3 Replies Latest reply on Jul 1, 2009 9:52 PM by Dickson Lui

    Passing LDAP-authenticated users from Apache to JBoss

    Gio B Newbie

      Hi Everyone,

      [Was looking for a way to transfer this post from another forum, but couldn't, so pasting here anyway. Apologies for those reading this twice :(]

      I was hoping to get your insights. I am trying to migrate an Apache+LDAP+Tomcat application to an Apache+LDAP+JBoss set-up.

      Authentication is done by Apache via LDAP for protected resources. While it works fine for the existing Tomcat set-up, on my JBoss set-up, it does not work; server.log shows nullpointer exceptions because it is not able to pick up the user that just logged in. I can confirm via Apache's logs that LDAP authentication is happening correctly, but looking at the JBoss request dumper logs, I observe that remoteuser=null. Other parameters have values in them, such as request uri, header referer, remoteaddr, servletpath, etc.

      Now since I am not a developer, I am not sure if picking up the username from the Apache request should be done programatically, or if I am missing something in the JBoss configuration.

      Apache 2.0.63, JBossAS4.2.3GA, mod_jk1.2.27

      Kind regards,
      Dan

        • 1. Re: Passing LDAP-authenticated users from Apache to JBoss
          Gio B Newbie

          Solved!

          It was a matter of adding tomcatAuthentication="false" in the connector settings. I didn't realize this parameter was still valid in JBoss :)

          • 2. Re: Passing LDAP-authenticated users from Apache to JBoss
            Dickson Lui Newbie

            hi dan957,

            I am doing the same task as your migration => Apache + JBoss with using LDAP authenticaion; just use mod_proxy. How can you just use Apache for entry authentication and then access to JBoss's web application? If the user directly call the URL to JBoss's web application, JBoss won't ask them to input the password.

            I still stuck in trying to setup LDAP authentication in JBoss, still fail.

            Thanks for any help.

            • 3. Re: Passing LDAP-authenticated users from Apache to JBoss
              Dickson Lui Newbie

              Hi all,

              Refer to "dan957" setup for authentication, I confuse about his setting. I can setup basic authentication with using LDAP in apache (front end). If no authentication setup in JBoss, how can I secure the JBoss web server even thought I get the remote user name from apache. Anyone can directly call JBoss with using the URL in their bookmark. Any trick???????

              For my target setup
              -----------------------

              End User ---> (one server with apache and JBoss)
              Apache with proxy to JBoss
              |
              |
              |
              v
              JBoss with LDAP
              (set IP control, only accept localhost request)


              Any comment/suggestion? I still stuck in using LDAP authentication in JBoss!!!!!