How to configure Tomcat 5.5 to authenticate against Win2003 Activedirectory(LDAP)

Question

What changes are needed to default tomcat configuration, at least server.xml needs to be changed somehow to have IP of Win2003 server?

Duplicate of http://stackoverflow.com/questions/267869/configuring-tomcat-to-authenticate-using-windows-active-directory — Raedwald, Oct 08 '12 at 15:19

score 2 · Accepted Answer · edited Aug 12 '13 at 19:52

I don't know if "automatic" login with IE is possible.

But you can use a "classic" login form (Java EE style) and let Tomcat perform the login against Active Directory using a JNDI Realm.

change the default realm in your server.xml or set the realm in your application's context.xml like this:

    <Realm
        className="org.apache.catalina.realm.JNDIRealm"
        debug="99"
        connectionURL="ldap://your-activedirectory-server:389"
        connectionName="a user with read access to AD (optional if anonymous access is permitted)"
        connectionPassword="password"
        referrals="follow"
        userBase="where to look for users, for instance: DC=mycompany,DC=com"
        userSearch="(sAMAccountName={0})"
        userSubtree="true"
        roleBase="where to look for groups, for instance: DC=mycompany,DC=com"
        roleName="cn"
        roleSearch="(member={0})"
        roleSubtree="true"/>

More informations here: Apache Tomcat 5.5 Realm Configuration HOW-TO

And: Active Directory Integration

thanks, catalina log shows now: PartialResultException LDAP error 10 any ideas how to fix it? — Tom, Dec 11 '08 at 10:46
No ideas, I just know how to perform a basic configuration, good luck. — Jerome Delattre, Dec 12 '08 at 13:23

score 0 · Answer 2 · edited Oct 22 '12 at 02:02

@thanks, catalina log shows now: PartialResultException LDAP error 10 any ideas how to fix it? – Tom Dec 11

I have seen this error and it was holding me up. I found that the LDAP server was not returning the mail items I was requesting

seen below:--   emailAddress=mail

User Property Names Mapping : userId=sAMAccountName,name=cn,emailAddress=displayName

Found that chaning to to something that was retunred worked a treat, i.e. displayName.

Igal Serban · Answer 3 · 2008-12-09T12:12:23.923

0

Configuring Tomcat With Active Directory. Have not tried it. Good luck.

edited Dec 09 '08 at 12:12

answered Dec 05 '08 at 16:09

Igal Serban

10,558
3
35
40

score 0 · Answer 4 · answered Dec 09 '08 at 11:34

0

I want LDAP login that picks user name from activedirectory, the browser will display the user+pwd dialog when you are using firefox etc.

Its OK if IE handshakes automatically but its not necessary.

answered Dec 09 '08 at 11:34

Tom

6,725
24
95
159

How to configure Tomcat 5.5 to authenticate against Win2003 Activedirectory(LDAP)

4 Answers4