During user login to Tomcat with JNDIRealm authentication I receive following error in Catalina log:
26-Jun-2018 12:08:29.547 SEVERE [http-nio-8080-exec-7] org.apache.catalina.realm.JNDIRealm.authenticate Exception performing authentication javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090400, comment: AcceptSecurityContext error, data 52e, v1db1 ] at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3154) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3100)
I found that this means "wrong user/password" but there is no records in LDAP log relevant to this login. My server.xml:
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
connectionURL="ldap://me.com:389"
alternateURL="ldap://me.com:389"
connectionName="CN=user-ldap,OU=Services Accounts,DC=me,DC=com"
connectionPassword="removed"
userRoleName="member"
userBase="OU=Groups,DC=me,DC=com"
userPattern="cn={0},cn=Users,DC=me,DC=com"
roleBase="cn=Users,DC=me,DC=com"
roleName="cn"
roleSearch="(member={0})"
roleSubtree="false"
userSubtree="true"
/>