Ok, cool, so, how I have a question about the parts: roleBase="OU=Users,OU=[my OU],DC=[Domain],DC=com" roleName="memberOf" roleSearch="(memberOf=CN=tomcat,CN=Users,DC=[Domain],DC=com)"
This is going to specify what "roles" apply to the user under the "role-name" portion of the web.xml, correct? As well as for use with isUserInRole(), right? If I want the roles that apply to my user to be their NT Groups, would I make it something akin to: roleBase="CN=Users,DC=[Domain],DC=com" roleName="memberOf" Will it take all of their roles, even with roleSearch specified? Am I on the Right Track(tm) with all of this? Justin -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, November 03, 2003 4:16 PM To: [EMAIL PROTECTED] Subject: RE: JNDIRealm...more Here's what I have......this works for me....hope this helps.... <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" connectionURL="ldap://[domain controller]:389" userBase="OU=Users,OU=[My OU],DC=[Domain],DC=com" userSearch="(sAMAccountName={0})" userRoleName="member" roleBase="OU=Users,OU=[my OU],DC=[Domain],DC=com" roleName="memberOf" roleSearch="(memberOf=CN=tomcat,CN=Users,DC=[Domain],DC=com)" connectionName="CN=Administrator,CN=Users,DC=[Domain],DC=com" connectionPassword="[password]" roleSubtree="true" userSubtree="true"/>To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]