tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Shapira, Yoav" <Yoav.Shap...@mpi.com>
Subject RE: User Authentication Problem LDAP
Date Mon, 08 Nov 2004 13:21:00 GMT

Hi,
Thank you for posting your findings.  These are very helpful to people
searching the archives.

Yoav Shapira http://www.yoavshapira.com
 

>-----Original Message-----
>From: Sandeep N [mailto:sandeep.sandeep@gmail.com]
>Sent: Sunday, November 07, 2004 11:45 PM
>To: Tomcat Users List
>Subject: Re: User Authentication Problem LDAP
>
>Hi All,
>
>I got my problem solved..The culprit was that I hadn't included the
>attribute "digest" with value "SHA" (SHA because my LDAP directory is
>storing the password in this format) in the <realm> directive in
>server.xml. Also, I had to change <role-name>cn</role-name> to
><role-name>*</role-name> in web.xml. Now, the things seems to work
>without any hassles.
>
>Regards,
>Sandeep
>
>
>On Tue, 02 Nov 2004 12:19:13 +0100, Olivier Jolly
><olivier.jolly@pcedev.com> wrote:
>> I'm not a specialist in this but it smells like you're saying that
the
>> role name are listedin the attribute 'cn' and that to access your
site
>> the connected user should have the role 'cn' hence if you do not have
a
>> user with it's cn=cn (attribute cn = value "cn"), it won't work.
Maybe
>> you could either enter real roles to your users in another attribute
>> than cn and adapt your web.xml accordingly or suppress the
>> auth-constraint on the role-name
>>
>> Hope it helps
>>
>> Olivier
>>
>>
>>
>> Sandeep N wrote:
>>
>> >Hi,
>> >
>> >I have a problem trying to authenticate users, whose details are
>> >stored in the LDAP directory through Apache Tomcat. The details of
the
>> >software I am using are as follows :
>> >
>> >LDAP: OpenLDAP V 2.2.17
>> >Web-Server: Apache-Tomcat V 4.1.30
>> >OS: Suse - Linux
>> >
>> >The LDAP directory structure is somewhat like this -
>> >dc=my-domain,dc=com
>> >cn= Manager
>> >   cn=person1
>> >   cn=person2 and so on
>> >
>> >In the server.xml file (under APACHE-TOMCAT-DIR/conf/) I have
included
>> >he following piece of code  -
>> >
>> ><Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
>> >connectionName="cn=Manager,dc=my-domain,dc=com"
>> >connectionPassword="secret" connectionURL="ldap://localhost:389"
>> >roleName="cn" roleSearch="(uniqueMember={0})"
>> >userPassword="userPassword"
>> >userPattern="cn={0},cn=Manager,dn=my-domain,dn=com" />
>> >
>> >The folder I have to authenticate is "param_test" and this resides
>> >under "APACHE-TOMCAT-DIR/webapps".
>> >
>> >The web.xml file under the "param_test" folder contains the
following
>> >piece of code  -
>> >..................................
>> ><security-constraint>
>> >    <web-resource-collection>
>> >            <web-resource-name>test</web-resource-name>
>> >            <url-pattern>/*</url-pattern>
>> >    </web-resource-collection>
>> >    <auth-constraint>
>> >            <role-name>cn</role-name>
>> >    </auth-constraint>
>> ></security-constraint>
>> >
>> ><login-config>
>> >    <auth-method>BASIC</auth-method>
>> >    <realm-name>test</realm-name>
>> ></login-config>
>> >
>> >..................................
>> >
>> >I have even copied the jndi.jar, ldap.jar files to
>> >APACHE-TOMCAT-DIR/server/lib directory
>> >
>> >When I try to access the link, http://localhost:8089/param_test, it
>> >prompts me for the username and password. When I type in these
>> >parameters as per the entries in the LDAP directory, the pop-up
>> >reappears and this goes on continously. If I cancel this pop-up,
HTTP
>> >error 401 is returned. Any guesses where I have gone wrong?
>> >
>> >Thanks in advance.
>> >
>> >Regards,
>> >Sandeep
>> >
>>
>---------------------------------------------------------------------
>> >To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> >For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>> >
>> >
>> >
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org




This e-mail, including any attachments, is a confidential business communication, and may
contain information that is confidential, proprietary and/or privileged.  This e-mail is intended
only for the individual(s) to whom it is addressed, and may not be saved, copied, printed,
disclosed or used by anyone else.  If you are not the(an) intended recipient, please immediately
delete this e-mail from your computer system and notify the sender.  Thank you.


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message