Apache Tomcat integrate with Active Directory

[jms02360]

Hello ,
I am trying to authenticate users in Apache Tomcat 5.5 from active
directory.
The way my users are structured in AD is there's a department root OU
and then sub OU's for each departments . The Groups OU is in its in OU.
This is the syntax Im using for the server.xml file. I have created
two groups am and thc and put the neccesary users in the groups.

<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"

connectionURL="ldap://dc1:389"
alternateURL="ldap://fs6:389"
userRoleName="member"
userBase="OU=Departments,dc=2krecovery,dc=com"
userPattern="cn={0},OU=Departments,dc=2krecovery,dc=com"
roleBase="OU=Groups,dc=2krecovery,dc=com"
roleName="cn"
roleSearch="(member={0})"
roleSubtree="false"
userSubtree="true"
/>
Could someone tell me if this is right? Running a Windows 2000 native
domain level with 2 windows 2000 dc's and one windows 2003 dc.

Here's the web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>Tax Housing Compliance</web-resource-name>
<url-pattern>/thc/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>thc</role-name>
</auth-constraint>
</security-constraint>

<security-constraint>
<web-resource-collection>
<web-resource-name>Asset Management</web-resource-name>
<url-pattern>/am/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>am</role-name>
</auth-constraint>
</security-constraint>

Thanks

 

[Raymond DeCampo]

Hello ,
I am trying to authenticate users in Apache Tomcat 5.5 from active
directory.
The way my users are structured in AD is there's a department root OU
and then sub OU's for each departments . The Groups OU is in its in OU.
This is the syntax Im using for the server.xml file. I have created
two groups am and thc and put the neccesary users in the groups.

<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"

connectionURL="ldap://dc1:389"
alternateURL="ldap://fs6:389"
userRoleName="member"
userBase="OU=Departments,dc=2krecovery,dc=com"
userPattern="cn={0},OU=Departments,dc=2krecovery,dc=com"
roleBase="OU=Groups,dc=2krecovery,dc=com"
roleName="cn"
roleSearch="(member={0})"
roleSubtree="false"
userSubtree="true"
/>
Could someone tell me if this is right? Running a Windows 2000 native
domain level with 2 windows 2000 dc's and one windows 2003 dc.

Did it work? What happens when you try it?

Here's the web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>Tax Housing Compliance</web-resource-name>
<url-pattern>/thc/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>thc</role-name>
</auth-constraint>
</security-constraint>

<security-constraint>
<web-resource-collection>
<web-resource-name>Asset Management</web-resource-name>
<url-pattern>/am/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>am</role-name>
</auth-constraint>
</security-constraint>

Thanks

Ray

 

[jms02360]

No It doesn't seem to authenticate. Where can I check to see where
its failing is there a logn in tomcat . I pretty new to setting this up
up.

Thanks

 

[Raymond DeCampo]

No It doesn't seem to authenticate. Where can I check to see where
its failing is there a logn in tomcat . I pretty new to setting this up
up.

You are going to have to give us more to go on if you expect any help.
What are the visible results? Is there a stack trace? Post it here.

You might want to try the tomcat mailing list (see http://www.apache.org).

HTH,
Ray

 

[jms02360]

Sorry for the ignorance. Im pretty new at setting this up.
Here's the log file.


Jan 27, 2006 9:41:01 AM org.apache.catalina.realm.JNDIRealm
authenticate
SEVERE: Exception performing authentication
javax.naming.PartialResultException: Unprocessed Continuation
Reference(s); remaining name 'dc=bcapital,dc=com'
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2763)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2737)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1808)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1731)
at
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321)
at
javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248)
at
org.apache.catalina.realm.JNDIRealm.getUserBySearch(JNDIRealm.java:1063)
at org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:967)
at
org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:916)
at
org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:809)
at
org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:256)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:391)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:825)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:738)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:526)
at
org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
at java.lang.Thread.run(Thread.java:595)