Setting up IHS/TOMCAT for LDAP
I was trying to help Anthony setting up LDAP connection in his IHS
following this doc: https://jazz.net/learn/content/docs/server-
install/ihssetup.html
We can connect to port 80, we get the projects, then when I click login it
redirects me to port 443 as expected
Then I am not challenged for any uid/pswd and I get a white page in the
browser
We are using M1
Q: Who created that doc ? :)
Q: Anyone know how to troubleshoot it ? I see nothing in the Log except
info that there is no credentials (which makes sense as I am not
challenged)
Thx :)
--
Christophe Elek
Serviceability Architect
IBM Software Group - Rational
following this doc: https://jazz.net/learn/content/docs/server-
install/ihssetup.html
We can connect to port 80, we get the projects, then when I click login it
redirects me to port 443 as expected
Then I am not challenged for any uid/pswd and I get a white page in the
browser
We are using M1
Q: Who created that doc ? :)
Q: Anyone know how to troubleshoot it ? I see nothing in the Log except
info that there is no credentials (which makes sense as I am not
challenged)
Thx :)
--
Christophe Elek
Serviceability Architect
IBM Software Group - Rational
5 answers
peter.kirschner@de.bosch-dot-com.no-spam.invalid (peterk) wrote in
news:fjb4si$4ug$1@localhost.localdomain:
Peter, I asked Matt on the work item 38621 and it seems we want to promote
LDAP in Tomcat instead of IHS for the open source story
But are you using WebSphere ? Where would you want the credential to be
checked ? In a reverse proxy ? In the Application Server ? In the Web
Server ?
What would be your preferred architecture ?
--
Christophe Elek
Serviceability Architect
IBM Software Group - Rational
news:fjb4si$4ug$1@localhost.localdomain:
Document is not available. Does it include also a download location
for the IHS?
https://jazz.net/jazz/web/projects/Jazz%20Project#action=com.ibm.team.w
orkitem.viewWorkItem&id=38621
Peter, I asked Matt on the work item 38621 and it seems we want to promote
LDAP in Tomcat instead of IHS for the open source story
But are you using WebSphere ? Where would you want the credential to be
checked ? In a reverse proxy ? In the Application Server ? In the Web
Server ?
What would be your preferred architecture ?
--
Christophe Elek
Serviceability Architect
IBM Software Group - Rational
Hello Christophe,
currently we run on Linux with Tomcat and DB2.
The final solution (compliant with our IT operators) should look like this...
- Windows 2003 Server
- Websphere authenticating against Windows Active Directory
- Oracle
But for evaluating, testing and extending we like to have something like this ...
- Windows XP
- Tomcat auth. against LDAP or Active Directory
- Derby/Oracle Express/DB2 Express
We tried to configure the tomcat realm and encountered following problem. User mapping is done, but tomcat is expecting exactly the same roles (JazzAdmin, ...) inside the LDAP, which we cannot enter.
Any ideas or alternatives?
currently we run on Linux with Tomcat and DB2.
The final solution (compliant with our IT operators) should look like this...
- Windows 2003 Server
- Websphere authenticating against Windows Active Directory
- Oracle
But for evaluating, testing and extending we like to have something like this ...
- Windows XP
- Tomcat auth. against LDAP or Active Directory
- Derby/Oracle Express/DB2 Express
We tried to configure the tomcat realm and encountered following problem. User mapping is done, but tomcat is expecting exactly the same roles (JazzAdmin, ...) inside the LDAP, which we cannot enter.
Any ideas or alternatives?
peter.kirschner@de.bosch-dot-com.no-spam.invalid (peterk) wrote in
news:fjo1uu$qvd$1@localhost.localdomain:
Humm, we should be able to 'map' a group in LDAP/ActiveDirectory to the
JazzAdmins group... this is the goal of an App Server...
I can tell you it works fine in WebSphere and is very easy
Peter, do you want us to work on Tomcat or do you think it will be good if
you try a WinXP/WAS 6.1.0.13/DB in your test environment as it is closer to
the real production ?
I can tell you installing and setting up WebSphere is pretty easy... and we
could use this test to enhance the paper I wrote...
Let me know :)
--
Christophe Elek
Serviceability Architect
IBM Software Group - Rational
news:fjo1uu$qvd$1@localhost.localdomain:
Any ideas or alternatives?
Humm, we should be able to 'map' a group in LDAP/ActiveDirectory to the
JazzAdmins group... this is the goal of an App Server...
I can tell you it works fine in WebSphere and is very easy
Peter, do you want us to work on Tomcat or do you think it will be good if
you try a WinXP/WAS 6.1.0.13/DB in your test environment as it is closer to
the real production ?
I can tell you installing and setting up WebSphere is pretty easy... and we
could use this test to enhance the paper I wrote...
Let me know :)
--
Christophe Elek
Serviceability Architect
IBM Software Group - Rational
Hello Christophe
We finally got it running with LDAP / MSAD. At least it works sometimes, we still encounter some strange behavior.
As base we used the server installation guide from the Jumpstart team and additionally we had to dig into the Apache Tomcat documentation. Finally we found this very helpful document, especially for MSAD: http://wiki.apache.org/tomcat/JNDI_HowTo
The only thing that is weired now is that the server sometimes denies access and claims that the user is not permitted to access the area. A few minutes later he changes his mind and everything works again. Now we try to activate logging for the authentication procedure, so we can find out what is wrong.
Regards,
Stefan
We finally got it running with LDAP / MSAD. At least it works sometimes, we still encounter some strange behavior.
As base we used the server installation guide from the Jumpstart team and additionally we had to dig into the Apache Tomcat documentation. Finally we found this very helpful document, especially for MSAD: http://wiki.apache.org/tomcat/JNDI_HowTo
The only thing that is weired now is that the server sometimes denies access and claims that the user is not permitted to access the area. A few minutes later he changes his mind and everything works again. Now we try to activate logging for the authentication procedure, so we can find out what is wrong.
Regards,
Stefan