Pid,
sorry, my english is not very good. What do you mean by "raised that
particular issue too"?
>> That variable should be "${catalina.base}".
Actually, there is no variable in the config file, and it works pretty
fine.. I just did not want to insert the full path from / to the logs
folder into my letter and so I wrote just $CATALINA_BASE.
Best Regards,
Karatun Lev,
Pid <[email protected]>
10.02.2012 15:33
Please respond to
"Tomcat Users List" <[email protected]>
To
Tomcat Users List <[email protected]>
cc
Subject
Re: Fw: Problems with LDAP authentication
On 10/02/2012 10:43, Lev A KARATUN wrote:
> Does anybody have an idea?..
>
>
--------------------------------------------------------------------------------
>
> Hi again.
>
> So, my boss told me that it's insecure to give anyone the password to
view
> tomcat's logs and that should be an authentication based on Active
> Directory.
I think we raised that particular issue too.
> I've been reading the manuals for some time, and configured my Tomcat
the
> following way:
>
> $CATALINA_BASE/conf/Catalina/localhost/myapp.xml
>
> <Context antiResourceLocking="false" privileged="true"
> docBase="$CATALINA_BASE/logs" reloadable="true">
That variable should be "${catalina.base}".
p
> <Realm className="org.apache.catalina.realm.JNDIRealm"
> connectionURL="ldap://raiffeisen.ru:389";
> connectionName="[email protected]" (I also tried the
> format connectionName="cn=myaccount,dc=raiffeisen,dc=ru" - does it
matter
> what format do I use?)
> connectionPassword="mypassword"
> referrals="follow"
> userBase="OU=_Users,DC=raiffeisen,DC=ru"
> userSearch="(sAMAccountName={0})"
> userSubtree="true"
> roleBase="OU=_Groups,DC=raiffeisen,DC=ru"
> roleName="cn"
> roleSubtree="true"
> roleSearch="(member={0})"
> />
> </Context>
>
>
> WEB-INF/web.xml
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Administrative Area</web-resource-name>
> <url-pattern>/*</url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <role-name>ADGroupName</role-name>
> </auth-constraint>
> </security-constraint>
>
> <security-role>
> <description>
> The role that is required to view logs
> </description>
> <role-name>ADGroupName</role-name>
> </security-role>
>
>
> I also placed LDAP.jar into $CATALINA_BASE/lib, restarted tomcat for I
> guess a hundred times, but every time I'm getting a message in
> catalina.out:
>
> Throwable occurred: LifecycleException: Exception opening directory
> server connection: javax.naming.CommunicationException: localhost:389
> [Root exception is java.net.ConnectException: A remote host refused an
> attempted connect operation.]
>
> and
>
> SEVERE: Error deploying configuration descriptor myapp.xml
> Throwable occurred: java.lang.IllegalStateException:
> ContainerBase.addChild: start: LifecycleException: Exception opening
> directory server connection: javax.naming.CommunicationException:
> localhost:389 [Root exception is java.net.ConnectException: A remote
host
> refused an attempted connect operation.]
>
>
> I tried to telnet raiffeisen.ru by port 389 and got connected.
> I installed JXplorer, entered hostname, port, my credentials and got
> connected.
> I start Tomcat and get errors.
>
> Can you please give me an idea about what am I doing wrong?
>
> Thanks in advance.
>
> Best Regards,
> Karatun Lev.
>
>
> -----------------------------------
> This message and any attachment are confidential and may be privileged
or otherwise protected from disclosure. If you are not the intended
recipient any use, distribution, copying or disclosure is strictly
prohibited. If you have received this message in error, please notify the
sender immediately either by telephone or by e-mail and delete this
message and any attachment from your system. Correspondence via e-mail is
for information purposes only. ZAO Raiffeisenbank neither makes nor
accepts legally binding statements by e-mail unless otherwise agreed.
> -----------------------------------
--
[key:62590808]
[attachment "signature.asc" deleted by Lev A KARATUN/MSK/RBA-MOSCOW/RU]
-----------------------------------
This message and any attachment are confidential and may be privileged or
otherwise protected from disclosure. If you are not the intended recipient any
use, distribution, copying or disclosure is strictly prohibited. If you have
received this message in error, please notify the sender immediately either by
telephone or by e-mail and delete this message and any attachment from your
system. Correspondence via e-mail is for information purposes only. ZAO
Raiffeisenbank neither makes nor accepts legally binding statements by e-mail
unless otherwise agreed.
-----------------------------------
