You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@geronimo.apache.org by "liangkun (JIRA)" <ji...@apache.org> on 2009/08/27 10:44:59 UTC
[jira] Created: (GERONIMO-4818) Can not configure username and
password of logging in the server through ldap
Can not configure username and password of logging in the server through ldap
-----------------------------------------------------------------------------
Key: GERONIMO-4818
URL: https://issues.apache.org/jira/browse/GERONIMO-4818
Project: Geronimo
Issue Type: Bug
Security Level: public (Regular issues)
Components: security, Tomcat
Affects Versions: 2.2
Environment: xp:sp2
jdk 1.6
Reporter: liangkun
1.Setup Apache Directory Server
2.Copy geronimo-real.ldif to your ldap server and run command to import your ldap entries:
$ ldapmodify -h [your_ldap_server_ip] -p 10389 -D "uid=admin,ou=system" -w secret -a -f [your_geronimo-realm_path]
aslo you can use other 3-rd party directory client tool such as Apache directory studio to import this ldap file.
3.Customize ldap server ip : <log:option name="connectionURL">ldap://<your host ip>:10389</log:option> in ldap.xml and copy it to your wasce server , and go to wasce server bin directory and run command:
deploy.sh/bat --user system --password manager deploy <deployment_plan_home>/ldap.xml
also you can deploy it via admin console "deploy new"->"achive plan" :ldap.xml
4.Shutdown wasce server, and modify $your_geronimo_server/var/config/config.xml as below:
change <module name="org.apache.geronimo.framework/server-security-config/2.1.4/car"/> to
<module name="org.apache.geronimo.framework/server-security-config/2.1.4/car">
<gbean name="geronimo-admin" load="false"/>
</module>
5.Restart Geronimo server, and login it with username: test, password: manager.
5.Restart geronimo server, and login it with username: test, password: manager.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (GERONIMO-4818) Can not configure username and
password of logging in the server through ldap
Posted by "Chi Runhua (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-4818?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12749375#action_12749375 ]
Chi Runhua commented on GERONIMO-4818:
--------------------------------------
I think Liangkun was using a sample application from 2.1.x and encountered the problem. And I believe the sample should be updated as well if it's not working on G2.2.
Here is the linkage for reference.
http://cwiki.apache.org/GMOxDOC22/ldap-sample-app-ldap-sample-application.html
Jeff C
> Can not configure username and password of logging in the server through ldap
> -----------------------------------------------------------------------------
>
> Key: GERONIMO-4818
> URL: https://issues.apache.org/jira/browse/GERONIMO-4818
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security, Tomcat
> Affects Versions: 2.2
> Environment: xp:sp2
> jdk 1.6
> Reporter: liangkun
> Attachments: geronimo-realm.ldif, ldap.xml
>
>
> 1.Setup Apache Directory Server
> 2.Copy geronimo-real.ldif to your ldap server and run command to import your ldap entries:
> $ ldapmodify -h [your_ldap_server_ip] -p 10389 -D "uid=admin,ou=system" -w secret -a -f [your_geronimo-realm_path]
> aslo you can use other 3-rd party directory client tool such as Apache directory studio to import this ldap file.
> 3.Customize ldap server ip : <log:option name="connectionURL">ldap://<your host ip>:10389</log:option> in ldap.xml and copy it to your wasce server , and go to wasce server bin directory and run command:
> deploy.sh/bat --user system --password manager deploy <deployment_plan_home>/ldap.xml
> also you can deploy it via admin console "deploy new"->"achive plan" :ldap.xml
> 4.Shutdown wasce server, and modify $your_geronimo_server/var/config/config.xml as below:
> change <module name="org.apache.geronimo.framework/server-security-config/2.1.4/car"/> to
> <module name="org.apache.geronimo.framework/server-security-config/2.1.4/car">
> <gbean name="geronimo-admin" load="false"/>
> </module>
> 5.Restart Geronimo server, and login it with username: test, password: manager.
