You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by A A <ma...@yahoo.es> on 2009/11/10 17:20:01 UTC
Connect tomcat to Active Directory with jndi
Hi,
(Sorry for my english) Im trying to authenticate an application using Windows Active Directory, with jndi realm connector. Looking for information Ive seen that the realm jndi configuration is able to set up at the server.xml, or in the context.xml aplication and web.xml.In my case I want just to authenticate an aplication so I use context.xml and web.xml.
When I go to the aplication url, A popup ask me for user and password,
I write my Active Directory User, and password, but returns me this
message:
Apache Tomcat/5.5.25 - Informe de Errortype Informe de estado
mensaje
descripción Este requerimiento requiere autenticación HTTP
().
Apache Tomcat/5.5.25
I can´t see any information at catalina.out nor aplication.log.
How can I see what is going wrong?Can I enable any jndi log??
Am I wrong with any parameter or format?What is the best way to do it??
Any suggestion will be welcome.
Im trying this configuration without any results:
Thanks in advance.
context.xml
<?xml version="1.0" encoding="UTF-8"?>
<Context docBase="${catalina.home}/webapps/pfirma">
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
connectionURL="ldap://oid.prpmalaga.es:389"
UserPattern="uid={0},ou=Users,dc=prpmalaga,dc=es"
roleBase="ou=Groups,dc=prpmalaga,dc=es"
roleName="cn"
roleSearch="(uniqueMember={0})" />
</Context>
--------------------------------------------------------------------------------------------------
WEB-INF/web.xml
<!-- Security definitions -->
<!-- Define a Security Constraint on this Application -->
<security-constraint>
<web-resource-collection>
<web-resource-name>Context-aplication-name</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Active-Directory-Group-Name</role-name>
</auth-constraint>
</security-constraint>
<!-- Define the Login Configuration for this Application -->
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Active-Directory-User</realm-name>
</login-config>
<!-- Security roles referenced by this web application -->
<security-role>
<description>Description </description>
<role-name>Active-directory-Group-Name</role-name>
</security-role>
RE: Connect tomcat to Active Directory with jndi
Posted by A A <ma...@yahoo.es>.
I think this value should be the active directory group name, isn´t it ??
--- El mar, 10/11/09, Jorge Medina <jm...@e-dialog.com> escribió:
De: Jorge Medina <jm...@e-dialog.com>
Asunto: RE: Connect tomcat to Active Directory with jndi
Para: "Tomcat Users List" <us...@tomcat.apache.org>
Fecha: martes, 10 de noviembre, 2009 18:55
Is that a typo on the role name?
<role-name>Active-directory-Group-Name</role-name>
Should it be Active-Directory-Group-Name ?
You may ask in Spanish at
http://groups.google.com/group/javasos
-Jorge
-----Original Message-----
From: A A [mailto:masvalesoloque@yahoo.es]
Sent: Tuesday, November 10, 2009 11:20 AM
To: users@tomcat.apache.org
Subject: Connect tomcat to Active Directory with jndi
Hi,
(Sorry for my english) Im trying to authenticate an application using Windows Active Directory, with jndi realm connector. Looking for information Ive seen that the realm jndi configuration is able to set up at the server.xml, or in the context.xml aplication and web.xml.In my case I want just to authenticate an aplication so I use context.xml and web.xml.
When I go to the aplication url, A popup ask me for user and password, I write my Active Directory User, and password, but returns me this
message:
Apache Tomcat/5.5.25 - Informe de Errortype Informe de estado mensaje descripción Este requerimiento requiere autenticación HTTP ().
Apache Tomcat/5.5.25
I can´t see any information at catalina.out nor aplication.log.
How can I see what is going wrong?Can I enable any jndi log??
Am I wrong with any parameter or format?What is the best way to do it??
Any suggestion will be welcome.
Im trying this configuration without any results:
Thanks in advance.
context.xml
<?xml version="1.0" encoding="UTF-8"?>
<Context docBase="${catalina.home}/webapps/pfirma">
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
connectionURL="ldap://oid.prpmalaga.es:389"
UserPattern="uid={0},ou=Users,dc=prpmalaga,dc=es"
roleBase="ou=Groups,dc=prpmalaga,dc=es"
roleName="cn"
roleSearch="(uniqueMember={0})" />
</Context>
--------------------------------------------------------------------------------------------------
WEB-INF/web.xml
<!-- Security definitions -->
<!-- Define a Security Constraint on this Application --> <security-constraint> <web-resource-collection> <web-resource-name>Context-aplication-name</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Active-Directory-Group-Name</role-name>
</auth-constraint>
</security-constraint>
<!-- Define the Login Configuration for this Application --> <login-config> <auth-method>BASIC</auth-method> <realm-name>Active-Directory-User</realm-name>
</login-config>
<!-- Security roles referenced by this web application --> <security-role> <description>Description </description> <role-name>Active-directory-Group-Name</role-name>
</security-role>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Connect tomcat to Active Directory with jndi
Posted by Jorge Medina <jm...@e-dialog.com>.
Is that a typo on the role name?
<role-name>Active-directory-Group-Name</role-name>
Should it be Active-Directory-Group-Name ?
You may ask in Spanish at
http://groups.google.com/group/javasos
-Jorge
-----Original Message-----
From: A A [mailto:masvalesoloque@yahoo.es]
Sent: Tuesday, November 10, 2009 11:20 AM
To: users@tomcat.apache.org
Subject: Connect tomcat to Active Directory with jndi
Hi,
(Sorry for my english) Im trying to authenticate an application using Windows Active Directory, with jndi realm connector. Looking for information Ive seen that the realm jndi configuration is able to set up at the server.xml, or in the context.xml aplication and web.xml.In my case I want just to authenticate an aplication so I use context.xml and web.xml.
When I go to the aplication url, A popup ask me for user and password, I write my Active Directory User, and password, but returns me this
message:
Apache Tomcat/5.5.25 - Informe de Errortype Informe de estado mensaje descripción Este requerimiento requiere autenticación HTTP ().
Apache Tomcat/5.5.25
I can´t see any information at catalina.out nor aplication.log.
How can I see what is going wrong?Can I enable any jndi log??
Am I wrong with any parameter or format?What is the best way to do it??
Any suggestion will be welcome.
Im trying this configuration without any results:
Thanks in advance.
context.xml
<?xml version="1.0" encoding="UTF-8"?>
<Context docBase="${catalina.home}/webapps/pfirma">
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
connectionURL="ldap://oid.prpmalaga.es:389"
UserPattern="uid={0},ou=Users,dc=prpmalaga,dc=es"
roleBase="ou=Groups,dc=prpmalaga,dc=es"
roleName="cn"
roleSearch="(uniqueMember={0})" />
</Context>
--------------------------------------------------------------------------------------------------
WEB-INF/web.xml
<!-- Security definitions -->
<!-- Define a Security Constraint on this Application --> <security-constraint> <web-resource-collection> <web-resource-name>Context-aplication-name</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Active-Directory-Group-Name</role-name>
</auth-constraint>
</security-constraint>
<!-- Define the Login Configuration for this Application --> <login-config> <auth-method>BASIC</auth-method> <realm-name>Active-Directory-User</realm-name>
</login-config>
<!-- Security roles referenced by this web application --> <security-role> <description>Description </description> <role-name>Active-directory-Group-Name</role-name>
</security-role>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org