RE: Tomcat JNDI Realm + Active Directory Server
Two things that I noticed. I don't know how correct they are, but it seems to
work in my environment.
1. In my Realm definition Realm I have connectionName and connectionPassword
attributes which specify the user that can login to AD and query and
authenticate others.
2. My Realm definition is in the context of my webapp and my web.xml
configuration looks something like the following:
security-constraint^M
web-resource-collection^M
web-resource-nameLogin Screen/web-resource-name^M
url-pattern/Login.jsp/url-pattern^M
/web-resource-collection^M
^M
auth-constraint ^M
role-nameMIS Distribution/role-name^M
/auth-constraint^M
/security-constraint^M
I never use the context name in my web.xml like you have setup with
moretests.
Hope this helps.
Kal
-Original Message-
From: Luis Durán [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 19, 2005 6:23 PM
To: tomcat-user@jakarta.apache.org
Subject: Tomcat JNDI Realm + Active Directory Server
I had a hard time trying to configure Tomcat to authenticate with MS
Active Directory Service, i tried a lot of samples, i edited them but i
didn't get nothing. This is the last configuration i tried:
/META-INF/context-xml:
?xml version=1.0 encoding=UTF-8?
Context path=/moretests
Realm className=org.apache.catalina.realm.JNDIRealm debug=99
connectionURL=ldap://192.168.200.2:389;
referrals=follow
userBase=cn=Users,dc=w2ksvr,dc=local
userSearch=(sAMAccountName={0})
userSubtree=true
userRoleName=memberOf
roleBase=cn=Users,dc=w2ksvr,dc=local
roleSearch=(sAMAccountName={0})
roleSubtree=true
rolename=cn /
/Context
I gave the shot to the bind mode and to the password comparison mode
with any results.
/WEB-INF/web.xml:
?xml version=1.0 encoding=UTF-8?
web-app xmlns=http://java.sun.com/xml/ns/j2ee;
xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance;
xsi:schemaLocation=http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd;
version=2.4
login-config
auth-methodBASIC/auth-method
realm-namemoretests/realm-name
/login-config
session-config
session-timeout
30
/session-timeout
/session-config
welcome-file-list
welcome-file
index.jsp
/welcome-file
/welcome-file-list
security-constraint
web-resource-collection
web-resource-namewhole site/web-resource-name
url-pattern/*/url-pattern
http-methodGET/http-method
/web-resource-collection
auth-constraint
role-nameprueba/role-name
/auth-constraint
/security-constraint
security-role
descriptionUsuario/description
role-nameprueba/role-name
/security-role
/web-app
Of course, i have created that group inside ADS and populated it with a
user called elebis with a simple password. I even browsed ADS with ldap
browser and everything seemed ok,
Does anybody know why am I doing wrong? Can anybody help me to work
around it?
Thanks in advanced, pals
--
Luis Edgardo Durán Lebis
Soporte Técnico y Sistemas
http://mipagina.cantv.net/elebis
[EMAIL PROTECTED]
0416-7580991
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
CONFIDENTIALITY NOTE: All e-mail sent to or from this address will be received
by the Waterfield Group corporate e-mail system and is subject to archival,
monitoring, and/or review by someone other than the recipient or the sender.
This e-mail and any of its attachments may contain proprietary information,
which is privileged and confidential. This e-mail is intended solely for the
use of the individual or entity to which it is addressed. If you are not the
intended recipient of this e-mail, you are hereby notified that any
dissemination, distribution, copying, or action taken in relation to the
contents of and attachments to this e-mail is strictly prohibited and may be
unlawful. If you have received this e-mail in error, please notify the sender
immediately and permanently delete the original and any copy of this e-mail and
any printout. Thank you.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat JNDI Realm + Active Directory Server
I had a hard time trying to configure Tomcat to authenticate with MS
Active Directory Service, i tried a lot of samples, i edited them but i
didn't get nothing. This is the last configuration i tried:
/META-INF/context-xml:
?xml version=1.0 encoding=UTF-8?
