You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Shai Levit <re...@msn.com> on 2013/11/04 16:49:28 UTC
Connection to ApacheDS LDAP
My apologies in advance for some of the syntax and verbiage - I am a newbie in all of this, but did do my reading / research / and chat on IRC’s.
The current setup I have is this:
Apache DS LDAP version 2.0.0-M14 running on Linux with Port 8660. The server instance works fine and I am able to do a search via Apache API in Java (Eclipse). I bind to this server anonymously via connection.bind()
Tomcat version 7.0.47 running on Mac OS X (Maverick) with Port 8080. The Tomcat instance work fine using the installed default values. I am able to run simple REST API and consume them via any browser.
Issue: I am trying to create a connection to the LDAP server via anonymous binding. I configured the appropriate conf file: server.xml with the REALM as follows:
<Realm className="org.apache.catalina.realm.JNDIRealm"
connectionURL="ldap://Integration01.icsl.net:8660" debug="99"
userBase="dc=sumsmail,dc=com"
userSearch="(mail{0})"
userSearch="(userCertificate{0})"
userSubtree="true"
roleBase="dc=sumsmail,dc=com"
roleName="cn"
roleSearch="(mail={0})"
roleSearch="(userCertificate={0})"
roleSubtree="true"
/>
</Realm>
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
This is the only changes I made.
When I launch the Server, it crashes immediately, giving me the following error(s):
Nov 4, 2013 10:22:31 AM org.apache.catalina.core.AprLifecycleListener init
INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: .:/Library/Java/Extensions:/System/Library/Java/Extensions:/usr/lib/java
Nov 4, 2013 10:22:31 AM org.apache.tomcat.util.digester.Digester fatalError
SEVERE: Parse Fatal Error at line 116 column 37: Attribute "userSearch" was already specified for element "Realm".
org.xml.sax.SAXParseException: Attribute "userSearch" was already specified for element "Realm".
at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:195)
at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError(ErrorHandlerWrapper.java:174)
at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:388)
at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError(XMLScanner.java:1476)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanAttribute(XMLDocumentFragmentScannerImpl.java:1567)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanStartElement(XMLDocumentFragmentScannerImpl.java:1326)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2763)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:647)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:513)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:815)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:744)
at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:128)
at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1208)
at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:543)
at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1537)
at org.apache.catalina.startup.Catalina.load(Catalina.java:617)
at org.apache.catalina.startup.Catalina.load(Catalina.java:665)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:455)
Nov 4, 2013 10:22:31 AM org.apache.catalina.startup.Catalina load
WARNING: Catalina.start using conf/server.xml: Attribute "userSearch" was already specified for element "Realm".
Nov 4, 2013 10:22:31 AM org.apache.tomcat.util.digester.Digester fatalError
SEVERE: Parse Fatal Error at line 116 column 37: Attribute "userSearch" was already specified for element "Realm".
org.xml.sax.SAXParseException: Attribute "userSearch" was already specified for element "Realm".
at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:195)
at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError(ErrorHandlerWrapper.java:174)
at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:388)
at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError(XMLScanner.java:1476)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanAttribute(XMLDocumentFragmentScannerImpl.java:1567)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanStartElement(XMLDocumentFragmentScannerImpl.java:1326)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2763)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:647)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:513)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:815)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:744)
at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:128)
at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1208)
at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:543)
at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1537)
at org.apache.catalina.startup.Catalina.load(Catalina.java:617)
at org.apache.catalina.startup.Catalina.start(Catalina.java:679)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:322)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:456)
Nov 4, 2013 10:22:31 AM org.apache.catalina.startup.Catalina load
WARNING: Catalina.start using conf/server.xml: Attribute "userSearch" was already specified for element "Realm".
Nov 4, 2013 10:22:31 AM org.apache.catalina.startup.Catalina start
SEVERE: Cannot start server. Server instance is not configured.
I am not sure what I am doing wrong and/or missing. If there is another way to setup a connection, I am not aware of this, nor did I find any documentation about this anywhere.
What I am trying to achieve here:
Given a userName, the REST API (server side) running on Tomcat will bind to the LDAP and retrieve a Directory list to compare this with the request from the client. It will then iterate throughout this Array and return some data.
Thank you for any help and advice.
Kind regards
Shai Levit
Re: Connection to ApacheDS LDAP
Posted by Shai Levit <re...@msn.com>.
Thank you guys. So here is the thought behind this.
In the Original LDAP Search parameter, I am searching for 2 Attributes: mail and userCertificate.
mail is just a plain string - email and userCertificate is a X.509 DER (.cer) certificate in binary format.
Hence I thought that I would need to have both in the connectivity. I will try doing a general Search and then specify in the @GET or @POST method the more specifics.
