On 27.03.2017 13:07, Alfie Patolilic wrote:
-----Original Message-----
From: André Warnier (tomcat) [mailto:a...@ice-sa.com]
Sent: 27 March 2017 11:12
To: users@tomcat.apache.org
Subject: Re: LDAP authentication for Tomcat's webapp 'Opengrok'
On 27.03.2017 11:01, Alfie Patolilic wrote:
Tomcat Version : 6.0.36
OS : Red Hat Enterprise Linux 7.3
Hello,
I have a question on how I am able to set the following, regarding the web
application that runs under Apache Tomcat, 'Opengrok'. The idea is to set a
hostname for 'localhost:8080/grok', so when users try and access the page via
the hostname, they are prompted for authentication of their username and
password.
I have currently configured the server.xml to connect to LDAP. I have added
below the configuration on my server.xml. I am unsure as to where to go from
here, how I will be able to link the hostname. I have changed some values in
the information given for security purposes.
<!-- Adding the following for OpenGrok -->
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
connectionURL="ldap://<host> "
connectionName="ldap@company "
connectionPassword="password"
referrals="follow"
userBase="DC=<company>"
userSearch="(sAMAccountName={0})"
userSubtree="true"
roleBase="DC=<company>"
roleName="cn"
roleSubtree="true"
roleSearch="(member={0})"
allRolesMode="strictAuthOnly"
/>
</Realm>
I have checked the web for blogs and asked other tomcat groups but was not able
to get any answers.
I am aware that the version of Apache Tomcat I am using is outdated and has
reached its end of life. Though necessary, I cannot update to a newer version
of the application due to some issues.
Hi.
I believe that you are confused about 2 separate topics : "hostnames" and "web
application
security".
It is the web application which is "protected" by a userid/password login
requirement, not
the hostname.
This page of the on-line tomcat 6 documentation provides some hints :
http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html
In the "Quick Start" section, you will see that in order to "force" someone to
authenticate in order to use the application, you need to specify some things
in the
web.xml of the application.
And in the "Example Application" section, it points to an example application
that has
these things.
Maybe you can start from there ?
And for the "host name" part, see this section :
http://tomcat.apache.org/tomcat-6.0-doc/virtual-hosting-howto.html
But that is a different issue.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Hi André,
Thank you for the reply, I apologize for the unclear question, It is just one
host instance.
I meant that currently, I can access opengrok via localhost:8080/grok . I am
planning on configuring a hostname called 'grok.company.com' which redirects to
localhost:8080/grok.
When they access grok using grok.company.com, they will be prompted with a
userid and password using LDAP. I have configured the Realm element as stated
on the previous message.
That is what I meant : you /are/ confused.
It is not when "they" will access "http://grok.company.com" that they will be prompted for
a user-id and password. It is when they will access /an application/ running under that
host that they will be prompted, /if/ this application is configured to require a
user-id/password.
And, the realm that you configured, will help, in the sense that /in the application
configuration/, you will tell tomcat to use this realm, as a "how" to do the
authentication precisely.
A separate issue is of you want to make your "grok" application be the tomcat default
application (normally, the default application is called "ROOT").
And for that, look at this article :
https://wiki.apache.org/tomcat/HowTo#How_do_I_make_my_web_application_be_the_Tomcat_default_application.3F
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org