, July 19, 2005 6:23 PM
To: tomcat-user@jakarta.apache.org
Subject: Tomcat JNDI Realm + Active Directory Server
I had a hard time trying to configure Tomcat to authenticate with MS
Active Directory Service, i tried a lot of samples, i edited them but i
didn't get nothing. This is the last
I had a hard time trying to configure Tomcat to authenticate with MS
Active Directory Service, i tried a lot of samples, i edited them but i
didn't get nothing. This is the last configuration i tried:
/META-INF/context-xml:
?xml version=1.0 encoding=UTF-8?
Context path=/moretests
Realm
Greetings:
We have been using a custom JNDI realm for several months on Tomcat 5.0
without an issue. Yesterday, an application suddenly stopped working
with the following error trace during deployment:
May 24, 2005 8:46:12 AM org.apache.commons.digester.Digester
startElement
SEVERE: Begin
Hi,
i tried for 2 days to get this running but i always get errors.
I did map a NIS (yellow page) password file to a JNDI Realm. This part wen
quite well as far as i could tell.
To authenticate users i need the realm to check against the encrypted password
which are, according to HP-UX doc
Hi,
i tried for 2 days to get this running but i always get errors.
I did map a NIS (yellow page) password file to a JNDI Realm. This part wen
quite well as far as i could tell.
To authenticate users i need the realm to check against the encrypted password
which are, according to HP-UX doc
OK! Good news. The JNDIRealm code is rock solid
which I found out after a few days of looking through
it and running tests. Eventually I got around to
having a good look at my context descriptor and
discovered that I was not capitalizing the n and s in
roleName and roleSearch.
Hopes this
I haven't tried this out myself, but here are several possibilities:
1) Does /main/index.jsp exist? That's where your servlet points to
2) There doesn't appear to be a welcome-file configured - depending on
what URL you're using, it may be that it's looking for a welcome file,
but since there's
Hi,
Thanks for the tips.
I have tried the following to isolate the issue:
- Attempt: Commenting out the security constraint and
retrying the URL (BTW - I just put the index.jsp in
the context directory instead of main for the tests
and changed the security constraint accordingly):
Hello Everybody,
I'm attempting to configure JNDI authentication.
I think I must be missing something obvious in the
configuration
files, because I get the login error page when
entering non user information,
and when I type in the correct username and password,
tomcat gives me this:
HTTP
To: 'tomcat-user@jakarta.apache.org'
Subject: LDAP/JNDI Realm Tomcat 5.0 vs 5.5
I am doing some investigation into upgrading from our Tomcat 5.0.x
servers to Tomcat 5.5.x and I am
trying to get everything working. In the old tomcat 5.0.x I was able to
create a realm which authenticated
I am doing some investigation into upgrading from our Tomcat 5.0.x
servers to Tomcat 5.5.x and I am
trying to get everything working. In the old tomcat 5.0.x I was able to
create a realm which authenticated
against our ADS server. However, I cannot get it to work in Tomcat
5.5.7.
The
Hi,
I am looking into configuring a jndi realm to
eDirectory for authentication and authorization. I
have not used to eDirectory before, I am more familiar
to open ldap and Sun one ldap. There is no uid
attribute or password attribute for user in
eDirectory. Has anyone configured a jndi realm
i wonder can i use JNDIRealm for accessing ldap server if i have a client -
servlet solution or is it only for webbrowser-servlet solutions ? If i can
use it does anyone know a good tutorial i dont get the one in jakartas
page to work..
//Johan
Authentication to an ldap realm fails if I use a user alias. normal
user-accounts work properly.
I've tried always and never for derefAliases but it doesn't work.
How do I authenticate successfully with an alias?
Thanks
Andreas Hennig
Does the tomcat version 5.5.4 and above support JNDI Realm with SSL.
If you check previous posts, several users have reported unsuccessful
attempts at using JNDIRealm with SSL.
