I have tomcat installed with port forwarding to http port 80. I configure ldap authentication for apache2(/var/www). But I could not configure tomcat for ldap authentication.
View 1 RepliesCan any one tell me how to configure Tomcat ldap URL authentication perfectly?
I've tomcat installed with port forwarding to http(80).
I could able to confiure apache ldap authentication. For this i modified the file '/etc/apache2/sites-enabled/000-defaults' with the DocumentRoot /var/www.
But for tomcat '/usr/share/tomcat/webapps' I could not able to configure 'server.xml' file perfectly.
I am using RackMonkey to map out my lab. Unfortunately, due to RM limitations, every user who accesses the site has write access UNLESS they are logged in as a user named "guest". I currently have Apache allowing only the users (sysadmins) in an LDAP group access to RM, but I would like to allow read-only access for other users as well.I found mod_authn_anon, but I am having trouble combining the two authentication methods. I am using Apache 2.2.18 (compiled myself) on SLES 11.1.
This is the common part:
Code:
AuthType Basic
AuthBasicProvider ldap anon
Order allow,deny
Allow from all
This part by itself works for the LDAP authentication:
Code:
AuthName "System Admins"
AuthLDAPURL "ldaps://example.com/ou=ldap,o=example.com?mail" SSL
Require ldap-group cn=SysAdmins,ou=memberlist,ou=groups,o=example.com
This part works by itself for guest access:
Code:
Anonymous guest
Anonymous_VerifyEmail Off
Anonymous_MustGiveEmail Off
Anonymous_LogEmail on
Require valid-user
But if I have both of the previous blocks enabled at once, then guest access does not work. If I throw in a "Satisfy any", then I am not prompted for a username at all. How can I allow access to this LDAP group and to a user named "guest", but not allow all valid LDAP users to log in?
I have an issue with Apache2 and ldap authentication. Here are the specs:
Linux 2.6.32-24-generic i686 GNU/Linux Ubuntu 10.04.1 LTS
Apache/2.2.14 (Ubuntu) PHP/5.3.2-1ubuntu4.5 with Suhosin-Patch configured
I have installed our site onto a newer server as we were previously running SLES 9.3. The site has installed correctly, however, It seems to be serving the pages a hell of a lot slower than SLES (eventhough the specs etc are much improved). The main problem seems to be with Ldap - sometimes taking 2 or 3 minutes before authenticating/serving the user - and sometimes one minute it works, another minute it doesn't! We know it's a problem specific to this Ubuntu machine, as the older server has no issues with ldap whatsoever. Also, sometimes the ldap authentication fails all together with a timeout, resulting in a 500 status code. I'm not sure whether this a problem with the apache config, the network settings or the server setup. We know ldap itself is fine.
Here's the /etc/apache2/sites-available/default config for ldap. Are these directives correct? (I know a lot of changes were made between apache2 and apache2.2 that may affect this config):
Code:
ScriptAlias /home/ "/var/www/cgi-bin/"
<Directory "/var/www/cgi-bin/">
AuthType Basic
AuthzLDAPAuthoritative On
AuthBasicProvider ldap
AuthName "Active Directory Authentication Required."
