Never mind, I was able to configure Tomcat to use LDAP. The browser does not ask twice for credentials. Life is good.

Hi,

   I have Apache 2.2 in front of Tomcat 6 using the mod_jk module.

   I disabled the HTTP connector in Tomcat, therefore, all my requests go through Apache.

   My Apache web server is configured to authenticate users using an LDAP server.

   I would like to keep access to the Tomcat Manager application, but right now I am getting asked for two set of credentials when accessing the manager application: the first set is asked by Apache (the LDAP credentials) and the second time is Tomcat  (using the credentials in tomcat-users.xml).

   I would like to only be asked once for credentials, the LDAP credentials.

a)       Is there a way to disable in Tomcat 6 the security built-in around the manager application and let Apache manage the access to  it?

b)       Or, should I configure the JNDIRealm of Tomcat to use the same LDAP server? Would I still be asked twice for credentials?

I was trying option (b) but I haven’t been able to authenticate to LDAP on Tomcat, but then I thought option (a) would be better,

   Does anybody have secured the Tomcat manager web application using Apache?

Thanks

-Jorge