There is the old post in the mailing lists about this problem but the issue is still confirmed. https://www.mail-archive.com/users@tomcat.apache.org/msg07977.html When a user in LDAP realm (MS Active Directory in my case and openldap in the case described in the mailing archive) has the pound sign in the password, the basic authentication does not work. Removing the pound sign from the password resolves the issue.
Can you confirm that you can successfully authenticate with OpenLDAP using some other utility e.g. ldapsearch? I'm wondering if this is a Tomcat issue or an OpenLDAP issue. If you enable logging (hmm not sure if we log the password at TRACE level), can you confirm that Tomcat has the password without being garbled by the browser/web server/request encoding in some way?
You need to provide configuration and steps to reproduce this issue, and exact version number of Tomcat where this issue is observed. Overall, this sounds like either a configuration issue, and configuration issues are to be discussed on the Tomcat Users' mailing list, not here. Note that the BASIC authentication is limited to ISO-8859-1 charset by default. Testing with Apache Tomcat 9.0.65, I can successfully log in into the manager web application using the pound character as a password, if I reconfigure the BasicAuthenticator in that web application to use UTF-8. It can be done by inserting the following line <Valve className="org.apache.catalina.authenticator.BasicAuthenticator" charset="UTF-8" /> into the webapps/manager/META-INF/context.xml file. For reference, see https://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#Basic_Authenticator_Valve I wonder whether better documentation may be needed somewhere.
(In reply to Konstantin Kolinko from comment #2) > <Valve className="org.apache.catalina.authenticator.BasicAuthenticator" > charset="UTF-8" /> > > [...] > > I wonder whether better documentation may be needed somewhere. I think this should be added to the FAQ "How do I just use UTF-8 everywhere" because I'm sure it's not in there, and it's an important edge-case.
Tested with Windows Server 2019 based domain. BASIC auth works for user with password that includes '£'. The users mailing list is the place to seek further help if required.