AuthLDAPURL "ldap://x.x.x.x:3268/DC=xxxxxx,DC=com?userPrincipalName?sub?(objectClass=*)" NONE
AuthLDAPBindDN "xxxxx@xxxx.com" AuthLDAPBindPassword xxxxxxxx
require valid-user Options +ExecCGI -Includes AllowOverride None
</Directory>
Here's some examples of some of the log messages we have been receiving:
1. This one occurs upto ten times in a row when the client is being authenticated:
Code:
[Thu Nov 04 12:47:19 2010] [debug] mod_authnz_ldap.c(377): [client x.x.x.x] [2892] auth_ldap authenticate: using URL ldap://x.x.x.x:3268/DC=xxxxxxx,DC=com?userPrincipalName?sub?(objectClass=*), referer: http://x.x.x.x/home/page
2. This is output when the authentication works:
Code:
[debug] mod_authnz_ldap.c(474): [client x.x.x.x] [2734] auth_ldap authenticate: accepting xxxxx@xxxx.xxxxx.com, referer: http://x.x.x.x/home/page
3. And this one is always output after the error above. This one is more interesting. What does this mean exactly? And why does it say 'declining to authorise' directly after saying 'accepting user@domain.com'? Surely this makes no sense:
Code:
[debug] mod_authnz_ldap.c(546): [client x.x.x.x] [2939] auth_ldap authorise: declining to authorise (no ldap requirements), referer: http://x.x.x.x/home/page
4. This one is output when the authentication attempt times out (after 10 outputs of error number 1):
Code:
[warn] [client x.x.x.x] [3165] auth_ldap authenticate: user xxxx@xxx.xxxxx.com authentication failed; URI /home/page [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server], referer: http://x.x.x.x/home/page
I've enabled LDAP authentication on my 2.2.15 Apache server, but now pages load very slowly. As in, 1.515s with it enabled, and 187.4ms without (just the base page, numbers collected via Firebug). Here's my LDAP config (other directives snipped) -
Code:
LoadModule ldap_module modules/mod_ldap.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LDAPSharedCacheSize 500000
LDAPCacheEntries 2048
LDAPCacheTTL 3600
LDAPOpCacheEntries 2048
LDAPOpCacheTTL 3600 LDAPTrustedGlobalCert CA_DER ssl/ldapserver.der
<Directory "/example">
AuthType Basic
AuthBasicProvider ldap
AuthName "intranet credentials"
AuthLDAPURL "ldaps://ldap.example.com/ou=ldap,o=example.com?mail"
Require ldap-group cn=example,grp,ou=memberlist,ou=groups,o=example.com
How can I speed this up, or at least determine why it's so slow?
I've just installed Ubuntu Server for the first time with the goal as setting it up as a proxy server for our Apple computers here since I can get neither ISA of OS X Server's firewall to play properly. So far I have the machine authenticating against our OS X OpenLDAP server and multiple NIC's setup ready to be connected to the outside world. My question is does anyone have a preference on what proxy I should be using? So far my search efforts seem to of turned up Squid Proxy as a favorite among Ubuntu users but I can't seem to work out how to get it authenticating against my OpenLDAP server.
View 5 Replies View Relatedi am taking another stab at this. The last time i attempted it, it seemed like everyone had a different way to do it, but nobody could give me an answer on how to do it...
I currently have a Domain Controller Running sme server and a domain controller, using ldap as a backend. I have two file servers runing ubuntu 10.04. My overall goal is to have it so when i create a username on the domain controller, it is then automatically copied over to the fileservers. This way everyone will have their own username and password to access the fileservers and ill be able to track what people do on the fileservers.
The next necessity is for me to be able to apply permissions to the folders on the fileserver based on the users that are created on the domain controller.
LDAP Authentication for Web Access I am trying to build a LDAP server to allow access to the wireless network in conjunction with Meraki wireless access points. I am using Ubuntu 10.10 and trying to install OpenLDAP from their documentation but I keep running into the error "configure: error: MozNSS not found - please specify the location to the NSPR and NSS header files in CPPFLAGS and the location to the NSPR and NSS libraries in LDFLAGS (if not in the system location)" I have OpenSSL installed but I also got these when I ran ./configure
checking openssl/ssl.h usability... no
checking openssl/ssl.h presence... no
checking for openssl/ssl.h... no
checking gnutls/gnutls.h usability... no
[code]....
I just did a clean install of FC12 x86_64 and want to configure tomcat to run behind apache httpd. What is the easiest way to accomplish this? I'm a newbie at server configuration so detailed instructions would be nice
View 4 Replies View RelatedI would like to know whether ldap can be used to authenticate wireless clients with my server.server and clients are connected to a wireless router and i am able to get wireless adapter work in my ubuntu. Is there any anything extra which is required or the openldap server will work for wireless clients?
View 1 Replies View Relatedso I got bugzilla up and running (finally) on an ubuntu server...
but in order to use the ldap integration, you need:
Mozilla::LDAP (aka PerLDAP) Perl module
Mozilla/Netscape LDAP SDK
neither of which exist in the repositories, or anywhere on the internet. the best I could find was a request to build a package from over a year ago...
