On 27.03.2017 13:07, Alfie Patolilic wrote:
-----Original Message-----
From: André Warnier (tomcat) [mailto:a...@ice-sa.com]
Sent: 27 March 2017 11:12
To: users@tomcat.apache.org
Subject: Re: LDAP authentication for Tomcat's webapp 'Opengrok'

On 27.03.2017 11:01, Alfie Patolilic wrote:
Tomcat Version : 6.0.36
OS : Red Hat Enterprise Linux 7.3

Hello,

I have a question on how I am able to set the following, regarding the web 
application that runs under Apache Tomcat, 'Opengrok'. The idea is to set a 
hostname for 'localhost:8080/grok', so when users try and access the page via 
the hostname, they are prompted for authentication of their username and 
password.
I have currently configured the server.xml to connect to LDAP. I have added 
below the configuration on my server.xml. I am unsure as to where to go from 
here, how I will be able to link the hostname. I have changed some values in 
the information given for security purposes.

<!-- Adding the following for OpenGrok -->
        <Realm className="org.apache.catalina.realm.LockOutRealm">
          <Realm className="org.apache.catalina.realm.UserDatabaseRealm" 
resourceName="UserDatabase"/>
          <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
                 connectionURL="ldap://<host> "
                 connectionName="ldap@company "
                 connectionPassword="password"
                 referrals="follow"
                 userBase="DC=<company>"
                 userSearch="(sAMAccountName={0})"
                 userSubtree="true"
                 roleBase="DC=<company>"
                 roleName="cn"
                 roleSubtree="true"
                 roleSearch="(member={0})"
                 allRolesMode="strictAuthOnly"
                 />
        </Realm>

I have checked the web for blogs and asked other tomcat groups but was not able 
to get any answers.

I am aware that the version of Apache Tomcat I am using is outdated and has 
reached its end of life. Though necessary, I cannot update to a newer version 
of the application due to some issues.

Hi.

I believe that you are confused about 2 separate topics : "hostnames" and "web 
application
security".
It is the web application which is "protected" by a userid/password login 
requirement, not
the hostname.
This page of the on-line tomcat 6 documentation provides some hints :
http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html
In the "Quick Start" section, you will see that in order to "force" someone to
authenticate in order to use the application, you need to specify some things 
in the
web.xml of the application.
And in the "Example Application" section, it points to an example application 
that has
these things.
Maybe you can start from there ?

And for the "host name" part, see this section :
http://tomcat.apache.org/tomcat-6.0-doc/virtual-hosting-howto.html
But that is a different issue.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Hi André,

Thank you for the reply, I apologize for the unclear question, It is just one 
host instance.
I meant that currently, I can access opengrok via localhost:8080/grok . I am 
planning on configuring a hostname called 'grok.company.com' which redirects to 
localhost:8080/grok.
When they access grok using grok.company.com, they will be prompted with a 
userid and password using LDAP. I have configured the Realm element as stated 
on the previous message.


That is what I meant : you /are/ confused.
It is not when "they" will access "http://grok.company.com"; that they will be prompted for a user-id and password. It is when they will access /an application/ running under that host that they will be prompted, /if/ this application is configured to require a user-id/password. And, the realm that you configured, will help, in the sense that /in the application configuration/, you will tell tomcat to use this realm, as a "how" to do the authentication precisely.

A separate issue is of you want to make your "grok" application be the tomcat default application (normally, the default application is called "ROOT").
And for that, look at this article :
https://wiki.apache.org/tomcat/HowTo#How_do_I_make_my_web_application_be_the_Tomcat_default_application.3F




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to