tachtler:apache_tomcat_7_-_ldap-authentifizierung_jndirealm
Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Beide Seiten der vorigen RevisionVorhergehende ÜberarbeitungNächste Überarbeitung | Vorhergehende Überarbeitung | ||
tachtler:apache_tomcat_7_-_ldap-authentifizierung_jndirealm [2015/05/07 16:43] – klaus | tachtler:apache_tomcat_7_-_ldap-authentifizierung_jndirealm [2015/05/07 18:20] (aktuell) – [/etc/tomcat/tomcat-users.xml] klaus | ||
---|---|---|---|
Zeile 348: | Zeile 348: | ||
===== Konfiguration: | ===== Konfiguration: | ||
- | Nachfolgende Konfiguration zeigt die notwendigen | + | Nachfolgende Konfiguration zeigt die notwendigen |
* Siehe auch den internen Link: [[tachtler: | * Siehe auch den internen Link: [[tachtler: | ||
:!: **WICHTIG** - **Nachfolgende Konfigurationen sind auf dem __Apache Tomcat Applikations-Server__ durchzuführen !!!** | :!: **WICHTIG** - **Nachfolgende Konfigurationen sind auf dem __Apache Tomcat Applikations-Server__ durchzuführen !!!** | ||
+ | |||
+ | Nachfolgende Stellen innerhalb der Konfigurationsdatei des [[http:// | ||
+ | |||
+ | ==== / | ||
+ | |||
+ | Die Konfigurationsdatei | ||
+ | * **''/ | ||
+ | ist unter [[http:// | ||
+ | |||
+ | Nachfolgend sollen einige Änderungen bzw. Ergänzungen an dieser Konfigurationsdatei durchgeführt werden, welchen ein Kommentar, wie nachfolgend dargestellt, | ||
+ | < | ||
+ | <!-- Tachtler --> | ||
+ | </ | ||
+ | |||
+ | Hier die **komplette Konfigurationsdatei** mit allen Änderungen bzw. Ergänzungen, | ||
+ | <code xml> | ||
+ | <?xml version=' | ||
+ | <!-- | ||
+ | Licensed to the Apache Software Foundation (ASF) under one or more | ||
+ | contributor license agreements. | ||
+ | this work for additional information regarding copyright ownership. | ||
+ | The ASF licenses this file to You under the Apache License, Version 2.0 | ||
+ | (the " | ||
+ | the License. | ||
+ | |||
+ | http:// | ||
+ | |||
+ | Unless required by applicable law or agreed to in writing, software | ||
+ | distributed under the License is distributed on an "AS IS" BASIS, | ||
+ | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
+ | See the License for the specific language governing permissions and | ||
+ | limitations under the License. | ||
+ | --> | ||
+ | <!-- Note: A " | ||
+ | | ||
+ | | ||
+ | | ||
+ | <!-- Tachtler --> | ||
+ | <!-- default: <Server port=" | ||
+ | <Server port=" | ||
+ | <!-- Security listener. Documentation at / | ||
+ | < | ||
+ | --> | ||
+ | <!--APR library loader. Documentation at / | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | <!-- Prevent memory leaks due to use of particular java/javax APIs--> | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | |||
+ | <!-- Global JNDI resources | ||
+ | | ||
+ | --> | ||
+ | < | ||
+ | <!-- Editable user database that can also be used by | ||
+ | | ||
+ | --> | ||
+ | <!-- Tachtler disabled --> | ||
+ | <!-- disabled: < | ||
+ | <!-- disabled: | ||
+ | <!-- disabled: | ||
+ | <!-- disabled: | ||
+ | <!-- disabled: | ||
+ | </ | ||
+ | |||
+ | <!-- A " | ||
+ | a single " | ||
+ | so you may not define subcomponents such as " | ||
+ | | ||
+ | | ||
+ | <Service name=" | ||
+ | |||
+ | <!--The connectors can use a shared executor, you can define one or more named thread pools--> | ||
+ | <!-- | ||
+ | < | ||
+ | maxThreads=" | ||
+ | --> | ||
+ | |||
+ | |||
+ | <!-- A " | ||
+ | and responses are returned. Documentation at : | ||
+ | Java HTTP Connector: / | ||
+ | Java AJP Connector: / | ||
+ | APR (HTTP/AJP) Connector: / | ||
+ | | ||
+ | --> | ||
+ | <!-- Tachtler --> | ||
+ | <!-- default: < | ||
+ | <!-- default: | ||
+ | <!-- default: | ||
+ | < | ||
+ | | ||
+ | | ||
+ | | ||
+ | <!-- A " | ||
+ | <!-- | ||
+ | < | ||
+ | | ||
+ | | ||
+ | | ||
+ | --> | ||
+ | <!-- Define a SSL HTTP/1.1 Connector on port 8443 | ||
+ | This connector uses the BIO implementation that requires the JSSE | ||
