Two Laptop Bag*
The moose likes Tomcat and the fly likes Tomcat 7.0.20 authentication w/ LDAP Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Tomcat 7.0.20 authentication w/ LDAP" Watch "Tomcat 7.0.20 authentication w/ LDAP" New topic
Author

Tomcat 7.0.20 authentication w/ LDAP

Filipe Vieira
Greenhorn

Joined: Nov 07, 2011
Posts: 6
Hello,

I'm having a really hard time configuring my tomcat to authenticate a user by my active directory information.
I've managed to get the login process correctly, but after that I get a 403 error message.

Here's my complete information:

server.xml:



web.xml



Tomcat log:

FINE: Calling authenticate()
FINE: Authenticated 'nb18054' with type 'BASIC'
FINE: Calling accessControl()
FINE: Checking roles GenericPrincipal[nb18054()]
FINE: Username nb18054 does NOT have role Users
FINE: No role found: Users


I know that the error is related to the role, but i really don't why..maybe i'm making some confusion about the role name
When I perform a search by my username (nb18054) in my active directory, I get this result:

MSDOS PROMT>dsquery user -samid nb18054
"CN=Here'sMyName, CN=Users, DC=novabase,DC=intra"


Shoul't I be using this Users as the role?

Thanks!!!


Rob Spoor
Sheriff

Joined: Oct 27, 2005
Posts: 19680
    
  19

I never got LDAP authentication working with the JNDI realm, but I did have success with both JCIFS (free) and Jespa (commercial). See this thread for the filter configuration for JCIFS. Jespa's own operator manual is sufficient to get it to work.
There are also other projects like WAFFLE and Tomcatspnego but neither let me authenticate in browsers.


SCJP 1.4 - SCJP 6 - SCWCD 5 - OCEEJBD 6
How To Ask Questions How To Answer Questions
Filipe Vieira
Greenhorn

Joined: Nov 07, 2011
Posts: 6
I've just solved my problem, the issue was really with the Role Name.
I've used an application called Active Directory Explorer, here i've managed to get the real role name.

Thanks for the help Rob
Rob Spoor
Sheriff

Joined: Oct 27, 2005
Posts: 19680
    
  19

You're welcome.
Eknath Padekar
Greenhorn

Joined: Oct 02, 2013
Posts: 1
HI Filipe Vieira,

I am also getting same error:

13:33:30,361 DEBUG [RealmBase] Checking roles GenericPrincipal[310138760()]
13:33:30,361 DEBUG [RealmBase] Username 310138760 does NOT have role code1
13:33:30,361 DEBUG [RealmBase] No role found: code1
13:33:30,361 DEBUG [AuthenticatorBase] Failed accessControl() test

I am not sure what roles needs to be given in web.xml

My username : 310138760 in AD is listed below.

"CN=310138760,OU=Users,OU=INGBTCPIC7,OU=CODE,DC=code1,DC=emi,DC=myorg,DC=com"

Can you please reply based on your findings.

Thanks.
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16019
    
  20

Welcome to the JavaRanch, Eknath!

I would venture to say that at a minimum you need a security role named "code1" defined in your web.xml.

The container security system is broken into 2 parts: one part defines userids and associated passwords, the other maps userids to security roles in a 1-many mapping.

When databases are used, therefore, 2 separate tables are usually employed. When using a directory service such as LDAP, usually 2 separate directory trees within the LDAP directory are used.


Customer surveys are for companies who didn't pay proper attention to begin with.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Tomcat 7.0.20 authentication w/ LDAP