Am 10.02.2012 11:43, schrieb Lev A KARATUN:
Does anybody have an idea?..
--------------------------------------------------------------------------------
Hi again.
So, my boss told me that it's insecure to give anyone the password to
view
tomcat's logs and that should be an authentication based on Active
Directory.
I've been reading the manuals for some time, and configured my Tomcat
the
following way:
$CATALINA_BASE/conf/Catalina/localhost/myapp.xml
<Context antiResourceLocking="false" privileged="true"
docBase="$CATALINA_BASE/logs" reloadable="true">
<Realm className="org.apache.catalina.realm.JNDIRealm"
connectionURL="ldap://raiffeisen.ru:389";
connectionName="myacco...@raiffeisen.ru" (I also tried the
format connectionName="cn=myaccount,dc=raiffeisen,dc=ru" - does it
matter
what format do I use?)
For normal ldap servers it would be the latter one, eg. a fully
qualified dn. ADS might accept the mail adress of the user, but I
frankly don't know.
connectionPassword="mypassword"
referrals="follow"
userBase="OU=_Users,DC=raiffeisen,DC=ru"
userSearch="(sAMAccountName={0})"
userSubtree="true"
roleBase="OU=_Groups,DC=raiffeisen,DC=ru"
roleName="cn"
roleSubtree="true"
roleSearch="(member={0})"
For ADS you might want to add adCompat="true" (look at
http://tomcat.apache.org/tomcat-7.0-doc/config/realm.html for further
infos).
/>
</Context>
WEB-INF/web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>Administrative Area</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>ADGroupName</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<description>
The role that is required to view logs
</description>
<role-name>ADGroupName</role-name>
</security-role>
I also placed LDAP.jar into $CATALINA_BASE/lib, restarted tomcat for
I
guess a hundred times, but every time I'm getting a message in
catalina.out:
Throwable occurred: LifecycleException: Exception opening directory
server connection: javax.naming.CommunicationException:
localhost:389
[Root exception is java.net.ConnectException: A remote host refused
an
attempted connect operation.]
Since localhost is another server, than what you told us you had
configured, I think your context file is not being used. Search for
other context files, where you either have configured localhost or
misspelled connectionURL.
and
SEVERE: Error deploying configuration descriptor myapp.xml
Throwable occurred: java.lang.IllegalStateException:
ContainerBase.addChild: start: LifecycleException: Exception opening
directory server connection: javax.naming.CommunicationException:
localhost:389 [Root exception is java.net.ConnectException: A remote
host
refused an attempted connect operation.]
I tried to telnet raiffeisen.ru by port 389 and got connected.
I installed JXplorer, entered hostname, port, my credentials and got
connected.
telnet localhost 389 and see if you get any errors :)
Regards
Felix
I start Tomcat and get errors.
Can you please give me an idea about what am I doing wrong?
Thanks in advance.
Best Regards,
Karatun Lev.
-----------------------------------
This message and any attachment are confidential and may be
privileged or otherwise protected from disclosure. If you are not the
intended recipient any use, distribution, copying or disclosure is
strictly prohibited. If you have received this message in error,
please notify the sender immediately either by telephone or by e-mail
and delete this message and any attachment from your system.
Correspondence via e-mail is for information purposes only. ZAO
Raiffeisenbank neither makes nor accepts legally binding statements
by
e-mail unless otherwise agreed.
-----------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
