I'd appreciate any comments on what could be causing the following authentication problem. I'm still trying to rule out 'user error'.
But first the configuration... Using form-based authentication configured against the client's LDAP server (active directory, I believe). Running locally and authenticating against their LDAP server it works, running on their server it fails silently.
My system WinXP SP2, Tomcat 5.5.9, JDK 1.4.2_08, VPN to client's LDAP server
Their system: SunOS 5.9, Tomcat 5.5.9, JDK 1.4.1_06.
Both systems have the same ldap.jar ad jndi.jar files in the common/lib directories and have the same Realm settings in the conf/server.xml file. The same WAR is deployed on both.
Realm setting:
It is not a connection to the LDAP server, Tomcat reports an error on startup if this is wrong. It is not a role problem, we get a failed login, not a security (403) problem.
Also note that we only have extremely limitted access to the UAT environment. If you assumed we can only 'deploy' you wouldn't be far off (we can telnet in but cannot install any software etc). I can run LDAP browsers locally and connect and run the LDAP searches as specied above.
I'd create a local LDAP server, then test against that - at least then you'd definately know where to look next - i.e. the customer's LDAP install or mis-configured VPN tunnel.
You could also try sniffing the LDAP communication to see if it's getting mangeled.
We can connect from our local environment to their LDAP server and it works fine, connecting from their own server to LDAP fails silently.
But you're right, we did set up our own local LDAP as well.
Daniel Rhoades
Ranch Hand
Joined: Jun 30, 2004
Posts: 186
posted
0
If you have a telnet connection to the customer's tomcat server, then can you make a telnet connection on that server to the LDAP server - then do a query...
0
