-----Original Message-----
From: André Warnier (tomcat) [mailto:a...@ice-sa.com]
Sent: 27 March 2017 11:12
To: users@tomcat.apache.org
Subject: Re: LDAP authentication for Tomcat's webapp 'Opengrok'
On 27.03.2017 11:01, Alfie Patolilic wrote:
> Tomcat Version : 6.0.36
> OS : Red Hat Enterprise Linux 7.3
>
> Hello,
>
> I have a question on how I am able to set the following, regarding the web
> application that runs under Apache Tomcat, 'Opengrok'. The idea is to set a
> hostname for 'localhost:8080/grok', so when users try and access the page via
> the hostname, they are prompted for authentication of their username and
> password.
> I have currently configured the server.xml to connect to LDAP. I have added
> below the configuration on my server.xml. I am unsure as to where to go from
> here, how I will be able to link the hostname. I have changed some values in
> the information given for security purposes.
>
> <!-- Adding the following for OpenGrok -->
> <Realm className="org.apache.catalina.realm.LockOutRealm">
> <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
> resourceName="UserDatabase"/>
> <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
> connectionURL="ldap://<host> "
> connectionName="ldap@company "
> connectionPassword="password"
> referrals="follow"
> userBase="DC=<company>"
> userSearch="(sAMAccountName={0})"
> userSubtree="true"
> roleBase="DC=<company>"
> roleName="cn"
> roleSubtree="true"
> roleSearch="(member={0})"
> allRolesMode="strictAuthOnly"
> />
> </Realm>
>
> I have checked the web for blogs and asked other tomcat groups but was not
> able to get any answers.
>
> I am aware that the version of Apache Tomcat I am using is outdated and has
> reached its end of life. Though necessary, I cannot update to a newer version
> of the application due to some issues.
>
> Hi.
>
> I believe that you are confused about 2 separate topics : "hostnames" and
> "web application
> security".
> It is the web application which is "protected" by a userid/password login
> requirement, not
> the hostname.
> This page of the on-line tomcat 6 documentation provides some hints :
> http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html
> In the "Quick Start" section, you will see that in order to "force" someone
> to
> authenticate in order to use the application, you need to specify some things
> in the
> web.xml of the application.
> And in the "Example Application" section, it points to an example application
> that has
> these things.
> Maybe you can start from there ?
>
> And for the "host name" part, see this section :
> http://tomcat.apache.org/tomcat-6.0-doc/virtual-hosting-howto.html
> But that is a different issue.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
Hi André,
Thank you for the reply, I apologize for the unclear question, It is just one
host instance.
I meant that currently, I can access opengrok via localhost:8080/grok . I am
planning on configuring a hostname called 'grok.company.com' which redirects to
localhost:8080/grok.
When they access grok using grok.company.com, they will be prompted with a
userid and password using LDAP. I have configured the Realm element as stated
on the previous message.
Thank you,
Alfie
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
