Hi,
We have an issue with a rundeck setup as tomcat war deployement.
We are trying to configure LDAP access via tomcat and JAAS.
We configure realm in the server.xml :
<Realm className="org.apache.catalina.realm.CombinedRealm">
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase" digest="sha-256"/>
<Realm className="org.apache.catalina.realm.JAASRealm"
appName="rundeck_app_name_ldap"
userClassNames="com.sun.security.auth.UserPrincipal"
roleClassNames="com.sun.security.auth.UserPrincipal" debug="99"
/>
</Realm>
We also configure the WEB-INF/jaas.conf :
rundeck_app_name_ldap {
com.sun.security.auth.module.LdapLoginModule REQUIRED
debug="true"
useSSL="false"
contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
providerUrl="ldap://xx.xx.xx.xx:389"
bindDn="cn=usertouse,dc=company,dc=fr"
bindPassword="password"
authenticationMethod="simple"
forceBindingLogin="true"
userBaseDn="ou=def_tree,ou=def_tree,dc=company,dc=fr"
userRdnAttribute="sAMAccountName"
userIdAttribute="sAMAccountName"
userPasswordAttribute="unicodePwd"
userObjectClass="user"
roleBaseDn="ou=def_tree,ou=def_tree,dc=tessi-techno,dc=fr"
roleNameAttribute="sAMAccountName"
roleMemberAttribute="member"
roleObjectClass="group"
cacheDurationMillis="300000"
supplementalRoles="user"
reportStatistics="true"
timeoutRead="10000"
timeoutConnect="20000"
nestedGroups="true";
};
We change the tomcat launcher to set up the conf at startup :
JAVA_OPTS="${JAVA_OPTS} -Drundeck.config.location=${RDECK_BASE}/rundeck-config.properties -Drdeck.base=${RDECK_BASE}"
JAVA_OPTS="${JAVA_OPTS} -Djava.security.auth.login.config=/path/to/rundeck/WEB-INF/jaas.conf -Dloginmodule.name=rundeck_app_name_ldap"
When we launch tomcat,, everything is ok.
We can login with user defined in tomcat_users.xml
BUT we can't connect to the LDAP.
We get an error message when I try to connect whith my user :
2016-08-03 15:24:56,623 [main][INFO ][org.apache.catalina.startup.Catalina] - Server startup in 42359 ms
[LdapLoginModule] search-first mode; SSL disabled
[LdapLoginModule] aborted authentication
2016-08-03 15:25:57,847 [http-apr-8080-exec-1][WARN ][org.apache.catalina.realm.JAASRealm] - Exception lors de l'authentification par login du nom d'utilisateur myPersonalUser
javax.security.auth.login.LoginException: Unable to locate the LDAP directory service
at com.sun.security.auth.module.LdapLoginModule.login(LdapLoginModule.java:503)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687)
at javax.security.auth.login.LoginContext.login(LoginContext.java:595)
at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:433)
at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:354)
at org.apache.catalina.realm.CombinedRealm.authenticate(CombinedRealm.java:146)
at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:294)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:449)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
at org.apache.tomcat.util.net.AprEndpoint$SocketWithOptionsProcessor.run(AprEndpoint.java:2377)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Any idea ?
Thanks for your reply :)