RE: JNDIRealm...more

Wed, 05 Nov 2003 10:13:57 -0800 

Ok, figured it out.  For those who are curious (IE the handful of other people who've 
been taking part in JNDIRealm threads on this list:

        roleBase="OU=Users,OU=[Your OU from the userBase],DC=[Domain],DC=com"
        roleName="memberOf"
        roleSearch="(Whatever group all members allowed to log in should be a part of)"

Now, when you refer to their role in the rest of your application, you use the DN of 
the NT Group that they are supposed to be a part of.  That way, you can use NT 
permissions to control your web app.

Justin

-----Original Message-----
From: Hart, Justin 
Sent: Wednesday, November 05, 2003 12:00 PM
To: Tomcat Users List
Subject: RE: JNDIRealm...more


Ok, cool, so, how I have a question about the parts:
                
        roleBase="OU=Users,OU=[my OU],DC=[Domain],DC=com"
        roleName="memberOf"     
        roleSearch="(memberOf=CN=tomcat,CN=Users,DC=[Domain],DC=com)"

This is going to specify what "roles" apply to the user under the "role-name" portion 
of the web.xml, correct?  As well as for use with isUserInRole(), right?

If I want the roles that apply to my user to be their NT Groups, would I make it 
something akin to:

roleBase="CN=Users,DC=[Domain],DC=com"
roleName="memberOf"

Will it take all of their roles, even with roleSearch specified?

Am I on the Right Track(tm) with all of this?

Justin

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Monday, November 03, 2003 4:16 PM
To: [EMAIL PROTECTED]
Subject: RE: JNDIRealm...more


Here's what I have......this works for me....hope this helps....

        <Realm className="org.apache.catalina.realm.JNDIRealm"
                debug="99"
                connectionURL="ldap://[domain controller]:389"
                userBase="OU=Users,OU=[My OU],DC=[Domain],DC=com"
                userSearch="(sAMAccountName={0})"
                userRoleName="member"
                roleBase="OU=Users,OU=[my OU],DC=[Domain],DC=com"
                roleName="memberOf"
        
roleSearch="(memberOf=CN=tomcat,CN=Users,DC=[Domain],DC=com)"
        
connectionName="CN=Administrator,CN=Users,DC=[Domain],DC=com"
                connectionPassword="[password]"
                roleSubtree="true"
                userSubtree="true"/>To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to