How do I set up Tomcat with authentication in LDAP?

Question

"How to use LDAP for authentication in Tomcat with Custom Authorization"

"LDAP authentication via web.xml in Tomcat"

"LDAP Authentication Requirements and How to do it"

I seem to not be the only one struggling with this issue. With the current configuration, I can authenticate with my LDAP users and not with system or tomcat users. The problem is that whenever I'm logged in, I'm denied access to the files I should see.

I currently have a web.xml with the following info

<security-constraint>
<web-resource-collection>
<web-resource-name>Nrt</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Home</realm-name>
</login-config>

and a server.xml with the following content

<Realm className="org.apache.catalina.realm.JNDIRealm"
             connectionURL="ldap://192.168.75.146:389"
             userPattern="uid={0},ou=people,dc=localhost,dc=localdomain"
             roleBase="cn=admin,ou=group,dc=localhost,dc=localdomain"
             roleName="cn"
             roleSearch="memberUid={1}"
             debug="99"/>

I have tried to find documentation around the net, but I'm simply stuck. So far, I've managed to access it without LDAP users, or log in with LDAP users and not access the files.

Any help would be greatly appreciated.

Answer 1

If I understand it correctly, you can authenticate via LDAP but the authorization piece is not working as expected. Based on the information you have provided, you are missing the mapping between your roles and your groups. You can find the instructions here