I did get the connection issue resolved, but not in the manner I thought would be best:
i.e.: I just passed the connection parameters in the @GET method like so:
LdapConnection connection = new LdapNetworkConnection(ipAddress, port);
connection.bind();
this works.
Thanks again for the help.
regards
Shai
On Nov 4, 2013, at 11:08 AM, Propes, Barry L <ba...@citi.com> wrote:
>
>
> -----Original Message-----
> From: Daniel Mikusa [mailto:dmikusa@gopivotal.com]
> Sent: Monday, November 04, 2013 9:57 AM
> To: Tomcat Users List
> Subject: Re: Connection to ApacheDS LDAP
>
> On Nov 4, 2013, at 10:49 AM, Shai Levit <re...@msn.com> wrote:
>
>> My apologies in advance for some of the syntax and verbiage - I am a newbie in all of this, but did do my reading / research / and chat on IRC's.
>>
>> The current setup I have is this:
>> Apache DS LDAP version 2.0.0-M14 running on Linux with Port 8660. The
>> server instance works fine and I am able to do a search via Apache API in Java (Eclipse). I bind to this server anonymously via connection.bind() Tomcat version 7.0.47 running on Mac OS X (Maverick) with Port 8080. The Tomcat instance work fine using the installed default values. I am able to run simple REST API and consume them via any browser.
>>
>> Issue: I am trying to create a connection to the LDAP server via anonymous binding. I configured the appropriate conf file: server.xml with the REALM as follows:
>>
>> <Realm className="org.apache.catalina.realm.JNDIRealm"
>> connectionURL="ldap://Integration01.icsl.net:8660" debug="99"
>> userBase="dc=sumsmail,dc=com"
>> userSearch="(mail{0})"
>> userSearch="(userCertificate{0})"
>
> Why do you have "userSearch" specified twice? That's what's causing the exception below.
>
>> userSubtree="true"
>> roleBase="dc=sumsmail,dc=com"
>> roleName="cn"
>> roleSearch="(mail={0})"
>> roleSearch="(userCertificate={0})"
>
> This will likely cause a similar exception, you can only specify these attributes one.
>
> Dan
>
>> roleSubtree="true"
>> />
>> </Realm>
>>
>> <Host name="localhost" appBase="webapps"
>> unpackWARs="true" autoDeploy="true">
>>
>
>
> Not that I'm particularly knowledgeable about configuring LDAP, because I'm not but looking at the error I wondered what Dan did - why did you have the userSearch attribute listed twice? You also have the roleSearch attribute listed twice, though it might not show that error since it spits up at the first one.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
RE: Connection to ApacheDS LDAP
Posted by "Propes, Barry L " <ba...@citi.com>.
-----Original Message-----
From: Daniel Mikusa [mailto:dmikusa@gopivotal.com]
Sent: Monday, November 04, 2013 9:57 AM
To: Tomcat Users List
Subject: Re: Connection to ApacheDS LDAP
On Nov 4, 2013, at 10:49 AM, Shai Levit <re...@msn.com> wrote:
> My apologies in advance for some of the syntax and verbiage - I am a newbie in all of this, but did do my reading / research / and chat on IRC's.
>
> The current setup I have is this:
> Apache DS LDAP version 2.0.0-M14 running on Linux with Port 8660. The
> server instance works fine and I am able to do a search via Apache API in Java (Eclipse). I bind to this server anonymously via connection.bind() Tomcat version 7.0.47 running on Mac OS X (Maverick) with Port 8080. The Tomcat instance work fine using the installed default values. I am able to run simple REST API and consume them via any browser.
>
> Issue: I am trying to create a connection to the LDAP server via anonymous binding. I configured the appropriate conf file: server.xml with the REALM as follows:
>
> <Realm className="org.apache.catalina.realm.JNDIRealm"
> connectionURL="ldap://Integration01.icsl.net:8660" debug="99"
> userBase="dc=sumsmail,dc=com"
> userSearch="(mail{0})"
> userSearch="(userCertificate{0})"
Why do you have "userSearch" specified twice? That's what's causing the exception below.
> userSubtree="true"
> roleBase="dc=sumsmail,dc=com"
> roleName="cn"
> roleSearch="(mail={0})"
> roleSearch="(userCertificate={0})"
This will likely cause a similar exception, you can only specify these attributes one.
Dan
> roleSubtree="true"
> />
> </Realm>
>
> <Host name="localhost" appBase="webapps"
> unpackWARs="true" autoDeploy="true">
>
Not that I'm particularly knowledgeable about configuring LDAP, because I'm not but looking at the error I wondered what Dan did - why did you have the userSearch attribute listed twice? You also have the roleSearch attribute listed twice, though it might not show that error since it spits up at the first one.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Connection to ApacheDS LDAP
Posted by Daniel Mikusa <dm...@gopivotal.com>.
