Hi all,
I am having trouble using FORM based authentication against an LDAP server.
I have configured my web.xml and server.xml and created a Login.jsp
page and can can successfully authenticate against a simple
tomcat-users.xml file. Therefore I am confident my basic
configurations are okay and my login page is good. Everything behaves
as expected. Users are authenticated, authorized, errors are
forwarded appropriately, etc.
However, when I change my server.xml to use LDAP it appears that the
user credentials are not being sent to the LDAP server (Microsoft
Active Directory).
Here is the realm definition from the server.xml, which is defined
under the Catalina service (and is the only configured realm):
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
connectionName="myn...@mycompany.net"
connectionPassword="mypassword"
connectionURL="ldap://corp.mycompany.net:389";
userPattern="uid={0},ou='standard
users',ou=users,ou=mycompany,dc=corp,dc=mycompanycorp,dc=net"
roleBase="dc=corp,dc=mycompanycorp,dc=net"
roleName="cn"
roleSearch="memberUid={1}"/>
I do know that I am successfully binding to the LDAP server when
Tomcat starts. If I change "mypassword" to an invalid password then I
get a ConnectException due to the connection being refused. I also see
this connection using a network monitoring tool - it is initiated at
startup and then persists until Tomcat is shut down.
After the initial connection is made, I don't see any packets being
sent to the LDAP server. I've tried using both basic and form
authentication. Here's the web.xml snippet for form authentication:
<security-constraint>
<web-resource-collection>
<web-resource-name>MyApplication</web-resource-name>
<url-pattern>/Dashboard/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Role1</role-name>
<role-name>Role2</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>Role1</role-name>
</security-role>
<security-role>
<role-name>Role2</role-name>
</security-role>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/Login.jsp</form-login-page>
<form-error-page>/Login.jsp?authError=login</form-error-page>
</form-login-config>
</login-config>
I have spent hours researching and I can't see where I am going wrong.
The LDAP connection, user and role information in the server.xml seem
correct. However, no matter what I key in on the login page I get
back a 404 Page error - user is not authenticated.
I can't understand why I can connect to the LDAP server at server
startup but cannot authenticate users. Can anyone give me any ideas?
Any help would be much appreciated!
Thanks in advance,
Vaughne
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
