Hi, Thank you for posting your findings. These are very helpful to people searching the archives.
Yoav Shapira http://www.yoavshapira.com >-----Original Message----- >From: Sandeep N [mailto:[EMAIL PROTECTED] >Sent: Sunday, November 07, 2004 11:45 PM >To: Tomcat Users List >Subject: Re: User Authentication Problem LDAP > >Hi All, > >I got my problem solved..The culprit was that I hadn't included the >attribute "digest" with value "SHA" (SHA because my LDAP directory is >storing the password in this format) in the <realm> directive in >server.xml. Also, I had to change <role-name>cn</role-name> to ><role-name>*</role-name> in web.xml. Now, the things seems to work >without any hassles. > >Regards, >Sandeep > > >On Tue, 02 Nov 2004 12:19:13 +0100, Olivier Jolly ><[EMAIL PROTECTED]> wrote: >> I'm not a specialist in this but it smells like you're saying that the >> role name are listedin the attribute 'cn' and that to access your site >> the connected user should have the role 'cn' hence if you do not have a >> user with it's cn=cn (attribute cn = value "cn"), it won't work. Maybe >> you could either enter real roles to your users in another attribute >> than cn and adapt your web.xml accordingly or suppress the >> auth-constraint on the role-name >> >> Hope it helps >> >> Olivier >> >> >> >> Sandeep N wrote: >> >> >Hi, >> > >> >I have a problem trying to authenticate users, whose details are >> >stored in the LDAP directory through Apache Tomcat. The details of the >> >software I am using are as follows : >> > >> >LDAP: OpenLDAP V 2.2.17 >> >Web-Server: Apache-Tomcat V 4.1.30 >> >OS: Suse - Linux >> > >> >The LDAP directory structure is somewhat like this - >> >dc=my-domain,dc=com >> >cn= Manager >> > cn=person1 >> > cn=person2 and so on >> > >> >In the server.xml file (under APACHE-TOMCAT-DIR/conf/) I have included >> >he following piece of code - >> > >> ><Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" >> >connectionName="cn=Manager,dc=my-domain,dc=com" >> >connectionPassword="secret" connectionURL="ldap://localhost:389"; >> >roleName="cn" roleSearch="(uniqueMember={0})" >> >userPassword="userPassword" >> >userPattern="cn={0},cn=Manager,dn=my-domain,dn=com" /> >> > >> >The folder I have to authenticate is "param_test" and this resides >> >under "APACHE-TOMCAT-DIR/webapps". >> > >> >The web.xml file under the "param_test" folder contains the following >> >piece of code - >> >.................................. >> ><security-constraint> >> > <web-resource-collection> >> > <web-resource-name>test</web-resource-name> >> > <url-pattern>/*</url-pattern> >> > </web-resource-collection> >> > <auth-constraint> >> > <role-name>cn</role-name> >> > </auth-constraint> >> ></security-constraint> >> > >> ><login-config> >> > <auth-method>BASIC</auth-method> >> > <realm-name>test</realm-name> >> ></login-config> >> > >> >.................................. >> > >> >I have even copied the jndi.jar, ldap.jar files to >> >APACHE-TOMCAT-DIR/server/lib directory >> > >> >When I try to access the link, http://localhost:8089/param_test, it >> >prompts me for the username and password. When I type in these >> >parameters as per the entries in the LDAP directory, the pop-up >> >reappears and this goes on continously. If I cancel this pop-up, HTTP >> >error 401 is returned. Any guesses where I have gone wrong? >> > >> >Thanks in advance. >> > >> >Regards, >> >Sandeep >> > >> >--------------------------------------------------------------------- >> >To unsubscribe, e-mail: [EMAIL PROTECTED] >> >For additional commands, e-mail: [EMAIL PROTECTED] >> > >> > >> > >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
