You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by vicky <vi...@yahoo.co.in> on 2013/08/06 17:23:09 UTC
tomcat 7 ldap error
I need to configure Tomcat 7 with Active directory LDAP.
I did following configuration in server.xml & application's web.xml but while loggin in
"Invalid username and/or password, please try again" error is coming .please suggest what can be the issue
=========server.xml ==================================
<Realm className="org.apache.catalina.realm.JNDIRealm"
debug="99"
connectionURL="ldap://yoebills.i.yoebills.com:389/"
connectionName="git.LDAPTOMCAT@i.yoebills.com"
connectionPassword="asdef"
userBase="dc=i,dc=yoebills,dc=com"
userSearch="(sAMAccountName={0})"
roleBase="dc=i,dc=yoebills,dc=com"
roleName="cn"
roleSearch="(member={0})"
roleSubtree="true"
userSubtree="true"
/>
======================= application "web.xml" ===============================================
<security-constraint>
<display-name>Example Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>/*</url-pattern>
<!-- If you list http methods, only those methods are protected -->
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this area -->
<role-name>sg-admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Form based authentication</realm-name>
<form-login-config>
<form-login-page>/jsp/security/protected/login.jsp</form-login-page>
<form-error-page>/jsp/security/protected/error.jsp</form-error-page>
</form-login-config>
</login-config>
<!-- Security roles referenced by this web application -->
<security-role>
<role-name>sg-admin</role-name>
</security-role>
Vicky
Re: tomcat 7 ldap error
Posted by Cédric Couralet <ce...@gmail.com>.
2013/8/7 Christopher Schultz <ch...@christopherschultz.net>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Vicky,
>
> On 8/6/13 10:46 PM, vicky007aggarwal@yahoo.co.in wrote:
>> Hi All,
>>
>> Can somebody pls share the steps requires to setup active directory
>> with tomcat .
>>
>> Is it valid to simply define a user in the active directory ldap
>> without assigning any role to it ?? Will we still be able to
>> authenticate the user when logged in from the application.if yes
>> then kindly share the configuration which i need to do in web.xml
>> and server.xml.
>>
>> I need this because in our application we have ldap users defined
>> without any role mapped to them, so i want to know how to configure
>> this in server.xml and web.xml,so that user get authenticated
>> successfully
>
> I'm not sure about your LDAP configuration exactly (I've never used
> Tomcat with LDAP authentication myself) but Tomcat's security is
> entirely based upon roles. Thus, if you have (LDAP) users that are not
> in any group, those users are not going to be able to successfully
> access any resources unless you have <role-name>*</role-name> in your
> <auth-constraint>.
And , at least for tomcat 6 and 7, you will need to set the JNDIRealm
attribute "allRolesMode" to "authOnly" if your users don't have any
role in the LDAP.
http://tomcat.apache.org/tomcat-7.0-doc/config/realm.html#JNDI_Directory_Realm_-_org.apache.catalina.realm.JNDIRealm
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: tomcat 7 ldap error
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Vicky,
On 8/6/13 10:46 PM, vicky007aggarwal@yahoo.co.in wrote:
> Hi All,
>
> Can somebody pls share the steps requires to setup active directory
> with tomcat .
>
> Is it valid to simply define a user in the active directory ldap
> without assigning any role to it ?? Will we still be able to
> authenticate the user when logged in from the application.if yes
> then kindly share the configuration which i need to do in web.xml
> and server.xml.