On Nov 4, 2013, at 10:49 AM, Shai Levit <re...@msn.com> wrote:
> My apologies in advance for some of the syntax and verbiage - I am a newbie in all of this, but did do my reading / research / and chat on IRC’s.
>
> The current setup I have is this:
> Apache DS LDAP version 2.0.0-M14 running on Linux with Port 8660. The server instance works fine and I am able to do a search via Apache API in Java (Eclipse). I bind to this server anonymously via connection.bind()
> Tomcat version 7.0.47 running on Mac OS X (Maverick) with Port 8080. The Tomcat instance work fine using the installed default values. I am able to run simple REST API and consume them via any browser.
>
> Issue: I am trying to create a connection to the LDAP server via anonymous binding. I configured the appropriate conf file: server.xml with the REALM as follows:
>
> <Realm className="org.apache.catalina.realm.JNDIRealm"
> connectionURL="ldap://Integration01.icsl.net:8660" debug="99"
> userBase="dc=sumsmail,dc=com"
> userSearch="(mail{0})"
> userSearch="(userCertificate{0})"
Why do you have "userSearch" specified twice? That's what's causing the exception below.
> userSubtree="true"
> roleBase="dc=sumsmail,dc=com"
> roleName="cn"
> roleSearch="(mail={0})"
> roleSearch="(userCertificate={0})"
This will likely cause a similar exception, you can only specify these attributes one.
Dan
> roleSubtree="true"
> />
> </Realm>
>
> <Host name="localhost" appBase="webapps"
> unpackWARs="true" autoDeploy="true">
>
> This is the only changes I made.
> When I launch the Server, it crashes immediately, giving me the following error(s):
>
> Nov 4, 2013 10:22:31 AM org.apache.catalina.core.AprLifecycleListener init
> INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: .:/Library/Java/Extensions:/System/Library/Java/Extensions:/usr/lib/java
> Nov 4, 2013 10:22:31 AM org.apache.tomcat.util.digester.Digester fatalError
> SEVERE: Parse Fatal Error at line 116 column 37: Attribute "userSearch" was already specified for element "Realm".
> org.xml.sax.SAXParseException: Attribute "userSearch" was already specified for element "Realm".
> at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:195)
> at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError(ErrorHandlerWrapper.java:174)
> at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:388)
> at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError(XMLScanner.java:1476)
> at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanAttribute(XMLDocumentFragmentScannerImpl.java:1567)
> at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanStartElement(XMLDocumentFragmentScannerImpl.java:1326)
> at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2763)
> at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:647)
> at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:513)
> at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:815)
> at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:744)
> at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:128)
> at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1208)
> at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:543)
> at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1537)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:617)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:665)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:455)
> Nov 4, 2013 10:22:31 AM org.apache.catalina.startup.Catalina load
> WARNING: Catalina.start using conf/server.xml: Attribute "userSearch" was already specified for element "Realm".
> Nov 4, 2013 10:22:31 AM org.apache.tomcat.util.digester.Digester fatalError
> SEVERE: Parse Fatal Error at line 116 column 37: Attribute "userSearch" was already specified for element "Realm".
> org.xml.sax.SAXParseException: Attribute "userSearch" was already specified for element "Realm".
> at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:195)
> at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError(ErrorHandlerWrapper.java:174)
> at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:388)
> at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError(XMLScanner.java:1476)
> at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanAttribute(XMLDocumentFragmentScannerImpl.java:1567)
> at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanStartElement(XMLDocumentFragmentScannerImpl.java:1326)
> at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2763)
> at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:647)
> at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:513)
> at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:815)
> at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:744)
> at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:128)
> at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1208)
> at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:543)
> at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1537)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:617)
> at org.apache.catalina.startup.Catalina.start(Catalina.java:679)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:322)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:456)
> Nov 4, 2013 10:22:31 AM org.apache.catalina.startup.Catalina load
> WARNING: Catalina.start using conf/server.xml: Attribute "userSearch" was already specified for element "Realm".
> Nov 4, 2013 10:22:31 AM org.apache.catalina.startup.Catalina start
> SEVERE: Cannot start server. Server instance is not configured.
>
> I am not sure what I am doing wrong and/or missing. If there is another way to setup a connection, I am not aware of this, nor did I find any documentation about this anywhere.
>
> What I am trying to achieve here:
>
> Given a userName, the REST API (server side) running on Tomcat will bind to the LDAP and retrieve a Directory list to compare this with the request from the client. It will then iterate throughout this Array and return some data.
>
> Thank you for any help and advice.
>
> Kind regards
>
> Shai Levit
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org