Am 07.10.2014 um 14:32 schrieb Igor Cicimov:
Hi Felix,
First thanks for your reply.
On Tue, Oct 7, 2014 at 6:35 PM, Felix Schumacher <
felix.schumac...@internetallee.de> wrote:
Hi Igor,
Am 07.10.2014 07:07, schrieb Igor Cicimov:
Hi all,
I've been setting up user authentication based on JNDIRealm and have
couple
of questions regarding the operation. I've been using one of the secured
applications that come with the examples included in Tomcat source for
testing. My setup with obfuscated names and passwords is as follows.
Which tomcat version do you use?
It's 7.0.52-1ubuntu0.1 from Ubuntu 14.04 repository, sorry I missed
mentioning that.
I have the following Realm in the default host:
<Host name="localhost" appBase="webapps" unpackWARs="true"
autoDeploy="false">
<Realm className="org.apache.catalina.realm.JNDIRealm"
debug="99"
debug is not used anymore, so just delete it.
Done.
connectionURL="ldap://ldap1.mydomain.com:389";
alternateURL="ldap://ldap2.mydomain.com:389";
connectionName="cn=connect,ou=Users,dc=mydomain,dc=com"
connectionPassword="password"
userBase="ou=Users,dc=mydomain,dc=com"
userSearch="uid={0}"
roleBase="ou=Groups,dc=mydomain,dc=com"
roleName="cn"
roleSearch="memberUid={1}"
contextFactory="org.apache.catalina.ldap.realm.LdapTlsContextFactory"/>
Do you need the LdapTlsContextFactory? If so, what is your ldap server
setup?
Good that you mentioned that I wanted to ask about this in a separate
thread. I was searching for STARTTLS support in the JNDIRealm and this was
the only solution I could find. I got the directions from here:
http://wiki.apache.org/tomcat/JNDI_startTLs_HowTo, so I compiled and
installed the context factory since the TLS is a must fro my user case.
It's working fine for me but still wanted to ask, since the above HowTo is
from 2010, has this been maybe integrated in the Tomcat mainstream now and
I have missed something in the documentation or is it still a (only) valid
solution for TLS support?
If TLS is important to you, I hope you have changed the HostnameVerifier to
something more sensible :)
There is a bug request open
https://issues.apache.org/bugzilla/show_bug.cgi?id=49785
but only very few people asked for it in the last four years. You can
try to vote it up.
I have only used ldap servers, which would be reachable by ssl, so there
was no
need for me to investigate further. Any reason why your ldap server
can't be used with ssl?
Felix
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
