Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Tomcat 7.0.20 authentication w/ LDAP

 
Filipe Vieira
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello,

I'm having a really hard time configuring my tomcat to authenticate a user by my active directory information.
I've managed to get the login process correctly, but after that I get a 403 error message.

Here's my complete information:

server.xml:



web.xml



Tomcat log:

FINE: Calling authenticate()
FINE: Authenticated 'nb18054' with type 'BASIC'
FINE: Calling accessControl()
FINE: Checking roles GenericPrincipal[nb18054()]
FINE: Username nb18054 does NOT have role Users
FINE: No role found: Users


I know that the error is related to the role, but i really don't why..maybe i'm making some confusion about the role name
When I perform a search by my username (nb18054) in my active directory, I get this result:

MSDOS PROMT>dsquery user -samid nb18054
"CN=Here'sMyName, CN=Users, DC=novabase,DC=intra"


Shoul't I be using this Users as the role?

Thanks!!!


 
Rob Spoor
Sheriff
Pie
Posts: 20531
54
Chrome Eclipse IDE Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I never got LDAP authentication working with the JNDI realm, but I did have success with both JCIFS (free) and Jespa (commercial). See this thread for the filter configuration for JCIFS. Jespa's own operator manual is sufficient to get it to work.
There are also other projects like WAFFLE and Tomcatspnego but neither let me authenticate in browsers.
 
Filipe Vieira
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I've just solved my problem, the issue was really with the Role Name.
I've used an application called Active Directory Explorer, here i've managed to get the real role name.

Thanks for the help Rob
 
Rob Spoor
Sheriff
Pie
Posts: 20531
54
Chrome Eclipse IDE Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You're welcome.
 
Eknath Padekar
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
HI Filipe Vieira,

I am also getting same error:

13:33:30,361 DEBUG [RealmBase] Checking roles GenericPrincipal[310138760()]
13:33:30,361 DEBUG [RealmBase] Username 310138760 does NOT have role code1
13:33:30,361 DEBUG [RealmBase] No role found: code1
13:33:30,361 DEBUG [AuthenticatorBase] Failed accessControl() test

I am not sure what roles needs to be given in web.xml

My username : 310138760 in AD is listed below.

"CN=310138760,OU=Users,OU=INGBTCPIC7,OU=CODE,DC=code1,DC=emi,DC=myorg,DC=com"

Can you please reply based on your findings.

Thanks.
 
Tim Holloway
Saloon Keeper
Pie
Posts: 18162
53
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Welcome to the JavaRanch, Eknath!

I would venture to say that at a minimum you need a security role named "code1" defined in your web.xml.

The container security system is broken into 2 parts: one part defines userids and associated passwords, the other maps userids to security roles in a 1-many mapping.

When databases are used, therefore, 2 separate tables are usually employed. When using a directory service such as LDAP, usually 2 separate directory trees within the LDAP directory are used.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic