Configuring Tomcat to authenticate on a LDAP server : Portal

Configuring Tomcat to authenticate on a LDAP server Print

Modified on: Mon, 8 Mar, 2021 at 5:43 PM

LDAP Structure

In this example, we have on Organizational Unit "analytics", containing Groups whose names must match Analytics role names.

ou=analytics
- cn=analyticsConnect: connection right (mandatory)
- cn=analyticsAdmin: super administrator rights. This role overpasses the other roles, that means that an analyticsAdmin role gives all the rights.
- cn=analyticsParameterConsult: the user can consult the parameters (Administration menu)
- cn=analyticsParameterAdmin: the user can modify the parameters (Administration menu)
- cn=analyticsSessionConsult: the user can consult the sessions
- cn=analyticsSessionAdmin: the user can administer the sessions (creation of session views)
- cn=analyticsSessionAction: the user can manage the sessions (start, stop, restart, delete)
- cn=analyticsRuntimeConsult: the user can consult the Runtimes
- cn=analyticsRuntimeAdmin: the user can administer the Runtimes
- cn=analyticsRepositoryConsult: the user can consult the repositories
- cn=analyticsRepositoryAdmin: the user can administer the repositories

Tomcat Configuration

See this document: https://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html#JNDIRealm

In the "server.xml" file, declare the Realm for example like this:

<Realm className="org.apache.catalina.realm.JNDIRealm"
connectionName="cn=admin,dc=stambia,dc=org" connectionPassword="abcdef"
connectionURL="ldap://192.168.10.3:389" userPattern="mail={0},ou=stambia,ou=people,dc=stambia,dc=org"
roleNested ="true" roleName="cn"
roleBase="ou=analytics,dc=stambia,dc=org"
roleSearch="(member={0})"
/>

Did you find it helpful? Yes No

Help Desk Software by Freshdesk