I seem to remember ActiveDirectory being discussed here, on this mailing list. The good thing about ActiveDirectory is that, if you do not have an overly complicated schema, you can use the LDAP subset to query the directory (you need to do a fair bit of tweaking to get ActiveDirectory to output results in LDAP-compliant format though. I'm not an expert on ActiveDirectory, so I really cannot advise you on this).
If you're using Windows NT as the PDC, I think you can't get the Tomcat realm to work with it (Please, somebody, tell me otherwise!).
As for writing your own Realm implementation, unless you are a really seasoned programmer, this can be a very daunting task. An easier way is to download and look at SecurityFilter. The example webapp has source code that you can look at, and not get confused by it. I highly recommend this to implementing your own realm. However, this still does not address the problem of extracting user credentials from a PDC.
There is another solution : use Novell's DirXML product to do a periodic sync of data in Active Directory or NTLM into an LDAP directory, then use the JNDI realm in Tomcat. This is not a free solution, and it does require you to read up on another product, but this product is also very good for syncing data between different directories (OpenLDAP, Netscape Directory Server, Novell eDirectory, even flat files).
Hope this helps !
Frank Schaare wrote:
Hi,
we´re building an Intranet application running on Tomcat 4.1.30 (Client OS is Win2K). It would be very suitable to authentificate the users against the NT Domain Controller to avoid a second login.
I searched this ML and Google but did not find very much about this theme.
There is a SourceForce Project called NTDCRealm which seems to fit our needs, but has absolutely no documentation.
Probably, we need to nest a custom NTDCRealm Tag in our WebApp context. To learn, how to do this, i searched the Tomcat documentation (http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html#Standard%20Realm%20Implementations)
and again, there is a gap:
"It is also possible to write your own Realm implementation, and integrate it with Tomcat 4. However, doing this is beyond the scope of this document. See (FIXME - reference to developer stuff) for more information."
Here are my questions:
Does this reference to developer stuff exist anywhere ?
Does anyone ever made the NTDCRealm to work ?
Does anyone knows another (documentatet) Implementation of NT authentification ?
Any hints, links, documents about this theme are warmly welcome.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
-- A complex system that works is invariably found to have evolved from a simple system that works. +----------------------------------------------------------------+ | Pascal Chong | | email: [EMAIL PROTECTED] | | | | Please visit my site at : http://cymulacrum.net | | If you're using my documentation, please read the Terms and | | and Conditions at http://cymulacrum.net/terms.html | +----------------------------------------------------------------+
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
