Tomcat with LDAP
Hello everyone, Can any one give me an example of a LDIF file that I can add in a openLdap directory tree so that I can have tomcat authenticate against it ! Sorry I am new at this and I tried the example file that is on the tomcat page, but that doesnt work. And I dont know much about LDAP or how to construct a proper LDAP file with users and roles defined. Thanks in advance Adil - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
sample openLdap ldif file wont work
Hi all, Can any one tell me why I cant run the sample file that is on the Tomncat website for adding entries in the OpenLdap directory tree ? The file is as follows -- # Define a user named 'tomcat' dn: cn=tomcat,dc=xxx,dc=com cn: tomcat userPassword: tomcat sn: Tomcat User objectClass: person # Define a user named 'both' dn: cn=both,dc=xxx,dc=com cn: both userPassword: tomcat sn: Both User objectClass: person # Define an entry to base role searches on dn: dc=roles,dc=xxx,dc=com cn: roles objectClass: person sn: Roles Entry # Define all members of the 'tomcat' role dn: cn=tomcat,dc=roles,dc=xxx,dc=com cn: tomcat objectClass: groupOfUniqueNames uniqueMember: cn=tomcat,dc=xxx,dc=com uniqueMember: cn=both,dc=xxx,dc=com -- OK it adds the first two entries i.e tomcat and both and then when it tries to add the third entry it gives the following message : adding new entry dc=roles,dc=xxx,dc=com ldapadd: update failed: dc=roles,dc=xxx,dc=com ldap_add: No such attribute (16) additional info: naming attribute 'dc' is not present in entry What am I doing wrong Thanks, Adil - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
what's wrong with Example.ldif
Hi all, Can any one tell me why I cant run the sample file that is on the Tomncat website for adding entries in the OpenLdap directory tree ? The file is as follows -- # Define a user named 'tomcat' dn: cn=tomcat,dc=xxx,dc=com cn: tomcat userPassword: tomcat sn: Tomcat User objectClass: person # Define a user named 'both' dn: cn=both,dc=xxx,dc=com cn: both userPassword: tomcat sn: Both User objectClass: person # Define an entry to base role searches on dn: dc=roles,dc=xxx,dc=com cn: roles objectClass: person sn: Roles Entry # Define all members of the 'tomcat' role dn: cn=tomcat,dc=roles,dc=xxx,dc=com cn: tomcat objectClass: groupOfUniqueNames uniqueMember: cn=tomcat,dc=xxx,dc=com uniqueMember: cn=both,dc=xxx,dc=com -- OK it adds the first two entries i.e tomcat and both and then when it tries to add the third entry it gives the following message : adding new entry dc=roles,dc=xxx,dc=com ldapadd: update failed: dc=roles,dc=xxx,dc=com ldap_add: No such attribute (16) additional info: naming attribute 'dc' is not present in entry What am I doing wrong Thanks, Adil - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Java_Home
You are using Java EE. I think you have to set another variable for it ... but I can be wrong. I think I encountered the same problem when I was using EE. It was fixed when I used SE. The variable you have to set I cant remeber. But it something like JAVA_X. Adil -Original Message- From: Hunter, Sandra [mailto:[EMAIL PROTECTED] Sent: Thursday, March 13, 2003 5:01 PM To: '[EMAIL PROTECTED]' Subject: Java_Home I am relatively new to Tomcat, having used it but not installed it, before. I have set my JAVA_HOME path to the folder named j2sdkee1.3.1 However this is the result I get: C:\%CATALINA_HOME%\bin\startup The JAVA_HOME environment variable is not defined correctly This environment variable is needed to run this program The system cannot find the batch label specified - end Using CATALINA_BASE: C:\jakarta-tomcat-4.0.6 Using CATALINA_HOME: C:\jakarta-tomcat-4.0.6 Using CATALINA_TMPDIR: C:\jakarta-tomcat-4.0.6\temp Using JAVA_HOME: C:\j2sdkee1.3.1 The system cannot find the file -Djava.endorsed.dirs=. Any ideas are gratefully received. Sandra Patricia Hunter Systems Development and Web Design
Tomcat with Oracle Internet Directory
Hi,
I am new at this so please be patient with me !!! Ok I am trying to get
Tomcat to work with Oracle's LDAP implementation (OiD) for authentication
purposes. I just wanted to know if anyone has ever tried this. I cant get it
to work !