> 5.Restart geronimo server, and login it with username: test, password: manager.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (GERONIMO-4818) Can not configure username and
password of logging in the server through ldap
Posted by "liangkun (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-4818?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
liangkun updated GERONIMO-4818:
-------------------------------
Attachment: ldap.xml
geronimo-realm.ldif
The file to configure the ldap server and geronimo server
> Can not configure username and password of logging in the server through ldap
> -----------------------------------------------------------------------------
>
> Key: GERONIMO-4818
> URL: https://issues.apache.org/jira/browse/GERONIMO-4818
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security, Tomcat
> Affects Versions: 2.2
> Environment: xp:sp2
> jdk 1.6
> Reporter: liangkun
> Attachments: geronimo-realm.ldif, ldap.xml
>
>
> 1.Setup Apache Directory Server
> 2.Copy geronimo-real.ldif to your ldap server and run command to import your ldap entries:
> $ ldapmodify -h [your_ldap_server_ip] -p 10389 -D "uid=admin,ou=system" -w secret -a -f [your_geronimo-realm_path]
> aslo you can use other 3-rd party directory client tool such as Apache directory studio to import this ldap file.
> 3.Customize ldap server ip : <log:option name="connectionURL">ldap://<your host ip>:10389</log:option> in ldap.xml and copy it to your wasce server , and go to wasce server bin directory and run command:
> deploy.sh/bat --user system --password manager deploy <deployment_plan_home>/ldap.xml
> also you can deploy it via admin console "deploy new"->"achive plan" :ldap.xml
> 4.Shutdown wasce server, and modify $your_geronimo_server/var/config/config.xml as below:
> change <module name="org.apache.geronimo.framework/server-security-config/2.1.4/car"/> to
> <module name="org.apache.geronimo.framework/server-security-config/2.1.4/car">
> <gbean name="geronimo-admin" load="false"/>
> </module>
> 5.Restart Geronimo server, and login it with username: test, password: manager.
> 5.Restart geronimo server, and login it with username: test, password: manager.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (GERONIMO-4818) Can not configure username and
password of logging in the server through ldap
Posted by "Ivan (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-4818?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12748395#action_12748395 ]
Ivan commented on GERONIMO-4818:
--------------------------------
There is some changes about the security reference between 2.1.* and 2.2, I think this way will not work now.
> Can not configure username and password of logging in the server through ldap
> -----------------------------------------------------------------------------
>
> Key: GERONIMO-4818
> URL: https://issues.apache.org/jira/browse/GERONIMO-4818
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security, Tomcat
> Affects Versions: 2.2
> Environment: xp:sp2
> jdk 1.6
> Reporter: liangkun
> Attachments: geronimo-realm.ldif, ldap.xml
>
>
> 1.Setup Apache Directory Server
> 2.Copy geronimo-real.ldif to your ldap server and run command to import your ldap entries:
> $ ldapmodify -h [your_ldap_server_ip] -p 10389 -D "uid=admin,ou=system" -w secret -a -f [your_geronimo-realm_path]
> aslo you can use other 3-rd party directory client tool such as Apache directory studio to import this ldap file.
> 3.Customize ldap server ip : <log:option name="connectionURL">ldap://<your host ip>:10389</log:option> in ldap.xml and copy it to your wasce server , and go to wasce server bin directory and run command:
> deploy.sh/bat --user system --password manager deploy <deployment_plan_home>/ldap.xml
> also you can deploy it via admin console "deploy new"->"achive plan" :ldap.xml
> 4.Shutdown wasce server, and modify $your_geronimo_server/var/config/config.xml as below:
> change <module name="org.apache.geronimo.framework/server-security-config/2.1.4/car"/> to
> <module name="org.apache.geronimo.framework/server-security-config/2.1.4/car">
> <gbean name="geronimo-admin" load="false"/>
> </module>
> 5.Restart Geronimo server, and login it with username: test, password: manager.
> 5.Restart geronimo server, and login it with username: test, password: manager.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (GERONIMO-4818) Can not configure username and
password of logging in the server through ldap
Posted by "Chi Runhua (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-4818?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12755433#action_12755433 ]
Chi Runhua commented on GERONIMO-4818:
--------------------------------------
Doc for G2.2 updated accordingly.
http://cwiki.apache.org/GMOxDOC22/replacing-default-realm-in-geronimo.html
Any questions, please let me know.
