RE: Tomcat JNDI Realm + Active Directory Server
Two things that I noticed. I don't know how correct they are, but it seems to work in my environment. 1. In my Realm definition Realm I have connectionName and connectionPassword attributes which specify the user that can login to AD and query and authenticate others. 2. My Realm definition is in the context of my webapp and my web.xml configuration looks something like the following: security-constraint^M web-resource-collection^M web-resource-nameLogin Screen/web-resource-name^M url-pattern/Login.jsp/url-pattern^M /web-resource-collection^M ^M auth-constraint ^M role-nameMIS Distribution/role-name^M /auth-constraint^M /security-constraint^M I never use the context name in my web.xml like you have setup with moretests. Hope this helps. Kal -Original Message- From: Luis Durán [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 19, 2005 6:23 PM To: tomcat-user@jakarta.apache.org Subject: Tomcat JNDI Realm + Active Directory Server I had a hard time trying to configure Tomcat to authenticate with MS Active Directory Service, i tried a lot of samples, i edited them but i didn't get nothing. This is the last configuration i tried: /META-INF/context-xml: ?xml version=1.0 encoding=UTF-8? Context path=/moretests Realm className=org.apache.catalina.realm.JNDIRealm debug=99 connectionURL=ldap://192.168.200.2:389; referrals=follow userBase=cn=Users,dc=w2ksvr,dc=local userSearch=(sAMAccountName={0}) userSubtree=true userRoleName=memberOf roleBase=cn=Users,dc=w2ksvr,dc=local roleSearch=(sAMAccountName={0}) roleSubtree=true rolename=cn / /Context I gave the shot to the bind mode and to the password comparison mode with any results. /WEB-INF/web.xml: ?xml version=1.0 encoding=UTF-8? web-app xmlns=http://java.sun.com/xml/ns/j2ee; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd; version=2.4 login-config auth-methodBASIC/auth-method realm-namemoretests/realm-name /login-config session-config session-timeout 30 /session-timeout /session-config welcome-file-list welcome-file index.jsp /welcome-file /welcome-file-list security-constraint web-resource-collection web-resource-namewhole site/web-resource-name url-pattern/*/url-pattern http-methodGET/http-method /web-resource-collection auth-constraint role-nameprueba/role-name /auth-constraint /security-constraint security-role descriptionUsuario/description role-nameprueba/role-name /security-role /web-app Of course, i have created that group inside ADS and populated it with a user called elebis with a simple password. I even browsed ADS with ldap browser and everything seemed ok, Does anybody know why am I doing wrong? Can anybody help me to work around it? Thanks in advanced, pals -- Luis Edgardo Durán Lebis Soporte Técnico y Sistemas http://mipagina.cantv.net/elebis [EMAIL PROTECTED] 0416-7580991 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] CONFIDENTIALITY NOTE: All e-mail sent to or from this address will be received by the Waterfield Group corporate e-mail system and is subject to archival, monitoring, and/or review by someone other than the recipient or the sender. This e-mail and any of its attachments may contain proprietary information, which is privileged and confidential. This e-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this e-mail is strictly prohibited and may be unlawful. If you have received this e-mail in error, please notify the sender immediately and permanently delete the original and any copy of this e-mail and any printout. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat JNDI Realm + Active Directory Server
I had a hard time trying to configure Tomcat to authenticate with MS Active Directory Service, i tried a lot of samples, i edited them but i didn't get nothing. This is the last configuration i tried: /META-INF/context-xml: ?xml version=1.0 encoding=UTF-8? Context path=/moretests Realm className=org.apache.catalina.realm.JNDIRealm debug=99 connectionURL=ldap://192.168.200.2:389; referrals=follow userBase=cn=Users,dc=w2ksvr,dc=local userSearch=(sAMAccountName={0}) userSubtree=true userRoleName=memberOf roleBase=cn=Users,dc=w2ksvr,dc=local roleSearch=(sAMAccountName={0}) roleSubtree=true rolename=cn / /Context I gave the shot to the bind mode and to the password comparison mode with any results. /WEB-INF/web.xml: ?xml version=1.0 encoding=UTF-8? web-app xmlns=http://java.sun.com/xml/ns/j2ee; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd; version=2.4 login-config auth-methodBASIC/auth-method realm-namemoretests/realm-name /login-config session-config session-timeout 30 /session-timeout /session-config welcome-file-list welcome-file index.jsp /welcome-file /welcome-file-list security-constraint web-resource-collection web-resource-namewhole site/web-resource-name url-pattern/*/url-pattern http-methodGET/http-method /web-resource-collection auth-constraint role-nameprueba/role-name /auth-constraint /security-constraint security-role descriptionUsuario/description role-nameprueba/role-name /security-role /web-app Of course, i have created that group inside ADS and populated it with a user called elebis with a simple password. I even browsed ADS with ldap browser and everything seemed ok, Does anybody know why am I doing wrong? Can anybody help me to work around it? Thanks in advanced, pals -- Luis Edgardo Durán Lebis Soporte Técnico y Sistemas http://mipagina.cantv.net/elebis [EMAIL PROTECTED] 0416-7580991 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JNDI and Active Directory.....