I did find source that I can build... the Perl module builds and starts to begin the setup process -- but I get stuck at the point where it requires the SDK... which I cannot find anywhere in a plain downloadable form. the one I found seems incomplete:
[URL]
Making a Samba Server with LDAP authentication. Will post as I go along. Found these sources, anything/hiccups I should know before jumping in? Figure would follow the official documentation then check the others for comparative errors.
https://help.ubuntu.com/10.04/server...ap-server.html
https://help.ubuntu.com/10.04/server...amba-ldap.html
http://tuxnetworks.blogspot.com/2010...cid-short.html
Also Do other computers that want access to server also need samba installed (or just client)?
The server is 10.04 and my proposed client is 10.10, does this create problems?
Do I need to use ACL? I see them only in certain places.
Using xfce after Ubuntu install, not sure if this matters.
My scenario is similar to this person scenario: http:[url]......Here at the clinics, we already have established leaf/shorewall firewalls. Our domain controllers are win2k3 boxes.I've installed ubuntu 9.10 on a sound desktop/server and installed two nics inside that box.How do I make Dansguardian talk to our domain controllers, and give users access to the internet via established groups? What would be the best way to do this?
View 2 Replies View RelatedI maintain a samba PDC for a small business, our current setup does not work very well; on a hardware upgrade I directled imported the old ldap database and attempting to add machines to the domain causes all sorts of trouble.
I'm 95% sure the original database (which predates my employment) was created using the idealx smb-ldap tools, unfortunately on our current platform (debian lenny) these tools seem to be broken; the only things hey seem to do reliably are set passwords and add posix users, asking them to do anything involving samba/windows causes errors. The idealx tools seem to be abandoned, and I don't know enough perl to try and fix them.
Since the idealx scripts seem to be abandoned, and most of the good samba+ldap how-tos references the idealx tools, I was wondering what people use nowadays to manage there ldap directories; surely they aren't importing .ldif files to add new users/machines like I've been doing. Are people just writing thier own management scripts/web-apps? Or are the smb=ldap tools just broke on debian?how to generate the NT/LM password hashes and proper SIDs, does anybody have anything they could point me to about this?
We're trying to validate LDAP authentication from Linux against our AD global catalog servers. I'm seeing lots of LDAP query tools, but what I need is a free/open source application that can use LDAP to query AD to authenticate... something as simple as entering the hostname/IP of our AD/global catalog server and the port, then passing an AD username/password to it to validate logon capability. Anyone know of any software/apps that can do this? I don't want to get into configuring Samba for LDAP or trying to authenticate my actual Linux server again AD... I just want an application that uses LDAP for authentication.
View 2 Replies View RelatedI have a openldap server running on one machine (fedora10) and pam_ldap.so and nss_ldap.so running on the other machine.
I have added a new user to the LDAP server database, this user is not created on client machine.
1. Can i login to the client machine using this new user?
2. Now if i try logging with this new user I am getting error messages, the error messages are as follows at client side
Sep 2 10:34:36 localhost sshd[8484]: Invalid user kim from 10.254.194.148
Sep 2 10:34:36 localhost sshd[8485]: input_userauth_request: invalid user kim
Sep 2 10:35:16 localhost sshd[8484]: pam_ldap: error trying to bind as user "cn=min soo,ou=people,dc=samsung,dc=com" (Invalid credentials)
[Code]....
i have successful secure ldap replication but i could not make ldap client to direct its authentication to slave ldap
here is my config file on ldap client (i am not sure if it is the right place though)
ip : 192.168.1.183 is master ldap
ip : 192.168.1.185 is slave ldap
pico /etc/ldap/ldap.conf
#
# LDAP Defaults
code....
I'm wondering how I can enable LDAP support for my Ubuntu 10.04 LTS server running Apache 2 and PHP 5.3.2? What I'm trying to do is allow users on my existing company's LDAP system to login to my Elgg site automatically (and possibly have their details filled automatically).
View 1 Replies View RelatedI want to setup tomcat and apache to run on SSL. I did set up apache to run with ssl and tomcat (wo ssl). Tomcat is on 8081 and apache is on standard HTTP/HTTPS ports. Now I installed JK module and I want to access "host-manager" application on tomcat with ssl, but when I try https://localhost/host-manager/ I get 503 error and when I try [URL]. I get 404 error. Here's my /etc/apache2/sites-available/default conf:
Code:
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory> .....
