You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Karamat Adil IHMD <Ka...@ih.navy.mil> on 2003/04/02 22:08:03 UTC

Tomcat with LDAP

Hello everyone,
   Can any one give me an example of a LDIF file that I can add in a
openLdap directory tree so that I can have tomcat authenticate against it !
    Sorry I am new at this and I tried the example file that is on the
tomcat page, but that doesnt work. And I dont know much about LDAP or how to
construct a proper LDAP file with users and roles defined.
Thanks in advance
Adil

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: Tomcat with LDAP

Posted by Gabriel Santonja <gs...@unis.fr>.

Sorry i've made an error : to bind with encrypted password in ldap you
must delete this line too :
userPassword="userPassword"

so the result is
        
        <Realm   className="org.apache.catalina.realm.JNDIRealm" debug="99"
              connectionURL="ldap://XX.XX.XX.XX:389"
              userPattern="uid={0},ou=users,ou=jetspeed,ou=applications,ou=fr,o=YYYY"
              roleBase="ou=groups,ou=tomcat,ou=jetspeed,ou=applications,ou=fr,o=YYYY"
              roleName="cn"
              roleSearch="(uniqueMember={0})" /> 

      </Host>

Cordialy.

> 
> in some condition (ldap correctly configure) you can delete the two
> lines
>     connectionName="cn=ldapadmin,ou=admin,o=XXXX"
>     connectionPassword="YYYYYYYYY"
> and use the ldap binding with encrypted passwords 
> Cordialy.
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: Tomcat with LDAP

Posted by Gabriel Santonja <gs...@unis.fr>.

On Wed, 2 Apr 2003 15:33:42 -0600
"Jonathan Eric Miller" <je...@uchicago.edu> wrote:

> JNDIRealm is broken and unusable.
really? on what version?. Because it's working not so bad in 4.1.18.
realm documentation is good for this.

exemple of conf in server.xml:
<Valve className="org.apache.catalina.authenticator.SingleSignOn" 
debug="0"/>
<Realm   className="org.apache.catalina.realm.JNDIRealm"
  debug="99" 
  connectionName="cn=ldapadmin,ou=admin,o=XXXX"             
  connectionPassword="YYYYYYYYY"             
  connectionURL="ldap://zz.zz.zz.zz:389"             
  userPassword="userPassword"             
userPattern="uid={0},ou=users,ou=jetspeed,ou=applications,ou=fr,o=XXXX" 
roleBase="ou=groups,ou=tomcat,ou=jetspeed,ou=applications,ou=fr,o=XXXX" 
  roleName="cn"
  roleSearch="(uniqueMember={0})" />

      ...
       </Host>
    </Engine>
  </Service>

you can use the ldif in the documentation and change the path dn to
userPattern and roleBase. I'm using tomcat with jetspeed ldap and it's
not simple.

in some condition (ldap correctly configure) you can delete the two
lines
    connectionName="cn=ldapadmin,ou=admin,o=XXXX"
    connectionPassword="YYYYYYYYY"
and use the ldap binding with encrypted passwords 
Cordialy.

> 
> Jon
> 
> ----- Original Message -----
> From: "Karamat Adil IHMD" <Ka...@ih.navy.mil>
> To: "'Tomcat Users List'" <to...@jakarta.apache.org>
> Sent: Wednesday, April 02, 2003 2:08 PM
> Subject: Tomcat with LDAP
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: Tomcat with LDAP

Posted by Jonathan Eric Miller <je...@uchicago.edu>.

JNDIRealm is broken and unusable.

Jon

----- Original Message -----
From: "Karamat Adil IHMD" <Ka...@ih.navy.mil>
To: "'Tomcat Users List'" <to...@jakarta.apache.org>
Sent: Wednesday, April 02, 2003 2:08 PM
Subject: Tomcat with LDAP


> Hello everyone,
>    Can any one give me an example of a LDIF file that I can add in a
> openLdap directory tree so that I can have tomcat authenticate against it
!
>     Sorry I am new at this and I tried the example file that is on the
> tomcat page, but that doesnt work. And I dont know much about LDAP or how
to
> construct a proper LDAP file with users and roles defined.
> Thanks in advance
> Adil
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org