On 10/02/2012 10:43, Lev A KARATUN wrote: > Does anybody have an idea?.. > > -------------------------------------------------------------------------------- > > Hi again. > > So, my boss told me that it's insecure to give anyone the password to view > tomcat's logs and that should be an authentication based on Active > Directory.
I think we raised that particular issue too.
> I've been reading the manuals for some time, and configured my Tomcat the
> following way:
>
> $CATALINA_BASE/conf/Catalina/localhost/myapp.xml
>
> <Context antiResourceLocking="false" privileged="true"
> docBase="$CATALINA_BASE/logs" reloadable="true">
That variable should be "${catalina.base}".
p
> <Realm className="org.apache.catalina.realm.JNDIRealm"
> connectionURL="ldap://raiffeisen.ru:389";
> connectionName="[email protected]" (I also tried the
> format connectionName="cn=myaccount,dc=raiffeisen,dc=ru" - does it matter
> what format do I use?)
> connectionPassword="mypassword"
> referrals="follow"
> userBase="OU=_Users,DC=raiffeisen,DC=ru"
> userSearch="(sAMAccountName={0})"
> userSubtree="true"
> roleBase="OU=_Groups,DC=raiffeisen,DC=ru"
> roleName="cn"
> roleSubtree="true"
> roleSearch="(member={0})"
> />
> </Context>
>
>
> WEB-INF/web.xml
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Administrative Area</web-resource-name>
> <url-pattern>/*</url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <role-name>ADGroupName</role-name>
> </auth-constraint>
> </security-constraint>
>
> <security-role>
> <description>
> The role that is required to view logs
> </description>
> <role-name>ADGroupName</role-name>
> </security-role>
>
>
> I also placed LDAP.jar into $CATALINA_BASE/lib, restarted tomcat for I
> guess a hundred times, but every time I'm getting a message in
> catalina.out:
>
> Throwable occurred: LifecycleException: Exception opening directory
> server connection: javax.naming.CommunicationException: localhost:389
> [Root exception is java.net.ConnectException: A remote host refused an
> attempted connect operation.]
>
> and
>
> SEVERE: Error deploying configuration descriptor myapp.xml
> Throwable occurred: java.lang.IllegalStateException:
> ContainerBase.addChild: start: LifecycleException: Exception opening
> directory server connection: javax.naming.CommunicationException:
> localhost:389 [Root exception is java.net.ConnectException: A remote host
> refused an attempted connect operation.]
>
>
> I tried to telnet raiffeisen.ru by port 389 and got connected.
> I installed JXplorer, entered hostname, port, my credentials and got
> connected.
> I start Tomcat and get errors.
>
> Can you please give me an idea about what am I doing wrong?
>
> Thanks in advance.
>
> Best Regards,
> Karatun Lev.
>
>
> -----------------------------------
> This message and any attachment are confidential and may be privileged or
> otherwise protected from disclosure. If you are not the intended recipient
> any use, distribution, copying or disclosure is strictly prohibited. If you
> have received this message in error, please notify the sender immediately
> either by telephone or by e-mail and delete this message and any attachment
> from your system. Correspondence via e-mail is for information purposes only.
> ZAO Raiffeisenbank neither makes nor accepts legally binding statements by
> e-mail unless otherwise agreed.
> -----------------------------------
--
[key:62590808]
signature.asc
Description: OpenPGP digital signature
