So did you try debugging the JNDIRealm???? That's what I wonna do with my umlaut problem... Mark
Sandeep N wrote:
I did try out these things long back, but it did not yield any success. Hence mailed the list.
On Fri, 29 Oct 2004 14:14:57 +0200, Mark Doppelfeld
<[EMAIL PROTECTED]> wrote:
Hi,
took this from the documentation
For each of the standard |Realm| implementations, the user's password (by default) is stored in clear text. In many environments, this is undesireable because casual observers of the authentication data can collect enough information to log on successfully, and impersonate other users. To avoid this problem, the standard implementations support the concept of /digesting/ user passwords. This causes the stored version of the passwords to be encoded (in a form that is not easily reversible), but that the |Realm| implementation can still utilize for authentication.
Digested passwords are selected by specifying the |digest| attribute on your |<Realm>| element. The value for this attribute must be one of the digest algorithms supported by the |java.security.MessageDigest| class (SHA, MD2, or MD5). When you select this option, the contents of the password that is stored in the |Realm| must be the cleartext version of the password, as digested by the specified algorithm.
When the |authenticate()| method of the Realm is called, the (cleartext) password specified by the user is itself digested by the same algorithm, and the result is compared with the value returned by the |Realm|. An equal match implies that the cleartext version of the original password is the same as the one presented by the user, so that this user should be authorized.
So give it a try and please feedback some information. Mark
Sandeep N wrote:
I guess in the LDAP directory, the password is not stored as a clear text but in an encrypted manner using SHA (Simple Hashing Algorithm). Can that be the reason for not authenticating this user? And I don't have any special characters embedded in my username/ password.
Also, I can trace my LDAP directory, without any problems, though.
On Fri, 29 Oct 2004 13:50:35 +0200, Mark Doppelfeld <[EMAIL PROTECTED]> wrote:
---------------------------------------------------------------------So your user hasn't been authenticated by the JNDIRealm. Is there any security role specific stuff?? You have to distinguish between authentication and authorization (roles etc.) Can you trace your ldap engine??? We are facing problems with german umlauts in passwords (JDBCRealm). Do you have any chars within user/password which need special encoding??? Cheers Mark
Sandeep N wrote:
This is what the log file (catalina_log.2004-10-29.txt) reads -
2004-10-29 15:53:14 JNDIRealm[Standalone]: Connecting to URL ldap://localhost:389 2004-10-29 15:53:38 JNDIRealm[Standalone]: lookupUser(sandeep) 2004-10-29 15:53:38 JNDIRealm[Standalone]: dn=cn=sandeep,cn=Manager,dc=my-domain,dc=com 2004-10-29 15:53:38 JNDIRealm[Standalone]: retrieving attribute userPassword 2004-10-29 15:53:38 JNDIRealm[Standalone]: validating credentials 2004-10-29 15:53:38 JNDIRealm[Standalone]: Username sandeep NOT successfully authenticated
On Thu, 28 Oct 2004 15:29:00 +0200, Mark Doppelfeld <[EMAIL PROTECTED]> wrote:
Hi,
have a look in your log files. It should tell you something about your authentication process... Mark
Sandeep N wrote:
Hi,
I have a problem trying to authenticate users, whose details are stored in the LDAP directory through Apache Tomcat. The details of the software I am using are as follows :
LDAP: OpenLDAP V 2.2.17 Web-Server: Apache-Tomcat V 4.1.30 OS: Suse - Linux
The LDAP directory structure is somewhat like this - dc=my-domain,dc=com cn= Manager cn=person1 cn=person2 and so on
In the server.xml file (under APACHE-TOMCAT-DIR/conf/) I have included he following piece of code -
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" connectionName="cn=Manager,dc=my-domain,dc=com" connectionPassword="secret" connectionURL="ldap://localhost:389"; roleName="cn" roleSearch="(uniqueMember={0})" userPassword="userPassword" userPattern="cn={0},cn=Manager,dn=my-domain,dn=com" />
The folder I have to authenticate is "param_test" and this resides under "APACHE-TOMCAT-DIR/webapps".
The web.xml file under the "param_test" folder contains the following piece of code - .................................. <security-constraint> <web-resource-collection> <web-resource-name>test</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>cn</role-name> </auth-constraint> </security-constraint>
<login-config> <auth-method>BASIC</auth-method> <realm-name>test</realm-name> </login-config>
..................................
I have even copied the jndi.jar, ldap.jar files to APACHE-TOMCAT-DIR/server/lib directory
When I try to access the link, http://localhost:8089/param_test, it prompts me for the username and password. When I type in these parameters as per the entries in the LDAP directory, the pop-up reappears and this goes on continously. If I cancel this pop-up, HTTP error 401 is returned. Any guesses where I have gone wrong?
Thanks in advance.
Regards, Sandeep
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