Jeff C
> Can not configure username and password of logging in the server through ldap
> -----------------------------------------------------------------------------
>
> Key: GERONIMO-4818
> URL: https://issues.apache.org/jira/browse/GERONIMO-4818
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security, Tomcat
> Affects Versions: 2.2
> Environment: xp:sp2
> jdk 1.6
> Reporter: liangkun
> Fix For: 2.2
>
> Attachments: geronimo-realm.ldif, ldap.xml
>
>
> 1.Setup Apache Directory Server
> 2.Copy geronimo-real.ldif to your ldap server and run command to import your ldap entries:
> $ ldapmodify -h [your_ldap_server_ip] -p 10389 -D "uid=admin,ou=system" -w secret -a -f [your_geronimo-realm_path]
> aslo you can use other 3-rd party directory client tool such as Apache directory studio to import this ldap file.
> 3.Customize ldap server ip : <log:option name="connectionURL">ldap://<your host ip>:10389</log:option> in ldap.xml and copy it to your wasce server , and go to wasce server bin directory and run command:
> deploy.sh/bat --user system --password manager deploy <deployment_plan_home>/ldap.xml
> also you can deploy it via admin console "deploy new"->"achive plan" :ldap.xml
> 4.Shutdown wasce server, and modify $your_geronimo_server/var/config/config.xml as below:
> change <module name="org.apache.geronimo.framework/server-security-config/2.1.4/car"/> to
> <module name="org.apache.geronimo.framework/server-security-config/2.1.4/car">
> <gbean name="geronimo-admin" load="false"/>
> </module>
> 5.Restart Geronimo server, and login it with username: test, password: manager.
> 5.Restart geronimo server, and login it with username: test, password: manager.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (GERONIMO-4818) Can not configure username and
password of logging in the server through ldap
Posted by "viola.lu (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-4818?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12748694#action_12748694 ]
viola.lu commented on GERONIMO-4818:
------------------------------------
I think we should update doc also.
> Can not configure username and password of logging in the server through ldap
> -----------------------------------------------------------------------------
>
> Key: GERONIMO-4818
> URL: https://issues.apache.org/jira/browse/GERONIMO-4818
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security, Tomcat
> Affects Versions: 2.2
> Environment: xp:sp2
> jdk 1.6
> Reporter: liangkun
> Attachments: geronimo-realm.ldif, ldap.xml
>
>
> 1.Setup Apache Directory Server
> 2.Copy geronimo-real.ldif to your ldap server and run command to import your ldap entries:
> $ ldapmodify -h [your_ldap_server_ip] -p 10389 -D "uid=admin,ou=system" -w secret -a -f [your_geronimo-realm_path]
> aslo you can use other 3-rd party directory client tool such as Apache directory studio to import this ldap file.
> 3.Customize ldap server ip : <log:option name="connectionURL">ldap://<your host ip>:10389</log:option> in ldap.xml and copy it to your wasce server , and go to wasce server bin directory and run command:
> deploy.sh/bat --user system --password manager deploy <deployment_plan_home>/ldap.xml
> also you can deploy it via admin console "deploy new"->"achive plan" :ldap.xml
> 4.Shutdown wasce server, and modify $your_geronimo_server/var/config/config.xml as below:
> change <module name="org.apache.geronimo.framework/server-security-config/2.1.4/car"/> to
> <module name="org.apache.geronimo.framework/server-security-config/2.1.4/car">
> <gbean name="geronimo-admin" load="false"/>
> </module>
> 5.Restart Geronimo server, and login it with username: test, password: manager.
