Am trying to change my web application using AD for authentication. My application uses Tomcat 5.5.17. Currently it uses UserDatabaseRealm to authenticate users of the application. After reading many posts here, I used the following configuration in server.xml. (Since am just getting started, I didn't bother about roles).

But when I actually do try to login, i seem to get this error. (I used JXplorer to navigate through ActiveDirectory and hence I know that the URL works)

 javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece
    INFO   | jvm 1    | 2009/12/21 08:55:31 |   at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3045)
    INFO   | jvm 1    | 2009/12/21 08:55:31 |   at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2951)
    INFO   | jvm 1    | 2009/12/21 08:55:31 |   at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2758)
    INFO   | jvm 1    | 2009/12/21 08:55:31 |   at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1812)

Any ideas about where am getting it wrong?

Thanks K

Thanks for the response.

I figured out that the ldap server that I was connecting to requires a binding user name and password, which when supplied it worked

For people who need it, here is how my config looks

 <Realm className="org.apache.catalina.realm.CustomLdapUserRealm"
                    debug="99"
            userBase="ou=xx,ou=xx,ou=xx,DC=xx,DC=xx,DC=xx"
            userSearch="(sAMAccountName={0})"
                    connectionURL="ldap://xxx:389"
                    digest="MD5"
                    roleName="cn"
                    roleBase="ou=xx,ou=xx,ou=xx,DC=xx,DC=xx,DC=xx"
                    userRoleName="xx" 
                    />

In CustomLdapUserRelam, i supplied the binding user name and password. Also in my web.xml i had to give permission to the roles that I would receive from LDAP