http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html#JNDIRealm
<http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html>
Using Tomcat 6.0.24 on Windows Server 2003 Standard R2 SP2
1. We use MS Active Directory, is the "uid" in the following example for
userPattern the same as the "sAMAccountName" ?
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
connectionURL="ldap://localhost:389";
userPattern="uid={0},ou=people,dc=mycompany,dc=com"
roleBase="ou=groups,dc=mycompany,dc=com"
roleName="cn"
roleSearch="(uniqueMember={0})"
/>
2. The quick start section said to create a user account for the Tomcat user,
if required. That is the account Tomcat uses to browse the LDAP, I understand
that, but where is it used in the Realm? Is it the connectionName and
connectionPassword attributes?
The way Active Directory is setup for us looks something like this:
dc=mycompany,dc=com
ou=mydept
ou=division1
ou=division2
ou=division...n
ou=service accounts (this is where we created the tomcat user account, and
the role accounts for the webapp)
ou=other depts, etc.
I would like to set up the realm so that any user in any division, under
"mydept" will be found. Does this look right? (aside from changing the
connection url to ours) Or do I substitue the sAMAccountName for "uid"?
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
connectionURL="ldap://localhost:389";
connectionName="tomcat user account name"
connectionPassword="tomcat user account pw"
userPattern="uid={0},ou=mydept,dc=mycompany,dc=com"
roleBase="ou=mydept,dc=mycompany,dc=com"
roleName="ou=service accounts,cn=ourwebapprolename,dc=mycompany,dc=com"
roleSearch="(uniqueMember={0})"
userSubtree="true"
/>
Leo Donahue
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
