Tomcat LDAP Authentication

Wed, 14 May 2008 09:21:37 -0700 

Hi,

[Resubmitted. I did not see this appear in the digest, if you have
 seen this before and replied, please accept my apologies]

Is there a command line method to test an LDAP configuration?

I could not find any log messages after basic authentication was denied.
Perhaps the authentication log is not in $CATALINA_HOME/logs?

    <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
       connectionURL="ldap://192.168.16.179";
         userPattern="uid={0},ou=users,dc=mail,dc=owd,dc=net"
            roleBase="ou=groups,dc=mail,dc=owd,dc=net"
            roleName="cn"
            roleSearch="(memberUid={0})"/>
<Valve className="org.apache.catalina.authenticator.SingleSignOn" /> 

Thank you,
John Russell

On May 13, 2008, at 1:15 AM, [EMAIL PROTECTED] wrote:


From: John Russell <[EMAIL PROTECTED]>

From the documentation for JNDIRealm at
http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html

0) I obtained ldap-1_2_4.zip from Sun Microsystems.

1) Copied ldap.jar and ldapsec.jar to $CATALINA_HOME/server/lib

3) modified ./conf/server.xml for JNDI

    <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
       connectionURL="ldap://192.168.16.179";
         userPattern="uid={0},ou=users,dc=mail,dc=owd,dc=net"
            roleBase="ou=groups,dc=mail,dc=owd,dc=net"
            roleName="cn"
            roleSearch="(memberUid={0})"/>
<Valve className="org.apache.catalina.authenticator.SingleSignOn" /> 



From: Filip Hanik - Dev Lists <[EMAIL PROTECTED]>
you will only get a popup if you specify <auth-method>BASIC</auth- method> 

Thank you, Filip. The Basic Authentication is now working.

    <security-constraint>
      <web-resource-collection>
        <web-resource-name>
          Protected Site
        </web-resource-name>
        <url-pattern> /* </url-pattern>
      </web-resource-collection>
      <auth-constraint>
        <role-name>owd</role-name>
      </auth-constraint>
    </security-constraint>

    <login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>Open Directory</realm-name>
    </login-config>
    <security-role>
        <role-name>owd</role-name>
    </security-role>



From: "Caldarale, Charles R" <[EMAIL PROTECTED]>


4) modified conf/web.xml to enable security-constraint


Do you really want to modify conf/web.xml?  Such security constraints
will then apply to every webapp you have deployed, requiring a login
page for each.
Yes. Filip's suggestion has locked it down nicely and it suits us right now. 
Thank you for your suggestion, Charles.

Reply via email to