On 10/02/2012 11:53, Lev A KARATUN wrote: > Pid, > > sorry, my english is not very good. What do you mean by "raised that > particular issue too"?
We mentioned that allowing uncontrolled access to the logs was a bad idea. Your boss appears to agree. >>> That variable should be "${catalina.base}". > Actually, there is no variable in the config file, and it works pretty > fine.. I just did not want to insert the full path from / to the logs > folder into my letter and so I wrote just $CATALINA_BASE. OK. p > Best Regards, > Karatun Lev, > > > > > Pid <p...@pidster.com> > 10.02.2012 15:33 > Please respond to > "Tomcat Users List" <users@tomcat.apache.org> > > > To > Tomcat Users List <users@tomcat.apache.org> > cc > > Subject > Re: Fw: Problems with LDAP authentication > > > > > > > On 10/02/2012 10:43, Lev A KARATUN wrote: >> Does anybody have an idea?.. >> >> > -------------------------------------------------------------------------------- >> >> Hi again. >> >> So, my boss told me that it's insecure to give anyone the password to > view >> tomcat's logs and that should be an authentication based on Active >> Directory. > > I think we raised that particular issue too. > > >> I've been reading the manuals for some time, and configured my Tomcat > the >> following way: >> >> $CATALINA_BASE/conf/Catalina/localhost/myapp.xml >> >> <Context antiResourceLocking="false" privileged="true" >> docBase="$CATALINA_BASE/logs" reloadable="true"> > > That variable should be "${catalina.base}". > > > p > >> <Realm className="org.apache.catalina.realm.JNDIRealm" >> connectionURL="ldap://raiffeisen.ru:389" >> connectionName="myacco...@raiffeisen.ru" (I also tried the >> format connectionName="cn=myaccount,dc=raiffeisen,dc=ru" - does it > matter >> what format do I use?) >> connectionPassword="mypassword" >> referrals="follow" >> userBase="OU=_Users,DC=raiffeisen,DC=ru" >> userSearch="(sAMAccountName={0})" >> userSubtree="true" >> roleBase="OU=_Groups,DC=raiffeisen,DC=ru" >> roleName="cn" >> roleSubtree="true" >> roleSearch="(member={0})" >> /> >> </Context> >> >> >> WEB-INF/web.xml >> >> <security-constraint> >> <web-resource-collection> >> <web-resource-name>Administrative Area</web-resource-name> >> <url-pattern>/*</url-pattern> >> </web-resource-collection> >> <auth-constraint> >> <role-name>ADGroupName</role-name> >> </auth-constraint> >> </security-constraint> >> >> <security-role> >> <description> >> The role that is required to view logs >> </description> >> <role-name>ADGroupName</role-name> >> </security-role> >> >> >> I also placed LDAP.jar into $CATALINA_BASE/lib, restarted tomcat for I >> guess a hundred times, but every time I'm getting a message in >> catalina.out: >> >> Throwable occurred: LifecycleException: Exception opening directory >> server connection: javax.naming.CommunicationException: localhost:389 >> [Root exception is java.net.ConnectException: A remote host refused an >> attempted connect operation.] >> >> and >> >> SEVERE: Error deploying configuration descriptor myapp.xml >> Throwable occurred: java.lang.IllegalStateException: >> ContainerBase.addChild: start: LifecycleException: Exception opening >> directory server connection: javax.naming.CommunicationException: >> localhost:389 [Root exception is java.net.ConnectException: A remote > host >> refused an attempted connect operation.] >> >> >> I tried to telnet raiffeisen.ru by port 389 and got connected. >> I installed JXplorer, entered hostname, port, my credentials and got >> connected. >> I start Tomcat and get errors. >> >> Can you please give me an idea about what am I doing wrong? >> >> Thanks in advance. >> >> Best Regards, >> Karatun Lev. >> >> >> ----------------------------------- >> This message and any attachment are confidential and may be privileged > or otherwise protected from disclosure. If you are not the intended > recipient any use, distribution, copying or disclosure is strictly > prohibited. If you have received this message in error, please notify the > sender immediately either by telephone or by e-mail and delete this > message and any attachment from your system. Correspondence via e-mail is > for information purposes only. ZAO Raiffeisenbank neither makes nor > accepts legally binding statements by e-mail unless otherwise agreed. >> ----------------------------------- > > -- [key:62590808]
signature.asc
Description: OpenPGP digital signature