Realm className="org.apache.catalina.realm.JNDIRealm"
debug="99"
connectionURL="ldap://serv200.wwk-group.com:389"
connectionName="CN=LDAPUser,OU=LDAP Authentifizierung,OU=Administration,DC=WWK-GROUP,DC=COM"
connectionPassword="password"
authentication="simple"
referrals="follow"
userBase="OU=WWK-ZD,DC=wwk-group,DC=com"
userSubtree="true"
userSearch="sAMAccountName={0}"
roleSubtree="true"
It look like that we can connect against MS AD. But when we want to use the tomcat manager we got an error 403 Access to the requested resource has been denied. In the log file we have follow entry:
2005-01-13 09:35:18 JNDIRealm[Catalina]: Connecting to URL
ldap://serv200.wwk-group.com:389 2005-01-13 09:35:44 JNDIRealm[Catalina]: Searching for Oliver.Baum
2005-01-13 09:35:44 JNDIRealm[Catalina]: base: OU=WWK-ZD,DC=wwk-group,DC=com filter: sAMAccountName=Oliver.Baum
2005-01-13 09:35:44 JNDIRealm[Catalina]: entry found for Oliver.Baum with dn CN=BAUM\, OLIVER,OU=2870-IT-BETRIEB SYSTEMPLANUNG,OU=0524-IT-SERVICE QUALITAET,OU=0520-IT-BEREICH,OU=0400-VORSTANDSRESSORT4,OU=WWK-ZD,DC=wwk-group,DC=com
2005-01-13 09:35:44 JNDIRealm[Catalina]: validating credentials by binding as the user
2005-01-13 09:35:44 JNDIRealm[Catalina]: binding as CN=BAUM\, OLIVER,OU=2870-IT-BETRIEB SYSTEMPLANUNG,OU=0524-IT-SERVICE QUALITAET,OU=0520-IT-BEREICH,OU=0400-VORSTANDSRESSORT4,OU=WWK-ZD,DC=wwk-group,DC=com
2005-01-13 09:35:44 JNDIRealm[Catalina]: Username Oliver.Baum successfully authenticated
2005-01-13 09:35:44 JNDIRealm[Catalina]: getRoles(CN=BAUM\, OLIVER,OU=2870-IT-BETRIEB SYSTEMPLANUNG,OU=0524-IT-SERVICE QUALITAET,OU=0520-IT-BEREICH,OU=0400-VORSTANDSRESSORT4,OU=WWK-ZD,DC=wwk-group,DC=com)
Can somebody help me?
Thanks
Olly