On 10/02/2012 10:43, Lev A KARATUN wrote: > Does anybody have an idea?.. > > -------------------------------------------------------------------------------- > > Hi again. > > So, my boss told me that it's insecure to give anyone the password to view > tomcat's logs and that should be an authentication based on Active > Directory.
I think we raised that particular issue too. > I've been reading the manuals for some time, and configured my Tomcat the > following way: > > $CATALINA_BASE/conf/Catalina/localhost/myapp.xml > > <Context antiResourceLocking="false" privileged="true" > docBase="$CATALINA_BASE/logs" reloadable="true"> That variable should be "${catalina.base}". p > <Realm className="org.apache.catalina.realm.JNDIRealm" > connectionURL="ldap://raiffeisen.ru:389" > connectionName="myacco...@raiffeisen.ru" (I also tried the > format connectionName="cn=myaccount,dc=raiffeisen,dc=ru" - does it matter > what format do I use?) > connectionPassword="mypassword" > referrals="follow" > userBase="OU=_Users,DC=raiffeisen,DC=ru" > userSearch="(sAMAccountName={0})" > userSubtree="true" > roleBase="OU=_Groups,DC=raiffeisen,DC=ru" > roleName="cn" > roleSubtree="true" > roleSearch="(member={0})" > /> > </Context> > > > WEB-INF/web.xml > > <security-constraint> > <web-resource-collection> > <web-resource-name>Administrative Area</web-resource-name> > <url-pattern>/*</url-pattern> > </web-resource-collection> > <auth-constraint> > <role-name>ADGroupName</role-name> > </auth-constraint> > </security-constraint> > > <security-role> > <description> > The role that is required to view logs > </description> > <role-name>ADGroupName</role-name> > </security-role> > > > I also placed LDAP.jar into $CATALINA_BASE/lib, restarted tomcat for I > guess a hundred times, but every time I'm getting a message in > catalina.out: > > Throwable occurred: LifecycleException: Exception opening directory > server connection: javax.naming.CommunicationException: localhost:389 > [Root exception is java.net.ConnectException: A remote host refused an > attempted connect operation.] > > and > > SEVERE: Error deploying configuration descriptor myapp.xml > Throwable occurred: java.lang.IllegalStateException: > ContainerBase.addChild: start: LifecycleException: Exception opening > directory server connection: javax.naming.CommunicationException: > localhost:389 [Root exception is java.net.ConnectException: A remote host > refused an attempted connect operation.] > > > I tried to telnet raiffeisen.ru by port 389 and got connected. > I installed JXplorer, entered hostname, port, my credentials and got > connected. > I start Tomcat and get errors. > > Can you please give me an idea about what am I doing wrong? > > Thanks in advance. > > Best Regards, > Karatun Lev. > > > ----------------------------------- > This message and any attachment are confidential and may be privileged or > otherwise protected from disclosure. If you are not the intended recipient > any use, distribution, copying or disclosure is strictly prohibited. If you > have received this message in error, please notify the sender immediately > either by telephone or by e-mail and delete this message and any attachment > from your system. Correspondence via e-mail is for information purposes only. > ZAO Raiffeisenbank neither makes nor accepts legally binding statements by > e-mail unless otherwise agreed. > ----------------------------------- -- [key:62590808]
signature.asc
Description: OpenPGP digital signature