Hi, I have Apache 2.2 in front of Tomcat 6 using the mod_jk module.
I disabled the HTTP connector in Tomcat, therefore, all my requests go through Apache. My Apache web server is configured to authenticate users using an LDAP server. I would like to keep access to the Tomcat Manager application, but right now I am getting asked for two set of credentials when accessing the manager application: the first set is asked by Apache (the LDAP credentials) and the second time is Tomcat (using the credentials in tomcat-users.xml). I would like to only be asked once for credentials, the LDAP credentials. a) Is there a way to disable in Tomcat 6 the security built-in around the manager application and let Apache manage the access to it? b) Or, should I configure the JNDIRealm of Tomcat to use the same LDAP server? Would I still be asked twice for credentials? I was trying option (b) but I haven't been able to authenticate to LDAP on Tomcat, but then I thought option (a) would be better, Does anybody have secured the Tomcat manager web application using Apache? Thanks -Jorge
