Re: JNDI Realm question

2010-03-09 Thread Stefan Zoerner 

Hi Leo,

in general I would recommend to use an LDAP tool like Apache Directory 
Studio in order to develop and verify the JNDI Realm specific parameters.


http://directory.apache.org/studio/

If this works (authentication, authorization searches), add the 
parameters to your tomcat configuration in server.xml


The userPattern attribute is in almost all cases not appropriate for 
Active Directory (AD), because the users are not organized flat in the 
tree there (check with a tool). Use a search filter instead as Felix 
suggested.


userSearch=(amp;(objectCategory=user)(sAMAccountName={0}))

Adding objectCategory to the search filter will lead to better 
performance, because it has an index in AD.


Greetings from Hamburg,
StefanZ


Leo Donahue - PLANDEVX wrote:
http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html#JNDIRealm http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html 


Using Tomcat 6.0.24 on Windows Server 2003 Standard R2 SP2

1. We use MS Active Directory, is the uid in the following example for userPattern the 
same as the sAMAccountName ?

Realm className=org.apache.catalina.realm.JNDIRealm debug=99
connectionURL=ldap://localhost:389;
userPattern=uid={0},ou=people,dc=mycompany,dc=com
roleBase=ou=groups,dc=mycompany,dc=com
roleName=cn
roleSearch=(uniqueMember={0})
/

2. The quick start section said to create a user account for the Tomcat user, 
if required. That is the account Tomcat uses to browse the LDAP, I understand 
that, but where is it used in the Realm? Is it the connectionName and 
connectionPassword attributes?

The way Active Directory is setup for us looks something like this:

dc=mycompany,dc=com
  ou=mydept
ou=division1
ou=division2
ou=division...n
ou=service accounts (this is where we created the tomcat user account, and 
the role accounts for the webapp)
  ou=other depts, etc.

I would like to set up the realm so that any user in any division, under mydept will be 
found.  Does this look right?  (aside from changing the connection url to ours)  Or do I substitue 
the sAMAccountName for uid?

Realm className=org.apache.catalina.realm.JNDIRealm debug=99
connectionURL=ldap://localhost:389;
connectionName=tomcat user account name
connectionPassword=tomcat user account pw
userPattern=uid={0},ou=mydept,dc=mycompany,dc=com
roleBase=ou=mydept,dc=mycompany,dc=com
roleName=ou=service accounts,cn=ourwebapprolename,dc=mycompany,dc=com
roleSearch=(uniqueMember={0})
userSubtree=true
/

 
Leo Donahue


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org







-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Non-http tcp protocol

2009-09-28 Thread Stefan Zoerner 
I was thinking on tomcat to take advantage of several features (request 
and thread management, etc) that I know have been tested for years, but 
I'm not tied to the use of tomcat.
If you know another project (java/opensource) I can rely on, could you 
tell me its name, please?


If you prefer Java, Apache MINA, for instance
http://mina.apache.org/

Greetings from Hamburg,
Stefan



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

[Fwd: Re: Implementing and adding an arbitrary component to Apache Tomcat 6.0]

2009-09-19 Thread Stefan Zoerner 

Thanks Mark.
I forward it to the users list.

Greetings from Hamburg,
Stefan
---BeginMessage---
Stefan Zoerner wrote:
 Hi all,
 
 I try to figure out what the best way for an arbitrary extension to
 tomcat would be. If I implement my own realm, valve etc., there are
 specific interfaces with corresponding life cycles. But how about
 extension which are not standard components?
 
 If I have a class which implements org.apache.catalina.Lifecycle, it has
 nice methods for starting and stopping.  But I see no chance to add such
 a general thing in the server.xml. Or do I miss something?
 
 An idea that works is implementing LifecycleListener, which can easily
 be added to server.xml on many places (Listener /). If I add it on
 server level for instance, I get events if the server starts, stops etc.
 and can react. But I have to call my life cycle methods (e.g. start and
 stop from the Lifecycle interface) on my own.
 
 Is there any generic way to implement a custom component, which has a
 lifecyle, and can easily be added to the configuration?

It might seem odd but since you are using Tomcat rather than changing
the source code, this question belongs on the users list. The dev list
is solely for the development *of* tomcat.

Mark




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org




---End Message---

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org