You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Savitha Akella <sa...@gmail.com> on 2011/09/13 20:20:28 UTC

Urgent -- Need help configuring JNDI realm

Hi,

I need help in configuring the JNDI Realm to connect to LDAP Server and
authenticate users. Here are the details:

CN=<AUTH>,OU=XYZ,OU=Application
Managed,OU=Groups,DC=rma,DC=corp,DC=ABC,DC=com - *AUTH is the group in which
i have to search if the user is a member of or not. All the members in this
group are defined in OU=Workers,DC=rma,DC=corp,DC=ABC,DC=com*
**
This group has members who are defined in
CN=<User>,OU=Workers,DC=rma,DC=corp,DC=ABC,DC=com

*I have set my JNDIRealm tag in server.xml as follows:*
<Realm className="org.apache.catalina.realm.JNDIRealm"
connectionName="CN=123,OU=Serv-Accts,OU=PAS,OU=Resrc,DC=rma,DC=corp,DC=ABC,DC=com"

connectionPassword="pwd"
connectionURL="ldap://<hostname:port" debug="99"
*roleBase*="OU=XYZ,OU=Application
Managed,OU=Groups,DC=rma,DC=corp,DC=ABC,DC=com"
*roleSubtree*="true"
*roleName*="cn"
*roleSearch*="CN=<AUTH>,OU=XYZ,OU=Application
Managed,OU=Groups,DC=rma,DC=corp,DC=ABC,DC=com"
*userBase*="OU=Workers,DC=rma,DC=corp,DC=ABC,DC=com"
*userSubtree*="true"
*userPattern*="CN={0},OU=Workers,DC=rma,DC=corp,DC=ABC,DC=com"/>


*The web.xml is as follows:*
**
   <security-constraint>
   <display-name>Security Constraint</display-name>
   <web-resource-collection>
      <web-resource-name>Protected Area</web-resource-name>
      <!-- Define the context-relative URL(s) to be protected -->
      <url-pattern>/*</url-pattern>
      <!-- If you list http methods, only those methods are protected -->
   </web-resource-collection>
   <auth-constraint>
      <!-- Anyone with one of the listed roles may access this area -->
      <role-name>*AUTH*</role-name>
   </auth-constraint>
</security-constraint>
<!-- Default login configuration uses form-based authentication -->
<login-config>
   <auth-method>FORM</auth-method>
   <realm-name>Form-Based Authentication Area</realm-name>
     <form-login-config>
     <form-login-page>/Login.jsp</form-login-page>

     <form-error-page>/error.jsp</form-error-page>
   </form-login-config>
</login-config>
<!-- Security roles referenced by this web application -->
<security-role>
   <role-name>*AUTH*</role-name>
</security-role>


Any help is appreciated.

Thanks,
Savitha

Re: Urgent -- Need help configuring JNDI realm

Posted by Savitha Akella <sa...@gmail.com>.

Hi Rudy,

Sorry that I missed out the problem. I can connect to the server but the
authentication of a member in the group AUTH is failing inspite of giving
proper credentials.
May be I have not configured properly.

Regards,
Savitha

On Tue, Sep 13, 2011 at 3:02 PM, Rudy Gireyev <rg...@gmail.com> wrote:

> Savitha you forgot to mention what was the problem that you were having.
>
> Anyway, in your realm specification, for the connectionName you need
> to specify the actual name of the user (i.e. admin) that is able to
> log into the LDAP to do the lookup that you are interested in.
> connectionPassword is the password for that user/admin.
>
> Rudy
>
>
> On Tue, Sep 13, 2011 at 11:20 AM, Savitha Akella
> <sa...@gmail.com> wrote:
> > Hi,
> >
> > I need help in configuring the JNDI Realm to connect to LDAP Server and
> > authenticate users. Here are the details:
> >
> > CN=<AUTH>,OU=XYZ,OU=Application
> > Managed,OU=Groups,DC=rma,DC=corp,DC=ABC,DC=com - *AUTH is the group in
> which
> > i have to search if the user is a member of or not. All the members in
> this
> > group are defined in OU=Workers,DC=rma,DC=corp,DC=ABC,DC=com*
> > **
> > This group has members who are defined in
> > CN=<User>,OU=Workers,DC=rma,DC=corp,DC=ABC,DC=com
> >
> > *I have set my JNDIRealm tag in server.xml as follows:*
> > <Realm className="org.apache.catalina.realm.JNDIRealm"
> >
> connectionName="CN=123,OU=Serv-Accts,OU=PAS,OU=Resrc,DC=rma,DC=corp,DC=ABC,DC=com"
> >
> > connectionPassword="pwd"
> > connectionURL="ldap://<hostname:port" debug="99"
> > *roleBase*="OU=XYZ,OU=Application
> > Managed,OU=Groups,DC=rma,DC=corp,DC=ABC,DC=com"
> > *roleSubtree*="true"
> > *roleName*="cn"
> > *roleSearch*="CN=<AUTH>,OU=XYZ,OU=Application
> > Managed,OU=Groups,DC=rma,DC=corp,DC=ABC,DC=com"
> > *userBase*="OU=Workers,DC=rma,DC=corp,DC=ABC,DC=com"
> > *userSubtree*="true"
> > *userPattern*="CN={0},OU=Workers,DC=rma,DC=corp,DC=ABC,DC=com"/>
> >
> >
> > *The web.xml is as follows:*
> > **
> >   <security-constraint>
> >   <display-name>Security Constraint</display-name>
> >   <web-resource-collection>
> >      <web-resource-name>Protected Area</web-resource-name>
> >      <!-- Define the context-relative URL(s) to be protected -->
> >      <url-pattern>/*</url-pattern>
> >      <!-- If you list http methods, only those methods are protected -->
> >   </web-resource-collection>
> >   <auth-constraint>
> >      <!-- Anyone with one of the listed roles may access this area -->
> >      <role-name>*AUTH*</role-name>
> >   </auth-constraint>
> > </security-constraint>
> > <!-- Default login configuration uses form-based authentication -->
> > <login-config>
> >   <auth-method>FORM</auth-method>
> >   <realm-name>Form-Based Authentication Area</realm-name>
> >     <form-login-config>
> >     <form-login-page>/Login.jsp</form-login-page>
> >
> >     <form-error-page>/error.jsp</form-error-page>
> >   </form-login-config>
> > </login-config>
> > <!-- Security roles referenced by this web application -->
> > <security-role>
> >   <role-name>*AUTH*</role-name>
> > </security-role>
> >
> >
> > Any help is appreciated.
> >
> > Thanks,
> > Savitha
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