I am not an expert but can it be, because you haven't specified any contextFactory? What kind of ldap are you using?s What means userSearch=(userPrincipalName={0}) ? Torsdag 26 juni 2003 22:12 skrev Pitre, Russell: Server.xml: Realm className=org.apache.catalina.realm.JNDIRealm connectionURL=ldap://server:389; userBase=CN=Users,dc=[domain],dc=com userSearch=(userPrincipalName={0}) userRoleName=member roleBase=CN=Users,dc=[domain],dc=com roleName=cn roleSearch=(member={0}) connectionName=CN=tomcatuser,CN=Users,DC=[domain],DC=com connectionPassword=sinner roleSubtree=true userSubtree=true/ Web.xml security-constraint display-nameShow Tracker Security Constraint/display-name web-resource-collection web-resource-nameProtected Area/web-resource-name url-pattern/*/url-pattern /web-resource-collection auth-constraint role-nametomcat/role-name /auth-constraint /security-constraint login-config auth-methodFORM/auth-method realm-nameShow Tracker Authentication Area/realm-name form-login-config form-login-page/login.jsp/form-login-page form-error-page/error.jsp/form-error-page /form-login-config /login-config security-role descriptionRegistered users/description role-nametomcat/role-name /security-role - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
JNDI and Active Directory.....
I'm trying to setup my webapp to authenticate to Active Directory. After searching and googling I still cannot resolve my problem. I've created a user named tomcatuser and security group called tomcat in the Users container. I've put my logon in that group tomcat and no success logging into the webapp. Any help or direction would be very appreciated... Server.xml: Realm className=org.apache.catalina.realm.JNDIRealm connectionURL=ldap://server:389; userBase=CN=Users,dc=[domain],dc=com userSearch=(userPrincipalName={0}) userRoleName=member roleBase=CN=Users,dc=[domain],dc=com roleName=cn roleSearch=(member={0}) connectionName=CN=tomcatuser,CN=Users,DC=[domain],DC=com connectionPassword=sinner roleSubtree=true userSubtree=true/ Web.xml security-constraint display-nameShow Tracker Security Constraint/display-name web-resource-collection web-resource-nameProtected Area/web-resource-name url-pattern/*/url-pattern /web-resource-collection auth-constraint role-nametomcat/role-name /auth-constraint /security-constraint login-config auth-methodFORM/auth-method realm-nameShow Tracker Authentication Area/realm-name form-login-config form-login-page/login.jsp/form-login-page form-error-page/error.jsp/form-error-page /form-login-config /login-config security-role descriptionRegistered users/description role-nametomcat/role-name /security-role
RE: JNDI and Active Directory.....
Also, prior to setting up my webapp to use Active Directory, I had the webapp successfully authenticating to a JDBC realm. -Original Message- From: Pitre, Russell Sent: Thursday, June 26, 2003 4:05 PM To: [EMAIL PROTECTED] Subject: JNDI and Active Directory. I'm trying to setup my webapp to authenticate to Active Directory. After searching and googling I still cannot resolve my problem. I've created a user named tomcatuser and security group called tomcat in the Users container. I've put my logon in that group tomcat and no success logging into the webapp. Any help or direction would be very appreciated... Server.xml: Realm className=org.apache.catalina.realm.JNDIRealm connectionURL=ldap://server:389; userBase=CN=Users,dc=[domain],dc=com userSearch=(userPrincipalName={0}) userRoleName=member roleBase=CN=Users,dc=[domain],dc=com roleName=cn roleSearch=(member={0}) connectionName=CN=tomcatuser,CN=Users,DC=[domain],DC=com connectionPassword=sinner roleSubtree=true userSubtree=true/ Web.xml security-constraint display-nameShow Tracker Security Constraint/display-name web-resource-collection web-resource-nameProtected Area/web-resource-name url-pattern/*/url-pattern /web-resource-collection auth-constraint role-nametomcat/role-name /auth-constraint /security-constraint login-config auth-methodFORM/auth-method realm-nameShow Tracker Authentication Area/realm-name form-login-config form-login-page/login.jsp/form-login-page form-error-page/error.jsp/form-error-page /form-login-config /login-config security-role descriptionRegistered users/description role-nametomcat/role-name /security-role - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: JNDI and Active Directory.....
I also referenced this site.. http://www.java-internals.com/code/jndi_realm.html Thanx again -Original Message- From: Pitre, Russell Sent: Thursday, June 26, 2003 4:10 PM To: Tomcat Users List Subject: RE: JNDI and Active Directory. Also, prior to setting up my webapp to use Active Directory, I had the webapp successfully authenticating to a JDBC realm. -Original Message- From: Pitre, Russell Sent: Thursday, June 26, 2003 4:05 PM To: [EMAIL PROTECTED] Subject: JNDI and Active Directory. I'm trying to setup my webapp to authenticate to Active Directory. After searching and googling I still cannot resolve my problem. I've created a user named tomcatuser and security group called tomcat in the Users container. I've put my logon in that group tomcat and no success logging into the webapp. Any help or direction would be very appreciated... Server.xml: Realm className=org.apache.catalina.realm.JNDIRealm connectionURL=ldap://server:389; userBase=CN=Users,dc=[domain],dc=com userSearch=(userPrincipalName={0}) userRoleName=member roleBase=CN=Users,dc=[domain],dc=com roleName=cn roleSearch=(member={0}) connectionName=CN=tomcatuser,CN=Users,DC=[domain],DC=com connectionPassword=sinner roleSubtree=true userSubtree=true/ Web.xml security-constraint display-nameShow Tracker Security Constraint/display-name web-resource-collection web-resource-nameProtected Area/web-resource-name url-pattern/*/url-pattern /web-resource-collection auth-constraint role-nametomcat/role-name /auth-constraint /security-constraint login-config auth-methodFORM/auth-method realm-nameShow Tracker Authentication Area/realm-name form-login-config form-login-page/login.jsp/form-login-page form-error-page/error.jsp/form-error-page /form-login-config /login-config security-role descriptionRegistered users/description role-nametomcat/role-name /security-role - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]