Recently I was asked to look at building a web application that would run on Tomcat and use Active Directory for authentication. Since I didn’t exactly know how to do this, I thought it would be interesting to get an OSS LDAP server up and running on my Mac and try hooking into it with Tomcat. Since I couldn’t find this already on the net, I thought it would be handy to document the process I went through to get this set up.First, you will need to have the following packages installed:- MacPorts- TomcatNow for the step-by-step:Install OpenLDAP from MacPorts
sudo port install openldap
Copy slapd.conf.default to slapd.conf
cp /opt/local/etc/openldap/slapd.conf.default /opt/local/etc/openldap/slapd.conf
Customize OpenLDAP configuration for Tomcat sample schema
edit /opt/local/etc/openldap/slapd.conf
Add additional schemas needed to support the Tomcat sample:
include /opt/local/etc/openldap/schema/cosine.schemainclude /opt/local/etc/openldap/schema/inetorgperson.schema
Also set suffix and rootdn as shown in this sample. There’s no need to change the database type, however.Notice that the slapd.conf file defines a location that doesn’t exist for a pidfile and argsfile, so we’ll need to create the directory:
sudo mkdir /opt/local/var/run
Start up OpenLDAP:
sudo /opt/local/libexec/slapd
Check that it’s running:
ps -ef|grep slapd
If it’s not, use -d -1 options on the command line to see what’s causing it to fail.Copy the LDIF sample file shown on the Tomcat page into a text file.Import the sample data:
ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f tomcatsample.ldif
Backup Tomcat’s server config
cd tomcat_rootcp conf/server.xml conf/server.xml.backup
Edit the realm definition as shown on the Tomcat page – authentication should not be needed to do LDAP lookups with the default configuration
edit conf/server.xml