Hello,

I have a script which checks for the existence of an email address in my LDAP directory.

the relevant line is:

ldapsearch -D "uid=nss,dc=bah,dc=com" -w mypassword -b "ou=People,dc=blah,dc=com" uid=bobthebuilder mail

If I run this script as the root or tomcat user it works as expected and returns the mail attribute.

If this script is called from Apache Tomcat webapp (running as the tomcat user). I receive the following errors in my slapd.log file:

Jan 29 13:59:29 bl1 slapd[3783]: conn=247839 fd=26 ACCEPT from IP=131.1.2.3:50230 (IP=0.0.0.0:389) Jan 29 13:59:29 bl1 slapd[3783]: conn=247839 op=0 SRCH base="" scope=0 deref=0 filter="(objectClass=*)" Jan 29 13:59:29 bl1 slapd[3783]: conn=247839 op=0 SRCH attr=supportedSASLMechanisms Jan 29 13:59:29 bl1 slapd[3783]: conn=247839 op=0 SEARCH RESULT tag=101 err=0 nentries=1 text= Jan 29 13:59:29 bl1 slapd[3783]: conn=247839 op=1 BIND dn="uid=nss,dc=bah,dc=com" method=163 Jan 29 13:59:29 bl1 slapd[3783]: conn=247839 op=1 RESULT tag=97 err=14 text=SASL(0): successful result: security flags do not match required Jan 29 13:59:29 bl1 slapd[3783]: conn=247839 op=2 BIND dn="uid=nss,dc=bah,dc=com" method=163 Jan 29 13:59:29 bl1 slapd[3783]: SASL [conn=247839] Failure: no secret in database Jan 29 13:59:29 bl1 slapd[3783]: conn=247839 op=2 RESULT tag=97 err=49 text=SASL(-13): user not found: no secret in database Jan 29 13:59:29 bl1 slapd[3783]: conn=247839 fd=26 closed (connection lost)

I don't understand why the ldapsearch is searching for attr=supportedSASLMechanisms when invoked from within a Tomcat Webapp, but works fine when invoked from a c shell.

Any ideas?

Your help is greatly appreciated.

Scott