How to configure Tomcat 5.5 to authenticate against Win2003 Activedirectory(LDAP)
如何配置Tomcat 5.5以对Win2003 Activedirectory(LDAP)进行身份验证
What changes are needed to default tomcat configuration, at least server.xml needs to be changed somehow to have IP of Win2003 server?
默认的tomcat配置需要进行哪些更改,至少需要以某种方式更改server.xml以获得Win2003服务器的IP?
4 个解决方案
#1
2
I don't know if "automatic" login with IE is possible.
我不知道是否可以“自动”登录IE。
But you can use a "classic" login form (Java EE style) and let Tomcat perform the login against Active Directory using a JNDI Realm.
但是您可以使用“经典”登录表单(Java EE样式)并让Tomcat使用JNDI Realm对Active Directory执行登录。
change the default realm in your server.xml or set the realm in your application's context.xml like this:
更改server.xml中的默认域或在应用程序的context.xml中设置域,如下所示:
<Realm
className="org.apache.catalina.realm.JNDIRealm"
debug="99"
connectionURL="ldap://your-activedirectory-server:389"
connectionName="a user with read access to AD (optional if anonymous access is permitted)"
connectionPassword="password"
referrals="follow"
userBase="where to look for users, for instance: DC=mycompany,DC=com"
userSearch="(sAMAccountName={0})"
userSubtree="true"
roleBase="where to look for groups, for instance: DC=mycompany,DC=com"
roleName="cn"
roleSearch="(member={0})"
roleSubtree="true"/>
More informations here: Apache Tomcat 5.5 Realm Configuration HOW-TO
这里有更多信息:Apache Tomcat 5.5 Realm Configuration HOW-TO
And: Active Directory Integration
并且:Active Directory集成
#2
0
I want LDAP login that picks user name from activedirectory, the browser will display the user+pwd dialog when you are using firefox etc.
我想要从activedirectory中选择用户名的LDAP登录,当你使用firefox等时,浏览器会显示用户+ pwd对话框。
Its OK if IE handshakes automatically but its not necessary.
如果IE自动握手但没有必要,那就OK了。
#3
0
Configuring Tomcat With Active Directory. Have not tried it. Good luck.
使用Active Directory配置Tomcat。没试过。祝好运。
#4
0
@thanks, catalina log shows now: PartialResultException LDAP error 10 any ideas how to fix it? – Tom Dec 11
@thanks,catalina日志现在显示:PartialResultException LDAP错误10任何想法如何修复它? - 汤姆12月11日
I have seen this error and it was holding me up. I found that the LDAP server was not returning the mail items I was requesting
我看到了这个错误并且它阻止了我。我发现LDAP服务器没有返回我请求的邮件项
seen below:-- emailAddress=mail
User Property Names Mapping : userId=sAMAccountName,name=cn,emailAddress=displayName
Found that chaning to to something that was retunred worked a treat, i.e. displayName.
发现chaning to to retunred的东西是一种享受,即displayName。
#1
2
I don't know if "automatic" login with IE is possible.
我不知道是否可以“自动”登录IE。
But you can use a "classic" login form (Java EE style) and let Tomcat perform the login against Active Directory using a JNDI Realm.
但是您可以使用“经典”登录表单(Java EE样式)并让Tomcat使用JNDI Realm对Active Directory执行登录。
change the default realm in your server.xml or set the realm in your application's context.xml like this:
更改server.xml中的默认域或在应用程序的context.xml中设置域,如下所示:
<Realm
className="org.apache.catalina.realm.JNDIRealm"
debug="99"
connectionURL="ldap://your-activedirectory-server:389"
connectionName="a user with read access to AD (optional if anonymous access is permitted)"
connectionPassword="password"
referrals="follow"
userBase="where to look for users, for instance: DC=mycompany,DC=com"
userSearch="(sAMAccountName={0})"
userSubtree="true"
roleBase="where to look for groups, for instance: DC=mycompany,DC=com"
roleName="cn"
roleSearch="(member={0})"
roleSubtree="true"/>
More informations here: Apache Tomcat 5.5 Realm Configuration HOW-TO
这里有更多信息:Apache Tomcat 5.5 Realm Configuration HOW-TO
And: Active Directory Integration
并且:Active Directory集成
#2
0
I want LDAP login that picks user name from activedirectory, the browser will display the user+pwd dialog when you are using firefox etc.
我想要从activedirectory中选择用户名的LDAP登录,当你使用firefox等时,浏览器会显示用户+ pwd对话框。
Its OK if IE handshakes automatically but its not necessary.
如果IE自动握手但没有必要,那就OK了。
#3
0
Configuring Tomcat With Active Directory. Have not tried it. Good luck.
使用Active Directory配置Tomcat。没试过。祝好运。
#4
0
@thanks, catalina log shows now: PartialResultException LDAP error 10 any ideas how to fix it? – Tom Dec 11
@thanks,catalina日志现在显示:PartialResultException LDAP错误10任何想法如何修复它? - 汤姆12月11日
I have seen this error and it was holding me up. I found that the LDAP server was not returning the mail items I was requesting
我看到了这个错误并且它阻止了我。我发现LDAP服务器没有返回我请求的邮件项
seen below:-- emailAddress=mail
User Property Names Mapping : userId=sAMAccountName,name=cn,emailAddress=displayName
Found that chaning to to something that was retunred worked a treat, i.e. displayName.
发现chaning to to retunred的东西是一种享受,即displayName。