I have been successful in setting up LDAPRealm with SSL on tomcat
5.0.28 that uses Mozilla's Java-LDAP SDK
Hi,
ok it's fixed i made another realm with a new mbean-descriptor bases on
the JNDIRealm file
from version 4.1.31 and that do the trick till an update of tomcat.
However, for those runnin 4.1.30,the main difference between file is:
* @version $Revision: 1.19 $ $Date: 2004/08/26 21:37:21 $
---
Hi,
I'm using the Debian package of tomcat (4.1.30) with ldap auth with the
following config:
myapplication.xml
--
Context path=/myapplication docBase=/path/2/build
Realm className=org.apache.catalina.realm.JNDIRealm debug=99
connectionURL=ldap://localhost:389;
Hy,
I've got a problem with JNDIRealm : the group a user is in in my LDAP
directory is an object which attribute member contains the user CN. So
I've set up the roleSearch attribute of JNDIRealm to the value
(member=*{0}*).
Both wildcards are replaced with the \2a String by JNDIRealm
Hello All,
I'm a total newbie to this stuff, but I think I have an easy question
for everyone...
I'm trying to get Tomcat 5 to use Basic Authentication using a JNDI
Realm to our corporate LDAP server. Our server allows read access on
port 389 and bind access on port 989.
Here's the issue
Hi,
I have just managed to setup Tomcat 4.1.30 with LDAP authentication,
including the retrieval of roles.
Following the docs here:
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html#JNDIRealm
I put brackets in the roleSearch attribute like this:
roleSearch=(uniqueMember={0})
: tcsecret
# Define an entry for Tomcat Manager
dn: uid=tcmgr,ou=people,o=cymulacrum
objectClass: inetOrgPerson
uid: tcmgr
sn: Manager
cn: Tomcat Manager
mail: [EMAIL PROTECTED]
=== End LDIF file ===
My Realm definition is inside server.xml, and it looks like this:
!-- Cymulacrum JNDI Realm
Yeah it looks like the fix to make the encoding only on the DN instead
of the whole string was applied after 4.1.30 was tagged. It will have
to be in a future release.
[EMAIL PROTECTED] 3/25/04 5:56:16 PM
Pascal,
What version of Tomcsat are you using? In response to a defect, I
added a
I'm using Tomcat 5.0.18 (going to upgrade soon, but I'm using this
version to do documentation at the moment), and OpenLDAP 2.1.22.
I configured OpenLDAP to log everything, and here's the error (as you
suspected):
1. Tomcat authenticates the user, but cannot find the role he belongs
to. Below
PROTECTED]
=== End LDIF file ===
My Realm definition is inside server.xml, and it looks like this:
!-- Cymulacrum JNDI Realm --
Realm className=org.apache.catalina.realm.JNDIRealm debug=99
connectionURL=ldap://localhost:389;
userPattern=uid={0},ou=people,o=cymulacrum
Pascal,
What version of Tomcsat are you using? In response to a defect, I
added a feature to JNDIRealm a while back, that applied a filter to
certain JNDI realms to encode characters such as and (
Later we learned that I should have focused that filtering a little
more on a specific string,
Greetings,
Im have some destinct troubles with the Tomcat JNDIRealm. The problem is
that I need to login four times before I get authenticated.
Has anyone else experienced the same?
Details: Tomcat 4.1.27
LDAP: Domino 5 LDAP directory
Browser: IE
Cheers Charlie
excerpt from server.xml:
Charlie,
Im have some destinct troubles with the Tomcat JNDIRealm. The problem is
that I need to login four times before I get authenticated.
Has anyone else experienced the same?
Realm className=org.apache.catalina.realm.JNDIRealm
debug=99
?
Cheers Charlie
Christopher Schultz [EMAIL PROTECTED]
30/10/2003 14:02
Please respond to Tomcat Users List
To: Tomcat Users List [EMAIL PROTECTED]
cc:
Subject:Re: intermitant availabilty of JNDI Realm
Charlie,
Im have some destinct troubles with the Tomcat
Davi Leal wrote:
jerome moliere wrote:
I am trying to authenticate my webapps via a JNDI Realm, which connects
to Microsoft Site Server (LDAP).
