*
The moose likes Servlets and the fly likes Brainstorming: authentication problems Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Brainstorming: authentication problems" Watch "Brainstorming: authentication problems" New topic
Author

Brainstorming: authentication problems

David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

I'd appreciate any comments on what could be causing the following authentication problem. I'm still trying to rule out 'user error'.

But first the configuration...
Using form-based authentication configured against the client's LDAP server (active directory, I believe). Running locally and authenticating against their LDAP server it works, running on their server it fails silently.

My system
WinXP SP2, Tomcat 5.5.9, JDK 1.4.2_08, VPN to client's LDAP server

Their system:
SunOS 5.9, Tomcat 5.5.9, JDK 1.4.1_06.

Both systems have the same ldap.jar ad jndi.jar files in the common/lib directories and have the same Realm settings in the conf/server.xml file. The same WAR is deployed on both.

Realm setting:


It is not a connection to the LDAP server, Tomcat reports an error on startup if this is wrong.
It is not a role problem, we get a failed login, not a security (403) problem.

Also note that we only have extremely limitted access to the UAT environment. If you assumed we can only 'deploy' you wouldn't be far off (we can telnet in but cannot install any software etc). I can run LDAP browsers locally and connect and run the LDAP searches as specied above.

Any takers please?
Daniel Rhoades
Ranch Hand

Joined: Jun 30, 2004
Posts: 186
I'd create a local LDAP server, then test against that - at least then you'd definately know where to look next - i.e. the customer's LDAP install or mis-configured VPN tunnel.

You could also try sniffing the LDAP communication to see if it's getting mangeled.

Hope that helps


Drinking more tea is the key...
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

We can connect from our local environment to their LDAP server and it works fine, connecting from their own server to LDAP fails silently.

But you're right, we did set up our own local LDAP as well.
Daniel Rhoades
Ranch Hand

Joined: Jun 30, 2004
Posts: 186
If you have a telnet connection to the customer's tomcat server, then can you make a telnet connection on that server to the LDAP server - then do a query...
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

You've got to be joking. I found the solution and I'm not impressed.

Note that the following does not work:


While this does work:



Let life be a lesson to you :roll:
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Brainstorming: authentication problems
 
Similar Threads
Tomcat Authentication with Directory Server Roles
ldap authentication. JNDIRealm
How to configure Tomcat for authentication against Active Directory of Windows Server 2003
WLS6.1 - Configuring realm for openLdap
Tomcat & MS Active Directory