On 15 March 2012 17:01, Pid * <p...@pidster.com> wrote: > On 15 Mar 2012, at 16:23, Neil Munro <neilmu...@gmail.com> wrote: > >> Hi all, >> I am trying to implement a means to authenticate a user on a >> web app via ldap, I have been trying for some time and am now >> intimately familiar with the files I need to edit, but not exactly >> how. >> >> I know that much of the ldap stuff goes into the server.xml file >> inside of the tomcat conf directory, it is here I have been trying to >> configure an ldap realm. > > OK. Can you post that bit of config, inline in your reply? Passwords > etc redacted in necessary.
Sure, here you are: <!--Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" connectionName="uid={0},ou=my company users,dc=mycompany,dc=com " connectionPassword="userPassword" connectionURL="ldap://my.ldap.server.com" alternateURL="ldap://my.ldap.server.com" roleBase="ou=my company users,dc=mycompany,dc=com" roleName="cn" roleSearch="(uniqueMember={0})" roleSubtree="false" userSearch="(uid={0})" userPassword="userPassword" userPattern="uid={0},ou=my company users,dc=mycompany,dc=com" /--> <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" connectionURL="ldap://my.ldap.server.com" alternateURL="ldap://my.ldap.server.com" userPattern="uid={0},ou=my company users,dc=mycompany,dc=com" /> > >> I have attached the files I have been working >> with, the basic idea is that a user must first log on before they can >> access any area of the site, also all users can log in, and access all >> areas of the site. > > Can you explain how you are configuring the auth, please? Are you > using the container FORM authentication, for example? > > If so, can you post that bit of config inline in your reply? Yes I am using, or rather trying to use a html form to get the information to pass to ldap to authenticate. <!-- uses form-based authentication --> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/login.jsp</form-login-page> <form-error-page>/fail_login.jsp</form-error-page> </form-login-config> </login-config> Thank's, Neil > > p > > >> A user is presented with the login page, and if they cannot be >> authenticated they are alerted and are given the option to redirect >> back to the login page. Which I have working, thought I think that's >> simply because I cannot get the logging in bit work. >> >> I do not have access to the LDAP server or schema and cannot implement >> changes to that, I can however alter the tomcat server, jsp files etc. >> I am trying to write a company wide web app, and have free reign, but >> it's historically been written in jsp so we want to keep as much of >> that as we can. >> >> Software and versions: Tomcat 6.0.35, Java 1.4 through to 1.7 (I am >> required to have all installed) and Windows 7 64. >> >> Any help would be fantastic as I have read lots of resources but >> there's no definitive tutorial to set such a thing up. >> >> Thanks, >> Neil Munro >> <files.zip> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org