Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Brainstorming: authentication problems

 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'd appreciate any comments on what could be causing the following authentication problem. I'm still trying to rule out 'user error'.

But first the configuration...
Using form-based authentication configured against the client's LDAP server (active directory, I believe). Running locally and authenticating against their LDAP server it works, running on their server it fails silently.

My system
WinXP SP2, Tomcat 5.5.9, JDK 1.4.2_08, VPN to client's LDAP server

Their system:
SunOS 5.9, Tomcat 5.5.9, JDK 1.4.1_06.

Both systems have the same ldap.jar ad jndi.jar files in the common/lib directories and have the same Realm settings in the conf/server.xml file. The same WAR is deployed on both.

Realm setting:


It is not a connection to the LDAP server, Tomcat reports an error on startup if this is wrong.
It is not a role problem, we get a failed login, not a security (403) problem.

Also note that we only have extremely limitted access to the UAT environment. If you assumed we can only 'deploy' you wouldn't be far off (we can telnet in but cannot install any software etc). I can run LDAP browsers locally and connect and run the LDAP searches as specied above.

Any takers please?
 
Daniel Rhoades
Ranch Hand
Posts: 186
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'd create a local LDAP server, then test against that - at least then you'd definately know where to look next - i.e. the customer's LDAP install or mis-configured VPN tunnel.

You could also try sniffing the LDAP communication to see if it's getting mangeled.

Hope that helps
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
We can connect from our local environment to their LDAP server and it works fine, connecting from their own server to LDAP fails silently.

But you're right, we did set up our own local LDAP as well.
 
Daniel Rhoades
Ranch Hand
Posts: 186
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you have a telnet connection to the customer's tomcat server, then can you make a telnet connection on that server to the LDAP server - then do a query...
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You've got to be joking. I found the solution and I'm not impressed.

Note that the following does not work:


While this does work:



Let life be a lesson to you :roll:
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic