About this document
This is more specific to Tomcat than Hudson but as i did my specific configuration for Hudson i think it can help someone here
Existing Realms
There are 5 existing realms for Tomcat 6:
- JDBCRealm - Accesses authentication information stored in a relational database, accessed via a JDBC driver.
- DataSourceRealm - Accesses authentication information stored in a relational database, accessed via a named JNDI JDBC DataSource.
- JNDIRealm - Accesses authentication information stored in an LDAP based directory server, accessed via a JNDI provider.
- MemoryRealm - Accesses authentication information stored in an in-memory object collection, which is initialized from an XML document (conf/tomcat-users.xml).
- JAASRealm - Accesses authentication information through the Java Authentication & Authorization Service (JAAS) framework.
See Tomcat documentation here for more information.
Specific need
For my company i need to have an LDAP authentication and an hudson authorization management.
So i just had to mix JNDIRealm & JDBCRealm.
The result is LdapJDBCRealm (LdapJdbcRealm.java,LdapJdbcRealm.class). This is only a deal with overriding some methods.
Parameters are also mix of Realms, see server.xml template in installation steps.
Installation steps (Tomcat 6.x)
- Copy the Mysql JDBC driver to your %CATALINA_HOME%/lib (get it here)
- Copy this .class file to %CATALINA_HOME%/lib/org/apache/catalina/realm folder
- Update server.xml configuration file (%CATALINA_HOME%/conf).Look at the following template:
this is the template for LdapJDBCRealm configuration in server.xml file:<Realm className="org.apache.catalina.realm.LdapJdbcRealm" debug="99" connectionName="_your bind accound information_" connectionPassword="_your bind accound password if anonymous not supported_" connectionURL="_ldap url server (like http://ldapserver:389)_" userPattern="_pattern to search your user_" roleBase="dummyValue" roleSubtree="true" roleName="groupMembership" roleSearch="cn=DummyValue" driverName="com.mysql.jdbc.Driver" dbConnectionURL="jdbc:mysql://localhost:3306/hudson_users?user=userForDatabase&password=userpassword" dbConnectionName="userForDatabase" dbConnectionPassword="userpassword" userTable="users" userNameCol="user_name" userRoleTable="user_roles" roleNameCol="role_name" />
- Create your users database. See here for scripts to create it.
Once you do that, Hudson should authenticate users against LDAP server and get their authorization using your local database.