On 16/03/2012 14:56, Neil Munro wrote: > On 16 March 2012 14:41, Pid <[email protected]> wrote: >> On 16/03/2012 14:13, Neil Munro wrote: >>> I have since made some minor progress with LDAP query's this login.jsp >>> file as you can see query's for a list of valid users and creates a >>> drop down list to choose from >>> >>> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" >>> "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";> >>> <%@page >>> import="javax.naming.*,javax.naming.directory.*,java.util.ArrayList;"%> >>> <html> >>> <head> >>> <title>Login</title> >>> </head> >>> <body> >>> <form method="POST" action="j_security_check"> >>> <select> >> >> What are you expecting this select element to do? > > To do exactly what it does do, allow me to select from a list of users > that's generated from the below jsp. It's about the only thing in my > code that does work :S
It allows to you select, but then doesn't do anything with it because it
has no name parameter.
p
>> p
>>
>>> <%
>>> DirContext ctx = new InitialDirContext();
>>> NamingEnumeration answer =
>>> ctx.search("ldap://my.ldap.server.com:389/ou=my company
>>> users,dc=mycompany,dc=com","(uid=*)", null);
>>> ArrayList<String> als = new ArrayList();
>>>
>>>
>>> while(answer.hasMore()) {
>>> // Take line in as string
>>> String output =
>>> answer.next().toString();
>>>
>>> String[] tokens = output.split(",");
>>> for (String t : tokens) {
>>> if( t.contains("uid=uid:")) {
>>> String[] ids =
>>> t.split(" ");
>>> als.add(ids[2]);
>>> }
>>> }
>>> }
>>>
>>> for(String s: als) {
>>> out.println("<option>" + s +
>>> "</option>");
>>> }
>>>
>>> // Close the context when we're done
>>> ctx.close();
>>> %>
>>> </select>
>>> <br>
>>> <input type="password" name="j_password">
>>> <br>
>>> <input type="submit">
>>> </form>
>>> </body>
>>> </html>
>>>
>>> I am however still not able to get the server.xml file working with
>>> the realms, I did discover through some trial and error that my own
>>> ldap user had not been set up right and my system admin kindly fixed
>>> it for me, which could have lead to some working code not to work.
>>>
>>> This is how it currently works:
>>> <Realm className="org.apache.catalina.realm.JNDIRealm"
>>> connectionName="uid={0},ou=my company
>>> users,dc=mycompany,dc=com"
>>> connectionPassword="userPassword"
>>> connectionURL="ldap://my.ldap.server.com";
>>> alternateURL="ldap://my.ldap.server.com";
>>> roleBase="ou=my company
>>> users,dc=mycompany,dc=com"
>>> roleName="cn"
>>> roleSearch="(uniqueMember={0})"
>>> userPattern="uid={0},ou=my company
>>> users,dc=mycompany,dc=com" />
>>>
>>> On 16 March 2012 12:05, Pid <[email protected]> wrote:
>>>> On 16/03/2012 10:23, Neil Munro wrote:
>>>>> On 15 March 2012 18:24, Christopher Schultz
>>>>> <[email protected]> wrote:
>>>>> Neil,
>>>>>
>>>>> On 3/15/12 1:05 PM, Neil Munro wrote:
>>>>>>>> <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
>>>>>>>> connectionURL="ldap://my.ldap.server.com";
>>>>>>>> alternateURL="ldap://my.ldap.server.com"; userPattern="uid={0},ou=my
>>>>>>>> company users,dc=mycompany,dc=com" />
>>>>>>>>
>>>>>
>>>>> The "debug" attribute does not exist any more. Were you following some
>>>>> kind of old example?
>>>>>
>>>>>> Yeah I must have been, I have removed it.
>>>>>
>>>>>
>>>>> I think you may need roleBase, roleName, and roleSearch attributes to
>>>>> have a prayer of making this work. Also, with no userSearch parameter,
>>>>> you are instructing the realm to connect in "bind" mode where the
>>>>> user's credentials are used directly to bind to the LDAP server. Is
>>>>> this appropriate?
>>>>>
>>>>>> <Realm className="org.apache.catalina.realm.JNDIRealm"
>>>>>> connectionName="uid={0},ou=my company users,dc=mycompany,dc=com "
>>>>>> connectionPassword="userPassword"
>>>>>> connectionURL="ldap://my.ldap.server";
>>>>>> alternateURL="ldap://my.ldap.server";
>>>>>> roleBase="ou=my company users,dc=mycompany,dc=com"
>>>>>> roleName="cn"
>>>>>> roleSearch="(uniqueMember={0})"
>>>>>> userPattern="uid={0},ou=my company users,dc=mycompany,dc=com" />
>>>>>
>>>>>> I have added those changes, as for which connection mode I need, I
>>>>>> think bind would be ok for now just to check to see if I can establish
>>>>>> a connection, but looking at it I think if I will be querying ldap for
>>>>>> a user name and password then comparison mode is what I need.
>>>>>
>>>>>> However with this configuration my whole app become inaccessible, I
>>>>>> imagine it's some form of protection or permissions thing, but in my
>>>>>> floundering around trying things, this is the only thing that seems to
>>>>>> have any effect on the whole app.
>>>>>
>>>>> You might want to re-read this section of the realm-howto:
>>>>>
>>>>> http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html#JNDIRealm
>>>>>
>>>>> Can you run any queries against the LDAP server outside of Tomcat that
>>>>> give you results that you might expect? For instance, can you do a
>>>>> search of the LDAP tree for a particular user? What does that query
>>>>> look like? When you do that search, are you using anonymous bind or
>>>>> are you using user bind? If user, which user? Some administrative user
>>>>> or the user whose credentials should be checked?
>>>>>
>>>>>> I can connect with a tool called JXplorer, but I have not had any luck
>>>>>> from other applications, but that's due to inability to find any up to
>>>>>> date documentation on the libraries I was using.
>>>>>
>>>>>>>> <login-config> <auth-method>FORM</auth-method> <form-login-config>
>>>>>>>> <form-login-page>/login.jsp</form-login-page>
>>>>>>>> <form-error-page>/fail_login.jsp</form-error-page>
>>>>>>>> </form-login-config> </login-config>
>>>>
>>>> Side note: I usually recommend putting those files in WEB-INF, in their
>>>> own directory, say: WEB-INF/login.
>>>>
>>>> p
>>>>
>>>>> That looks just fine: configuring the credential-gathering system is
>>>>> usually trivial. It's configuring the authentication system that is
>>>>> usually the problem.
>>>>>
>>>>>> Cool, at least some of this is working right, do you need to see those
>>>>>> files btw?
>>>>>
>>>>>
>>>>> -chris
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: [email protected]
>>>>>> For additional commands, e-mail: [email protected]
>>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: [email protected]
>>>>> For additional commands, e-mail: [email protected]
>>>>>
>>>>
>>>> --
>>>>
>>>> [key:62590808]
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: [email protected]
>>> For additional commands, e-mail: [email protected]
>>>
>>
>>
>> --
>>
>> [key:62590808]
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
--
[key:62590808]
signature.asc
Description: OpenPGP digital signature
