Diese Seite (Version-1) wurde zuletzt am 28-März-2017 14:37 von UnbekannterAutor geändert.

Du bist nicht autorisiert, diese Seite umzubenennen.

Du bist nicht autorisiert, diese Seite zu löschen.

Versionsgeschichte der Seite

Version Zuletzt geändert Größe Autor Änderungen Kommentar

Links

Eingehende Links Ausgehende Links
Ldap Integration
Ldap Integration

Versionsunterschiede

Unterschiede zwischen Version und .

Zeile 1: 129 Zeilen hinzugefügt.
[{ALLOW view All}]
[{ALLOW edit Markus}]
!Reference for below is this: [Active Directory Integration|http://www.jspwiki.org/wiki/ActiveDirectoryIntegration]
!!What I did for Tomcat 6.0.18:
Note: web-app means JSPWiki
!1. Specify realm
Under conf, create a sub directory <service>\<host>\<webappname>.xml\\
This would be generally <tomcat>\conf\Catalina\localhost\JSPWiki.xml\\
Put the realm information in like below.\\
\\
You can place "[realm|http://tomcat.apache.org/tomcat-5.5-doc/config/realm.html]" information also somewhere else,
but specifying it this way, the context becomes web-app specific, which is necessary, because otherwise our realm will
interfere with the realm used by tomcat in the server.xml ("UserDatabase", which is the conf/tomcat-users.xml).\\
{{{
<?xml version='1.0' encoding='utf-8'?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!-- The contents of this file will be loaded for each web application -->
<Context>
<!-- Default set of monitored resources -->
<WatchedResource>WEB-INF/web.xml</WatchedResource>
<!-- Uncomment this to disable session persistence across Tomcat restarts -->
<Manager pathname="" />
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
connectionURL="ldap://<domain.server.com>:389"
connectionName="<username@domain>"
connectionPassword="<password>"
referrals="follow"
userBase="OU=Objects,DC=<domain>,DC=<server>,DC=<com>"
userSearch="(sAMAccountName={0})"
userSubtree="true"
roleBase="OU=Objects,DC=<domain>,DC=<server>,DC=<com>"
roleName="name"
roleSubtree="true"
roleSearch="(member={0})"
/>
<!-- Uncomment this to enable Comet connection tacking (provides events
on session expiration as well as webapp lifecycle) -->
<!--
<Valve className="org.apache.catalina.valves.CometConnectionManagerValve" />
-->
</Context>
}}}
!2. Test your realm
Reload your web-app with the tomcat manager.\\
By the way, editing the web-app specific context will make tomcat to reload the web-app also automatically.\\
You should see results in logs/localhost.YYYY-MM-DD.log\\
You may want to increase Tomcat [logging|http://tomcat.apache.org/tomcat-5.5-doc/logging.html] level. Tomcat uses the java.util.logging by default, not log4j, so do not mix up the levels under conf/logging.properties.\\
Note: You can also increase the JSPWiki log4j logging [level|http://logging.apache.org/log4j/1.2/apidocs/index.html] in jspwiki.properties.\\
It will not help you with authentication, but nevertheless...
Uncomment the following and give a proper ".File" path (!) and name.
{{{
log4j.appender.FileLog =org.apache.log4j.RollingFileAppender
log4j.appender.FileLog.MaxFileSize =10MB
log4j.appender.FileLog.MaxBackupIndex =14
log4j.appender.FileLog.File =${catalina.home}/logs/jspwiki.log
log4j.appender.FileLog.layout =org.apache.log4j.PatternLayout
log4j.appender.FileLog.layout.ConversionPattern=%d [%t] %p %c %x - %m%n
log4j.rootCategory=INFO,FileLog
}}}
First search for something like "context could not be loaded" or "context is invalid", then something is wrong with your context set up.\\
__If everything is fine, you should find nothing about LDAP and AD in the log.__\\
\\
To force some output, create some errors to get a feeling:\\
Try 1: Enter an invalid server as connectionURL, then you get something like this:
{{{
08.09.2009 16:32:06 org.apache.catalina.realm.JNDIRealm open
WARNUNG: Exception performing authentication
javax.naming.CommunicationException: <domain.server.comXY>:389 [Root exception is java.net.UnknownHostException: <domain.server.comXY>]
}}}
Try 2: Enter an invalid connectionName or connectionPassword, then you get something like this:
{{{
08.09.2009 16:35:40 org.apache.catalina.realm.JNDIRealm open
WARNUNG: Exception performing authentication
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece ]
}}}
!3. Edit webapps/JSPWiki/WEB-INF/web.xml
Update settings as described in the link above\\
Disable
{{{
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
}}}
or set
{{{
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
}}}
to disable SSL for now.
!4. Adjust WEB-INF\jspwiki.policy
If you use your AD specific groups you have to tell JSPWiki in WEB-INF\jspwiki.policy.\\
Generally only the group "Admin" can delete pages for example, simply add another entry for your groups\\
as described here: [http://doc.jspwiki.org/2.4/wiki/WikiGroups]
!5. Nevertheless create a profile within Wiki
Diese Seite (Version-1) wurde zuletzt am 28-März-2017 14:37 von UnbekannterAutor geändert.Top