On 10/02/2012 11:53, Lev A KARATUN wrote: > Pid, > > sorry, my english is not very good. What do you mean by "raised that > particular issue too"?
We mentioned that allowing uncontrolled access to the logs was a bad
idea. Your boss appears to agree.
>>> That variable should be "${catalina.base}".
> Actually, there is no variable in the config file, and it works pretty
> fine.. I just did not want to insert the full path from / to the logs
> folder into my letter and so I wrote just $CATALINA_BASE.
OK.
p
> Best Regards,
> Karatun Lev,
>
>
>
>
> Pid <[email protected]>
> 10.02.2012 15:33
> Please respond to
> "Tomcat Users List" <[email protected]>
>
>
> To
> Tomcat Users List <[email protected]>
> cc
>
> Subject
> Re: Fw: Problems with LDAP authentication
>
>
>
>
>
>
> On 10/02/2012 10:43, Lev A KARATUN wrote:
>> Does anybody have an idea?..
>>
>>
> --------------------------------------------------------------------------------
>>
>> Hi again.
>>
>> So, my boss told me that it's insecure to give anyone the password to
> view
>> tomcat's logs and that should be an authentication based on Active
>> Directory.
>
> I think we raised that particular issue too.
>
>
>> I've been reading the manuals for some time, and configured my Tomcat
> the
>> following way:
>>
>> $CATALINA_BASE/conf/Catalina/localhost/myapp.xml
>>
>> <Context antiResourceLocking="false" privileged="true"
>> docBase="$CATALINA_BASE/logs" reloadable="true">
>
> That variable should be "${catalina.base}".
>
>
> p
>
>> <Realm className="org.apache.catalina.realm.JNDIRealm"
>> connectionURL="ldap://raiffeisen.ru:389";
>> connectionName="[email protected]" (I also tried the
>> format connectionName="cn=myaccount,dc=raiffeisen,dc=ru" - does it
> matter
>> what format do I use?)
>> connectionPassword="mypassword"
>> referrals="follow"
>> userBase="OU=_Users,DC=raiffeisen,DC=ru"
>> userSearch="(sAMAccountName={0})"
>> userSubtree="true"
>> roleBase="OU=_Groups,DC=raiffeisen,DC=ru"
>> roleName="cn"
>> roleSubtree="true"
>> roleSearch="(member={0})"
>> />
>> </Context>
>>
>>
>> WEB-INF/web.xml
>>
>> <security-constraint>
>> <web-resource-collection>
>> <web-resource-name>Administrative Area</web-resource-name>
>> <url-pattern>/*</url-pattern>
>> </web-resource-collection>
>> <auth-constraint>
>> <role-name>ADGroupName</role-name>
>> </auth-constraint>
>> </security-constraint>
>>
>> <security-role>
>> <description>
>> The role that is required to view logs
>> </description>
>> <role-name>ADGroupName</role-name>
>> </security-role>
>>
>>
>> I also placed LDAP.jar into $CATALINA_BASE/lib, restarted tomcat for I
>> guess a hundred times, but every time I'm getting a message in
>> catalina.out:
>>
>> Throwable occurred: LifecycleException: Exception opening directory
>> server connection: javax.naming.CommunicationException: localhost:389
>> [Root exception is java.net.ConnectException: A remote host refused an
>> attempted connect operation.]
>>
>> and
>>
>> SEVERE: Error deploying configuration descriptor myapp.xml
>> Throwable occurred: java.lang.IllegalStateException:
>> ContainerBase.addChild: start: LifecycleException: Exception opening
>> directory server connection: javax.naming.CommunicationException:
>> localhost:389 [Root exception is java.net.ConnectException: A remote
> host
>> refused an attempted connect operation.]
>>
>>
>> I tried to telnet raiffeisen.ru by port 389 and got connected.
>> I installed JXplorer, entered hostname, port, my credentials and got
>> connected.
>> I start Tomcat and get errors.
>>
>> Can you please give me an idea about what am I doing wrong?
>>
>> Thanks in advance.
>>
>> Best Regards,
>> Karatun Lev.
>>
>>
>> -----------------------------------
>> This message and any attachment are confidential and may be privileged
> or otherwise protected from disclosure. If you are not the intended
> recipient any use, distribution, copying or disclosure is strictly
> prohibited. If you have received this message in error, please notify the
> sender immediately either by telephone or by e-mail and delete this
> message and any attachment from your system. Correspondence via e-mail is
> for information purposes only. ZAO Raiffeisenbank neither makes nor
> accepts legally binding statements by e-mail unless otherwise agreed.
>> -----------------------------------
>
>
--
[key:62590808]
signature.asc
Description: OpenPGP digital signature
