Tomcat JNDIRealm authenticate Exception

0
votes

During user login to Tomcat with JNDIRealm authentication I receive following error in Catalina log:

26-Jun-2018 12:08:29.547 SEVERE [http-nio-8080-exec-7] org.apache.catalina.realm.JNDIRealm.authenticate Exception performing authentication javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090400, comment: AcceptSecurityContext error, data 52e, v1db1 ] at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3154) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3100)

I found that this means "wrong user/password" but there is no records in LDAP log relevant to this login. My server.xml:

<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
    connectionURL="ldap://me.com:389"
    alternateURL="ldap://me.com:389" 
    connectionName="CN=user-ldap,OU=Services Accounts,DC=me,DC=com"
    connectionPassword="removed"                     
    userRoleName="member"
    userBase="OU=Groups,DC=me,DC=com"
    userPattern="cn={0},cn=Users,DC=me,DC=com"
    roleBase="cn=Users,DC=me,DC=com"
    roleName="cn"
    roleSearch="(member={0})"
    roleSubtree="false"
    userSubtree="true" 
/>
1
authenticationtomcatldapjndi
What would you like to happen? What is in the logs?jwilleke
Now a user does not pass authentication - the system returns him to the login window. The Catalina log is in beginning of the question (with LDAP error)BT3

1 Answers

0
votes

LDAP: error code 49 is very clear and data 52e implies Returns when username is valid but password/credential is invalid (And this is Microsoft Active Directory)

So this says you have the correct user, but the is wrong.