RE: LDAP Authentication with Tomcat 4.1.3
Is having two OU entries OK? Best Wishes John Burgess [EMAIL PROTECTED] Tel: 01865 718666 Fax: 01865 718600 -Original Message- From: Josh Fenlason [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 11, 2002 9:12 PM To: Tomcat Subject: LDAP Authentication with Tomcat 4.1.3 I'm trying to do LDAP Authentication in Tomcat 4.1.3. I found some a couple of links that said to use LDAPRealm in Tomcat's server.xml, but I still haven't had any luck. Has anyone else been able to get this to work? Here are the two Realm elements that I've tried in server.xml. Any help would be greatly appreciated. Thanks. , Josh. Realm className=com.peacetech.webtools.tomcat.LdapRealmCatalina debug=1 directoryUrl = ldap://corvette.mn.ptc.com:389; searchBindDN = ou-jfenlason_r62DC,ou=jfenlason,l=Arden Hills,o=Bethel searchBindCredentials = mypassword searchBaseContext = o=PTC searchFilter = cn={0} searchScopeAsString = sub securityAttributes = securityEquals attributesReadByOwner = true connectionMaxPoolSize = 10 ldapVersion = 3 / Realm className=org.apache.catalina.realm.LDAPRealm ldapContextFactory=com.sun.jndi.ldap.LdapCtxFactory ldapServer=ldap.corvette.mn.com ldapPort=389 ldapDN=cn=%u,ou=jfenlason_r62DC,ou=jfenlason,l=Arden Hills,o=Bethel ldapGroupContext=ou=jfenlason_r62DC,ou=jfenlason,l=Arden Hills,o=Bethel ldapGroupFilter=(amp;(uniquemember=%dn)(objectclass=groupOfUniqueNames)) ldapRoleAttribute=cn debug=99 / -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.365 / Virus Database: 202 - Release Date: 24/05/02 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.365 / Virus Database: 202 - Release Date: 24/05/02 -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: LDAP Authentication with Tomcat 4.1.3
I used to use Apache1.3.24 and Tomcat 3.2 and I did the ldap authentication from Apache with two ou entries. Now I'm moving to Apache2 but the ldap authentication modules don't seem to work, so I need to get Tomcat to do the ldap authentication. If anyone could give me a pointer, I would greatly appreciate it. Thanks in advance. , Josh. -Original Message- From: John Burgess [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 12, 2002 4:21 AM To: Tomcat Users List Subject: RE: LDAP Authentication with Tomcat 4.1.3 Is having two OU entries OK? Best Wishes John Burgess [EMAIL PROTECTED] Tel: 01865 718666 Fax: 01865 718600 -Original Message- From: Josh Fenlason [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 11, 2002 9:12 PM To: Tomcat Subject: LDAP Authentication with Tomcat 4.1.3 I'm trying to do LDAP Authentication in Tomcat 4.1.3. I found some a couple of links that said to use LDAPRealm in Tomcat's server.xml, but I still haven't had any luck. Has anyone else been able to get this to work? Here are the two Realm elements that I've tried in server.xml. Any help would be greatly appreciated. Thanks. , Josh. Realm className=com.peacetech.webtools.tomcat.LdapRealmCatalina debug=1 directoryUrl = ldap://corvette.mn.ptc.com:389; searchBindDN = ou-jfenlason_r62DC,ou=jfenlason,l=Arden Hills,o=Bethel searchBindCredentials = mypassword searchBaseContext = o=PTC searchFilter = cn={0} searchScopeAsString = sub securityAttributes = securityEquals attributesReadByOwner = true connectionMaxPoolSize = 10 ldapVersion = 3 / Realm className=org.apache.catalina.realm.LDAPRealm ldapContextFactory=com.sun.jndi.ldap.LdapCtxFactory ldapServer=ldap.corvette.mn.com ldapPort=389 ldapDN=cn=%u,ou=jfenlason_r62DC,ou=jfenlason,l=Arden Hills,o=Bethel ldapGroupContext=ou=jfenlason_r62DC,ou=jfenlason,l=Arden Hills,o=Bethel ldapGroupFilter=(amp;(uniquemember=%dn)(objectclass=groupOfUniqueNames)) ldapRoleAttribute=cn debug=99 / -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.365 / Virus Database: 202 - Release Date: 24/05/02 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.365 / Virus Database: 202 - Release Date: 24/05/02 -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: LDAP Authentication with Tomcat 4.1.3
Have a look at these links. There is some new functionality in Tomcat 4.1 that isn't mentioned in the main end-user document yet that is in the second link. Namely, how to get it to bind as a user to do the authentication rather than querying for a password and comparing it. http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html#JNDIRealm http://jakarta.apache.org/tomcat/tomcat-4.1-doc/catalina/docs/api/index.html Jon - Original Message - From: Josh Fenlason [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Wednesday, June 12, 2002 8:28 AM Subject: RE: LDAP Authentication with Tomcat 4.1.3 I used to use Apache1.3.24 and Tomcat 3.2 and I did the ldap authentication from Apache with two ou entries. Now I'm moving to Apache2 but the ldap authentication modules don't seem to work, so I need to get Tomcat to do the ldap authentication. If anyone could give me a pointer, I would greatly appreciate it. Thanks in advance. , Josh. -Original Message- From: John Burgess [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 12, 2002 4:21 AM To: Tomcat Users List Subject: RE: LDAP Authentication with Tomcat 4.1.3 Is having two OU entries OK? Best Wishes John Burgess [EMAIL PROTECTED] Tel: 01865 718666 Fax: 01865 718600 -Original Message- From: Josh Fenlason [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 11, 2002 9:12 PM To: Tomcat Subject: LDAP Authentication with