-----Original Message----- From: Ross Rankin [mailto:[EMAIL PROTECTED] Sent: Friday, July 02, 2004 1:23 PM To: 'Kal Govindu'; 'Tomcat Users List (E-mail)' Subject: RE: LDAP - newbee help
To authenticate users you will need an account / password that has read privileges and a base DN. You will need to configure Tomcat with that info in the server.xml. So you will need to ask for an account that has access to the group you will to authenticate from and the user needs to be a member. Here's a good idea of what need to be configured: <Realm className="org.apache.catalina.realm.JNDIRealm" connectionURL="ldap://[Windows 2000 Domain Controller]:389" userBase="CN=Users,dc=[domain name],dc=com" userSearch="(userPrincipalName={0})" userRoleName="member" roleBase="CN=Users,dc=[domain name],dc=com" roleName="cn" roleSearch="(member={0})" connectionName="CN=[jndi account username],CN=Users,DC=[domain name],DC=com" connectionPassword="[jndi account password]" roleSubtree="true" userSubtree="true" /> Replace [Windows 2000 Domain Controller] with the name of one of your domain controller Replace [domain name] with the name of your network domain. If you aren't sure about what your domain name is, open up ADSI edit, choose the defaults, and look at what it says next to the Domain NC icon. Replace [jndi account username] with the name of the user you requested Replace [jndi account password] with the password of user you requested -----Original Message----- From: Kal Govindu [mailto:[EMAIL PROTECTED] Sent: Friday, July 02, 2004 8:50 AM To: Tomcat Users List (E-mail) Subject: RE: LDAP - newbee help Thank you for clearing that up. I will take a look at that document. I have made a connection to the Active Directory, but am not able to authenticate users yet, probably since I don't know details about how user or members and their corresponding role information is store in our Directory Server. I will need to contact the tech guys for that. In Microsoft Active Directory terms, where is this information stored? and what is called? so I can ask the right questions. Thanks Kal -----Original Message----- From: Ross Rankin [mailto:[EMAIL PROTECTED] Sent: Thursday, July 01, 2004 2:09 PM To: Kal Govindu; 'Tomcat Users List (E-mail)' Subject: RE: LDAP - newbee help LDAP, Lightweight Directory Access Protocol, is a protocol that other programs use to look up contact information from a server, such as Microsoft Active Directory. It is a service provided by a server, not a server. An LDAP server is a server that provides LDAP services... The Microsft AD service is LDAP-compatible. http://www.microsoft.com/windowsserver2003/techinfo/overview/ldapcomp.mspx Ross -----Original Message----- From: Kal Govindu [mailto:[EMAIL PROTECTED] Sent: Thursday, July 01, 2004 1:51 PM To: Tomcat Users List (E-mail) Subject: LDAP - newbee help Hello all, I am trying to setup tomcat 5 to authenticate against Microsoft Directory Server through LDAP. I have found a very detailed document for tomcat 5 and JNDI realm. One question before I go any further: Is LDAP server a server that needs to be started separately from directory server? If so, where can I get that? Thanks Kal CONFIDENTIALITY NOTE: All e-mail sent to or from this address will be received by the Waterfield Group corporate e-mail system and is subject to archival, monitoring, and/or review by someone other than the recipient or the sender. This e-mail and any of its attachments may contain proprietary information, which is privileged and confidential. This e-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this e-mail is strictly prohibited and may be unlawful. If you have received this e-mail in error, please notify the sender immediately and permanently delete the original and any copy of this e-mail and any printout. Thank you. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
