Grouper Users - Open Discussion List

[Scott Koranda <>]

> I'm setting up a grouper server for the first time. I've been able to
> configure grouper loader to pull in all of our active directory users
> as LDAP entries. I've been able to use that data to search & populate
> groups.
> 
> 
> What I'm struggling with is how to authenticate the web UI for group
> management. If I make manual accounts in Tomcat, I can log in, but
> obviously that's not the desired method. Can I point the UI to ldap/AD
> to authenticate through tomcat? I've been scouring the documentation
> but I keep finding instructions for the loader, not the web ui
> authentication.
> 
> 
> I'd appreciate any help pointing me in the right direction.

The Grouper UI is "just" a Java web application that leverages
"container managed security". So there is no direct Grouper UI
configuration to use LDAP per se, rather you configure Tomcat
for LDAP authentication and the Grouper UI relies on Tomcat
telling it the user details.

You probably want a JNDIRealm. This URL 

https://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html

and this URL

https://tomcat.apache.org/tomcat-7.0-doc/config/realm.html

may be helpful.

The Grouper UI "interface" to Tomcat is the web.xml file. You
probably have in 

.../Catalina/localhost/grouper.xml

something like

<Context 
    docBase="/opt/grouper-2.2.1/grouper.ui-2.2.1/dist/grouper"
    path="/grouper" reloadable="false"/>

So the important web.xml file is in

.../grouper.ui-2.2.1/dist/grouper/WEB-INF

You can inspect that file to understand what the Grouper UI
expects from a Tomcat Realm configuration. If you need to
change the web.xml file read the default version for a hint
about how to set a build.properties value and merge in your
deployment specific needs in a way that will not be
overwritten. 

HTH,

Scott K