On 18.08.2010 22:45, Igor Galić wrote:
org.apache.catalina.realm.JNDIRealm.getUserByPattern(JNDIRealm.java:1269)
This means, that you specified userPattern='...' in your realm
configuration. And you since your pattern looks like
'(uid={0})(...)' it is probably wrong. You have specified
On 19/08/2010 08:36, Rainer Jung wrote:
On 18.08.2010 22:45, Igor Galić wrote:
Felix: would you like to contribute your code? I didn't read it in
detail but I guess it is very generic and would be a nice addon to the
standard JNDIRealm?
+1
LDAP/JNDI seems tricky for a lot of people, the
Am Donnerstag, den 19.08.2010, 09:36 +0200 schrieb Rainer Jung:
On 18.08.2010 22:45, Igor Galić wrote:
org.apache.catalina.realm.JNDIRealm.getUserByPattern(JNDIRealm.java:1269)
This means, that you specified userPattern='...' in your realm
configuration. And you since your pattern looks
Am Mittwoch, den 18.08.2010, 20:45 + schrieb Igor Galić:
org.apache.catalina.realm.JNDIRealm.getUserByPattern(JNDIRealm.java:1269)
This means, that you specified userPattern='...' in your realm
configuration. And you since your pattern looks like
'(uid={0})(...)' it is probably wrong.
Use it as you like. As Rainer has hinted, the apache wiki would be a
good place for documentation :)
Excellent. Thank you very much, will do that.
i
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional
On 19.08.2010 18:55, Igor Galić wrote:
Use it as you like. As Rainer has hinted, the apache wiki would be a
good place for documentation :)
Excellent. Thank you very much, will do that.
URL: http://wiki.apache.org/tomcat/ :)
- Rainer Jung rainer.j...@kippdata.de wrote:
On 19.08.2010 18:55, Igor Galić wrote:
Use it as you like. As Rainer has hinted, the apache wiki would be
a
good place for documentation :)
Excellent. Thank you very much, will do that.
URL: http://wiki.apache.org/tomcat/ :)
Done:
On Tue, 17 Aug 2010 21:30:56 + (UTC), Igor Galić
i.ga...@brainsware.org wrote:
That looks right. I believe I have found one issue with my code. It
will
get a InitialDirContext with your admin user and password, before it
is
negotiating TLS. I have attached another ContextFactory, which
org.apache.catalina.realm.JNDIRealm.getUserByPattern(JNDIRealm.java:1269)
This means, that you specified userPattern='...' in your realm
configuration. And you since your pattern looks like
'(uid={0})(...)' it is probably wrong. You have specified
userSearch='uid={0}', too. So I believe you
Great! That fixed it, and it now works! Thank you very much, Felix.
I would very much like to document this. I am thus asking you for permission
to use, host, reference or whatever is your liking, the code you have
provided.
Hi Igor,
I've struggled with this too. I'm not sure if I'm having the
On Mon, 16 Aug 2010 22:39:14 + (UTC), Igor Galić
i.ga...@brainsware.org wrote:
- Felix Schumacher felix.schumac...@internetallee.de wrote:
On Sun, 15 Aug 2010 21:33:09 + (UTC), Igor Galić
i.ga...@brainsware.org wrote:
- Felix Schumacher felix.schumac...@internetallee.de
Either use the LdapTlsContextFactory, or the patched tomcat. Not both.
I
would advise to use the factory, since you can use a supported
tomcat.
ACK. Done that. In a vanilla Tomcat, I've put your LdapTlsContextFactory in
jar in lib/ with a config such as this:
Realm
Am Dienstag, den 17.08.2010, 14:31 + schrieb Igor Galić:
Either use the LdapTlsContextFactory, or the patched tomcat. Not both.
I
would advise to use the factory, since you can use a supported
tomcat.
ACK. Done that. In a vanilla Tomcat, I've put your LdapTlsContextFactory in
jar
That looks right. I believe I have found one issue with my code. It
will
get a InitialDirContext with your admin user and password, before it
is
negotiating TLS. I have attached another ContextFactory, which will
remove admin user, password and authentication method prior to TLS
On Sun, 15 Aug 2010 21:33:09 + (UTC), Igor Galić
i.ga...@brainsware.org wrote:
- Felix Schumacher felix.schumac...@internetallee.de wrote:
Ok, my patch will not work, since new InitialDirContext(env) will not
create a LdapContext, but a DirContext. You could try to change new
- Felix Schumacher felix.schumac...@internetallee.de wrote:
On Sun, 15 Aug 2010 21:33:09 + (UTC), Igor Galić
i.ga...@brainsware.org wrote:
- Felix Schumacher felix.schumac...@internetallee.de wrote:
Ok, my patch will not work, since new InitialDirContext(env) will
not
it means the authentication provider does not support the authentication
algorithm you selected
list out the contents of your keystore
http://download-llnw.oracle.com/javase/1.4.2/docs/tooldocs/windows/keytool.html
you may be better off creating new keys and be sure you identify only the
- Martin Gainty mgai...@hotmail.com wrote:
it means the authentication provider does not support the
authentication algorithm you selected
I didn't select a protocol (there is no protocol=foo setting the Realm)
list out the contents of your keystore
I'm not using a keystore. I just
Hi Igor,
On 15.08.2010 16:14, Igor Galić wrote:
Hi folks,
I'm running Hudson in Tomcat 6.0.29 on Debian/Squeeze/amd64 with
i.ga...@pheme /opt/tomcat6 % java -version
java version 1.6.0_18
OpenJDK Runtime Environment (IcedTea6 1.8) (6b18-1.8-1)
OpenJDK 64-Bit Server VM (build 14.0-b16, mixed
From: Igor Galić [mailto:i.ga...@brainsware.org]
Subject: Re: JNDI: LDAPv3 with StartTLS
I would still like to believe that this is a simple configuration
error from my side.
