Setting up IHS/TOMCAT for LDAP
I was trying to help Anthony setting up LDAP connection in his IHS
following this doc: https://jazz.net/learn/content/docs/server- install/ihssetup.html We can connect to port 80, we get the projects, then when I click login it redirects me to port 443 as expected Then I am not challenged for any uid/pswd and I get a white page in the browser We are using M1 Q: Who created that doc ? :) Q: Anyone know how to troubleshoot it ? I see nothing in the Log except info that there is no credentials (which makes sense as I am not challenged) Thx :) -- Christophe Elek Serviceability Architect IBM Software Group - Rational |
5 answers
Document is not available. Does it include also a download location for the IHS?
https://jazz.net/jazz/web/projects/Jazz%20Project#action=com.ibm.team.workitem.viewWorkItem&id=38621 |
peter.kirschner@de.bosch-dot-com.no-spam.invalid (peterk) wrote in
news:fjb4si$4ug$1@localhost.localdomain: Document is not available. Does it include also a download location Peter, I asked Matt on the work item 38621 and it seems we want to promote LDAP in Tomcat instead of IHS for the open source story But are you using WebSphere ? Where would you want the credential to be checked ? In a reverse proxy ? In the Application Server ? In the Web Server ? What would be your preferred architecture ? -- Christophe Elek Serviceability Architect IBM Software Group - Rational |
Hello Christophe,
currently we run on Linux with Tomcat and DB2. The final solution (compliant with our IT operators) should look like this... - Windows 2003 Server - Websphere authenticating against Windows Active Directory - Oracle But for evaluating, testing and extending we like to have something like this ... - Windows XP - Tomcat auth. against LDAP or Active Directory - Derby/Oracle Express/DB2 Express We tried to configure the tomcat realm and encountered following problem. User mapping is done, but tomcat is expecting exactly the same roles (JazzAdmin, ...) inside the LDAP, which we cannot enter. Any ideas or alternatives? |
peter.kirschner@de.bosch-dot-com.no-spam.invalid (peterk) wrote in
news:fjo1uu$qvd$1@localhost.localdomain: Any ideas or alternatives? Humm, we should be able to 'map' a group in LDAP/ActiveDirectory to the JazzAdmins group... this is the goal of an App Server... I can tell you it works fine in WebSphere and is very easy Peter, do you want us to work on Tomcat or do you think it will be good if you try a WinXP/WAS 6.1.0.13/DB in your test environment as it is closer to the real production ? I can tell you installing and setting up WebSphere is pretty easy... and we could use this test to enhance the paper I wrote... Let me know :) -- Christophe Elek Serviceability Architect IBM Software Group - Rational |
Hello Christophe
We finally got it running with LDAP / MSAD. At least it works sometimes, we still encounter some strange behavior. As base we used the server installation guide from the Jumpstart team and additionally we had to dig into the Apache Tomcat documentation. Finally we found this very helpful document, especially for MSAD: http://wiki.apache.org/tomcat/JNDI_HowTo The only thing that is weired now is that the server sometimes denies access and claims that the user is not permitted to access the area. A few minutes later he changes his mind and everything works again. Now we try to activate logging for the authentication procedure, so we can find out what is wrong. Regards, Stefan |
Your answer
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.