:(
As I am getting [LDAP: error code 2 - Protocol Error] (See below), I
would like to know if that Micro$oft product is a certified
/auth-method
realm-nameCEC/realm-name
/login-config
But authentication is not working, any debug techniques or methods will be a great
help.
Thanks
jerome moliere [EMAIL PROTECTED] wrote:
Davi Leal wrote:
jerome moliere wrote:
I am trying to authenticate my webapps via a JNDI
/auth-method
realm-nameCEC/realm-name
/login-config
But authentication is not working, any debug techniques or methods will be a great
help.
Thanks
jerome moliere [EMAIL PROTECTED] wrote:
Davi Leal wrote:
jerome moliere wrote:
I am trying to authenticate my webapps via a JNDI
Equipment Lamp wrote:
Hi
Can youguys give some input on the following. I am using the following
Tomcat: 4.1.27-LE-jdk14
Apache: 2.0.47
Java : 1.4.2
Linux OS: 7.3
iPlanet LDAP Server
I am trying to configure LDAP authentication mechanism to my application.
1) In this regard i have downloaded
Davi Leal wrote:
jerome moliere wrote:
As I am getting [LDAP: error code 2 - Protocol Error] (See below), I
would like to know if that Micro$oft product is a certified LDAP
server.
as fai as i Know, like any other microsoft product, partially... :)
I have been told the LDAP protocol is
NO I JUST GET THE USERID AND PASSWORD PROMPT, and WHEN I PROVIDE THE CORRECT
USERID/PASSWORD IT GET A MESSAGE SAYING INCORRECT USERID/PASSWORD. NO ENTRIES IN LOGS
OR ANY EXCEPTIONS.
have you any log entries or anything helpful ?
classnotfound exception or something like this woulmd be great
jerome moliere wrote:
I am trying to authenticate my webapps via a JNDI Realm, which connects
to Microsoft Site Server (LDAP).
:(
As I am getting [LDAP: error code 2 - Protocol Error] (See below), I
would like to know if that Micro$oft product is a certified LDAP server.
as fai as i
Hi,
I'm new to Tomcat and ADs. I'm trying to configure a JNDI realm (Tomcat
4.1.17 on IBM AS/400) to authenticate to Active Directory(microsoft on a
server). I've found a couple of brief examples to follow, but don't
understand the nomenclature well enough to make mine work on our
installation. I
Business Solutions
http://www.novell.com
[EMAIL PROTECTED] 8/8/03 2:39:52 PM
I am having trouble setting up the JNDI Realm in tomcat (I am using
4.1.27).
I can bind to the ldap server, authenticate the user, but when it
goes
to checking roles, I am unsure how to organize my directory, and what
I am having trouble setting up the JNDI Realm in tomcat (I am using
4.1.27).
I can bind to the ldap server, authenticate the user, but when it goes
to checking roles, I am unsure how to organize my directory, and what
the application wants back when it does a filtered search. My ldap
server
() {
return SmartJNDIRealm;
}
}
Philippe Maseres
Philippe -Message d'origine-
Philippe De : Jon Roberts [mailto:[EMAIL PROTECTED]
Philippe Envoye : jeudi 13 mars 2003 20:21
Philippe A : Tomcat Users List
Philippe Objet : Re: JNDI realm - recursive group/role
Hello all.
I need to set up Tomcat to use a LDAP directory for authentication and
authorization. I successfully configured my iPlanet directory and a JNDI
realm in Tomcat, and users and roles checkings work well, but with a
restriction. My directory schema, which is quite classical, provides
Roberts
www.mentata.com
Philippe Maseres wrote:
Hello all.
I need to set up Tomcat to use a LDAP directory for authentication and
authorization. I successfully configured my iPlanet directory and a JNDI
realm in Tomcat, and users and roles checkings work well, but with a
restriction. My directory
Hello all
sorry for the long post. i have the following issue: i have several
webapps that are loaded
tomcat-apache startup and are invoked using mod_webapp. there are several
hosts defined in server.xml. there is a jndi realm declared in one of the
host tag. the back-end of that is ldap server
Stephan Schwab wrote:
Hi,
I want to secure a webapp with the JNDI realm. But the LDAP query is
sent wrong to my OpenLDAP server.
