1. 技术文章
  2. Worklight WAS Liberty profile configuration based on Tomcat configuration

Worklight WAS Liberty profile configuration based on Tomcat configuration

白昼怎懂夜的黑 提交于 2019-12-25 02:25:08

问题


For a Pilot project we've set up a Worklight server on a WAS using the Liberty profile. We're basing it on the configuration LDAP configuration of a Tomcat server (used for RTC) on the same machine, but they don't seem to map propertly to each other (in the sense that we can't just "copy-paste" the configuration. We've come to the point where logging into the LDAP server (An Active Directory server) works, but the login doesn't work and doesn't return any error message apart from a failed login in the logs. I am rather sure the binding to the LDAP server succeeds, since when changing the password in the configuration to any other value to the correct one, the log shows a problem regarding it.

Is it possible to take a look at these configurations and see what could be wrong?

The configurations are the following:

For the Tomcat server:

<Realm className="org.apache.catalina.realm.JNDIRealm" 
connectionName="OurCompanyName\JAZZ" connectionPassword="password" 
connectionURL="ldap://servername:389" debug="99" 
referrals="follow" 
roleBase="OU=Security Groups,OU=MyBusiness,DC=OurCompanyName,DC=local" 
roleName="cn" roleSearch="(member={0})" roleSubtree="true"  
userBase="OU=SBSUsers,OU=Users,OU=MyBusiness,DC=OurCompanyName,DC=local" 
userSearch="(sAMAccountName={0})" 
userSubtree="true">

For the WAS Liberty profile:

<ldapRegistry 
ldapType="Microsoft Active Directory"
bindDN="OurCompanyName\JAZZ"
bindPassword="password" 
baseDN="OU=Security Groups,OU=MyBusiness,DC=OurCompanyName,DC=local"
host="servername" 
id="ActiveDirectoryLDAP"
port="389" 
ignoreCase="true" 
userFilter="&amp;(sAMAccountname={0})"
groupFilter="&amp;(member={0})"     
referral="follow"
roleSubtree="true"
userSubtree="true"
userIdMap="*:uid"
groupIdMap="*:cn"
debug="99"> 
</ldapRegistry>

Thanks,

Kristof


回答1:


What is the version of your Liberty Profile ?

The full support of referrals in Liberty is only in 8.5.5.1 (or 8.5.5.0 with an iFix) and the property name is referal not referral (see http://www-01.ibm.com/support/docview.wss?uid=swg1PM96984)

You must define also an attribute loginProperty="uid" (not yet documented). Also roleSubtree, userSubree, debug seem not supported.



来源:https://stackoverflow.com/questions/20677216/worklight-was-liberty-profile-configuration-based-on-tomcat-configuration

标签
Tomcat
active-directory
ldap
ibm-mobilefirst
websphere-liberty
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!