tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Russell <...@onlywebdata.com>
Subject Re: Tomcat LDAP Authentication
Date Tue, 13 May 2008 18:27:02 GMT
Hi,

Is there a command line method to test an LDAP configuration?

I could not find any log messages after basic authentication was denied.
Perhaps the authentication log is not in $CATALINA_HOME/logs?

     <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
        connectionURL="ldap://192.168.16.179"
          userPattern="uid={0},ou=users,dc=mail,dc=owd,dc=net"
             roleBase="ou=groups,dc=mail,dc=owd,dc=net"
             roleName="cn"
             roleSearch="(memberUid={0})"/>

       <Valve  
className="org.apache.catalina.authenticator.SingleSignOn" />

Thank you,
John Russell

On May 13, 2008, at 1:15 AM, users-digest-help@tomcat.apache.org wrote:

> From: John Russell <jbr@onlywebdata.com>
>
> From the documentation for JNDIRealm at
> http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html
>
> 0) I obtained ldap-1_2_4.zip from Sun Microsystems.
>
> 1) Copied ldap.jar and ldapsec.jar to $CATALINA_HOME/server/lib
>
> 3) modified ./conf/server.xml for JNDI
>
>     <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
>        connectionURL="ldap://192.168.16.179"
>          userPattern="uid={0},ou=users,dc=mail,dc=owd,dc=net"
>             roleBase="ou=groups,dc=mail,dc=owd,dc=net"
>             roleName="cn"
>             roleSearch="(memberUid={0})"/>
>
>       <Valve  
> className="org.apache.catalina.authenticator.SingleSignOn" />
>
>
>
> From: Filip Hanik - Dev Lists <devlists@hanik.com>
>
> you will only get a popup if you specify <auth-method>BASIC</auth- 
> method>

Thank you, Filip. The Basic Authentication is now working.

     <security-constraint>
       <web-resource-collection>
         <web-resource-name>
           Protected Site
         </web-resource-name>
         <url-pattern> /* </url-pattern>
       </web-resource-collection>
       <auth-constraint>
         <role-name>owd</role-name>
       </auth-constraint>
     </security-constraint>

     <login-config>
         <auth-method>BASIC</auth-method>
         <realm-name>Open Directory</realm-name>
     </login-config>
     <security-role>
         <role-name>owd</role-name>
     </security-role>


> From: "Caldarale, Charles R" <Chuck.Caldarale@unisys.com>
>
>> 4) modified conf/web.xml to enable security-constraint
>
> Do you really want to modify conf/web.xml?  Such security constraints
> will then apply to every webapp you have deployed, requiring a login
> page for each.

Yes. Filip's suggestion has locked it down nicely and it suits us  
right now.
Thank you for your suggestion, Charles.


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message