Context path=/moretests
Realm className=org.apache.catalina.realm.JNDIRealm debug=99
connectionURL=ldap://192.168.200.2:389;
referrals=follow
userBase=cn=Users,dc=w2ksvr,dc=local
userSearch=(sAMAccountName={0})
userSubtree=true
userRoleName=memberOf
roleBase=cn=Users,dc=w2ksvr,dc=local
roleSearch=(sAMAccountName={0})
roleSubtree=true
rolename=cn /
/Context
I gave the shot to the bind mode and to the password comparison mode
with any results.
/WEB-INF/web.xml:
?xml version=1.0 encoding=UTF-8?
web-app xmlns=http://java.sun.com/xml/ns/j2ee;
xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance;
xsi:schemaLocation=http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd;
version=2.4
login-config
auth-methodBASIC/auth-method
realm-namemoretests/realm-name
/login-config
session-config
session-timeout
30
/session-timeout
/session-config
welcome-file-list
welcome-file
index.jsp
/welcome-file
/welcome-file-list
security-constraint
web-resource-collection
web-resource-namewhole site/web-resource-name
url-pattern/*/url-pattern
http-methodGET/http-method
/web-resource-collection
auth-constraint
role-nameprueba/role-name
/auth-constraint
/security-constraint
security-role
descriptionUsuario/description
role-nameprueba/role-name
/security-role
/web-app
Of course, i have created that group inside ADS and populated it with a
user called elebis with a simple password. I even browsed ADS with ldap
browser and everything seemed ok,
Does anybody know why am I doing wrong? Can anybody help me to work
around it?
Thanks in advanced, pals
--
Luis Edgardo Durán Lebis
Soporte Técnico y Sistemas
http://mipagina.cantv.net/elebis
[EMAIL PROTECTED]
0416-7580991
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: JNDI and Active Directory.....
I am not an expert but can it be, because you haven't specified any
contextFactory?
What kind of ldap are you using?s
What means userSearch=(userPrincipalName={0}) ?
Torsdag 26 juni 2003 22:12 skrev Pitre, Russell:
Server.xml:
Realm className=org.apache.catalina.realm.JNDIRealm
connectionURL=ldap://server:389;
userBase=CN=Users,dc=[domain],dc=com
userSearch=(userPrincipalName={0})
userRoleName=member
roleBase=CN=Users,dc=[domain],dc=com
roleName=cn
roleSearch=(member={0})
connectionName=CN=tomcatuser,CN=Users,DC=[domain],DC=com
connectionPassword=sinner
roleSubtree=true
userSubtree=true/
Web.xml
security-constraint
display-nameShow Tracker Security
Constraint/display-name
web-resource-collection
web-resource-nameProtected Area/web-resource-name
url-pattern/*/url-pattern
/web-resource-collection
auth-constraint
role-nametomcat/role-name
/auth-constraint
/security-constraint
login-config
auth-methodFORM/auth-method
realm-nameShow Tracker
Authentication Area/realm-name
form-login-config
form-login-page/login.jsp/form-login-page
form-error-page/error.jsp/form-error-page
/form-login-config
/login-config
security-role
descriptionRegistered
users/description
role-nametomcat/role-name
/security-role
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
JNDI and Active Directory.....
I'm trying to setup my webapp to authenticate to Active Directory. After
searching and googling I still cannot resolve my problem. I've created
a user named tomcatuser and security group called tomcat in the Users
container. I've put my logon in that group tomcat and no success
logging into the webapp. Any help or direction would be very
appreciated...
Server.xml:
Realm className=org.apache.catalina.realm.JNDIRealm
connectionURL=ldap://server:389;
userBase=CN=Users,dc=[domain],dc=com
userSearch=(userPrincipalName={0})
userRoleName=member
roleBase=CN=Users,dc=[domain],dc=com
roleName=cn
roleSearch=(member={0})
connectionName=CN=tomcatuser,CN=Users,DC=[domain],DC=com
connectionPassword=sinner
roleSubtree=true
userSubtree=true/
Web.xml
security-constraint
display-nameShow Tracker Security
Constraint/display-name
web-resource-collection
web-resource-nameProtected Area/web-resource-name
url-pattern/*/url-pattern
/web-resource-collection
auth-constraint
role-nametomcat/role-name
/auth-constraint
/security-constraint
login-config
auth-methodFORM/auth-method
realm-nameShow Tracker
Authentication Area/realm-name
form-login-config
form-login-page/login.jsp/form-login-page
form-error-page/error.jsp/form-error-page
/form-login-config
/login-config
security-role
descriptionRegistered
users/description
role-nametomcat/role-name
/security-role
RE: JNDI and Active Directory.....
