Users and roles are created in ApacheDS and are visible on ArcGIS Manager.
Link to free wms service works, after changing service security to private QGIS throws an error - forbidden.
Windows server 2012 R2
ArcGIS Server 10.5
ApacheDS 2.0.0-M23
Apache-tomcat 7.0.65
Web Adaptor Java Windows 105_154008
Windows firewall - off
How to properly configure Tomcat to allow secure acces to services?
ApacheDS configuration:
users:
cn: username1
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
sn: username1
uid: username1
userPassword: userpassword
groups:
cn: Administrators
objectClass: groupOfUniqueNames
objectClass: top
uniqueMember: cn=username1,ou=users,ou=system
ArcGIS Server Security - Configuration Settings
1.User and Role Management - Users from an existing enterprise system (LDAP or Windows Domain) and roles from ArcGIS Server's built-in store
2.Enterprise Store Type - LDAP
3.LDAP User Store:
Host name: vms12
Port: 10389
Base DN: ou=system
URL: ldap://vms12:10389/ou=system
RDN attribute: uid
Administrator's DN: uid=admin,ou=system
4.Authentication Tier - Web Tier
Tomcat configuration:
C:\Program Files\Apache Software Foundation\Tomcat 7.0\conf\server.xml
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.JNDIRealm"
connectionURL="ldap://localhost:10389"
connectionName="uid=admin,ou=system"
connectionPassword="password"
userBase="ou=system"
userSubtree="true"
userSearch="(uid={0})"
roleBase="ou=system"
roleName="cn"
roleSearch="(uniquemember={0})"
roleSubtree="true"
/>
</Realm>
<Host name="localhost" appBase="webapps"
C:\Program Files\Apache Software Foundation\Tomcat 7.0\conf\web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>WMS Services</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Administrators</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>WMS services</realm-name>
</login-config>
<security-role>
<description>
The role that is required to access the HTML Manager pages
</description>
<role-name>Administrators</role-name>
</security-role>
