https://bz.apache.org/bugzilla/show_bug.cgi?id=63026
--- Comment #2 from Michael Osipov <micha...@apache.org> ---
(In reply to Dave Anuszewski from comment #0)
> Using JNDIRealm to authenticate users against Microsoft Active Directory
> fails if the AD user object has 2 trailing spaces in it's cn. Realm is
> configured with adCompat="true" and userSearch="(sAMAccountName={0})".
>
> Debugging through the code the getUserBySearch() method ldap search returns
> a result with only the last space escaped, but the method
> getDistinquishedName() returns a dn with both spaces escaped. In this
> scenario the bindAsUser() method will return false resulting in an
> authentication failure. If I modify the dn returned from
> getDistinquishedName() to only escape the last space in the cn the
> bindAsUser() method will return true and the authentication will be
> successful.
Out of curiousity, why do you plague your users with username and password
where you could use SPNEGO?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
