I am trying to configure a JNDIRealm to authenticate against an Active
Directory.
http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html#JNDIRealm
The authentication seems to work but I wonder how to map LDAP groups
to security roles.
I do not want to add groups in the LDAP server, but to
2008/10/9 Kevin Jackson [EMAIL PROTECTED]:
I am trying to configure a JNDIRealm to authenticate against an Active
Directory.
http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html#JNDIRealm
The authentication seems to work but I wonder how to map LDAP groups
to security roles.
I do not
Geronimo maps roles to security principals:
http://cwiki.apache.org/GMOxDOC10/jboss-to-geronimo-security-migration.html
Maybe this feature could be ported into tomcat.
On Thu, Oct 9, 2008 at 3:18 PM, Kevin Jackson [EMAIL PROTECTED] wrote:
I am trying to configure a JNDIRealm to authenticate
2008/9/23 Jérôme Delattre [EMAIL PROTECTED]
Hello,
Env: Tomcat 6.0.18 / Java 6 / Windows
I am trying to configure a JNDIRealm to authenticate against an Active
Directory.
http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html#JNDIRealm
The authentication seems to work but I wonder how
Hi Jerome,
have you thought about adding an extra attribute to the groups, so that
the mapping is done by a normal ldap query?
Consider having an objectClass tomcatRoleMapping which has one attribute
tomcatRole. Than with your mapping like below
securityrole1=group1,group2,group4
From: Felix Schumacher [mailto:[EMAIL PROTECTED]
Subject: Re: JNDIRealm - mapping LDAP group to security role
have you thought about adding an extra attribute to the
groups, so that the mapping is done by a normal ldap query?
Even that's not necessary. The servlet security model already has
Am Mittwoch, den 08.10.2008, 12:04 -0500 schrieb Caldarale, Charles R:
From: Felix Schumacher [mailto:[EMAIL PROTECTED]
Subject: Re: JNDIRealm - mapping LDAP group to security role
have you thought about adding an extra attribute to the
groups, so that the mapping is done by a normal
2008/10/8 Caldarale, Charles R [EMAIL PROTECTED]
From: Felix Schumacher [mailto:[EMAIL PROTECTED]
Subject: Re: JNDIRealm - mapping LDAP group to security role
have you thought about adding an extra attribute to the
groups, so that the mapping is done by a normal ldap query?
Even
2008/10/8 Felix Schumacher [EMAIL PROTECTED]:
Hi Jerome,
have you thought about adding an extra attribute to the groups, so that
the mapping is done by a normal ldap query?
Consider having an objectClass tomcatRoleMapping which has one attribute
tomcatRole. Than with your mapping like below
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jérôme Delattre
Subject: Re: JNDIRealm - mapping LDAP group to security role
What should I do with it? add the same security-role-ref for each
LDAP group to all my Servlets? sound strange...
Yes, you're right; I missed
No idea?
I thought it was a common use case ...
Jerome
2008/9/23 Jérôme Delattre [EMAIL PROTECTED]
Hello,
Env: Tomcat 6.0.18 / Java 6 / Windows
I am trying to configure a JNDIRealm to authenticate against an Active
Directory.
I do not want to add groups in the LDAP server, but to map existing
ones to the roles defined in my web application instead.
Perhaps you can use the security-role-ref declaration; look in section 12
of the servlet spec.
If I remember well the security-role-ref just creates an alias on an
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jérôme Delattre
Subject: Re: JNDIRealm - mapping LDAP group to security role
If I remember well the security-role-ref just creates an alias on an
existing security-role for servlets.
It's not related to the mapping between my
If I remember well the security-role-ref just creates an alias on an
existing security-role for servlets.
It's not related to the mapping between my system groups and the
application roles.
O.k., I'm confused. Isn't an alias just what you need to do the mapping from
any role names used
14 matches
Mail list logo
