tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From C├ędric Couralet <cedric.coura...@gmail.com>
Subject Re: tomcat 7 ldap error
Date Wed, 07 Aug 2013 07:01:50 GMT
2013/8/7 Christopher Schultz <chris@christopherschultz.net>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Vicky,
>
> On 8/6/13 10:46 PM, vicky007aggarwal@yahoo.co.in wrote:
>> Hi All,
>>
>> Can somebody pls share the steps requires to setup active directory
>> with tomcat .
>>
>> Is it valid to simply define a user in the active directory ldap
>> without assigning any role to it ?? Will we still  be able to
>> authenticate the user when logged in from the application.if yes
>> then kindly share the configuration which i need to do in web.xml
>> and server.xml.
>>
>> I need this because in our application we have ldap users defined
>> without any role mapped to them, so i want to know how to configure
>> this in server.xml and web.xml,so that user get authenticated
>> successfully
>
> I'm not sure about your LDAP configuration exactly (I've never used
> Tomcat with LDAP authentication myself) but Tomcat's security is
> entirely based upon roles. Thus, if you have (LDAP) users that are not
> in any group, those users are not going to be able to successfully
> access any resources unless you have <role-name>*</role-name> in your
> <auth-constraint>.

And , at least for tomcat 6 and 7, you will need to set the JNDIRealm
attribute "allRolesMode" to "authOnly"  if your users don't have any
role in the LDAP.

http://tomcat.apache.org/tomcat-7.0-doc/config/realm.html#JNDI_Directory_Realm_-_org.apache.catalina.realm.JNDIRealm

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message