Here is /etc/apache2/mods-enabled/jk.load:
Code:
LoadModule jk_module /usr/lib/apache2/modules/mod_jk.so
JkWorkersFile /etc/apache2/workers.properties
JkLogFile /var/log/apache2/mod_jk.log
JkLogLevel info
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
JkRequestLogFormat "%w %V %T"
and here is workers.properties:
Code:
worker.list=worker1
worker.testWorker.port=8009
worker.testWorker.host=localhost
worker.testWorker.type=ajp13
I installed eclipse and tomcat with package manager. Eclipse and tomcat are running but i can't see tomcat in the eclipse. I just see 'Basic' folder. That is a screenshot [URL]
View 1 Replies View Relatedi have changed the permissions of tomcat folder stiill firstly,i did this
[whacko@localhost local]$ /usr/local/tomcat/bin/startup.sh
Using CATALINA_BASE: /usr/local/tomcat
Using CATALINA_HOME: /usr/local/tomcat
[code]...
I am trying to set up an Apache frontend server followed by a Tomcat server. Tomcat needs to run as an https service. I will have two services, both accessible independently, if desired.This login module is a webapp, running inside Tomcat.
Question:
Do I configure the Tomcat on port 8443 (I want to run it as a non-root) and do nothing with Apache or do I run on the standard port 8080 and configure Apache?
If Tomcat, is it server.xml? (connector?)
If Apache, is it httpd.conf?
I am trying to allow my freshly installed ubuntu 10.04 to authenticate with ldap. I did follow the doc https://help.ubuntu.com/community/LD...Authentication and some other hints with no success.My needs is just to use an ldap existing server (active directory in my site, but i wish to use it via ldap, not via samba/ winbind) to validate users on services using pam modules.After the package installation the command getent passwd retrieve just local users and I don't understand if my ubuntu client is not querying the server or the server reply with some message.
View 2 Replies View RelatedOne I cant figure out is a problem of authentication. I'm using open ldap server and try to authenticate a groupware (simple groupware) against it. As it fails, I tested with a ldap client to understand things better. Using GQ ldap client, I 'm able to browse my ldap tree successfully and to search some args from the base DN i specified. but when entering the exact uid as a search string iI got no answer whereas searching the cn returns the correct entry (and display its related entry including the uid I can't find ..) Here is the only thing I can trace in logs (syslog) when trying to seach firstname.lastname (= uid)
[Code]....
I have a Apache web server and a separate tomcat 5 server. I can run the jsp-exaples just fine using HTTP. However using HTTPS fails. For some reason it appears HTTPS is not forwarding to the connector, I get 404 not found, returned.If I simply try https://apache_server_ip I successfully connect to the default Apache page.According to this page it should just work. Apache should do the ssl encryption/decryption and tomcat operate as normal.
View 1 Replies View RelatedAnyone who can help me with good tutorials to learn Apache tomcat Administration? any ebook or material?
View 1 Replies View RelatedI succesfully extract it and run it. This code is shown
Problems: [url]
I have used same Hardware and OS platfrom for web server benchmarking and i have used similar php and jsp scripts for Apache and Tomcat. For this testing i have used apache ab benchmarking toolFrom this statistics i would like to clarify the performances about Apache and Tomcat.
1. why Tomcat have taken too much of time to finish this 10 million requests to compare with Apache?
2. why this huge different for "Request per Second"?
3. To Tomcat i have increased multi thread level 300 and JVM memory usage upto 2048mb(but performances not increased), rather than these, is there any other performance tune-up settings for Tomcat?
4. from these statistics, can i come to the conclusion that apache is the best?
5.do u feel that ab tool favouring to Apache?
I'm configuring a web server using Apache and Tomcat. I use Apache 2 and various instances of Tomcat5 and Tomcat6..I try that Apache serves the static data and tomcat the dynamic (Apache receives all requests, sending tomcat only the dynamic)I see that Apache and Tomcat can be connected using http or ajp Can any tell me:
- What connector should I use: ajp, http,...?
- How can I say Apache to serve the static data and Tomcat the dynamic?Due to I have many instances of Tomcat, connectins http and https, https with client certificates, and due to the port configuration:
- Is there any way to configure Apache-tomcat without the use of ports in tomcat (a differect connector)?
I need to install apache tomcat on centos 5.3...How can i do it
View 4 Replies View Related