无法使用jndi域增加tomcat6中的日志级别调试

时间:2014-02-19 16:44:06

标签: authentication active-directory ldap tomcat6

我正在尝试将tomcat配置为使用JNDI Realm连接到ldap数据库,以便与Active Directory集成。但是,我在日志中收到以下错误,似乎无法提高日志级别以查看实际情况。

Feb 19, 2014 10:10:41 AM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 1048 ms
Feb 19, 2014 10:10:42 AM org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
Feb 19, 2014 10:10:42 AM org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/6.0.36
Feb 19, 2014 10:10:42 AM org.apache.catalina.realm.RealmBase init
FINE: Register Realm Catalina:type=Realm,realmPath=/realm0
Feb 19, 2014 10:10:42 AM org.apache.catalina.authenticator.AuthenticatorBase start
FINE: No SingleSignOn Valve is present
Feb 19, 2014 10:11:34 AM org.apache.catalina.authenticator.AuthenticatorBase start
FINE: No SingleSignOn Valve is present
Feb 19, 2014 10:11:44 AM org.apache.catalina.authenticator.AuthenticatorBase start
FINE: No SingleSignOn Valve is present
Feb 19, 2014 10:11:45 AM org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Deploying configuration descriptor host-manager.xml
Feb 19, 2014 10:11:45 AM org.apache.catalina.authenticator.AuthenticatorBase start
FINE: No SingleSignOn Valve is present
Feb 19, 2014 10:11:45 AM org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Deploying configuration descriptor manager.xml
Feb 19, 2014 10:11:45 AM org.apache.catalina.authenticator.AuthenticatorBase start
FINE: No SingleSignOn Valve is present
Feb 19, 2014 10:11:45 AM org.apache.coyote.http11.Http11Protocol start
INFO: Starting Coyote HTTP/1.1 on http-80
Feb 19, 2014 10:11:45 AM org.apache.catalina.startup.Catalina start
INFO: Server startup in 64228 ms
Feb 19, 2014 10:11:54 AM org.apache.catalina.authenticator.AuthenticatorBase invoke
FINE: Security checking request GET /tip/
Feb 19, 2014 10:11:54 AM org.apache.catalina.realm.RealmBase findSecurityConstraints
FINE:   Checking constraint 'SecurityConstraint[Secure Area]' against GET /index.jsp --> true
Feb 19, 2014 10:11:54 AM org.apache.catalina.realm.RealmBase findSecurityConstraints
FINE:   Checking constraint 'SecurityConstraint[Secure Area]' against GET /index.jsp --> true
Feb 19, 2014 10:11:54 AM org.apache.catalina.authenticator.AuthenticatorBase invoke
FINE:  Calling hasUserDataPermission()
Feb 19, 2014 10:11:54 AM org.apache.catalina.realm.RealmBase hasUserDataPermission
FINE:   User data constraint has no restrictions
Feb 19, 2014 10:11:54 AM org.apache.catalina.authenticator.AuthenticatorBase invoke
FINE:  Calling authenticate()
Feb 19, 2014 10:11:54 AM org.apache.catalina.authenticator.AuthenticatorBase invoke
FINE:  Failed authenticate() test

tomcat的server.xml中的My Realm配置如下所示:(我显然删除了敏感信息)

  <!-- JNDI Realm authentication start -->
    <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
        connectionURL="ldap://<ldap server goes here>:389"
        connectionName="cn=app,ou=service admin accounts,ou=users,o=iam"
        connectionPassword="password goes here"
        referrals="follow"
        userBase="ou=fil,ou=users,o=iam"
        userSearch="(AMAccountName={0})"
        userSubtree="true"
        roleBase="ou=groups,o=iam"
        roleName="cn"
        roleSubtree="true"
        roleSearch="(member={0})"
    /> 
  <!-- JNDI Realm authentication end -->

我的tomcat logging.properties如下所示:

