On 16/03/2012 14:13, Neil Munro wrote: > I have since made some minor progress with LDAP query's this login.jsp > file as you can see query's for a list of valid users and creates a > drop down list to choose from > > <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" > "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";> > <%@page > import="javax.naming.*,javax.naming.directory.*,java.util.ArrayList;"%> > <html> > <head> > <title>Login</title> > </head> > <body> > <form method="POST" action="j_security_check"> > <select>
What are you expecting this select element to do?
p
> <%
> DirContext ctx = new InitialDirContext();
> NamingEnumeration answer =
> ctx.search("ldap://my.ldap.server.com:389/ou=my company
> users,dc=mycompany,dc=com","(uid=*)", null);
> ArrayList<String> als = new ArrayList();
>
>
> while(answer.hasMore()) {
> // Take line in as string
> String output =
> answer.next().toString();
>
> String[] tokens = output.split(",");
> for (String t : tokens) {
> if( t.contains("uid=uid:")) {
> String[] ids =
> t.split(" ");
> als.add(ids[2]);
> }
> }
> }
>
> for(String s: als) {
> out.println("<option>" + s +
> "</option>");
> }
>
> // Close the context when we're done
> ctx.close();
> %>
> </select>
> <br>
> <input type="password" name="j_password">
> <br>
> <input type="submit">
> </form>
> </body>
> </html>
>
> I am however still not able to get the server.xml file working with
> the realms, I did discover through some trial and error that my own
> ldap user had not been set up right and my system admin kindly fixed
> it for me, which could have lead to some working code not to work.
>
> This is how it currently works:
> <Realm className="org.apache.catalina.realm.JNDIRealm"
> connectionName="uid={0},ou=my company
> users,dc=mycompany,dc=com"
> connectionPassword="userPassword"
> connectionURL="ldap://my.ldap.server.com";
> alternateURL="ldap://my.ldap.server.com";
> roleBase="ou=my company
> users,dc=mycompany,dc=com"
> roleName="cn"
> roleSearch="(uniqueMember={0})"
> userPattern="uid={0},ou=my company
> users,dc=mycompany,dc=com" />
>
> On 16 March 2012 12:05, Pid <p...@pidster.com> wrote:
>> On 16/03/2012 10:23, Neil Munro wrote:
>>> On 15 March 2012 18:24, Christopher Schultz
>>> <ch...@christopherschultz.net> wrote:
>>> Neil,
>>>
>>> On 3/15/12 1:05 PM, Neil Munro wrote:
>>>>>> <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
>>>>>> connectionURL="ldap://my.ldap.server.com";
>>>>>> alternateURL="ldap://my.ldap.server.com"; userPattern="uid={0},ou=my
>>>>>> company users,dc=mycompany,dc=com" />
>>>>>>
>>>
>>> The "debug" attribute does not exist any more. Were you following some
>>> kind of old example?
>>>
>>>> Yeah I must have been, I have removed it.
>>>
>>>
>>> I think you may need roleBase, roleName, and roleSearch attributes to
>>> have a prayer of making this work. Also, with no userSearch parameter,
>>> you are instructing the realm to connect in "bind" mode where the
>>> user's credentials are used directly to bind to the LDAP server. Is
>>> this appropriate?
>>>
>>>> <Realm className="org.apache.catalina.realm.JNDIRealm"
>>>> connectionName="uid={0},ou=my company users,dc=mycompany,dc=com "
>>>> connectionPassword="userPassword"
>>>> connectionURL="ldap://my.ldap.server";
>>>> alternateURL="ldap://my.ldap.server";
>>>> roleBase="ou=my company users,dc=mycompany,dc=com"
>>>> roleName="cn"
>>>> roleSearch="(uniqueMember={0})"
>>>> userPattern="uid={0},ou=my company users,dc=mycompany,dc=com" />
>>>
>>>> I have added those changes, as for which connection mode I need, I
>>>> think bind would be ok for now just to check to see if I can establish
>>>> a connection, but looking at it I think if I will be querying ldap for
>>>> a user name and password then comparison mode is what I need.
>>>
>>>> However with this configuration my whole app become inaccessible, I
>>>> imagine it's some form of protection or permissions thing, but in my
>>>> floundering around trying things, this is the only thing that seems to
>>>> have any effect on the whole app.
>>>
>>> You might want to re-read this section of the realm-howto:
>>>
>>> http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html#JNDIRealm
>>>
>>> Can you run any queries against the LDAP server outside of Tomcat that
>>> give you results that you might expect? For instance, can you do a
>>> search of the LDAP tree for a particular user? What does that query
>>> look like? When you do that search, are you using anonymous bind or
>>> are you using user bind? If user, which user? Some administrative user
>>> or the user whose credentials should be checked?
>>>
>>>> I can connect with a tool called JXplorer, but I have not had any luck
>>>> from other applications, but that's due to inability to find any up to
>>>> date documentation on the libraries I was using.
>>>
>>>>>> <login-config> <auth-method>FORM</auth-method> <form-login-config>
>>>>>> <form-login-page>/login.jsp</form-login-page>
>>>>>> <form-error-page>/fail_login.jsp</form-error-page>
>>>>>> </form-login-config> </login-config>
>>
>> Side note: I usually recommend putting those files in WEB-INF, in their
>> own directory, say: WEB-INF/login.
>>
>> p
>>
>>> That looks just fine: configuring the credential-gathering system is
>>> usually trivial. It's configuring the authentication system that is
>>> usually the problem.
>>>
>>>> Cool, at least some of this is working right, do you need to see those
>>>> files btw?
>>>
>>>
>>> -chris
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>>
>>
>> --
>>
>> [key:62590808]
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
--
[key:62590808]
signature.asc
Description: OpenPGP digital signature
