Re: Tomcat LDAP Authentication

View: New views

4 Messages — Rating Filter: Alert me

	Re: Tomcat LDAP Authentication by John Russell-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi, Is there a command line method to test an LDAP configuration? I could not find any log messages after basic authentication was denied. Perhaps the authentication log is not in $CATALINA_HOME/logs? <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" connectionURL="ldap://192.168.16.179" userPattern="uid={0},ou=users,dc=mail,dc=owd,dc=net" roleBase="ou=groups,dc=mail,dc=owd,dc=net" roleName="cn" roleSearch="(memberUid={0})"/> <Valve className="org.apache.catalina.authenticator.SingleSignOn" /> Thank you, John Russell On May 13, 2008, at 1:15 AM, users-digest-help@... wrote: > From: John Russell <jbr@...> > > From the documentation for JNDIRealm at > http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html > > 0) I obtained ldap-1_2_4.zip from Sun Microsystems. > > 1) Copied ldap.jar and ldapsec.jar to $CATALINA_HOME/server/lib > > 3) modified ./conf/server.xml for JNDI > > <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" > connectionURL="ldap://192.168.16.179" > userPattern="uid={0},ou=users,dc=mail,dc=owd,dc=net" > roleBase="ou=groups,dc=mail,dc=owd,dc=net" > roleName="cn" > roleSearch="(memberUid={0})"/> > > <Valve > className="org.apache.catalina.authenticator.SingleSignOn" /> > > > > From: Filip Hanik - Dev Lists <devlists@...> > > you will only get a popup if you specify <auth-method>BASIC</auth- > method> Thank you, Filip. The Basic Authentication is now working. <security-constraint> <web-resource-collection> <web-resource-name> Protected Site </web-resource-name> <url-pattern> /* </url-pattern> </web-resource-collection> <auth-constraint> <role-name>owd</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>Open Directory</realm-name> </login-config> <security-role> <role-name>owd</role-name> </security-role> > From: "Caldarale, Charles R" <Chuck.Caldarale@...> > >> 4) modified conf/web.xml to enable security-constraint > > Do you really want to modify conf/web.xml? Such security constraints > will then apply to every webapp you have deployed, requiring a login > page for each. Yes. Filip's suggestion has locked it down nicely and it suits us right now. Thank you for your suggestion, Charles.
	Tomcat LDAP Authentication by John Russell-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi, [Resubmitted. I did not see this appear in the digest, if you have seen this before and replied, please accept my apologies] Is there a command line method to test an LDAP configuration? I could not find any log messages after basic authentication was denied. Perhaps the authentication log is not in $CATALINA_HOME/logs? <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" connectionURL="ldap://192.168.16.179" userPattern="uid={0},ou=users,dc=mail,dc=owd,dc=net" roleBase="ou=groups,dc=mail,dc=owd,dc=net" roleName="cn" roleSearch="(memberUid={0})"/> <Valve className="org.apache.catalina.authenticator.SingleSignOn" /> Thank you, John Russell On May 13, 2008, at 1:15 AM, users-digest-help@... wrote: > From: John Russell <jbr@...> > > From the documentation for JNDIRealm at > http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html > > 0) I obtained ldap-1_2_4.zip from Sun Microsystems. > > 1) Copied ldap.jar and ldapsec.jar to $CATALINA_HOME/server/lib > > 3) modified ./conf/server.xml for JNDI > > <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" > connectionURL="ldap://192.168.16.179" > userPattern="uid={0},ou=users,dc=mail,dc=owd,dc=net" > roleBase="ou=groups,dc=mail,dc=owd,dc=net" > roleName="cn" > roleSearch="(memberUid={0})"/> > > <Valve > className="org.apache.catalina.authenticator.SingleSignOn" /> > > > > From: Filip Hanik - Dev Lists <devlists@...> > > you will only get a popup if you specify <auth-method>BASIC</auth- > method> Thank you, Filip. The Basic Authentication is now working. <security-constraint> <web-resource-collection> <web-resource-name> Protected Site </web-resource-name> <url-pattern> /* </url-pattern> </web-resource-collection> <auth-constraint> <role-name>owd</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>Open Directory</realm-name> </login-config> <security-role> <role-name>owd</role-name> </security-role> > From: "Caldarale, Charles R" <Chuck.Caldarale@...> > >> 4) modified conf/web.xml to enable security-constraint > > Do you really want to modify conf/web.xml? Such security constraints > will then apply to every webapp you have deployed, requiring a login > page for each. Yes. Filip's suggestion has locked it down nicely and it suits us right now. Thank you for your suggestion, Charles.
