tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jack Yu" <>
Subject Howto Apache LDAP ACL pass to Tomcat ??
Date Tue, 21 Nov 2006 00:50:31 GMT
Try to pass apache ACL authenticated user credential to Tomcat, but failed.

System: FreeBSD 6.1, Apache 2.2.3, SUN jdk 1.4.2, Tomcat 5.5

Apache is setup to authenticate against LDAP server

<Directory />
    AuthLDAPURL ldap://,dc=org?uid
    AuthLDAPGroupAttributeIsDN off
    AuthLDAPGroupAttribute memberUid
    AuthLDAPBindDN cn=bind,ou=SystemAccounts,dc=jackyu,dc=org
    AuthLDAPBindPassword ******
    AuthType basic
    AuthName "AAA"
    AuthBasicProvider ldap
    require ldap-group cn=test,ou=Groups,dc=jackyu,dc=org
    AllowOverride None
    Order deny,allow
    Deny from all
    AuthzLDAPAuthoritative on

Users with LDAP group membership of test can authenticated themselves while
accessing the home page in apache,

When apache ACL authenticated users go to,
the page will go through mod_jk and parse to tomcat server (on the same

here is the mod_jk in httpd.conf.
# settings
JkWorkersFile "/usr/local/etc/apache22/"
JkLogFile "/var/log/mod_jk.log"
JkLogLevel debug
JkMount /xyz abc
JkMount /zyx/* abc
# end of settings

here is the workers.propertises


I have also added tomcatAuthentication="false" to the server.xml in tomcat.

    <Connector port="8009"
            enableLookups="false" redirectPort="8443"
		protocol="AJP/1.3" tomcatAuthentication="false" />

in the tomcat webapp /xyz, added the following the the web.xml

 <!-- Define a Security Constraint on this Application -->
      <web-resource-name> AAA </web-resource-name>

 <!-- Define the Login Configuration for this Application -->

  <!-- Security roles referenced by this web application -->
      The role that is required to log in to the AAA

The apache authenticated user credential (with ldap group test) didn't pass
to tomcat properly. The log file displayed null for user.

Also, if users copy paste the url,, to a new
browser, no apache ACL login popup.

Anyone knows how to make this work?


Jack Yu

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message