+ | style configuration. When using the APR/native implementation, | ||
+ | | ||
+ | | ||
+ | <!-- | ||
+ | < | ||
+ | | ||
+ | | ||
+ | --> | ||
+ | |||
+ | <!-- Define an AJP 1.3 Connector on port 8009 --> | ||
+ | <!-- < | ||
+ | < | ||
+ | |||
+ | |||
+ | <!-- An Engine represents the entry point (within Catalina) that processes | ||
+ | every request. | ||
+ | | ||
+ | on to the appropriate Host (virtual host). | ||
+ | | ||
+ | |||
+ | <!-- You should set jvmRoute to support load-balancing via AJP ie : | ||
+ | <Engine name=" | ||
+ | --> | ||
+ | <Engine name=" | ||
+ | |||
+ | <!--For clustering, please take a look at documentation at: | ||
+ | / | ||
+ | / | ||
+ | <!-- | ||
+ | <Cluster className=" | ||
+ | --> | ||
+ | |||
+ | <!-- Use the LockOutRealm to prevent attempts to guess user passwords | ||
+ | via a brute-force attack --> | ||
+ | <Realm className=" | ||
+ | <!-- This Realm uses the UserDatabase configured in the global JNDI | ||
+ | | ||
+ | that are performed against this UserDatabase are immediately | ||
+ | | ||
+ | <!-- Tachtler - disabled --> | ||
+ | <!-- disabled: <Realm className=" | ||
+ | <!-- disabled: | ||
+ | </ | ||
+ | |||
+ | <Host name=" | ||
+ | unpackWARs=" | ||
+ | |||
+ | <!-- SingleSignOn valve, share authentication between web applications | ||
+ | | ||
+ | <!-- | ||
+ | <Valve className=" | ||
+ | --> | ||
+ | |||
+ | <!-- Access log processes all example. | ||
+ | | ||
+ | Note: The pattern used is equivalent to using pattern=" | ||
+ | <Valve className=" | ||
+ | | ||
+ | | ||
+ | |||
+ | </ | ||
+ | </ | ||
+ | </ | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | **Nachfolgend die Erklärungen zu den gemachten Änderungen bzw. Ergänzungen: | ||
+ | |||
+ | === Bereich: Server | GlobalNamingResources === | ||
+ | |||
+ | Nachfolgende Änderungen **deaktivieren** die Nutzung der Konfigurationsdatei | ||
+ | * ''/ | ||
+ | durch den [[http:// | ||
+ | * **'' | ||
+ | |||
+ | <code xml> | ||
+ | < | ||
+ | <!-- Editable user database that can also be used by | ||
+ | | ||
+ | --> | ||
+ | <!-- Tachtler - DISABLED --> | ||
+ | <!-- disabled: < | ||
+ | <!-- disabled: | ||
+ | <!-- disabled: | ||
+ | <!-- disabled: | ||
+ | <!-- disabled: | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | === Bereich: Server | Service | Engine | Realm === | ||
+ | |||
+ | Nachfolgende Änderungen **deaktivieren** die Nutzung der Konfigurationsdatei | ||
+ | * ''/ | ||
+ | durch den [[http:// | ||
+ | * **'' | ||
+ | |||
+ | <code xml> | ||
+ | <!-- Use the LockOutRealm to prevent attempts to guess user passwords | ||
+ | via a brute-force attack --> | ||
+ | <Realm className=" | ||
+ | <!-- This Realm uses the UserDatabase configured in the global JNDI | ||
+ | | ||
+ | that are performed against this UserDatabase are immediately | ||
+ | | ||
+ | <!-- Tachtler - DISABLED --> | ||
+ | <!-- disabled: <Realm className=" | ||
+ | <!-- disabled: | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | ==== / | ||
+ | |||
+ | Die Konfigurationsdatei | ||
+ | * **''/ | ||
+ | ist unter [[http:// | ||
+ | |||
+ | Nachfolgend sollen einige Änderungen bzw. Ergänzungen an dieser Konfigurationsdatei durchgeführt werden, welchen ein Kommentar, wie nachfolgend dargestellt, | ||
+ | < | ||
+ | <!-- Tachtler --> | ||
+ | </ | ||
+ | |||
+ | Hier die **komplette Konfigurationsdatei** mit allen Änderungen bzw. Ergänzungen, | ||
+ | <code xml> | ||
+ | <?xml version=' | ||
+ | <!-- | ||
+ | Licensed to the Apache Software Foundation (ASF) under one or more | ||
+ | contributor license agreements. | ||
+ | this work for additional information regarding copyright ownership. | ||
+ | The ASF licenses this file to You under the Apache License, Version 2.0 | ||
+ | (the " | ||
+ | the License. | ||
+ | |||
+ | http:// | ||
+ | |||
+ | Unless required by applicable law or agreed to in writing, software | ||
