RE: Tomcat and Active Directory / 2003
Hi all, I'm also trying to authenticate to AD from Tomcat. I'm having some struggles. When you use this Realm, do you specify basic or form authentication in your web-app.xml? I wish I knew how your ADS forest was arranged. I'm having trouble figuring out what I need to use - what trail to follow - what keywords to use. Our AD admin is either not knowlegeable enough to tell me or I'm asking the wrong questions. Thanks, Robyne -Original Message- From: Pitre, Russell [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 08, 2003 11:34 AM To: Tomcat Users List; [EMAIL PROTECTED] Subject: RE: Tomcat and Active Directory / 2003 This is my realm setup in my server.xml config Realm className=org.apache.catalina.realm.JNDIRealm debug=99 connectionURL=ldap://[domain controller]:389 userBase=OU=Users,OU=Shawmut,DC=[domain],DC=com userSearch=(sAMAccountName={0}) userRoleName=member roleBase=OU=Users,OU=Shawmut,DC=[domain],DC=com roleName=memberOf roleSearch=(memberOf=CN=tomcat,CN=Users,DC=shawmut,DC=com) connectionName=CN=Administrator,CN=Users,DC=shawmut,DC=com connectionPassword=[password] roleSubtree=true userSubtree=true/ hope this helps Russ -Original Message- From: Matt Fury [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 08, 2003 1:03 PM To: Tomcat Users List Subject: Re: Tomcat and Active Directory / 2003 Hey Thanks for the reply. Tried all those to no avail. :-/ I did see the Tomcat realm how-to but I was wondering if there were issues because it is Micro$oft we're trying to connect to and its 2003. Who knows, their standard ldap may not be standard. -Matt --- Yann Cébron [EMAIL PROTECTED] wrote: Two guesses: * Did you try using the IP-address instead or use the FQDN for connectionURL, maybe there's something wrong w/ DNS? * Try w/o MD5 and see if it works then. roleSubtree=True typo - or shouldn't this be true I guess you already found the documentation here: http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html#JNDIRealm HTH, Yann BTW: I am using 4.1.27 on Windows 2000 and we're trying to connect to a Windows 2003 AD. Has this changed at all? here is the error trace: Catalina.start: LifecycleException: Exception opening directory server connecti on: javax.naming.CommunicationException: localhost:389 [Root exception is java. net.ConnectException: Connection refused: connect] LifecycleException: Exception opening directory server connection: javax.namin g.CommunicationException: localhost:389 [Root exception is java.net.ConnectExcep tion: Connection refused: connect] It keeps saying localhost:389 and I clearly don't have it in the Realm. Here is my setup. Realm className=org.apache.catalina.realm.JNDIRealm debug=99 connectionName=cn=TomcatRole,dc=vo,dc=net connectionPassword=*** connectionURL=ldap://orlmsdc001:389; digest=MD5 roleBase=dc=roles,dc=vo,dc=net roleName=cn roleSearch=(uniqueMember={0}) roleSubtree=True userPassword=*** userPattern=cn={0},dc=vacationsonly,dc=net / --- Matt Fury [EMAIL PROTECTED] wrote: Hi All, I've been trying for several weeks to compile information on Tomcat and Active Directory through LDAP. I can't quite get all the information I need and I am hoping someone has a link to what needs to be done. I want to use the Realms in Tomcat but I can't seem to connect properly. For some reason it seems to keep trying to connect to localhost even though its not specified. Also, does SSL NEED to be implemented in order to get this to work? I will be doing AD connectivity through LAN only. Thanks. -Matt - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat and Active Directory / 2003
I'm also trying to authenticate to AD from Tomcat. I'm having some struggles. --- Search the archives of the list, there are some good success stories. BTW, all examples are using LDAP as a method of interaction with AD. Is anybody considering Kerberos5 (GSS-API)? I do realize Tomcat doesn't have a KerberosRealm, should we write one? Nix.
