tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lev A KARATUN <Lev.KARA...@raiffeisen.ru>
Subject Problems with LDAP authentication
Date Thu, 09 Feb 2012 05:25:04 GMT
Hi again.

So, my boss told me that it's insecure to give anyone the password to view 
tomcat's logs and that should be an authentication based on Active 
Directory.

I've been reading the manuals for some time, and configured my Tomcat the 
following way:

$CATALINA_BASE/conf/Catalina/localhost/myapp.xml

<Context antiResourceLocking="false" privileged="true" 
docBase="$CATALINA_BASE/logs" reloadable="true">
 
        <Realm className="org.apache.catalina.realm.JNDIRealm" 
        connectionURL="ldap://raiffeisen.ru:389"
         connectionName="myaccount@raiffeisen.ru"  (I also tried the 
format connectionName="cn=myaccount,dc=raiffeisen,dc=ru" - does it matter 
what format do I use?)
        connectionPassword="mypassword"
        referrals="follow"
        userBase="OU=_Users,DC=raiffeisen,DC=ru"
        userSearch="(sAMAccountName={0})"
        userSubtree="true"
        roleBase="OU=_Groups,DC=raiffeisen,DC=ru"
        roleName="cn"
        roleSubtree="true"
        roleSearch="(member={0})"
  />
</Context>


WEB-INF/web.xml

 <security-constraint>
       <web-resource-collection>
           <web-resource-name>Administrative Area</web-resource-name>
           <url-pattern>/*</url-pattern>
       </web-resource-collection>
       <auth-constraint>
           <role-name>ADGroupName</role-name>
       </auth-constraint>
   </security-constraint>

  <security-role>
    <description>
      The role that is required to view logs
    </description>
    <role-name>ADGroupName</role-name>
  </security-role>


I also placed LDAP.jar into $CATALINA_BASE/lib, restarted tomcat for I 
guess a hundred times, but every time I'm getting a message in 
catalina.out:

Throwable occurred: LifecycleException:  Exception opening directory 
server connection:  javax.naming.CommunicationException: localhost:389 
[Root exception is java.net.ConnectException: A remote host refused an 
attempted connect operation.]

and 

SEVERE: Error deploying configuration descriptor myapp.xml
Throwable occurred: java.lang.IllegalStateException: 
ContainerBase.addChild: start: LifecycleException:  Exception opening 
directory server connection:  javax.naming.CommunicationException: 
localhost:389 [Root exception is java.net.ConnectException: A remote host 
refused an attempted connect operation.]


I tried to telnet raiffeisen.ru by port 389 and got connected.
I installed JXplorer, entered hostname, port, my credentials and got 
connected.
I start Tomcat and get errors. 

Can you please give me an idea about what am I doing wrong?

Thanks in advance.

Best Regards, 
Karatun Lev.


-----------------------------------
This message and any attachment are confidential and may be privileged or otherwise protected
from disclosure. If you are not the intended recipient any use, distribution, copying or disclosure
is strictly prohibited. If you have received this message in error, please notify the sender
immediately either by telephone or by e-mail and delete this message and any attachment from
your system. Correspondence via e-mail is for information purposes only. ZAO Raiffeisenbank
neither makes nor accepts legally binding statements by e-mail unless otherwise agreed. 
-----------------------------------
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message