This might be better asked in a Microsoft forum. We use a similar method of authentication but am unsure of the permissions of the searching user.
Ta Matt -----Original Message----- From: Kal Govindu [mailto:[EMAIL PROTECTED] Sent: 07 July 2004 17:03 To: Tomcat Users List (E-mail) Subject: Tomcat5 - LDAP question. Hi All, Is there a way of setup a user account in Active Directory that can query other user info and does not have permission to update that information. Background: I am trying to setup LDAP authentication on Tomcat5 connecting to Active Directory. When I bind to active directory as common user account I can query my own account and get the k"memberOf" field for role information. I can query and get "memberOf" field for Administrator accounts. I can NOT get "memberOf" field for other user accounts that are not administrators ( just regular users ). When I bind to active directory as an admin account I can query all accounts and get the "memberOf" for role information. But the catch is admin account also has permissions to update this information. I need one of the following: 1. An account on active directry that can query all users and get "memberOf" field but cannot update. 2. An admin account where the password does not have to be setup in clear text in "Server.xml". Thanks Kal CONFIDENTIALITY NOTE: All e-mail sent to or from this address will be received by the Waterfield Group corporate e-mail system and is subject to archival, monitoring, and/or review by someone other than the recipient or the sender. This e-mail and any of its attachments may contain proprietary information, which is privileged and confidential. This e-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this e-mail is strictly prohibited and may be unlawful. If you have received this e-mail in error, please notify the sender immediately and permanently delete the original and any copy of this e-mail and any printout. Thank you.
Any opinions expressed in this E-mail may be those of the individual and not necessarily the company. This E-mail and any files transmitted with it are confidential and solely for the use of the intended recipient. If you are not the intended recipient or the person responsible for delivering to the intended recipient, be advised that you have received this E-mail in error and that any use or copying is strictly prohibited. If you have received this E-mail in error please notify the beCogent postmaster at [EMAIL PROTECTED] Unless expressly stated, opinions in this email are those of the individual sender and not beCogent Ltd. You must take full responsibility for virus checking this email and any attachments. Please note that the content of this email or any of its attachments may contain data that falls within the scope of the Data Protection Acts and that you must ensure that any handling or processing of such data by you is fully compliant with the terms and provisions of the Data Protection Act 1984 and 1998.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