Re: Tomcat and Active Directory / 2003
BTW: I am using 4.1.27 on Windows 2000 and we're trying to connect to a Windows 2003 AD. Has this changed at all? here is the error trace: Catalina.start: LifecycleException: Exception opening directory server connecti on: javax.naming.CommunicationException: localhost:389 [Root exception is java. net.ConnectException: Connection refused: connect] LifecycleException: Exception opening directory server connection: javax.namin g.CommunicationException: localhost:389 [Root exception is java.net.ConnectExcep tion: Connection refused: connect] It keeps saying localhost:389 and I clearly don't have it in the Realm. Here is my setup. Realm className=org.apache.catalina.realm.JNDIRealm debug=99 connectionName=cn=TomcatRole,dc=vo,dc=net connectionPassword=*** connectionURL=ldap://orlmsdc001:389; digest=MD5 roleBase=dc=roles,dc=vo,dc=net roleName=cn roleSearch=(uniqueMember={0}) roleSubtree=True userPassword=*** userPattern=cn={0},dc=vacationsonly,dc=net / --- Matt Fury [EMAIL PROTECTED] wrote: Hi All, I've been trying for several weeks to compile information on Tomcat and Active Directory through LDAP. I can't quite get all the information I need and I am hoping someone has a link to what needs to be done. I want to use the Realms in Tomcat but I can't seem to connect properly. For some reason it seems to keep trying to connect to localhost even though its not specified. Also, does SSL NEED to be implemented in order to get this to work? I will be doing AD connectivity through LAN only. Thanks. -Matt - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat and Active Directory / 2003
Two guesses: * Did you try using the IP-address instead or use the FQDN for connectionURL, maybe there's something wrong w/ DNS? * Try w/o MD5 and see if it works then. roleSubtree=True typo - or shouldn't this be true I guess you already found the documentation here: http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html#JNDIRealm HTH, Yann BTW: I am using 4.1.27 on Windows 2000 and we're trying to connect to a Windows 2003 AD. Has this changed at all? here is the error trace: Catalina.start: LifecycleException: Exception opening directory server connecti on: javax.naming.CommunicationException: localhost:389 [Root exception is java. net.ConnectException: Connection refused: connect] LifecycleException: Exception opening directory server connection: javax.namin g.CommunicationException: localhost:389 [Root exception is java.net.ConnectExcep tion: Connection refused: connect] It keeps saying localhost:389 and I clearly don't have it in the Realm. Here is my setup. Realm className=org.apache.catalina.realm.JNDIRealm debug=99 connectionName=cn=TomcatRole,dc=vo,dc=net connectionPassword=*** connectionURL=ldap://orlmsdc001:389; digest=MD5 roleBase=dc=roles,dc=vo,dc=net roleName=cn roleSearch=(uniqueMember={0}) roleSubtree=True userPassword=*** userPattern=cn={0},dc=vacationsonly,dc=net / --- Matt Fury [EMAIL PROTECTED] wrote: Hi All, I've been trying for several weeks to compile information on Tomcat and Active Directory through LDAP. I can't quite get all the information I need and I am hoping someone has a link to what needs to be done. I want to use the Realms in Tomcat but I can't seem to connect properly. For some reason it seems to keep trying to connect to localhost even though its not specified. Also, does SSL NEED to be implemented in order to get this to work? I will be doing AD connectivity through LAN only. Thanks. -Matt - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat and Active Directory / 2003
Hey Thanks for the reply. Tried all those to no avail. :-/ I did see the Tomcat realm how-to but I was wondering if there were issues because it is Micro$oft we're trying to connect to and its 2003. Who knows, their standard ldap may not be standard. -Matt --- Yann Cébron [EMAIL PROTECTED] wrote: Two guesses: * Did you try using the IP-address instead or use the FQDN for connectionURL, maybe there's something wrong w/ DNS? * Try w/o MD5 and see if it works then. roleSubtree=True typo - or shouldn't this be true I guess you already found the documentation here: http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html#JNDIRealm HTH, Yann BTW: I am using 4.1.27 on Windows 2000 and we're trying to connect to a Windows 2003 AD. Has this changed at all? here is the error trace: Catalina.start: LifecycleException: Exception opening directory server connecti on: javax.naming.CommunicationException: localhost:389 [Root exception is java. net.ConnectException: Connection refused: connect] LifecycleException: Exception opening directory server connection: javax.namin g.CommunicationException: localhost:389 [Root exception is java.net.ConnectExcep tion: Connection refused: connect] It keeps saying localhost:389 and I clearly don't have it in the Realm. Here is my setup. Realm className=org.apache.catalina.realm.JNDIRealm debug=99 connectionName=cn=TomcatRole,dc=vo,dc=net connectionPassword=*** connectionURL=ldap://orlmsdc001:389; digest=MD5 roleBase=dc=roles,dc=vo,dc=net roleName=cn roleSearch=(uniqueMember={0}) roleSubtree=True userPassword=*** userPattern=cn={0},dc=vacationsonly,dc=net / --- Matt Fury [EMAIL PROTECTED] wrote: Hi All, I've been trying for several weeks to compile information on Tomcat and Active Directory through LDAP. I can't quite get all the information I need and I am hoping someone has a link to what needs to be done. I want to use the Realms in Tomcat but I can't seem to connect properly. For some reason it seems to keep trying to connect to localhost even though its not specified. Also, does SSL NEED to be implemented in order to get this to work? I will be doing AD connectivity through LAN only. Thanks. -Matt - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat and Active Directory / 2003
This is my realm setup in my server.xml config Realm className=org.apache.catalina.realm.JNDIRealm debug=99 connectionURL=ldap://[domain controller]:389 userBase=OU=Users,OU=Shawmut,DC=[domain],DC=com userSearch=(sAMAccountName={0}) userRoleName=member roleBase=OU=Users,OU=Shawmut,DC=[domain],DC=com roleName=memberOf roleSearch=(memberOf=CN=tomcat,CN=Users,DC=shawmut,DC=com) connectionName=CN=Administrator,CN=Users,DC=shawmut,DC=com connectionPassword=[password] roleSubtree=true userSubtree=true/ hope this helps Russ -Original Message- From: Matt Fury [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 08, 2003 1:03 PM To: Tomcat Users List Subject: Re: Tomcat and Active Directory / 2003 Hey Thanks for the reply. Tried all those to no avail. :-/ I did see the Tomcat realm how-to but I was wondering if there were issues because it is Micro$oft we're trying to connect to and its 2003. Who knows, their standard ldap may not be standard. -Matt --- Yann Cébron [EMAIL PROTECTED] wrote: Two guesses: * Did you try using the IP-address instead or use the FQDN for connectionURL, maybe there's something wrong w/ DNS? * Try w/o MD5 and see if it works then. roleSubtree=True typo - or shouldn't this be true I guess you already found the documentation here: http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html#JNDIRealm HTH, Yann BTW: I am using 4.1.27 on Windows 2000 and we're trying to connect to a Windows 2003 AD. Has this changed at all? here is the error trace: Catalina.start: LifecycleException: Exception opening directory server connecti on: javax.naming.CommunicationException: localhost:389 [Root exception is java. net.ConnectException: Connection refused: connect] LifecycleException: Exception opening directory server connection: javax.namin g.CommunicationException: localhost:389 [Root exception is java.net.ConnectExcep tion: Connection refused: connect] It keeps saying localhost:389 and I clearly don't have it in the Realm. Here is my setup. Realm className=org.apache.catalina.realm.JNDIRealm debug=99 connectionName=cn=TomcatRole,dc=vo,dc=net connectionPassword=*** connectionURL=ldap://orlmsdc001:389; digest=MD5 roleBase=dc=roles,dc=vo,dc=net roleName=cn roleSearch=(uniqueMember={0}) roleSubtree=True userPassword=*** userPattern=cn={0},dc=vacationsonly,dc=net / --- Matt Fury [EMAIL PROTECTED] wrote: Hi All, I've been trying for several weeks to compile information on Tomcat and Active Directory through LDAP. I can't quite get all the information I need and I am hoping someone has a link to what needs to be done. I want to use the Realms in Tomcat but I can't seem to connect properly. For some reason it seems to keep trying to connect to localhost even though its not specified. Also, does SSL NEED to be implemented in order to get this to work? I will be doing AD connectivity through LAN only. Thanks. -Matt - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]