If Rainer's suggestion doesn't work, can you try this with a JVM downloaded
from java.sun.com? I've wondering
- Rainer Jung rainer.j...@kippdata.de wrote:
snip
Never used it, but wouldn't you configure ldaps:// URLs instead of
ldap://; URLs? And maybe also using Port 636 instead of 389 (or
removing the port to use it as the default port).
No idea about SASL though.
StartTLS works over the
This is getting out of hand...
i.ga...@pheme /opt/tomcat6 % sudo netstat -nalpt | grep -w LISTEN|grep 80
tcp0 0 0.0.0.0:80880.0.0.0:* LISTEN
30503/traffic_manag
tcp0 0 0.0.0.0:80910.0.0.0:* LISTEN
Am Sonntag, den 15.08.2010, 14:14 + schrieb Igor Galić:
Hi folks,
I'm running Hudson in Tomcat 6.0.29 on Debian/Squeeze/amd64 with
i.ga...@pheme /opt/tomcat6 % java -version
java version 1.6.0_18
OpenJDK Runtime Environment (IcedTea6 1.8) (6b18-1.8-1)
OpenJDK 64-Bit Server VM (build
- Felix Schumacher felix.schumac...@internetallee.de wrote:
/snip
I've traced the operation with wireshark only to find it's not even
trying to do any kind of SASL negotiation.
That seems weird, since:
Am Sonntag, den 15.08.2010, 17:53 + schrieb Igor Galić:
- Felix Schumacher felix.schumac...@internetallee.de wrote:
/snip
I've traced the operation with wireshark only to find it's not even
trying to do any kind of SASL negotiation.
That seems weird, since:
.
. . . . just my two cents.
/mde/
- Original Message
From: Igor Galić i.ga...@brainsware.org
To: Tomcat Users List users@tomcat.apache.org
Sent: Sun, August 15, 2010 9:28:31 AM
Subject: Re: JNDI: LDAPv3 with StartTLS
This is getting out of hand...
i.ga...@pheme /opt/tomcat6 % sudo
Subject: Re: JNDI: LDAPv3 with StartTLS
This is getting out of hand...
i.ga...@pheme /opt/tomcat6 % sudo netstat -nalpt | grep -w LISTEN|grep
80
tcp0 0 0.0.0.0:80880.0.0.0:*
LISTEN
30503/traffic_manag
tcp0 0 0.0.0.0:8091
If you are feeling lucky and are willing to compile tomcat yourself,
you
can try the attached diff. I haven't tested it, since I don't have an
ldap server around at the moment.
You have to extend the realm configuration with
Realm ...
startTLS=true
... /
Hi Felix,
thanks for
12:10:56 PM
Subject: Re: JNDI: LDAPv3 with StartTLS
If you are feeling lucky and are willing to compile tomcat yourself,
you
can try the attached diff. I haven't tested it, since I don't have an
ldap server around at the moment.
You have to extend the realm configuration with
Realm
Ok, my patch will not work, since new InitialDirContext(env) will not
create a LdapContext, but a DirContext. You could try to change new
InitialDirContext(env) into InitalLdapContext(env, null) as used in the
sun startssl example.
I will test it tomorrow.
But it may be easier to allow ssl with
- Mark Eggers its_toas...@yahoo.com wrote:
Reading your original request, you're using an external certificate to
go
against your LDAP server, right?
If so, you might try using Felix's code, and then adding
authentication=EXTERNAL to the Realm configuration.
Your JNDIRealm
- Felix Schumacher felix.schumac...@internetallee.de wrote:
Ok, my patch will not work, since new InitialDirContext(env) will not
create a LdapContext, but a DirContext. You could try to change new
InitialDirContext(env) into InitalLdapContext(env, null) as used in
the
sun startssl
I forgot to actually attach the pcap now, didn't i?
So long,
i
--
Igor Galić
Tel: +43 (0) 664 886 22 883
Mail: i.ga...@brainsware.org
URL: http://brainsware.org/
tomcat.jndi.ldap.cap
Description: application/cap
-
To
On 15/08/2010 21:58, Felix Schumacher wrote:
Ok, my patch will not work, since new InitialDirContext(env) will not
create a LdapContext, but a DirContext. You could try to change new
InitialDirContext(env) into InitalLdapContext(env, null) as used in the
sun startssl example.
I will test it
- Pid p...@pidster.com wrote:
On 15/08/2010 21:58, Felix Schumacher wrote:
Ok, my patch will not work, since new InitialDirContext(env) will
not
create a LdapContext, but a DirContext. You could try to change new
InitialDirContext(env) into InitalLdapContext(env, null) as used in
35 matches
Mail list logo