Tomcat 4.1.3 I'm trying to do LDAP Authentication in Tomcat 4.1.3. I found some a couple of links that said to use LDAPRealm in Tomcat's server.xml, but I still haven't had any luck. Has anyone else been able to get this to work? Here are the two Realm elements that I've tried in server.xml. Any help would be greatly appreciated. Thanks. , Josh. Realm className=com.peacetech.webtools.tomcat.LdapRealmCatalina debug=1 directoryUrl = ldap://corvette.mn.ptc.com:389; searchBindDN = ou-jfenlason_r62DC,ou=jfenlason,l=Arden Hills,o=Bethel searchBindCredentials = mypassword searchBaseContext = o=PTC searchFilter = cn={0} searchScopeAsString = sub securityAttributes = securityEquals attributesReadByOwner = true connectionMaxPoolSize = 10 ldapVersion = 3 / Realm className=org.apache.catalina.realm.LDAPRealm ldapContextFactory=com.sun.jndi.ldap.LdapCtxFactory ldapServer=ldap.corvette.mn.com ldapPort=389 ldapDN=cn=%u,ou=jfenlason_r62DC,ou=jfenlason,l=Arden Hills,o=Bethel ldapGroupContext=ou=jfenlason_r62DC,ou=jfenlason,l=Arden Hills,o=Bethel ldapGroupFilter=(amp;(uniquemember=%dn)(objectclass=groupOfUniqueNames)) ldapRoleAttribute=cn debug=99 / -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.365 / Virus Database: 202 - Release Date: 24/05/02 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.365 / Virus Database: 202 - Release Date: 24/05/02 -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
LDAP Authentication with Tomcat 4.1.3
I'm trying to do LDAP Authentication in Tomcat 4.1.3. I found some a couple of links that said to use LDAPRealm in Tomcat's server.xml, but I still haven't had any luck. Has anyone else been able to get this to work? Here are the two Realm elements that I've tried in server.xml. Any help would be greatly appreciated. Thanks. , Josh. Realm className=com.peacetech.webtools.tomcat.LdapRealmCatalina debug=1 directoryUrl = ldap://corvette.mn.ptc.com:389; searchBindDN = ou-jfenlason_r62DC,ou=jfenlason,l=Arden Hills,o=Bethel searchBindCredentials = mypassword searchBaseContext = o=PTC searchFilter = cn={0} searchScopeAsString = sub securityAttributes = securityEquals attributesReadByOwner = true connectionMaxPoolSize = 10 ldapVersion = 3 / Realm className=org.apache.catalina.realm.LDAPRealm ldapContextFactory=com.sun.jndi.ldap.LdapCtxFactory ldapServer=ldap.corvette.mn.com ldapPort=389 ldapDN=cn=%u,ou=jfenlason_r62DC,ou=jfenlason,l=Arden Hills,o=Bethel ldapGroupContext=ou=jfenlason_r62DC,ou=jfenlason,l=Arden Hills,o=Bethel ldapGroupFilter=(amp;(uniquemember=%dn)(objectclass=groupOfUniqueNames)) ldapRoleAttribute=cn debug=99 / -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: ldap authentication with tomcat
Depending on your requirements you may want to create a auth servlet that authenticates users to ldap server using for ex netscape's ldapjdk package or JDNI classes, and then keep users login in the session object. All you protected servlets/jsps should assert the session checking if user's info is in the session. Another option: to use JNDIRealm, but I can't advise on this b/c I never used it. - Boris Hi, I am new to the subject: How can I enforce ldap authentication for certain resources using tomcat - similar to the Directory toProtectResourcePath Options FollowSymLinks AllowOverride None AuthType Basic AuthName Authentication AuthLDAPURL ldap://ldapUrl require valid-user /Directory for apache in order to be able to get user information via e.g. getRemoteUser() etc. ? And by the way: Where is a valuable description of the configuration with server.xml and web.xml? Thanks. Astrid
ldap authentication with tomcat
Hi, I am new to the subject: How can I enforce ldap authentication for certain resources using tomcat - similar to the Directory toProtectResourcePath Options FollowSymLinks AllowOverride None AuthType Basic AuthName Authentication AuthLDAPURL ldap://ldapUrl require valid-user /Directory for apache in order to be able to get user information via e.g. getRemoteUser() etc. ? And by the way: Where is a valuable description of the configuration with server.xml and web.xml? Thanks. Astrid
Re: ldap authentication with tomcat
I think JNDIRealm will do this. However, it seems to be a pretty newly added feature and as far as I can tell, it isn't documented very well. I've been wondering the same thing. If you figure it out, please let me know. You might want to do a search of the mail list archives. I saw a few messages about it in there. However, it looked like it was about a 3rd party add-on that did it. I'm pretty sure the functionality now exists in it natively. I think it's configured similar to JDBCRealm in server.xml. So, I've been thinking that I might try to figure that out first, since, it seems to be better documented. Jon - Original Message - From: Astrid Wagner [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, August 22, 2001 6:04 AM Subject: ldap authentication with tomcat Hi, I am new to the subject: How can I enforce ldap authentication for certain resources using tomcat - similar to the Directory toProtectResourcePath Options FollowSymLinks AllowOverride None AuthType Basic AuthName Authentication AuthLDAPURL ldap://ldapUrl require valid-user /Directory for apache in order to be able to get user information via e.g. getRemoteUser() etc. ? And by the way: Where is a valuable description of the configuration with server.xml and web.xml? Thanks. Astrid