> 5.Restart geronimo server, and login it with username: test, password: manager.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (GERONIMO-4818) Can not configure username and
password of logging in the server through ldap
Posted by "David Jencks (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-4818?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12748693#action_12748693 ]
David Jencks commented on GERONIMO-4818:
----------------------------------------
1. If possible, could you re-attach your patches granting license to use them to asf (check box on attach file form). Then we can try to set up an integration test or sample showing how to do this. I failed the last time I looked at this because I couldn't determine a reasonable ldap schama, a problem you have apparently solved
2. I __STRONGLY__ recommend approaching this by replacing server-security-config entirely with a new plugin with the actual server security setup you want: server-security-config as shipped is a toy example to demonstrate that the server works.
3. If you build the plugin with maven and the car-maven-plugin you can include an artifact-alias so your plugin will replace the server-security-config plugin the next time the server starts.
There is some advice on how to do (3) in slides from a presentation, http://people.apache.org/~djencks/AdministeringGeronimo.pdf. I had a sample project working at one point but I can't find it right now.
> Can not configure username and password of logging in the server through ldap
> -----------------------------------------------------------------------------
>
> Key: GERONIMO-4818
> URL: https://issues.apache.org/jira/browse/GERONIMO-4818
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security, Tomcat
> Affects Versions: 2.2
> Environment: xp:sp2
> jdk 1.6
> Reporter: liangkun
> Attachments: geronimo-realm.ldif, ldap.xml
>
>
> 1.Setup Apache Directory Server
> 2.Copy geronimo-real.ldif to your ldap server and run command to import your ldap entries:
> $ ldapmodify -h [your_ldap_server_ip] -p 10389 -D "uid=admin,ou=system" -w secret -a -f [your_geronimo-realm_path]
> aslo you can use other 3-rd party directory client tool such as Apache directory studio to import this ldap file.
> 3.Customize ldap server ip : <log:option name="connectionURL">ldap://<your host ip>:10389</log:option> in ldap.xml and copy it to your wasce server , and go to wasce server bin directory and run command:
> deploy.sh/bat --user system --password manager deploy <deployment_plan_home>/ldap.xml
> also you can deploy it via admin console "deploy new"->"achive plan" :ldap.xml
> 4.Shutdown wasce server, and modify $your_geronimo_server/var/config/config.xml as below:
> change <module name="org.apache.geronimo.framework/server-security-config/2.1.4/car"/> to
> <module name="org.apache.geronimo.framework/server-security-config/2.1.4/car">
> <gbean name="geronimo-admin" load="false"/>
> </module>
> 5.Restart Geronimo server, and login it with username: test, password: manager.
> 5.Restart geronimo server, and login it with username: test, password: manager.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (GERONIMO-4818) Can not configure username and
password of logging in the server through ldap
Posted by "Ivan (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-4818?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12748681#action_12748681 ]
Ivan commented on GERONIMO-4818:
--------------------------------
Currently, I think we could configure it ldap in the way below
1. Just add the configurations to the server-security-config module segment of the config.xml
<gbean name="org.apache.geronimo.framework/server-security-config/2.2-SNAPSHOT/car?ServiceModule=org.apache.geronimo.framework/server-security-config/2.2-SNAPSHOT/car,j2eeType=LoginModule,name=ldap-login" gbeanInfo="org.apache.geronimo.security.jaas.LoginModuleGBean">
<attribute name="loginModuleClass">org.apache.geronimo.security.realm.providers.LDAPLoginModule</attribute>
<attribute name="options">roleSearchMatching=uniqueMember={0}
userSearchMatching=uid={0}
userBase=ou=users,ou=system
connectionUsername=uid=admin,ou=system
roleName=cn
userSearchSubtree=true
authentication=simple
initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
roleBase=ou=groups,ou=system
connectionPassword=secret
connectionURL=ldap://9.186.10.16:10389
roleSearchSubtree=true</attribute>