Also, prior to setting up my webapp to use Active Directory, I had the
webapp successfully authenticating to a JDBC realm.
-Original Message-
From: Pitre, Russell
Sent: Thursday, June 26, 2003 4:05 PM
To: [EMAIL PROTECTED]
Subject: JNDI and Active Directory.
I'm trying to setup my webapp to authenticate to Active Directory. After
searching and googling I still cannot resolve my problem. I've created
a user named tomcatuser and security group called tomcat in the Users
container. I've put my logon in that group tomcat and no success
logging into the webapp. Any help or direction would be very
appreciated...
Server.xml:
Realm className=org.apache.catalina.realm.JNDIRealm
connectionURL=ldap://server:389;
userBase=CN=Users,dc=[domain],dc=com
userSearch=(userPrincipalName={0})
userRoleName=member
roleBase=CN=Users,dc=[domain],dc=com
roleName=cn
roleSearch=(member={0})
connectionName=CN=tomcatuser,CN=Users,DC=[domain],DC=com
connectionPassword=sinner
roleSubtree=true
userSubtree=true/
Web.xml
security-constraint
display-nameShow Tracker Security
Constraint/display-name
web-resource-collection
web-resource-nameProtected Area/web-resource-name
url-pattern/*/url-pattern
/web-resource-collection
auth-constraint
role-nametomcat/role-name
/auth-constraint
/security-constraint
login-config
auth-methodFORM/auth-method
realm-nameShow Tracker
Authentication Area/realm-name
form-login-config
form-login-page/login.jsp/form-login-page
form-error-page/error.jsp/form-error-page
/form-login-config
/login-config
security-role
descriptionRegistered
users/description
role-nametomcat/role-name
/security-role
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: JNDI and Active Directory.....
I also referenced this site..
http://www.java-internals.com/code/jndi_realm.html
Thanx again
-Original Message-
From: Pitre, Russell
Sent: Thursday, June 26, 2003 4:10 PM
To: Tomcat Users List
Subject: RE: JNDI and Active Directory.
Also, prior to setting up my webapp to use Active Directory, I had the
webapp successfully authenticating to a JDBC realm.
-Original Message-
From: Pitre, Russell
Sent: Thursday, June 26, 2003 4:05 PM
To: [EMAIL PROTECTED]
Subject: JNDI and Active Directory.
I'm trying to setup my webapp to authenticate to Active Directory. After
searching and googling I still cannot resolve my problem. I've created
a user named tomcatuser and security group called tomcat in the Users
container. I've put my logon in that group tomcat and no success
logging into the webapp. Any help or direction would be very
appreciated...
Server.xml:
Realm className=org.apache.catalina.realm.JNDIRealm
connectionURL=ldap://server:389;
userBase=CN=Users,dc=[domain],dc=com
userSearch=(userPrincipalName={0})
userRoleName=member
roleBase=CN=Users,dc=[domain],dc=com
roleName=cn
roleSearch=(member={0})
connectionName=CN=tomcatuser,CN=Users,DC=[domain],DC=com
connectionPassword=sinner
roleSubtree=true
userSubtree=true/
Web.xml
security-constraint
display-nameShow Tracker Security
Constraint/display-name
web-resource-collection
web-resource-nameProtected Area/web-resource-name
url-pattern/*/url-pattern
/web-resource-collection
auth-constraint
role-nametomcat/role-name
/auth-constraint
/security-constraint
login-config
auth-methodFORM/auth-method
realm-nameShow Tracker
Authentication Area/realm-name
form-login-config
form-login-page/login.jsp/form-login-page
form-error-page/error.jsp/form-error-page
/form-login-config
/login-config
security-role
descriptionRegistered
users/description
role-nametomcat/role-name
/security-role
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
