Re: LDAP authentication for Tomcat's webapp 'Opengrok'

Mon, 27 Mar 2017 03:13:00 -0700 

On 27.03.2017 11:01, Alfie Patolilic wrote:

Tomcat Version : 6.0.36
OS : Red Hat Enterprise Linux 7.3

Hello,

I have a question on how I am able to set the following, regarding the web 
application that runs under Apache Tomcat, 'Opengrok'. The idea is to set a 
hostname for 'localhost:8080/grok', so when users try and access the page via 
the hostname, they are prompted for authentication of their username and 
password.
I have currently configured the server.xml to connect to LDAP. I have added 
below the configuration on my server.xml. I am unsure as to where to go from 
here, how I will be able to link the hostname. I have changed some values in 
the information given for security purposes.

<!-- Adding the following for OpenGrok -->
       <Realm className="org.apache.catalina.realm.LockOutRealm">
         <Realm className="org.apache.catalina.realm.UserDatabaseRealm" 
resourceName="UserDatabase"/>
         <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
                connectionURL="ldap://<host> "
                connectionName="ldap@company "
                connectionPassword="password"
                referrals="follow"
                userBase="DC=<company>"
                userSearch="(sAMAccountName={0})"
                userSubtree="true"
                roleBase="DC=<company>"
                roleName="cn"
                roleSubtree="true"
                roleSearch="(member={0})"
                allRolesMode="strictAuthOnly"
                />
       </Realm>

I have checked the web for blogs and asked other tomcat groups but was not able 
to get any answers.

I am aware that the version of Apache Tomcat I am using is outdated and has 
reached its end of life. Though necessary, I cannot update to a newer version 
of the application due to some issues.


Hi.
I believe that you are confused about 2 separate topics : "hostnames" and "web application security". It is the web application which is "protected" by a userid/password login requirement, not the hostname. 
This page of the on-line tomcat 6 documentation provides some hints :
http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html
In the "Quick Start" section, you will see that in order to "force" someone to authenticate in order to use the application, you need to specify some things in the web.xml of the application. And in the "Example Application" section, it points to an example application that has these things. 
Maybe you can start from there ?

And for the "host name" part, see this section :
http://tomcat.apache.org/tomcat-6.0-doc/virtual-hosting-howto.html
But that is a different issue.



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to