I'm not a specialist in this but it smells like you're saying that the
role name are listedin the attribute 'cn' and that to access your site
the connected user should have the role 'cn' hence if you do not have a
user with it's cn=cn (attribute cn = value "cn"), it won't work. Maybe
you could either enter real roles to your users in another attribute
than cn and adapt your web.xml accordingly or suppress the
auth-constraint on the role-name
Hope it helps
Olivier
Sandeep N wrote:
Hi,
I have a problem trying to authenticate users, whose details are
stored in the LDAP directory through Apache Tomcat. The details of the
software I am using are as follows :
LDAP: OpenLDAP V 2.2.17
Web-Server: Apache-Tomcat V 4.1.30
OS: Suse - Linux
The LDAP directory structure is somewhat like this -
dc=my-domain,dc=com
cn= Manager
cn=person1
cn=person2 and so on
In the server.xml file (under APACHE-TOMCAT-DIR/conf/) I have included
he following piece of code -
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
connectionName="cn=Manager,dc=my-domain,dc=com"
connectionPassword="secret" connectionURL="ldap://localhost:389";
roleName="cn" roleSearch="(uniqueMember={0})"
userPassword="userPassword"
userPattern="cn={0},cn=Manager,dn=my-domain,dn=com" />
The folder I have to authenticate is "param_test" and this resides
under "APACHE-TOMCAT-DIR/webapps".
The web.xml file under the "param_test" folder contains the following
piece of code -
..................................
<security-constraint>
<web-resource-collection>
<web-resource-name>test</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>cn</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>test</realm-name>
</login-config>
..................................
I have even copied the jndi.jar, ldap.jar files to
APACHE-TOMCAT-DIR/server/lib directory
When I try to access the link, http://localhost:8089/param_test, it
prompts me for the username and password. When I type in these
parameters as per the entries in the LDAP directory, the pop-up
reappears and this goes on continously. If I cancel this pop-up, HTTP
error 401 is returned. Any guesses where I have gone wrong?
Thanks in advance.
Regards,
Sandeep
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
