RE: Tomcat and Active Directory / 2003
Hi all,
I'm also trying to authenticate to AD from Tomcat. I'm having some struggles.
When you use this Realm, do you specify basic or form authentication in your
web-app.xml?
I wish I knew how your ADS forest was arranged. I'm having trouble figuring out what
I need to use - what trail to follow - what keywords to use. Our AD admin is either
not knowlegeable enough to tell me or I'm asking the wrong questions.
Thanks,
Robyne
-Original Message-
From: Pitre, Russell [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 08, 2003 11:34 AM
To: Tomcat Users List; [EMAIL PROTECTED]
Subject: RE: Tomcat and Active Directory / 2003
This is my realm setup in my server.xml config
Realm className=org.apache.catalina.realm.JNDIRealm
debug=99
connectionURL=ldap://[domain controller]:389
userBase=OU=Users,OU=Shawmut,DC=[domain],DC=com
userSearch=(sAMAccountName={0})
userRoleName=member
roleBase=OU=Users,OU=Shawmut,DC=[domain],DC=com
roleName=memberOf
roleSearch=(memberOf=CN=tomcat,CN=Users,DC=shawmut,DC=com)
connectionName=CN=Administrator,CN=Users,DC=shawmut,DC=com
connectionPassword=[password]
roleSubtree=true
userSubtree=true/
hope this helps
Russ
-Original Message-
From: Matt Fury [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 08, 2003 1:03 PM
To: Tomcat Users List
Subject: Re: Tomcat and Active Directory / 2003
Hey Thanks for the reply.
Tried all those to no avail. :-/ I did see the Tomcat
realm how-to but I was wondering if there were issues
because it is Micro$oft we're trying to connect to and
its 2003. Who knows, their standard ldap may not be
standard.
-Matt
--- Yann Cébron [EMAIL PROTECTED] wrote:
Two guesses:
* Did you try using the IP-address instead or use
the FQDN for
connectionURL, maybe there's something wrong w/ DNS?
* Try w/o MD5 and see if it works then.
roleSubtree=True
typo - or shouldn't this be true
I guess you already found the documentation here:
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html#JNDIRealm
HTH,
Yann
BTW: I am using 4.1.27 on Windows 2000 and we're
trying to connect to a Windows 2003 AD. Has this
changed at all?
here is the error trace:
Catalina.start: LifecycleException: Exception
opening
directory server connecti
on: javax.naming.CommunicationException:
localhost:389 [Root exception is java.
net.ConnectException: Connection refused: connect]
LifecycleException: Exception opening directory
server connection: javax.namin
g.CommunicationException: localhost:389 [Root
exception is java.net.ConnectExcep
tion: Connection refused: connect]
It keeps saying localhost:389 and I clearly don't
have
it in the Realm. Here is my setup.
Realm
className=org.apache.catalina.realm.JNDIRealm
debug=99
connectionName=cn=TomcatRole,dc=vo,dc=net
connectionPassword=***
connectionURL=ldap://orlmsdc001:389;
digest=MD5
roleBase=dc=roles,dc=vo,dc=net
roleName=cn
roleSearch=(uniqueMember={0})
roleSubtree=True
userPassword=***
userPattern=cn={0},dc=vacationsonly,dc=net /
--- Matt Fury [EMAIL PROTECTED] wrote:
Hi All,
I've been trying for several weeks to compile
information on Tomcat and Active Directory
through
LDAP. I can't quite get all the information I
need
and
I am hoping someone has a link to what needs to
be
done. I want to use the Realms in Tomcat but I
can't
seem to connect properly. For some reason it
seems
to
keep trying to connect to localhost even though
its
not specified.
Also, does SSL NEED to be implemented in order
to
get
this to work? I will be doing AD connectivity
through
LAN only.
Thanks.
-Matt
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat and Active Directory / 2003
I'm also trying to authenticate to AD from Tomcat. I'm having some struggles. --- Search the archives of the list, there are some good success stories. BTW, all examples are using LDAP as a method of interaction with AD. Is anybody considering Kerberos5 (GSS-API)? I do realize Tomcat doesn't have a KerberosRealm, should we write one? Nix.