# Licensed to the Apache Software Foundation (ASF) under one or more

# contributor license agreements.  See the NOTICE file distributed with

# this work for additional information regarding copyright ownership.

# The ASF licenses this file to You under the Apache License, Version 2.0

# (the "License"); you may not use this file except in compliance with

# the License.  You may obtain a copy of the License at

#

#     http://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.



handlers = 1catalina.org.apache.juli.FileHandler, 2localhost.org.apache.juli.FileHandler, 3manager.org.apache.juli.FileHandler, 4host-manager.org.apache.juli.FileHandler, java.util.logging.ConsoleHandler

.handlers = 1catalina.org.apache.juli.FileHandler, java.util.logging.ConsoleHandler



############################################################

# Handler specific properties.

# Describes specific configuration info for Handlers.

############################################################



1catalina.org.apache.juli.FileHandler.level = ALL

1catalina.org.apache.juli.FileHandler.directory = ${catalina.base}/logs

1catalina.org.apache.juli.FileHandler.prefix = catalina.

1catalina.org.apache.juli.FileHandler.bufferSize = -1



2localhost.org.apache.juli.FileHandler.level = ALL

2localhost.org.apache.juli.FileHandler.directory = ${catalina.base}/logs

2localhost.org.apache.juli.FileHandler.prefix = localhost.



3manager.org.apache.juli.FileHandler.level = ALL

3manager.org.apache.juli.FileHandler.directory = ${catalina.base}/logs

3manager.org.apache.juli.FileHandler.prefix = manager.



4host-manager.org.apache.juli.FileHandler.level = ALL

4host-manager.org.apache.juli.FileHandler.directory = ${catalina.base}/logs

4host-manager.org.apache.juli.FileHandler.prefix = host-manager.



java.util.logging.ConsoleHandler.level = ALL

java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter



############################################################

# Facility specific properties.

# Provides extra control for each logger.

############################################################

# Possible levels are: SEVERE, WARNING, INFO, CONFIG, FINE, FINER, FINEST or ALL



org.apache.catalina.realm.level = ALL

org.apache.catalina.realm.useParentHandlers = true

org.apache.catalina.authenticator.level = ALL

org.apache.catalina.authenticator.useParentHandlers = true



org.apache.catalina.core.ContainerBase.[Catalina].[localhost].level = ALL

org.apache.catalina.core.ContainerBase.[Catalina].[localhost].handlers = 2localhost.org.apache.juli.FileHandler



org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager].level = ALL

org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager].handlers = 3manager.org.apache.juli.FileHandler



org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager].level = ALL

org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager].handlers = 4host-manager.org.apache.juli.FileHandler



# For example, to log debug messages in ContextConfig and HostConfig

# classes and to log only warnings and errors in other

# org.apache.catalina.** classes, uncomment these lines:

#org.apache.catalina.startup.ContextConfig.level = FINE

#org.apache.catalina.startup.HostConfig.level = FINE

#org.apache.catalina.level = WARNING

因此,正如您所看到的,我已尝试通过将debug =“99”添加到server.xml并将实际和身份验证器级别更改为ALL来提高日志级别。但是,除了错误失败的身份验证()测试

之外,我仍然没有得到任何看起来有用的内容

其他日志信息在哪里?我期待的是看到LDAP查询结束。

1 个答案:

答案 0 :(得分:0)

我已经看到您的配置有问题... 

    referrals="follow"
    userBase="ou=fil,ou=users,o=iam"
    userSearch="(AMAccountName={0})"
    userSubtree="true"
    roleBase="ou=groups,o=iam"

应该是

    referrals="follow"
    userBase="ou=fil,ou=users,o=iam"
    userSearch="(sAMAccountName={0})"
    userSubtree="true"
    roleBase="ou=groups,o=iam"

根据我的经验,Tomcat服务器和LDAP / AD服务器之间的事务将反映在 localhost。 .log 中,而不是在 catalina中。 .. 日志。

希望有帮助。

相关问题
最新问题