>
> I need this because in our application we have ldap users defined
> without any role mapped to them, so i want to know how to configure
> this in server.xml and web.xml,so that user get authenticated
> successfully
I'm not sure about your LDAP configuration exactly (I've never used
Tomcat with LDAP authentication myself) but Tomcat's security is
entirely based upon roles. Thus, if you have (LDAP) users that are not
in any group, those users are not going to be able to successfully
access any resources unless you have <role-name>*</role-name> in your
<auth-constraint>.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJSAcENAAoJEBzwKT+lPKRYBAMQALJSoAOrTBHBySaoMjnv+oW4
laeoVeyrTwO+E475Sk5k7Exi0hAMl13OY5vFq0SolxmiBUMR58MQwQtQhtTjWzCa
mQ4/1uB3l1KpFbdfokrZdBEedJc5z4aBXFObS52P+LSvr7ypLh7heAD2IpUkOR09
To+bxSTYLBNBDerr5FnJ1d1XGq7+oGQtScfh5cSLjru6f0xVlnWljNie4ukjLCpt
ULJUP8fAliqSZfcfkxgdwfnb6DPurfBiEXDTCZUofK0BsLa1blg5rO54oIRL5Kmo
BtKYLBGTgL2lZQVC6m3KeTfbKb45XvZUt1xP9x2IeW8wxvAofluR5oK0G19pwqlH
eUHR8D4rRaYJE24kVu9aMOhh41DLUb2FIwnoc0U/F5F23x2FA9qq4gozOsDSA2Ya
eGV4Me1SxdIsf8Ouv/207k/Uh8pwRc/5ZPNntZJ0VAAg5qsJF4/IBZc1UIkusrip
C48f1dBluFZAwEqwARRrSvuC1f87BasR4ZDiusR10OCmagtZdBxQuNlkb7/IKG0V
cFyMbWoWFb1VCp+VNEXmp0E3Oe9n3Fnco4sa5IHIIeRi8LhoHHXlFpvGdcN/zzUK
cJW/5aYTvwNiUPCaBdcT6kSp/HsimzKGa+ccwC9r62ernYOTGAxCeLkwhxVg/YVz
HUuaNHoL+qMmXUFotUUw
=yKmo
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: tomcat 7 ldap error
Posted by vi...@yahoo.co.in.
Hi All,
Can somebody pls share the steps requires to setup active directory with tomcat .
Is it valid to simply define a user in the active directory ldap without assigning any role to it ?? Will we still be able to authenticate the user when logged in from the application.if yes then kindly share the configuration which i need to do in web.xml and server.xml.
I need this because in our application we have ldap users defined without any role mapped to them, so i want to know how to configure this in server.xml and web.xml,so that user get authenticated successfully
Thanks,
Vicky
On Aug 6, 2013, at 8:53 PM, vicky <vi...@yahoo.co.in> wrote:
>
>
> I need to configure Tomcat 7 with Active directory LDAP.
> I did following configuration in server.xml & application's web.xml but while loggin in
> "Invalid username and/or password, please try again" error is coming .please suggest what can be the issue
> =========server.xml ==================================
> <Realm className="org.apache.catalina.realm.JNDIRealm"
> debug="99"
> connectionURL="ldap://yoebills.i.yoebills.com:389/"
> connectionName="git.LDAPTOMCAT@i.yoebills.com"
> connectionPassword="asdef"
> userBase="dc=i,dc=yoebills,dc=com"
> userSearch="(sAMAccountName={0})"
> roleBase="dc=i,dc=yoebills,dc=com"
> roleName="cn"
> roleSearch="(member={0})"
> roleSubtree="true"
> userSubtree="true"
> />
>
> ======================= application "web.xml" ===============================================
> <security-constraint>
> <display-name>Example Security Constraint</display-name>
> <web-resource-collection>
> <web-resource-name>Protected Area</web-resource-name>
> <!-- Define the context-relative URL(s) to be protected -->
> <url-pattern>/*</url-pattern>
> <!-- If you list http methods, only those methods are protected -->
> <http-method>DELETE</http-method>
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> <http-method>PUT</http-method>
> </web-resource-collection>
> <auth-constraint>
> <!-- Anyone with one of the listed roles may access this area -->
> <role-name>sg-admin</role-name>
> </auth-constraint>
> </security-constraint>
> <login-config>
> <auth-method>FORM</auth-method>
> <realm-name>Form based authentication</realm-name>
> <form-login-config>
> <form-login-page>/jsp/security/protected/login.jsp</form-login-page>
> <form-error-page>/jsp/security/protected/error.jsp</form-error-page>
> </form-login-config>
> </login-config>
> <!-- Security roles referenced by this web application -->
> <security-role>
> <role-name>sg-admin</role-name>
> </security-role>
>
>
>
> Vicky
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org