Re: Tomcat and Active Directory / 2003
BTW: I am using 4.1.27 on Windows 2000 and we're
trying to connect to a Windows 2003 AD. Has this
changed at all?
here is the error trace:
Catalina.start: LifecycleException: Exception opening
directory server connecti
on: javax.naming.CommunicationException:
localhost:389 [Root exception is java.
net.ConnectException: Connection refused: connect]
LifecycleException: Exception opening directory
server connection: javax.namin
g.CommunicationException: localhost:389 [Root
exception is java.net.ConnectExcep
tion: Connection refused: connect]
It keeps saying localhost:389 and I clearly don't have
it in the Realm. Here is my setup.
Realm className=org.apache.catalina.realm.JNDIRealm
debug=99
connectionName=cn=TomcatRole,dc=vo,dc=net
connectionPassword=***
connectionURL=ldap://orlmsdc001:389;
digest=MD5
roleBase=dc=roles,dc=vo,dc=net
roleName=cn
roleSearch=(uniqueMember={0})
roleSubtree=True
userPassword=***
userPattern=cn={0},dc=vacationsonly,dc=net /
--- Matt Fury [EMAIL PROTECTED] wrote:
Hi All,
I've been trying for several weeks to compile
information on Tomcat and Active Directory through
LDAP. I can't quite get all the information I need
and
I am hoping someone has a link to what needs to be
done. I want to use the Realms in Tomcat but I can't
seem to connect properly. For some reason it seems
to
keep trying to connect to localhost even though its
not specified.
Also, does SSL NEED to be implemented in order to
get
this to work? I will be doing AD connectivity
through
LAN only.
Thanks.
-Matt
-
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat and Active Directory / 2003
Two guesses:
* Did you try using the IP-address instead or use the FQDN for
connectionURL, maybe there's something wrong w/ DNS?
* Try w/o MD5 and see if it works then.
roleSubtree=True
typo - or shouldn't this be true
I guess you already found the documentation here:
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html#JNDIRealm
HTH,
Yann
BTW: I am using 4.1.27 on Windows 2000 and we're
trying to connect to a Windows 2003 AD. Has this
changed at all?
here is the error trace:
Catalina.start: LifecycleException: Exception opening
directory server connecti
on: javax.naming.CommunicationException:
localhost:389 [Root exception is java.
net.ConnectException: Connection refused: connect]
LifecycleException: Exception opening directory
server connection: javax.namin
g.CommunicationException: localhost:389 [Root
exception is java.net.ConnectExcep
tion: Connection refused: connect]
It keeps saying localhost:389 and I clearly don't have
it in the Realm. Here is my setup.
Realm className=org.apache.catalina.realm.JNDIRealm
debug=99
connectionName=cn=TomcatRole,dc=vo,dc=net
connectionPassword=***
connectionURL=ldap://orlmsdc001:389;
digest=MD5
roleBase=dc=roles,dc=vo,dc=net
roleName=cn
roleSearch=(uniqueMember={0})
roleSubtree=True
userPassword=***
userPattern=cn={0},dc=vacationsonly,dc=net /
--- Matt Fury [EMAIL PROTECTED] wrote:
Hi All,
I've been trying for several weeks to compile
information on Tomcat and Active Directory through
LDAP. I can't quite get all the information I need
and
I am hoping someone has a link to what needs to be
done. I want to use the Realms in Tomcat but I can't
seem to connect properly. For some reason it seems
to
keep trying to connect to localhost even though its
not specified.
Also, does SSL NEED to be implemented in order to
get
this to work? I will be doing AD connectivity
through
LAN only.
Thanks.
-Matt
-
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat and Active Directory / 2003
Hey Thanks for the reply.
Tried all those to no avail. :-/ I did see the Tomcat
realm how-to but I was wondering if there were issues
because it is Micro$oft we're trying to connect to and
its 2003. Who knows, their standard ldap may not be
standard.
-Matt
--- Yann Cébron [EMAIL PROTECTED] wrote:
Two guesses:
* Did you try using the IP-address instead or use
the FQDN for
connectionURL, maybe there's something wrong w/ DNS?
* Try w/o MD5 and see if it works then.
roleSubtree=True
typo - or shouldn't this be true
I guess you already found the documentation here:
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html#JNDIRealm
HTH,
Yann
BTW: I am using 4.1.27 on Windows 2000 and we're
trying to connect to a Windows 2003 AD. Has this
changed at all?
here is the error trace:
Catalina.start: LifecycleException: Exception
opening
directory server connecti
on: javax.naming.CommunicationException:
localhost:389 [Root exception is java.
net.ConnectException: Connection refused: connect]
LifecycleException: Exception opening directory
server connection: javax.namin
g.CommunicationException: localhost:389 [Root
exception is java.net.ConnectExcep
tion: Connection refused: connect]
It keeps saying localhost:389 and I clearly don't
have
it in the Realm. Here is my setup.
