1. allow SSL connections, adding the LDAP server root certificate to the cacerts
file of the Tomcat JRE. It can be found in your $JAVA_HOME/lib/security directory.
Use the java keytool command to add the certs:
List the existing certificates:
keytool -list -v -keystore cacert
Import certificate:
keytool -importcert -alias HELLO -file <path>/trustedrootcert.cer -keystore <path>/lib/security/cacerts
Password is: changeit
2. verify the configuration in <CATALINA_BASE>/conf/Catalina/localhost/<webapp>.xml:
<Realm className="org.apache.catalina.realm.JNDIRealm"
connectionURL="ldaps://ldap.company.org:636"
connectionName="cn=user,ou=serviceusers,ou=services,o=ORG"
connectionPassword="pwd"
userBase="o=ORG"
userSubtree="true"
userSearch="(cn={0})"
roleBase="ou=Functions,ou=GROUPS,o=ORG"
roleName="cn"
roleSearch="(member={0})"
/>
3. verify the configuration in web.xml:
<security-constraint>
<display-name>LDAP security constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>MyRequiredGroup</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Tomcat auth</realm-name>
</login-config>
<security-role>
<role-name>MyRequiredGroup</role-name>
</security-role>