Re: Urgent -- Need help configuring JNDI realm

Posted by Rudy Gireyev <rg...@gmail.com>.

Savitha you forgot to mention what was the problem that you were having.

Anyway, in your realm specification, for the connectionName you need
to specify the actual name of the user (i.e. admin) that is able to
log into the LDAP to do the lookup that you are interested in.
connectionPassword is the password for that user/admin.

Rudy


On Tue, Sep 13, 2011 at 11:20 AM, Savitha Akella
<sa...@gmail.com> wrote:
> Hi,
>
> I need help in configuring the JNDI Realm to connect to LDAP Server and
> authenticate users. Here are the details:
>
> CN=<AUTH>,OU=XYZ,OU=Application
> Managed,OU=Groups,DC=rma,DC=corp,DC=ABC,DC=com - *AUTH is the group in which
> i have to search if the user is a member of or not. All the members in this
> group are defined in OU=Workers,DC=rma,DC=corp,DC=ABC,DC=com*
> **
> This group has members who are defined in
> CN=<User>,OU=Workers,DC=rma,DC=corp,DC=ABC,DC=com
>
> *I have set my JNDIRealm tag in server.xml as follows:*
> <Realm className="org.apache.catalina.realm.JNDIRealm"
> connectionName="CN=123,OU=Serv-Accts,OU=PAS,OU=Resrc,DC=rma,DC=corp,DC=ABC,DC=com"
>
> connectionPassword="pwd"
> connectionURL="ldap://<hostname:port" debug="99"
> *roleBase*="OU=XYZ,OU=Application
> Managed,OU=Groups,DC=rma,DC=corp,DC=ABC,DC=com"
> *roleSubtree*="true"
> *roleName*="cn"
> *roleSearch*="CN=<AUTH>,OU=XYZ,OU=Application
> Managed,OU=Groups,DC=rma,DC=corp,DC=ABC,DC=com"
> *userBase*="OU=Workers,DC=rma,DC=corp,DC=ABC,DC=com"
> *userSubtree*="true"
> *userPattern*="CN={0},OU=Workers,DC=rma,DC=corp,DC=ABC,DC=com"/>
>
>
> *The web.xml is as follows:*
> **
>   <security-constraint>
>   <display-name>Security Constraint</display-name>
>   <web-resource-collection>
>      <web-resource-name>Protected Area</web-resource-name>
>      <!-- Define the context-relative URL(s) to be protected -->
>      <url-pattern>/*</url-pattern>
>      <!-- If you list http methods, only those methods are protected -->
>   </web-resource-collection>
>   <auth-constraint>
>      <!-- Anyone with one of the listed roles may access this area -->
>      <role-name>*AUTH*</role-name>
>   </auth-constraint>
> </security-constraint>
> <!-- Default login configuration uses form-based authentication -->
> <login-config>
>   <auth-method>FORM</auth-method>
>   <realm-name>Form-Based Authentication Area</realm-name>
>     <form-login-config>
>     <form-login-page>/Login.jsp</form-login-page>
>
>     <form-error-page>/error.jsp</form-error-page>
>   </form-login-config>
> </login-config>
> <!-- Security roles referenced by this web application -->
> <security-role>
>   <role-name>*AUTH*</role-name>
> </security-role>
>
>
> Any help is appreciated.
>
> Thanks,
> Savitha
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Urgent -- Need help configuring JNDI realm

Posted by Savitha Akella <sa...@gmail.com>.

Thanks for the link.

On Tue, Sep 13, 2011 at 2:46 PM, Pid <pi...@pidster.com> wrote:

> On 13/09/2011 19:20, Savitha Akella wrote:
> > Hi,
>
> > Any help is appreciated.
>
>  http://catb.org/~esr/faqs/smart-questions.html
>
>
> p
>
>

Re: Urgent -- Need help configuring JNDI realm

Posted by Pid <pi...@pidster.com>.

On 13/09/2011 19:20, Savitha Akella wrote:
> Hi,

> Any help is appreciated.

 http://catb.org/~esr/faqs/smart-questions.html


p