Hello Doug, Can you explain in detail what you did do make it to work. I mean creating the Roles in OiD mainly. How did you create the Users and Roles in OiD. I am new to OiD.. so if you can send me a sample LDIF file that will be great. Thanks Adil
-----Original Message----- From: Doug Redd [mailto:[EMAIL PROTECTED] Sent: Monday, March 10, 2003 1:37 PM To: Tomcat Users List Subject: RE: Tomcat with Oracle Internet Directory I got this working but it is kind of convoluted because of the way OiD encrypts passwords. OiD defaults to MD4 for the password digestion and Tomcat uses MD5 (I think SHA may work also, but I have not tried it. MD5 and SHA are the only algorithms supported by the Sun JDK, which is the source of the limitation if I am not mistaken). So you need to configure OiD to use MD5. On top of that, OiD does a base-64 encoding of the digested password, and then prefixes it with the name of the digestion algorithm used in braces. So, if a user has the password "welcome", the OiD userPassword attribute will be the MD5 digest of "welcome", which is then base-64 encoded and prefixed with "{MD5}". The only way I could get it to work is to use form based authentication with no digest. The target of the login form is a handler that performs an MD5 digestion and base-64 encoding and then prefixes the password with {MD5}, then forwards the request to j_security_check. - Doug -----Original Message----- From: Karamat Adil IHMD [mailto:[EMAIL PROTECTED] Sent: Monday, March 10, 2003 9:40 AM To: '[EMAIL PROTECTED]' Subject: Tomcat with Oracle Internet Directory Hi, I am new at this so please be patient with me !!! Ok I am trying to get Tomcat to work with Oracle's LDAP implementation (OiD) for authentication purposes. I just wanted to know if anyone has ever tried this. I cant get it to work ! In the <REALM> tag in server.xml what I have is as follows: <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" connectionName="cn=orcladmin" connectionPassword="welcome" connectionURL="ldap://LdapServer:389" roleBase="dc=roles,dc=com" roleName="tomcat" roleSearch="(uniqueMember={0})" roleSubtree="false" userPassword="userPassword" userPattern="cn={0},dc=com"/> and my web.xml file is as follows: <security-constraint> <display-name>Example Security Constraint</display-name> <web-resource-collection> <web-resource-name>Protected Area</web-resource-name> <!-- Define the context-relative URL(s) to be protected --> <!-- <url-pattern>/jsp/security/protected/*</url-pattern> --> <url-pattern>/*</url-pattern> <!-- If you list http methods, only those methods are protected --> <http-method>DELETE</http-method> <http-method>GET</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> </web-resource-collection> <auth-constraint> <!-- Anyone with one of the listed roles may access this area --> <role-name>organizationalRole</role-name> <role-name>roles</role-name> <role-name>tomcat</role-name> </auth-constraint> </security-constraint> <!-- Default login configuration uses form-based authentication --> <login-config> <auth-method>BASIC</auth-method> <realm-name>Example BASIC Authentication Area</realm-name> </login-config> <!-- Security roles referenced by this web application --> <security-role> <role-name>organizationalRole</role-name> </security-role> <security-role> <role-name>roles</role-name> </security-role> <security-role> <role-name>tomcat</role-name> </security-role> The authentication box comes up when I navigate to my application site but it cannot authenticate. Has anyone ever tried Oracle and Tomcat before? And yes I have Users and Roles under OiD assigned. Any help will be greatly appreciated. Thanks Adil --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]