Am 22.02.2012 21:40, schrieb vbw:
Hi all,
I am having trouble using FORM based authentication against an LDAP
server.
I have configured my web.xml and server.xml and created a Login.jsp
page and can can successfully authenticate against a simple
tomcat-users.xml file. Therefore I am confident my basic
configurations are okay and my login page is good. Everything
behaves
as expected. Users are authenticated, authorized, errors are
forwarded appropriately, etc.
However, when I change my server.xml to use LDAP it appears that the
user credentials are not being sent to the LDAP server (Microsoft
Active Directory).
Here is the realm definition from the server.xml, which is defined
under the Catalina service (and is the only configured realm):
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
The debug attribute is not used in tomcat 6 or higher, so you can just
remove it :)
connectionName="myn...@mycompany.net"
connectionPassword="mypassword"
connectionURL="ldap://corp.mycompany.net:389";
userPattern="uid={0},ou='standard
users',ou=users,ou=mycompany,dc=corp,dc=mycompanycorp,dc=net"
I believe you don't need the single ticks to protect your spaces there.
I don't know if they will harm, you could try to remove them.
roleBase="dc=corp,dc=mycompanycorp,dc=net"
roleName="cn"
roleSearch="memberUid={1}"/>
I do know that I am successfully binding to the LDAP server when
Tomcat starts. If I change "mypassword" to an invalid password then I
get a ConnectException due to the connection being refused. I also
see
So, we are editing the right context file, that is nice to know.
You could try to set logging for JNDIRealm to debug and see, what it
will tell you. Just add
org.apache.catalina.realm.JNDIRealm = FINE
to conf/logging.properties or whereever your tomcat installation has
its logging.properties file.
Regards
Felix
this connection using a network monitoring tool - it is initiated at
startup and then persists until Tomcat is shut down.
After the initial connection is made, I don't see any packets being
sent to the LDAP server. I've tried using both basic and form
authentication. Here's the web.xml snippet for form authentication:
<security-constraint>
<web-resource-collection>
<web-resource-name>MyApplication</web-resource-name>
<url-pattern>/Dashboard/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Role1</role-name>
<role-name>Role2</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>Role1</role-name>
</security-role>
<security-role>
<role-name>Role2</role-name>
</security-role>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/Login.jsp</form-login-page>
<form-error-page>/Login.jsp?authError=login</form-error-page>
</form-login-config>
</login-config>
I have spent hours researching and I can't see where I am going
wrong.
The LDAP connection, user and role information in the server.xml
seem
correct. However, no matter what I key in on the login page I get
back a 404 Page error - user is not authenticated.
I can't understand why I can connect to the LDAP server at server
startup but cannot authenticate users. Can anyone give me any ideas?
Any help would be much appreciated!
Thanks in advance,
Vaughne
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
