• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Tomcat 7.0.20 authentication w/ LDAP

 
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello,

I'm having a really hard time configuring my tomcat to authenticate a user by my active directory information.
I've managed to get the login process correctly, but after that I get a 403 error message.

Here's my complete information:

server.xml:



web.xml



Tomcat log:

FINE: Calling authenticate()
FINE: Authenticated 'nb18054' with type 'BASIC'
FINE: Calling accessControl()
FINE: Checking roles GenericPrincipal[nb18054()]
FINE: Username nb18054 does NOT have role Users
FINE: No role found: Users



I know that the error is related to the role, but i really don't why..maybe i'm making some confusion about the role name
When I perform a search by my username (nb18054) in my active directory, I get this result:

MSDOS PROMT>dsquery user -samid nb18054
"CN=Here'sMyName, CN=Users, DC=novabase,DC=intra"



Shoul't I be using this Users as the role?

Thanks!!!


 
Sheriff
Posts: 22783
131
Eclipse IDE Spring VI Editor Chrome Java Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I never got LDAP authentication working with the JNDI realm, but I did have success with both JCIFS (free) and Jespa (commercial). See this thread for the filter configuration for JCIFS. Jespa's own operator manual is sufficient to get it to work.
There are also other projects like WAFFLE and Tomcatspnego but neither let me authenticate in browsers.
 
Filipe Vieira
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I've just solved my problem, the issue was really with the Role Name.
I've used an application called Active Directory Explorer, here i've managed to get the real role name.

Thanks for the help Rob
 
Rob Spoor
Sheriff
Posts: 22783
131
Eclipse IDE Spring VI Editor Chrome Java Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You're welcome.
 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
HI Filipe Vieira,

I am also getting same error:

13:33:30,361 DEBUG [RealmBase] Checking roles GenericPrincipal[310138760()]
13:33:30,361 DEBUG [RealmBase] Username 310138760 does NOT have role code1
13:33:30,361 DEBUG [RealmBase] No role found: code1
13:33:30,361 DEBUG [AuthenticatorBase] Failed accessControl() test

I am not sure what roles needs to be given in web.xml

My username : 310138760 in AD is listed below.

"CN=310138760,OU=Users,OU=INGBTCPIC7,OU=CODE,DC=code1,DC=emi,DC=myorg,DC=com"

Can you please reply based on your findings.

Thanks.
 
Saloon Keeper
Posts: 27762
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Welcome to the JavaRanch, Eknath!

I would venture to say that at a minimum you need a security role named "code1" defined in your web.xml.

The container security system is broken into 2 parts: one part defines userids and associated passwords, the other maps userids to security roles in a 1-many mapping.

When databases are used, therefore, 2 separate tables are usually employed. When using a directory service such as LDAP, usually 2 separate directory trees within the LDAP directory are used.
 
Willie Smits increased rainfall 25% in three years by planting trees. Tiny ad:
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic