tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sandeep N <sandeep.sand...@gmail.com>
Subject Re: User Authentication Problem LDAP
Date Mon, 08 Nov 2004 04:44:32 GMT
Hi All,

I got my problem solved..The culprit was that I hadn't included the
attribute "digest" with value "SHA" (SHA because my LDAP directory is
storing the password in this format) in the <realm> directive in
server.xml. Also, I had to change <role-name>cn</role-name> to
<role-name>*</role-name> in web.xml. Now, the things seems to work
without any hassles.

Regards,
Sandeep


On Tue, 02 Nov 2004 12:19:13 +0100, Olivier Jolly
<olivier.jolly@pcedev.com> wrote:
> I'm not a specialist in this but it smells like you're saying that the
> role name are listedin the attribute 'cn' and that to access your site
> the connected user should have the role 'cn' hence if you do not have a
> user with it's cn=cn (attribute cn = value "cn"), it won't work. Maybe
> you could either enter real roles to your users in another attribute
> than cn and adapt your web.xml accordingly or suppress the
> auth-constraint on the role-name
> 
> Hope it helps
> 
> Olivier
> 
> 
> 
> Sandeep N wrote:
> 
> >Hi,
> >
> >I have a problem trying to authenticate users, whose details are
> >stored in the LDAP directory through Apache Tomcat. The details of the
> >software I am using are as follows :
> >
> >LDAP: OpenLDAP V 2.2.17
> >Web-Server: Apache-Tomcat V 4.1.30
> >OS: Suse - Linux
> >
> >The LDAP directory structure is somewhat like this -
> >dc=my-domain,dc=com
> >cn= Manager
> >   cn=person1
> >   cn=person2 and so on
> >
> >In the server.xml file (under APACHE-TOMCAT-DIR/conf/) I have included
> >he following piece of code  -
> >
> ><Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
> >connectionName="cn=Manager,dc=my-domain,dc=com"
> >connectionPassword="secret" connectionURL="ldap://localhost:389"
> >roleName="cn" roleSearch="(uniqueMember={0})"
> >userPassword="userPassword"
> >userPattern="cn={0},cn=Manager,dn=my-domain,dn=com" />
> >
> >The folder I have to authenticate is "param_test" and this resides
> >under "APACHE-TOMCAT-DIR/webapps".
> >
> >The web.xml file under the "param_test" folder contains the following
> >piece of code  -
> >..................................
> ><security-constraint>
> >    <web-resource-collection>
> >            <web-resource-name>test</web-resource-name>
> >            <url-pattern>/*</url-pattern>
> >    </web-resource-collection>
> >    <auth-constraint>
> >            <role-name>cn</role-name>
> >    </auth-constraint>
> ></security-constraint>
> >
> ><login-config>
> >    <auth-method>BASIC</auth-method>
> >    <realm-name>test</realm-name>
> ></login-config>
> >
> >..................................
> >
> >I have even copied the jndi.jar, ldap.jar files to
> >APACHE-TOMCAT-DIR/server/lib directory
> >
> >When I try to access the link, http://localhost:8089/param_test, it
> >prompts me for the username and password. When I type in these
> >parameters as per the entries in the LDAP directory, the pop-up
> >reappears and this goes on continously. If I cancel this pop-up, HTTP
> >error 401 is returned. Any guesses where I have gone wrong?
> >
> >Thanks in advance.
> >
> >Regards,
> >Sandeep
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> >For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
> >
> >
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
>

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message