In the REALM tag in server.xml what I have is as follows:
Realm className=org.apache.catalina.realm.JNDIRealm debug=99
connectionName=cn=orcladmin connectionPassword=welcome
connectionURL=ldap://LdapServer:389; roleBase=dc=roles,dc=com
roleName=tomcat roleSearch=(uniqueMember={0}) roleSubtree=false
userPassword=userPassword userPattern=cn={0},dc=com/
and my web.xml file is as follows:
security-constraint
display-nameExample Security Constraint/display-name
web-resource-collection
web-resource-nameProtected
Area/web-resource-name
!-- Define the context-relative URL(s) to be
protected --
!--
url-pattern/jsp/security/protected/*/url-pattern --
url-pattern/*/url-pattern
!-- If you list http methods, only those methods
are protected --
http-methodDELETE/http-method
http-methodGET/http-method
http-methodPOST/http-method
http-methodPUT/http-method
/web-resource-collection
auth-constraint
!-- Anyone with one of the listed roles may access
this area --
role-nameorganizationalRole/role-name
role-nameroles/role-name
role-nametomcat/role-name
/auth-constraint
/security-constraint
!-- Default login configuration uses form-based authentication --
login-config
auth-methodBASIC/auth-method
realm-nameExample BASIC Authentication Area/realm-name
/login-config
!-- Security roles referenced by this web application --
security-role
role-nameorganizationalRole/role-name
/security-role
security-role
role-nameroles/role-name
/security-role
security-role
role-nametomcat/role-name
/security-role
The authentication box comes up when I navigate to my application site but
it cannot authenticate. Has anyone ever tried Oracle and Tomcat before? And
yes I have Users and Roles under OiD assigned.
Any help will be greatly appreciated.
Thanks
Adil
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat with Oracle Internet Directory
Hello Doug,
Can you explain in detail what you did do make it to work. I mean creating
the Roles in OiD mainly. How did you create the Users and Roles in OiD. I am
new to OiD.. so if you can send me a sample LDIF file that will be great.
Thanks
Adil
-Original Message-
From: Doug Redd [mailto:[EMAIL PROTECTED]
Sent: Monday, March 10, 2003 1:37 PM
To: Tomcat Users List
Subject: RE: Tomcat with Oracle Internet Directory
I got this working but it is kind of convoluted because of the way OiD
encrypts passwords.
OiD defaults to MD4 for the password digestion and Tomcat uses MD5 (I
think SHA may work also, but I have not tried it. MD5 and SHA are the
only algorithms supported by the Sun JDK, which is the source of the
limitation if I am not mistaken). So you need to configure OiD to use
MD5. On top of that, OiD does a base-64 encoding of the digested
password, and then prefixes it with the name of the digestion algorithm
used in braces. So, if a user has the password welcome, the OiD
userPassword attribute will be the MD5 digest of welcome, which is
then base-64 encoded and prefixed with {MD5}.
The only way I could get it to work is to use form based authentication
with no digest. The target of the login form is a handler that performs
an MD5 digestion and base-64 encoding and then prefixes the password
with {MD5}, then forwards the request to j_security_check.
- Doug
-Original Message-
From: Karamat Adil IHMD [mailto:[EMAIL PROTECTED]
Sent: Monday, March 10, 2003 9:40 AM
To: '[EMAIL PROTECTED]'
Subject: Tomcat with Oracle Internet Directory
Hi,
I am new at this so please be patient with me !!! Ok I am trying to
get Tomcat to work with Oracle's LDAP implementation (OiD) for
authentication purposes. I just wanted to know if anyone has ever tried
this. I cant get it to work !
In the REALM tag in server.xml what I have is as follows:
Realm className=org.apache.catalina.realm.JNDIRealm debug=99
connectionName=cn=orcladmin connectionPassword=welcome
connectionURL=ldap://LdapServer:389; roleBase=dc=roles,dc=com
roleName=tomcat roleSearch=(uniqueMember={0}) roleSubtree=false
userPassword=userPassword userPattern=cn={0},dc=com/
and my web.xml file is as follows:
security-constraint
display-nameExample Security Constraint/display-name
web-resource-collection
web-resource-nameProtected
Area/web-resource-name
!-- Define the context-relative URL(s) to be
protected --
!--
url-pattern/jsp/security/protected/*/url-pattern --
url-pattern/*/url-pattern
!-- If you list http methods, only those
methods
are protected --
http-methodDELETE/http-method
http-methodGET/http-method
http-methodPOST/http-method
http-methodPUT/http-method
/web-resource-collection
auth-constraint
!-- Anyone with one of the listed roles may
access
this area --
role-nameorganizationalRole/role-name
role-nameroles/role-name
role-nametomcat/role-name
/auth-constraint
/security-constraint
!-- Default login configuration uses form-based authentication
--
login-config
auth-methodBASIC/auth-method
realm-nameExample BASIC Authentication
Area/realm-name
/login-config
!-- Security roles referenced by this web application --
security-role
role-nameorganizationalRole/role-name
/security-role
security-role
role-nameroles/role-name
/security-role
security-role
role-nametomcat/role-name
/security-role
The authentication box comes up when I navigate to my application site
but it cannot authenticate. Has anyone ever tried Oracle and Tomcat
before? And yes I have Users and Roles under OiD assigned.
Any help will be greatly appreciated.
Thanks
Adil
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