Realm
className=org.apache.catalina.realm.JNDIRealm
debug=99
connectionName=cn=TomcatRole,dc=vo,dc=net
connectionPassword=***
connectionURL=ldap://orlmsdc001:389;
digest=MD5
roleBase=dc=roles,dc=vo,dc=net
roleName=cn
roleSearch=(uniqueMember={0})
roleSubtree=True
userPassword=***
userPattern=cn={0},dc=vacationsonly,dc=net /
--- Matt Fury [EMAIL PROTECTED] wrote:
Hi All,
I've been trying for several weeks to compile
information on Tomcat and Active Directory
through
LDAP. I can't quite get all the information I
need
and
I am hoping someone has a link to what needs to
be
done. I want to use the Realms in Tomcat but I
can't
seem to connect properly. For some reason it
seems
to
keep trying to connect to localhost even though
its
not specified.
Also, does SSL NEED to be implemented in order
to
get
this to work? I will be doing AD connectivity
through
LAN only.
Thanks.
-Matt
-
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
-
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat and Active Directory / 2003
This is my realm setup in my server.xml config
Realm className=org.apache.catalina.realm.JNDIRealm
debug=99
connectionURL=ldap://[domain controller]:389
userBase=OU=Users,OU=Shawmut,DC=[domain],DC=com
userSearch=(sAMAccountName={0})
userRoleName=member
roleBase=OU=Users,OU=Shawmut,DC=[domain],DC=com
roleName=memberOf
roleSearch=(memberOf=CN=tomcat,CN=Users,DC=shawmut,DC=com)
connectionName=CN=Administrator,CN=Users,DC=shawmut,DC=com
connectionPassword=[password]
roleSubtree=true
userSubtree=true/
hope this helps
Russ
-Original Message-
From: Matt Fury [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 08, 2003 1:03 PM
To: Tomcat Users List
Subject: Re: Tomcat and Active Directory / 2003
Hey Thanks for the reply.
Tried all those to no avail. :-/ I did see the Tomcat
realm how-to but I was wondering if there were issues
because it is Micro$oft we're trying to connect to and
its 2003. Who knows, their standard ldap may not be
standard.
-Matt
--- Yann Cébron [EMAIL PROTECTED] wrote:
Two guesses:
* Did you try using the IP-address instead or use
the FQDN for
connectionURL, maybe there's something wrong w/ DNS?
* Try w/o MD5 and see if it works then.
roleSubtree=True
typo - or shouldn't this be true
I guess you already found the documentation here:
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html#JNDIRealm
HTH,
Yann
BTW: I am using 4.1.27 on Windows 2000 and we're
trying to connect to a Windows 2003 AD. Has this
changed at all?
here is the error trace:
Catalina.start: LifecycleException: Exception
opening
directory server connecti
on: javax.naming.CommunicationException:
localhost:389 [Root exception is java.
net.ConnectException: Connection refused: connect]
LifecycleException: Exception opening directory
server connection: javax.namin
g.CommunicationException: localhost:389 [Root
exception is java.net.ConnectExcep
tion: Connection refused: connect]
It keeps saying localhost:389 and I clearly don't
have
it in the Realm. Here is my setup.
Realm
className=org.apache.catalina.realm.JNDIRealm
debug=99
connectionName=cn=TomcatRole,dc=vo,dc=net
connectionPassword=***
connectionURL=ldap://orlmsdc001:389;
digest=MD5
roleBase=dc=roles,dc=vo,dc=net
roleName=cn
roleSearch=(uniqueMember={0})
roleSubtree=True
userPassword=***
userPattern=cn={0},dc=vacationsonly,dc=net /
--- Matt Fury [EMAIL PROTECTED] wrote:
Hi All,
I've been trying for several weeks to compile
information on Tomcat and Active Directory
through
LDAP. I can't quite get all the information I
need
and
I am hoping someone has a link to what needs to
be
done. I want to use the Realms in Tomcat but I
can't
seem to connect properly. For some reason it
seems
to
keep trying to connect to localhost even though
its
not specified.
Also, does SSL NEED to be implemented in order
to
get
this to work? I will be doing AD connectivity
through
LAN only.
Thanks.
-Matt
-
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
-
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
