-Tim
Pitre, Russell wrote:
Hey All-
Finally Finally, Finally, I figured out how to authenticate to Active Directory.......(code below minus the login form).....now to go further, I would like to implement Single Sign-On.....somehow we would need to retrieve the user's name and password off their NT machine and use them to automatically post the form......does anyone have any suggestions?
Also, I was able to see in the log that it enumerates the groups of the
user, but It didn't find the "Domain Users"
group.........hmmmm.....anyone know why? I see the security group in AD
Comp & Users......
<SERVER.XML>
<Context>
......stuff
......stuff
.....stuff
<Realm className="org.apache.catalina.realm.JNDIRealm"
debug="99"
connectionURL="ldap://[Domain Controller]:389"
userBase="OU=Users,OU=Shawmut,DC=[Domain],DC=com"
userSearch="(sAMAccountName={0})"
userRoleName="member"
roleBase="OU=Users,OU=Shawmut,DC=[Domain],DC=com"
roleName="memberOf"
roleSearch="(memberOf=CN=tomcat,CN=Users,DC=[Domain],DC=com)"
connectionName="CN=Administrator,CN=Users,DC=[Domain],DC=com"
connectionPassword="[password]"
roleSubtree="true"
userSubtree="true"/>
</Context>
<WEB.XML>
<security-constraint>
<display-name>Show Tracker Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>CN=Alloffice,OU=SDC,OU=Email Distribution
Lists,OU=Groups,OU=Shawmut,DC=[Domain],DC=com</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Show Tracker Authentication Area</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]