LDAP tomcat JNDIRealm

时间:2017-03-21 05:23:51

标签: java tomcat ssl ldap

我使用以下server.xml文件配置tomcat以使用 JNDIRealm 连接到 ldap 服务器。

但是我一直收到错误:

  

引起:javax.naming.CommunicationException:localhost:389 [根异常是java.net.ConnectException:连接被拒绝:连接]

我无处使用localhost:389如果你看到我的连接url使用了host和636端口。那么它是什么导致连接到localhost:389。

下面是server.xml:

<?xml version='1.0' encoding='utf-8'?>
<Server port="8005" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<Listener className="org.apache.catalina.core.JasperListener" />
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<GlobalNamingResources>
<Resource name="UserDatabase" auth="Container"
          type="org.apache.catalina.UserDatabase"
          description="User database that can be updated and saved"
          factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
          pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<Service name="Catalina">
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" 
 SSLEnabled="true" maxThreads="150" scheme="https" secure="true" 
 keystoreFile="keystore_key.jks" keystoreType="JKS" 
 keystorePass="xxxxx" URIEncoding="UTF-8" clientAuth="false" sslProtocol="TLS" /> 
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
<Engine name="Catalina" defaultHost="localhost">    
<Realm className="org.apache.catalina.realm.JNDIRealm"
            connectionURL="ldap://mycomapny.org:636" 
            userSubtree="true"
            userBase="DC=test,DC=win,DC=user,DC=org" 
            userSearch="(&amp;(sAMAccountName={0})(objectcategory=user))"
            userRoleName="memberOf" 
            roleBase="DC=test,DC=win,DC=user,DC=org" 
            roleName="cn"
            roleSearch="(member={0})" 
            roleSubtree="true" 
            roleNested="true"/>
<Host name="localhost" appBase="webapps">
            <Context docBase="spnego" path="">
                <Valve className="org.apache.catalina.authenticator.SpnegoAuthenticator"
                    storeDelegatedCredential="true" />
            </Context>
        </Host>
</Engine>
</Service>
</Server>

1 个答案:

答案 0 :(得分:0)

您是否尝试在connectionURL设置中指定ldaps,即 的ConnectionURL = “LDAPS://mycompany.org:636”

端口389用于非安全连接

相关问题
最新问题