Here is a snippet from server.xml:
Realm className=org.apache.catalina.realm.JNDIRealm debug=99
connectionURL=ldap://localhost;
userPattern=uid
Hi,
I want to secure a webapp with the JNDI realm. But the LDAP query is
sent wrong to my OpenLDAP server.
Here is a snippet from server.xml:
Realm className=org.apache.catalina.realm.JNDIRealm debug=99
connectionURL=ldap://localhost;
userPattern=uid=(0),ou=people,dc
Hi,
I want to secure a webapp with the JNDI realm. But the LDAP query is
sent
wrong to my OpenLDAP server.
Here is a snippet from server.xml:
Realm className=org.apache.catalina.realm.JNDIRealm debug=99
connectionURL=ldap://localhost;
userPattern=uid=(0),ou=people,dc
You need to use curly brackets {} for the substitions, not parentheses ()
e.g.
userPattern=uid={0},ou=people,dc=yikester,dc=net
not
userPattern=uid=(0),ou=people,dc=yikester,dc=net
John.
Stephan Schwab wrote:
Hi,
I want to secure a webapp with the JNDI
Providing a connectionName and connectionPassword does *not* cause
JNDIRealm to lookup the password. It will still authenticate by binding
as the user unless you specify the userPassword configuration attribute.
Looking up roles as the administrator (or anonymously if connectionName
and
Thank you for responding John,
John Holman wrote:
Providing a connectionName and connectionPassword does *not* cause
JNDIRealm to lookup the password. It will still authenticate by
binding as the user unless you specify the userPassword configuration
attribute.
I'm working with
Mark
Looking up roles as the administrator (or anonymously if
connectionName and connectionPassword are not specified) is a
deliberate design decision.
John.
?? But, if you've already established a connection with the users
principle and credentials, why would ever want to convert
actually have the rights to edit their group/subgroup entries.
Users in the other groups do have rights to view thier
groups/subgroups, they have no view of groups higher than them in the
hierarchy.
In my eye's the JNDI realm *is* just another *LDAP Client* connecting to
the LDAP server. Its
I'm trying to get a realm set up via JNDI to an Openldap server. Here is
my current server.xml config.
Realm
className=org.apache.catalina.realm.JNDIRealm debug=99
connectionURL=ldap://vdc.fas.harvard.edu:389;
I know my request should work at the LDAP Server through JNDI because
the following does work when I make a request to the LDAP server. I do
get back the groups.
%
Hashtable env = new Hashtable();
env.put(DirContext.INITIAL_CONTEXT_FACTORY,com.sun.jndi.ldap.LdapCtxFactory);
Looking over the JNDIRealm Code I notice that in the bindAsUser method
that the users principle and credentials are stripped out of the
context. It is after this point that the JNDI search request is made to
gather the roles from the ldap server. Shouldn't it be *after* the
search for the
Hello,
I am trying to get TC (4.0.4) to establish a working JNDI realm using
iplanet's directory server. I am using FORM based login and have this
working as a JDBC realm previously.
As you can see below, I would like to keep my users and roles in
ou=warnertruck,ou=truckcenter,dc=secristfamily
as the user
3) Use JNDIRealm from the 4.1.X tree and bind as the user
-Tim
Randy Secrist wrote:
Hello,
I am trying to get TC (4.0.4) to establish a working JNDI realm using
iplanet's directory server. I am using FORM based login and have this
working as a JDBC realm previously.
As you
into the JDBCRealm at all?
(For using SHA with say - mysql?)
Randy
- Original Message -
From: Tim Funk [EMAIL PROTECTED]
To: Tomcat Users List [EMAIL PROTECTED]
Sent: Tuesday, August 20, 2002 12:04 PM
Subject: Re: JNDI Realm Help - (using iplanet)
IPlanet with SHA does not work together in 4.0.4
12:04 PM
Subject: Re: JNDI Realm Help - (using iplanet)
IPlanet with SHA does not work together in 4.0.4. The password coming
back from iPlanet is compared incorrectly with respect to digesting the
user provided password.