+ | distributed under the License is distributed on an "AS IS" BASIS, | ||
+ | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
+ | See the License for the specific language governing permissions and | ||
+ | limitations under the License. | ||
+ | --> | ||
+ | <!-- The contents of this file will be loaded for each web application --> | ||
+ | < | ||
+ | |||
+ | <!-- Default set of monitored resources --> | ||
+ | < | ||
+ | |||
+ | <!-- Tachtler --> | ||
+ | <!-- Enable LDAP authentication --> | ||
+ | <Realm className=" | ||
+ | connectionName=" | ||
+ | connectionPassword=" | ||
+ | | ||
+ | | ||
+ | roleBase=" | ||
+ | roleName=" | ||
+ | roleSearch=" | ||
+ | /> | ||
+ | |||
+ | <!-- Uncomment this to disable session persistence across Tomcat restarts --> | ||
+ | <!-- | ||
+ | <Manager pathname="" | ||
+ | --> | ||
+ | |||
+ | <!-- Uncomment this to enable Comet connection tacking (provides events | ||
+ | on session expiration as well as webapp lifecycle) --> | ||
+ | <!-- | ||
+ | <Valve className=" | ||
+ | --> | ||
+ | |||
+ | </ | ||
+ | </ | ||
+ | |||
+ | === Bereich: Context === | ||
+ | |||
+ | Nachfolgende Änderungen **aktivieren** die Nutzung die Nutzung eines LDAP_Servers durch den [[http:// | ||
+ | * **'' | ||
+ | |||
+ | <code xml> | ||
+ | <!-- Tachtler --> | ||
+ | <!-- Enable LDAP authentication --> | ||
+ | <Realm className=" | ||
+ | connectionName=" | ||
+ | connectionPassword=" | ||
+ | | ||
+ | | ||
+ | roleBase=" | ||
+ | roleName=" | ||
+ | roleSearch=" | ||
+ | /> | ||
+ | </ | ||
+ | |||
+ | ==== / | ||
+ | |||
+ | Die Konfigurationsdatei | ||
+ | * **''/ | ||
+ | stellt eine **Standard**-Konfigurationsdatei zur Authentifizierung der nachfolgenden, | ||
+ | * **'' | ||
+ | |||
+ | :!: **WICHTIG** - **Änderungen zur __Aktivierung__ von Rollen und Benutzer, wie unter nachfolgendem internen Link** | ||
+ | * Siehe auch den internen Link: [[tachtler: | ||
+ | **__sollten__ wieder __rückgängig gemacht werden__** | ||
+ | |||
+ | Nachfolgend die **komplette Konfigurationsdatei** (**wie nach der original Installation ausgeliefert**): | ||
+ | <code xml> | ||
+ | <?xml version=' | ||
+ | <!-- | ||
+ | Licensed to the Apache Software Foundation (ASF) under one or more | ||
+ | contributor license agreements. | ||
+ | this work for additional information regarding copyright ownership. | ||
+ | The ASF licenses this file to You under the Apache License, Version 2.0 | ||
+ | (the " | ||
+ | the License. | ||
+ | |||
+ | http:// | ||
+ | |||
+ | Unless required by applicable law or agreed to in writing, software | ||
+ | distributed under the License is distributed on an "AS IS" BASIS, | ||
+ | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
+ | See the License for the specific language governing permissions and | ||
+ | limitations under the License. | ||
+ | --> | ||
+ | < | ||
+ | <!-- | ||
+ | NOTE: By default, no user is included in the " | ||
+ | to operate the "/ | ||
+ | you must define such a user - the username and password are arbitrary. | ||
+ | --> | ||
+ | <!-- | ||
+ | NOTE: The sample user and role entries below are wrapped in a comment | ||
+ | and thus are ignored when reading this file. Do not forget to remove | ||
+ | <!.. ..> that surrounds them. | ||
+ | --> | ||
+ | <!-- | ||
+ | <role rolename=" | ||
+ | <role rolename=" | ||
+ | <user username=" | ||
+ | <user username=" | ||
+ | <user username=" | ||
+ | --> | ||
+ | |||
+ | <!-- <role rolename=" | ||
+ | <!-- <role rolename=" | ||
+ | <!-- <role rolename=" | ||
+ | <!-- <role rolename=" | ||
+ | <!-- <role rolename=" | ||
+ | <!-- <role rolename=" | ||
+ | <!-- <role rolename=" | ||
+ | <!-- <role rolename=" | ||
+ | <!-- <user name=" | ||
+ | </ | ||
+ | </ | ||
tachtler/apache_tomcat_7_-_ldap-authentifizierung_jndirealm.txt · Zuletzt geändert: 2015/05/07 18:20 von klaus