tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Olivier Jolly <>
Subject Re: User Authentication Problem LDAP
Date Tue, 02 Nov 2004 11:19:13 GMT
I'm not a specialist in this but it smells like you're saying that the 
role name are listedin the attribute 'cn' and that to access your site 
the connected user should have the role 'cn' hence if you do not have a 
user with it's cn=cn (attribute cn = value "cn"), it won't work. Maybe 
you could either enter real roles to your users in another attribute 
than cn and adapt your web.xml accordingly or suppress the 
auth-constraint on the role-name

Hope it helps


Sandeep N wrote:

>I have a problem trying to authenticate users, whose details are
>stored in the LDAP directory through Apache Tomcat. The details of the
>software I am using are as follows :
>LDAP: OpenLDAP V 2.2.17
>Web-Server: Apache-Tomcat V 4.1.30
>OS: Suse - Linux
>The LDAP directory structure is somewhat like this -
>cn= Manager
>   cn=person1
>   cn=person2 and so on
>In the server.xml file (under APACHE-TOMCAT-DIR/conf/) I have included
>he following piece of code  -
><Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
>connectionPassword="secret" connectionURL="ldap://localhost:389"
>roleName="cn" roleSearch="(uniqueMember={0})"
>userPattern="cn={0},cn=Manager,dn=my-domain,dn=com" />
>The folder I have to authenticate is "param_test" and this resides
>under "APACHE-TOMCAT-DIR/webapps".
>The web.xml file under the "param_test" folder contains the following
>piece of code  -
>    <web-resource-collection>
>            <web-resource-name>test</web-resource-name>
>            <url-pattern>/*</url-pattern>
>    </web-resource-collection>
>    <auth-constraint>
>            <role-name>cn</role-name>
>    </auth-constraint>
>    <auth-method>BASIC</auth-method>
>    <realm-name>test</realm-name>
>I have even copied the jndi.jar, ldap.jar files to
>APACHE-TOMCAT-DIR/server/lib directory
>When I try to access the link, http://localhost:8089/param_test, it
>prompts me for the username and password. When I type in these
>parameters as per the entries in the LDAP directory, the pop-up
>reappears and this goes on continously. If I cancel this pop-up, HTTP
>error 401 is returned. Any guesses where I have gone wrong?
>Thanks in advance.
>To unsubscribe, e-mail:
>For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message