Depending on your requirements you may want to create a auth servlet that
authenticates users to ldap server using for ex netscape's ldapjdk package or
JDNI classes, and then keep users login in the session object. All you protected
servlets/jsps should assert the session checking if user's info is in the
session.
Another option: to use JNDIRealm, but I can't advise on this b/c I never used
it.
- Boris
>
>Hi,
>
>I am new to the subject:
>How can I enforce ldap authentication for certain resources
>using tomcat - similar to the
>
><Directory toProtectResourcePath >
> Options FollowSymLinks
> AllowOverride None
> AuthType Basic
> AuthName "Authentication"
> AuthLDAPURL ldap://ldapUrl
> require valid-user
></Directory>
>
>for apache in order to be able to get user information via
>e.g. getRemoteUser() etc. ?
>
>And by the way: Where is a valuable description of the configuration
>with server.xml and web.xml?
>
>Thanks.
>
>Astrid
>
>