<attribute name="loginDomainName">geronimo-admin</attribute>
</gbean>
<gbean name="geronimo-admin">
<reference name="LoginModuleConfiguration">
<pattern>
<name>ldap-login-use</name>
</pattern>
</reference>
</gbean>
<gbean name="org.apache.geronimo.framework/server-security-config/2.2-SNAPSHOT/car?ServiceModule=org.apache.geronimo.framework/server-security-config/2.2-SNAPSHOT/car,j2eeType=LoginModuleUse,name=ldap-login-use" gbeanInfo="org.apache.geronimo.security.jaas.JaasLoginModuleUse">
<attribute name="controlFlag">REQUIRED</attribute>
<reference name="LoginModule">
<pattern>
<name>ldap-login</name>
</pattern>
</reference>
</gbean>
</module>
Not sure whether there is a better way to do it. :-)
> Can not configure username and password of logging in the server through ldap
> -----------------------------------------------------------------------------
>
> Key: GERONIMO-4818
> URL: https://issues.apache.org/jira/browse/GERONIMO-4818
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security, Tomcat
> Affects Versions: 2.2
> Environment: xp:sp2
> jdk 1.6
> Reporter: liangkun
> Attachments: geronimo-realm.ldif, ldap.xml
>
>
> 1.Setup Apache Directory Server
> 2.Copy geronimo-real.ldif to your ldap server and run command to import your ldap entries:
> $ ldapmodify -h [your_ldap_server_ip] -p 10389 -D "uid=admin,ou=system" -w secret -a -f [your_geronimo-realm_path]
> aslo you can use other 3-rd party directory client tool such as Apache directory studio to import this ldap file.
> 3.Customize ldap server ip : <log:option name="connectionURL">ldap://<your host ip>:10389</log:option> in ldap.xml and copy it to your wasce server , and go to wasce server bin directory and run command:
> deploy.sh/bat --user system --password manager deploy <deployment_plan_home>/ldap.xml
> also you can deploy it via admin console "deploy new"->"achive plan" :ldap.xml
> 4.Shutdown wasce server, and modify $your_geronimo_server/var/config/config.xml as below:
> change <module name="org.apache.geronimo.framework/server-security-config/2.1.4/car"/> to
> <module name="org.apache.geronimo.framework/server-security-config/2.1.4/car">
> <gbean name="geronimo-admin" load="false"/>
> </module>
> 5.Restart Geronimo server, and login it with username: test, password: manager.
> 5.Restart geronimo server, and login it with username: test, password: manager.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (GERONIMO-4818) Can not configure username and
password of logging in the server through ldap
Posted by "Ivan (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-4818?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ivan resolved GERONIMO-4818.
----------------------------
Resolution: Fixed
Fix Version/s: 2.2
> Can not configure username and password of logging in the server through ldap
> -----------------------------------------------------------------------------
>
> Key: GERONIMO-4818
> URL: https://issues.apache.org/jira/browse/GERONIMO-4818
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security, Tomcat
> Affects Versions: 2.2
> Environment: xp:sp2
> jdk 1.6
> Reporter: liangkun
> Fix For: 2.2
>
> Attachments: geronimo-realm.ldif, ldap.xml
>
>
> 1.Setup Apache Directory Server
> 2.Copy geronimo-real.ldif to your ldap server and run command to import your ldap entries:
> $ ldapmodify -h [your_ldap_server_ip] -p 10389 -D "uid=admin,ou=system" -w secret -a -f [your_geronimo-realm_path]
> aslo you can use other 3-rd party directory client tool such as Apache directory studio to import this ldap file.
> 3.Customize ldap server ip : <log:option name="connectionURL">ldap://<your host ip>:10389</log:option> in ldap.xml and copy it to your wasce server , and go to wasce server bin directory and run command:
> deploy.sh/bat --user system --password manager deploy <deployment_plan_home>/ldap.xml
> also you can deploy it via admin console "deploy new"->"achive plan" :ldap.xml
> 4.Shutdown wasce server, and modify $your_geronimo_server/var/config/config.xml as below:
> change <module name="org.apache.geronimo.framework/server-security-config/2.1.4/car"/> to
> <module name="org.apache.geronimo.framework/server-security-config/2.1.4/car">
> <gbean name="geronimo-admin" load="false"/>
> </module>
> 5.Restart Geronimo server, and login it with username: test, password: manager.
> 5.Restart geronimo server, and login it with username: test, password: manager.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.