CODEWITHSUNDEEP
javatomcatauthentication
chethan N
chethan N

Reputation: 9

LDAP (JNDI Realm) authentication with apache tomcat 7

we are trying to achieve tomcat authentication with LDAP setting below is m, trying to configure server.xml with below code

<Host ....      
<Realm   className="org.apache.catalina.realm.JNDIRealm" debug="99"
         connectionName="cn=ApacheDS,dc=example,dc=com"
         connectionPassword="secret"
         connectionURL="ldap://localhost:10389"
         roleBase="dc=example,dc=com,dc=ActiveMQ"
         roleName="cn"
         roleSearch="(uniqueMember={0})"
         roleSubtree="false"
         userPassword="userPassword"
         userPattern="cn={0},dc=example,dc=com"
    />
</Host>

in web.xml I have configured groups

<security-constraint>
        <web-resource-collection>
            <web-resource-name>Entry points</web-resource-name>
            <url-pattern>/faces/analyze/*</url-pattern>
            <url-pattern>/faces/common/*</url-pattern>
            <url-pattern>/faces/compose/*</url-pattern>
            <url-pattern>/faces/content/*</url-pattern>
            <url-pattern>/faces/custom/*</url-pattern>
            <url-pattern>/faces/explore/*</url-pattern>
            <url-pattern>/faces/home/*</url-pattern>
            <url-pattern>/faces/layouts/*</url-pattern>
            <url-pattern>/faces/partials/*</url-pattern>
        <auth-constraint>
            <role-name>rtsAdministrator</role-name>
        </auth-constraint>
</security-constraint>

In ldap we are making use of partition dc=example,dc=com and connection name ApacheDS, under partition i have created ou=ActiveMQ under that oU=Group and oU=User under this we have users, but when i incorporated this change i am getting following error in ApacheDS(LDAP server) console.

I am getting following error in LDAP server console

[15:25:15] ERROR [org.apache.directory.server.core.authn.AbstractAuthenticator] - 
ERR_6 Authentication error : Attempt to lookup non-existant entry: cn=ApacheDS,dc=example,dc=com

can anybody tell me what could be the issue. Let me know if you need any more information.

It'd be helpful if anybody can give me solution for my problem.

Upvotes: 0

Views: 1737

Answers (1)

user207421
user207421

Reputation: 310840

Your LDAP DIT isn't rooted at dc=example,dc=com, and it would be surprising if it was. That's only an example configuration. Find out its real root and use that instead.

You also have dc=example,dc=com,dc=ActiveMQ, which proves the point. This must also be wrong, but for a different reason: it's out of order. You wouldn't have dc=ActiveMQ as the root-most element in a DN.

Sounds like you have some investigating to do.

Upvotes: 3

Related Questions