	Re: Tomcat LDAP Authentication by Christopher Schultz-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 John, John Russell wrote: \| [Resubmitted. I did not see this appear in the digest, if you have \| seen this before and replied, please accept my apologies] It came through before. You might have missed the cutoff for the digest - -- or maybe just missed it. \| Is there a command line method to test an LDAP configuration? One probable came with your LDAP server, but I suspect that's not really what you're asking. \| I could not find any log messages after basic authentication was denied. \| Perhaps the authentication log is not in $CATALINA_HOME/logs? Everything in Tomcat uses commons-logging, which can be configured to do lots of things. Not sure of the JNDIRealm emits very much log information. You might want to increase the log level for that class to DEBUG or even TRACE and run through your login again. Instructions for configuring logging are available in the documentation at tomcat.apache.org. \| <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" \| connectionURL="ldap://192.168.16.179" \| userPattern="uid={0},ou=users,dc=mail,dc=owd,dc=net" \| roleBase="ou=groups,dc=mail,dc=owd,dc=net" \| roleName="cn" \| roleSearch="(memberUid={0})"/> \| \| <Valve className="org.apache.catalina.authenticator.SingleSignOn" /> There is no command-line test for a realm setup that I know of. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkgrGJkACgkQ9CaO5/Lv0PBn0gCglQOlsE9C/el4XLbiRiDkMUx7 MV4AnRty5UG3m868f9weNLDJ0ILpS35l =FPK2 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@... To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@...
	Re: Tomcat LDAP Authentication by John Russell-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Thank you, we solved it for connecting to Apple Open Directory as follows <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" connectionURL="ldap://192.168.16.179" userPattern="uid={0},cn=users,dc=mail,dc=owd,dc=net" roleBase="cn=groups,dc=mail,dc=owd,dc=net" roleName="cn" roleSearch="(memberUid={1})"/> On May 14, 2008, at 10:44 AM, users-digest-help@... wrote: > From: Christopher Schultz <chris@...> > Date: May 14, 2008 9:52:00 AM PDT > To: Tomcat Users List <users@...> > Subject: Re: Tomcat LDAP Authentication > > > Instructions for configuring logging are available in the > documentation > at tomcat.apache.org. --------------------------------------------------------------------- To start a new topic, e-mail: users@... To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@...

	Re: Tomcat LDAP Authentication by John Russell-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi, Is there a command line method to test an LDAP configuration? I could not find any log messages after basic authentication was denied. Perhaps the authentication log is not in $CATALINA_HOME/logs? <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" connectionURL="ldap://192.168.16.179" userPattern="uid={0},ou=users,dc=mail,dc=owd,dc=net" roleBase="ou=groups,dc=mail,dc=owd,dc=net" roleName="cn" roleSearch="(memberUid={0})"/> <Valve className="org.apache.catalina.authenticator.SingleSignOn" /> Thank you, John Russell On May 13, 2008, at 1:15 AM, users-digest-help@... wrote: > From: John Russell <jbr@...> > > From the documentation for JNDIRealm at > http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html > > 0) I obtained ldap-1_2_4.zip from Sun Microsystems. > > 1) Copied ldap.jar and ldapsec.jar to $CATALINA_HOME/server/lib > > 3) modified ./conf/server.xml for JNDI > > <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" > connectionURL="ldap://192.168.16.179" > userPattern="uid={0},ou=users,dc=mail,dc=owd,dc=net" > roleBase="ou=groups,dc=mail,dc=owd,dc=net" > roleName="cn" > roleSearch="(memberUid={0})"/> > > <Valve > className="org.apache.catalina.authenticator.SingleSignOn" /> > > > > From: Filip Hanik - Dev Lists <devlists@...> > > you will only get a popup if you specify <auth-method>BASIC</auth- > method> Thank you, Filip. The Basic Authentication is now working. <security-constraint> <web-resource-collection> <web-resource-name> Protected Site </web-resource-name> <url-pattern> /* </url-pattern> </web-resource-collection> <auth-constraint> <role-name>owd</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>Open Directory</realm-name> </login-config> <security-role> <role-name>owd</role-name> </security-role> > From: "Caldarale, Charles R" <Chuck.Caldarale@...> > >> 4) modified conf/web.xml to enable security-constraint > > Do you really want to modify conf/web.xml? Such security constraints > will then apply to every webapp you have deployed, requiring a login > page for each. Yes. Filip's suggestion has locked it down nicely and it suits us right now. Thank you for your suggestion, Charles.
