Hi again.
So, my boss told me that it's insecure to give anyone the password to view
tomcat's logs and that should be an authentication based on Active
Directory.
I've been reading the manuals for some time, and configured my Tomcat the
following way:
$CATALINA_BASE/conf/Catalina/localhost/myapp.xml
<Context antiResourceLocking="false" privileged="true"
docBase="$CATALINA_BASE/logs" reloadable="true">
<Realm className="org.apache.catalina.realm.JNDIRealm"
connectionURL="ldap://raiffeisen.ru:389";
connectionName="[email protected]" (I also tried the
format connectionName="cn=myaccount,dc=raiffeisen,dc=ru" - does it matter
what format do I use?)
connectionPassword="mypassword"
referrals="follow"
userBase="OU=_Users,DC=raiffeisen,DC=ru"
userSearch="(sAMAccountName={0})"
userSubtree="true"
roleBase="OU=_Groups,DC=raiffeisen,DC=ru"
roleName="cn"
roleSubtree="true"
roleSearch="(member={0})"
/>
</Context>
WEB-INF/web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>Administrative Area</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>ADGroupName</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<description>
The role that is required to view logs
</description>
<role-name>ADGroupName</role-name>
</security-role>
I also placed LDAP.jar into $CATALINA_BASE/lib, restarted tomcat for I
guess a hundred times, but every time I'm getting a message in
catalina.out:
Throwable occurred: LifecycleException: Exception opening directory
server connection: javax.naming.CommunicationException: localhost:389
[Root exception is java.net.ConnectException: A remote host refused an
attempted connect operation.]
and
SEVERE: Error deploying configuration descriptor myapp.xml
Throwable occurred: java.lang.IllegalStateException:
ContainerBase.addChild: start: LifecycleException: Exception opening
directory server connection: javax.naming.CommunicationException:
localhost:389 [Root exception is java.net.ConnectException: A remote host
refused an attempted connect operation.]
I tried to telnet raiffeisen.ru by port 389 and got connected.
I installed JXplorer, entered hostname, port, my credentials and got
connected.
I start Tomcat and get errors.
Can you please give me an idea about what am I doing wrong?
Thanks in advance.
Best Regards,
Karatun Lev.
-----------------------------------
This message and any attachment are confidential and may be privileged or
otherwise protected from disclosure. If you are not the intended recipient any
use, distribution, copying or disclosure is strictly prohibited. If you have
received this message in error, please notify the sender immediately either by
telephone or by e-mail and delete this message and any attachment from your
system. Correspondence via e-mail is for information purposes only. ZAO
Raiffeisenbank neither makes nor accepts legally binding statements by e-mail
unless otherwise agreed.
-----------------------------------