You have 3 alternatives:
1) Hack JNDIRealm (Attached is one I did
Hello,
I'm trying to configure tomcat in such a way that it uses LDAP for
authentication of users...
So far without any luck...
The tomcat documentation doesn't help me very much neither does the mail
archive or google...
The documents I found are either about version 3.2.x or 4.0x, but the
, they
will put that in there too. Otherwise, that would be pretty problematic as
well.
Jon
- Original Message -
From: Soefara Redzuan [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, April 12, 2002 7:57 AM
Subject: Re: JNDI realm against win2000 DC (REPOST SORRY)
No sooner have I hit
Subject: JNDI Realm with Tomcat 4.0.1 and Netscape LDAP
I am having problems trying to get a Tomcat 4.0.3 installation to
authenticate to a Netscape LDAP server using the built-in capability.
Configuration:
Solaris 8, patched to date
Netscape Directory Server 4.16
Tomcat 4.0.1
Sorry about this repost, but it is really bugging me!
Does anyone have a TC 4.0.x configured with a JNDI realm against a
windows 2000 domain controller? Or maybe just know how to set this up!
I have been looking at the JNDI how-to and I cannot get it working.
Thanks,
Jacob
--
To unsubscribe
it too.
Soefara.
From: Jacob Lund [EMAIL PROTECTED]
Reply-To: Tomcat Users List [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: JNDI realm against win2000 DC (REPOST SORRY)
Date: Fri, 12 Apr 2002 14:39:07 +0200
Sorry about this repost, but it is really bugging me!
Does anyone have a TC 4.0
get it working. I'm sure there are many people
who would love to use it too.
Soefara.
From: Jacob Lund [EMAIL PROTECTED]
Reply-To: Tomcat Users List [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: JNDI realm against win2000 DC (REPOST SORRY)
Date: Fri, 12 Apr 2002 14:39:07 +0200
Sorry about
Does anyone have a TC 4.0.x configured with a JNDI realm against a
windows 2000 domain controller? Or maybe just know how to set this up!
I have been looking at the JNDI how-to and I cannot get it working.
Thanks,
Jacob
--
To unsubscribe: mailto:[EMAIL PROTECTED]
For additional commands
connectionPassword in JNDI Realm (server.xml) - Please Help
To: Tomcat Users List [EMAIL PROTECTED]
Hi Jeremy.
For the JNDI realm to connect to the directory server with
administrator
privileges it needs to know the plaintext password. Having a
digest in
the config file isn't possible because
Hi all,
i searched the archives but could not come up with an answer for this.
I have everything working for LDAP authentication on my server, and i've
figured out how to include non plain text passwords everywhere except for
the connectionPassword attribute of the Realm tag in the
Hi Jeremy.
For the JNDI realm to connect to the directory server with administrator
privileges it needs to know the plaintext password. Having a digest in
the config file isn't possible because the realm can't reconstruct the
plaintext password from it. I suppose some other encryption would
/ OpenLDAP - Encrypted
connectionPassword in JNDI Realm (server.xml) - Please Help
To: Tomcat Users List [EMAIL PROTECTED]
Hi Jeremy.
For the JNDI realm to connect to the directory server with
administrator
privileges it needs to know the plaintext password. Having a
digest in
the config file
Okay, I'm doing this a little backwards, but I think this should work. I'm trying to
figure out what roles a user has by querying the attribute list for groupMembership
for the authenticated user. I know that the demonstrated method is to query the names
of all the groups that a user is a
Hello everyone,
I need to authenticate and get set of roles from a LDAP directory server
once user gets authenticated by the Tomcat based on the Digital Certificate.
Question is once tomcat does client authentication how can I use JNDI REALM
to get user Roles?
I really need to get this working
70 matches
Mail list logo