Two things that I noticed. I don't know how correct they are, but it seems to
work in my environment.
1. In my Realm definition "<Realm" I have connectionName and connectionPassword
attributes which specify the user that can login to AD and query and
authenticate others.
2. My Realm definition is in the context of my webapp and my web.xml
configuration looks something like the following:
<security-constraint>^M
<web-resource-collection>^M
<web-resource-name>Login Screen</web-resource-name>^M
<url-pattern>/Login.jsp</url-pattern>^M
</web-resource-collection>^M
^M
<auth-constraint> ^M
<role-name>MIS Distribution</role-name>^M
</auth-constraint>^M
</security-constraint>^M
I never use the context name in my web.xml like you have setup with
"moretests".
Hope this helps.
Kal
-----Original Message-----
From: Luis Durán [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 19, 2005 6:23 PM
To: [email protected]
Subject: Tomcat JNDI Realm + Active Directory Server
I had a hard time trying to configure Tomcat to authenticate with MS
Active Directory Service, i tried a lot of samples, i edited them but i
didn't get nothing. This is the last configuration i tried:
/META-INF/context-xml:
<?xml version="1.0" encoding="UTF-8"?>
<Context path="/moretests">
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
connectionURL="ldap://192.168.200.2:389";
referrals="follow"
userBase="cn=Users,dc=w2ksvr,dc=local"
userSearch="(sAMAccountName={0})"
userSubtree="true"
userRoleName="memberOf"
roleBase="cn=Users,dc=w2ksvr,dc=local"
roleSearch="(sAMAccountName={0})"
roleSubtree="true"
rolename="cn" />
</Context>
I gave the shot to the bind mode and to the password comparison mode
with any results.
/WEB-INF/web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd";
version="2.4">
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>moretests</realm-name>
</login-config>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>
index.jsp
</welcome-file>
</welcome-file-list>
<security-constraint>
<web-resource-collection>
<web-resource-name>whole site</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>prueba</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<description>Usuario</description>
<role-name>prueba</role-name>
</security-role>
</web-app>
Of course, i have created that group inside ADS and populated it with a
user called elebis with a simple password. I even browsed ADS with ldap
browser and everything seemed ok,
Does anybody know why am I doing wrong? Can anybody help me to work
around it?
Thanks in advanced, pals
--
Luis Edgardo Durán Lebis
Soporte Técnico y Sistemas
http://mipagina.cantv.net/elebis
[EMAIL PROTECTED]
0416-7580991
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
CONFIDENTIALITY NOTE: All e-mail sent to or from this address will be received
by the Waterfield Group corporate e-mail system and is subject to archival,
monitoring, and/or review by someone other than the recipient or the sender.
This e-mail and any of its attachments may contain proprietary information,
which is privileged and confidential. This e-mail is intended solely for the
use of the individual or entity to which it is addressed. If you are not the
intended recipient of this e-mail, you are hereby notified that any
dissemination, distribution, copying, or action taken in relation to the
contents of and attachments to this e-mail is strictly prohibited and may be
unlawful. If you have received this e-mail in error, please notify the sender
immediately and permanently delete the original and any copy of this e-mail and
any printout. Thank you.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
