On 15 Mar 2012, at 17:06, Neil Munro <neilmu...@gmail.com> wrote:
> On 15 March 2012 17:01, Pid * <p...@pidster.com> wrote:
>> On 15 Mar 2012, at 16:23, Neil Munro <neilmu...@gmail.com> wrote:
>>
>>> Hi all,
>>> I am trying to implement a means to authenticate a user on a
>>> web app via ldap, I have been trying for some time and am now
>>> intimately familiar with the files I need to edit, but not exactly
>>> how.
>>>
>>> I know that much of the ldap stuff goes into the server.xml file
>>> inside of the tomcat conf directory, it is here I have been trying to
>>> configure an ldap realm.
>>
>> OK. Can you post that bit of config, inline in your reply? Passwords
>> etc redacted in necessary.
>
> Sure, here you are:
> <!--Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
> connectionName="uid={0},ou=my company users,dc=mycompany,dc=com "
> connectionPassword="userPassword"
> connectionURL="ldap://my.ldap.server.com";
> alternateURL="ldap://my.ldap.server.com";
> roleBase="ou=my company users,dc=mycompany,dc=com"
> roleName="cn"
> roleSearch="(uniqueMember={0})"
> roleSubtree="false"
> userSearch="(uid={0})"
> userPassword="userPassword"
> userPattern="uid={0},ou=my company users,dc=mycompany,dc=com"
> /-->
> <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
> connectionURL="ldap://my.ldap.server.com";
> alternateURL="ldap://my.ldap.server.com";
> userPattern="uid={0},ou=my company users,dc=mycompany,dc=com"
> />
>
>>
>>> I have attached the files I have been working
>>> with, the basic idea is that a user must first log on before they can
>>> access any area of the site, also all users can log in, and access all
>>> areas of the site.
>>
>> Can you explain how you are configuring the auth, please? Are you
>> using the container FORM authentication, for example?
>>
>> If so, can you post that bit of config inline in your reply?
>
> Yes I am using, or rather trying to use a html form to get the
> information to pass to ldap to authenticate.
>
> <!-- uses form-based authentication -->
> <login-config>
> <auth-method>FORM</auth-method>
> <form-login-config>
> <form-login-page>/login.jsp</form-login-page>
> <form-error-page>/fail_login.jsp</form-error-page>
> </form-login-config>
> </login-config>
>
And for completeness, the security-constraint block?
s
> Thank's,
> Neil
>
>>
>> p
>>
>>
>>> A user is presented with the login page, and if they cannot be
>>> authenticated they are alerted and are given the option to redirect
>>> back to the login page. Which I have working, thought I think that's
>>> simply because I cannot get the logging in bit work.
>>>
>>> I do not have access to the LDAP server or schema and cannot implement
>>> changes to that, I can however alter the tomcat server, jsp files etc.
>>> I am trying to write a company wide web app, and have free reign, but
>>> it's historically been written in jsp so we want to keep as much of
>>> that as we can.
>>>
>>> Software and versions: Tomcat 6.0.35, Java 1.4 through to 1.7 (I am
>>> required to have all installed) and Windows 7 64.
>>>
>>> Any help would be fantastic as I have read lots of resources but
>>> there's no definitive tutorial to set such a thing up.
>>>
>>> Thanks,
>>> Neil Munro
>>> <files.zip>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