	Tomcat LDAP Authentication by John Russell-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi, [Resubmitted. I did not see this appear in the digest, if you have seen this before and replied, please accept my apologies] Is there a command line method to test an LDAP configuration? I could not find any log messages after basic authentication was denied. Perhaps the authentication log is not in $CATALINA_HOME/logs? <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" connectionURL="ldap://192.168.16.179" userPattern="uid={0},ou=users,dc=mail,dc=owd,dc=net" roleBase="ou=groups,dc=mail,dc=owd,dc=net" roleName="cn" roleSearch="(memberUid={0})"/> <Valve className="org.apache.catalina.authenticator.SingleSignOn" /> Thank you, John Russell On May 13, 2008, at 1:15 AM, users-digest-help@... wrote: > From: John Russell <jbr@...> > > From the documentation for JNDIRealm at > http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html > > 0) I obtained ldap-1_2_4.zip from Sun Microsystems. > > 1) Copied ldap.jar and ldapsec.jar to $CATALINA_HOME/server/lib > > 3) modified ./conf/server.xml for JNDI > > <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" > connectionURL="ldap://192.168.16.179" > userPattern="uid={0},ou=users,dc=mail,dc=owd,dc=net" > roleBase="ou=groups,dc=mail,dc=owd,dc=net" > roleName="cn" > roleSearch="(memberUid={0})"/> > > <Valve > className="org.apache.catalina.authenticator.SingleSignOn" /> > > > > From: Filip Hanik - Dev Lists <devlists@...> > > you will only get a popup if you specify <auth-method>BASIC</auth- > method> Thank you, Filip. The Basic Authentication is now working. <security-constraint> <web-resource-collection> <web-resource-name> Protected Site </web-resource-name> <url-pattern> /* </url-pattern> </web-resource-collection> <auth-constraint> <role-name>owd</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>Open Directory</realm-name> </login-config> <security-role> <role-name>owd</role-name> </security-role> > From: "Caldarale, Charles R" <Chuck.Caldarale@...> > >> 4) modified conf/web.xml to enable security-constraint > > Do you really want to modify conf/web.xml? Such security constraints > will then apply to every webapp you have deployed, requiring a login > page for each. Yes. Filip's suggestion has locked it down nicely and it suits us right now. Thank you for your suggestion, Charles.
	Re: Tomcat LDAP Authentication by Christopher Schultz-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 John, John Russell wrote: \| [Resubmitted. I did not see this appear in the digest, if you have \| seen this before and replied, please accept my apologies] It came through before. You might have missed the cutoff for the digest - -- or maybe just missed it. \| Is there a command line method to test an LDAP configuration? One probable came with your LDAP server, but I suspect that's not really what you're asking. \| I could not find any log messages after basic authentication was denied. \| Perhaps the authentication log is not in $CATALINA_HOME/logs? Everything in Tomcat uses commons-logging, which can be configured to do lots of things. Not sure of the JNDIRealm emits very much log information. You might want to increase the log level for that class to DEBUG or even TRACE and run through your login again. Instructions for configuring logging are available in the documentation at tomcat.apache.org. \| <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" \| connectionURL="ldap://192.168.16.179" \| userPattern="uid={0},ou=users,dc=mail,dc=owd,dc=net" \| roleBase="ou=groups,dc=mail,dc=owd,dc=net" \| roleName="cn" \| roleSearch="(memberUid={0})"/> \| \| <Valve className="org.apache.catalina.authenticator.SingleSignOn" /> There is no command-line test for a realm setup that I know of. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkgrGJkACgkQ9CaO5/Lv0PBn0gCglQOlsE9C/el4XLbiRiDkMUx7 MV4AnRty5UG3m868f9weNLDJ0ILpS35l =FPK2 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@... To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@...
	Re: Tomcat LDAP Authentication by John Russell-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Thank you, we solved it for connecting to Apple Open Directory as follows <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" connectionURL="ldap://192.168.16.179" userPattern="uid={0},cn=users,dc=mail,dc=owd,dc=net" roleBase="cn=groups,dc=mail,dc=owd,dc=net" roleName="cn" roleSearch="(memberUid={1})"/> On May 14, 2008, at 10:44 AM, users-digest-help@... wrote: > From: Christopher Schultz <chris@...> > Date: May 14, 2008 9:52:00 AM PDT > To: Tomcat Users List <users@...> > Subject: Re: Tomcat LDAP Authentication > > > Instructions for configuring logging are available in the > documentation > at tomcat.apache.org. --------------------------------------------------------------------- To start a new topic, e-mail: users@... To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@...