tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pid *" <...@pidster.com>
Subject Re: Tomcat, JSP and LDAP
Date Thu, 15 Mar 2012 19:45:10 GMT
On 15 Mar 2012, at 17:06, Neil Munro <neilmunro@gmail.com> wrote:

> On 15 March 2012 17:01, Pid * <pid@pidster.com> wrote:
>> On 15 Mar 2012, at 16:23, Neil Munro <neilmunro@gmail.com> wrote:
>>
>>> Hi all,
>>>         I am trying to implement a means to authenticate a user on a
>>> web app via ldap, I have been trying for some time and am now
>>> intimately familiar with the files I need to edit, but not exactly
>>> how.
>>>
>>> I know that much of the ldap stuff goes into the server.xml file
>>> inside of the tomcat conf directory, it is here I have been trying to
>>> configure an ldap realm.
>>
>> OK. Can you post that bit of config, inline in your reply? Passwords
>> etc redacted in necessary.
>
> Sure, here you are:
>           <!--Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
>            connectionName="uid={0},ou=my company users,dc=mycompany,dc=com "
>            connectionPassword="userPassword"
>            connectionURL="ldap://my.ldap.server.com"
>            alternateURL="ldap://my.ldap.server.com"
>            roleBase="ou=my company users,dc=mycompany,dc=com"
>            roleName="cn"
>            roleSearch="(uniqueMember={0})"
>            roleSubtree="false"
>            userSearch="(uid={0})"
>            userPassword="userPassword"
>            userPattern="uid={0},ou=my company users,dc=mycompany,dc=com"
>        /-->
>        <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
>                connectionURL="ldap://my.ldap.server.com"
>                alternateURL="ldap://my.ldap.server.com"
>                userPattern="uid={0},ou=my company users,dc=mycompany,dc=com" />
>
>>
>>> I have attached the files I have been working
>>> with, the basic idea is that a user must first log on before they can
>>> access any area of the site, also all users can log in, and access all
>>> areas of the site.
>>
>> Can you explain how you are configuring the auth, please? Are you
>> using the container FORM authentication, for example?
>>
>> If so, can you post that bit of config inline in your reply?
>
> Yes I am using, or rather trying to use a html form to get the
> information to pass to ldap to authenticate.
>
>    <!--  uses form-based authentication -->
>    <login-config>
>        <auth-method>FORM</auth-method>
>        <form-login-config>
>            <form-login-page>/login.jsp</form-login-page>
>            <form-error-page>/fail_login.jsp</form-error-page>
>        </form-login-config>
>    </login-config>
>

And for completeness, the security-constraint block?


s



> Thank's,
> Neil
>
>>
>> p
>>
>>
>>> A user is presented with the login page, and if they cannot be
>>> authenticated they are alerted and are given the option to redirect
>>> back to the login page. Which I have working, thought I think that's
>>> simply because I cannot get the logging in bit work.
>>>
>>> I do not have access to the LDAP server or schema and cannot implement
>>> changes to that, I can however alter the tomcat server, jsp files etc.
>>> I am trying to write a company wide web app, and have free reign, but
>>> it's historically been written in jsp so we want to keep as much of
>>> that as we can.
>>>
>>> Software and versions: Tomcat 6.0.35, Java 1.4 through to 1.7 (I am
>>> required to have all installed) and Windows 7 64.
>>>
>>> Any help would be fantastic as I have read lots of resources but
>>> there's no definitive tutorial to set such a thing up.
>>>
>>> Thanks,
>>> Neil Munro
>>> <files.zip>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message