Pre-requiste for Integrating LDAP with Tomcat:
Operating System : Windows with Active Directory 2003 and aboveJava : Jdk 1.6 and above
Application Server : Tomcat 6.0 and above
Populate LDAP
We will set the security to permit a specific group of users to access Webapps Deployed. This group needs a name, which is configured within LDAP. You may already have an appropriate group.
- Create users in Active Directory for Application to validate.
- Create a group eg: TomcatUsersGroup and Associate users with this group in Active Directory using the wizard.
Configuring Tomcat to Use LDAP
Next, we need to configure tomcat to connect to ldap. This is specified in this document : http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html#JNDIRealmThis is the difficult step. It requires adding an entry to
server.xml
, found in the conf
folder for Tomcat. For our example, the entry is as follows: Comment the following lines in the server.xml:
<!-- <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
-->
To comment native Tomcat-users.xml and to use LDAP Credentials:
<!-- <GlobalNamingResources>
Editable user database that can also be used by
UserDatabaseRealm to authenticate users
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
-->
Add the Following Line to the Server.xml for LDAP Configuration:
<Realm className="org.apache.catalina.realm.JNDIRealm" connectionURL="ldap://ldapserver.somedomain.com:389" authentication="simple" referrals="follow" connectionName="ldapuser@somedomain.com" connectionPassword="enter password here" userSearch="(sAMAccountName={0})" userBase="CN=Users,DC=somedomain,DC=com" userSubtree="true" roleSearch="(member={0})" roleName="cn" roleSubtree="true" roleBase="CN=Users,DC=somedomain,DC=com" />
Configuring Application in deployed Webapps Folder to Use AD (or) LDAP Settings:
Finally, add a security constraint to application in theweb.xml
file:
eg: Tomcat_Installed_Directory\webapps\application\web.xml<security-constraint> <display-name>Example Security Constraint</display-name> <web-resource-collection> <web-resource-name>Protected Area</web-resource-name> <!-- Define the context-relative URL(s) to be protected --> <url-pattern>/*</url-pattern> <!-- If you list http methods, only those methods are protected --> <http-method>DELETE</http-method> <http-method>GET</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> </web-resource-collection> <auth-constraint> <!-- Anyone with one of the listed roles may access this area --> <role-name>TomcatUsersGroup</role-name> </auth-constraint> </security-constraint> <!-- Default login configuration uses basic authentication --> <login-config> <auth-method>BASIC</auth-method> <realm-name>Tomcat LDAP Integrated Applicaiton</realm-name> </login-config> <!-- Security roles referenced by this web application --> <security-role> <descriptions>LDAP Users</descriptions> <role-name>TomcatUsersGroup</role-name> </security-role> Test your users is getting validated by login to application with LDAP (or) AD Credentials after
restarting the Tomcat Server
Refer the following URL for additional Details:
http://www.topquadrant.com/docs/tbl/42install/ldap.html#integration-instructions
No comments:
Post a Comment