Hello Ryan, Check this out: http://www.peacetech.com/java/files/apache/tomcat/
I haven't used it (nor have I used JNDIRealm at all so far), but I grab stuff that looks like useful info off the list and put it in my Vault ( http://www.personalmicrocosms.com/ ) from time to time. Hopefully it is useful for you. Jake Monday, June 10, 2002, 3:18:15 PM, you wrote: R> Jonathan, R> This is sort of off subject, but does your Active R> Directory setup work for Authentication?? It seems to R> me that it wouldn't since there is no userPassword R> attribute in AD, but I am hoping I'm wrong. R> Thanks, R> Ryan R> --- Jonathan Eric Miller <[EMAIL PROTECTED]> R> wrote: >> If you are using Tomcat 4.1.3, there are two modes >> that you can use for >> checking roles. If you set roleSearch, it will look >> for search for group >> objects that contain a list of users for each group. >> If you set >> userRoleName, it will get the group information out >> of the user's entry >> instead. i.e. you don't need separate group objects. >> >> If you are using Active Directory, I found that you >> can use a setup similar >> to the following. >> >> This goes in server.xml, >> >> <Realm >> className="org.apache.catalina.realm.JNDIRealm" >> debug="99" >> connectionName="myadminuser@mydomain" >> connectionPassword="myadminpassword" >> connectionURL="ldap://mydomaincontroller"; >> userBase="cn=Users, dc=mydomain" >> userRoleName="memberOf" >> userSearch="(userPrincipalName={0}@mydomain)"/> >> >> Group membership is stored in an attribute named >> memberOf in Active >> Directory. myadminuser doesn't really have to be an >> admin user in AD. It >> just has to have read permission to the memberOf >> attribute which is visible >> to normal user accounts by default. >> >> This goes in web.xml, >> >> <security-constraint> >> <web-resource-collection> >> <web-resource-name>Tomcat</web-resource-name> >> <url-pattern>/*</url-pattern> >> </web-resource-collection> >> <auth-constraint> >> >> R> <role-name>CN=Tomcat,CN=Users,DC=mydomain</role-name> >> </auth-constraint> >> </security-constraint> >> <login-config> >> <auth-method>BASIC</auth-method> >> <realm-name>Tomcat</realm-name> >> </login-config> >> >> In the above example, I created a group in the Users >> container named Tomcat. >> If you want to see how things are organized in >> Active Directory, you can use >> LDIFDE to dump the directory into an LDIF file. >> That's how I figured it out. >> >> Jon >> >> ----- Original Message ----- >> From: "Cristina Perez Sanchez" <[EMAIL PROTECTED]> >> To: <[EMAIL PROTECTED]> >> Sent: Monday, June 10, 2002 9:10 AM >> Subject: Roles in JNDIRealms >> >> >> > Hi, >> > >> > could anyone tell me what objectclass must be >> group >> > entries that represent roles associated to users >> in >> > JNDIRealms?? I use groupOfUniqueNames as >> objectclass >> > but I would like to know if the objectclass group >> is >> > more proper or if the objectclass isn�t relevant. >> > >> > >> > Thanks for advance, >> > >> > Cristina >> > >> > __________________________________________________ >> > Do You Yahoo!? >> > Yahoo! - Official partner of 2002 FIFA World Cup >> > http://fifaworldcup.yahoo.com >> > >> > -- >> > To unsubscribe, e-mail: >> <mailto:[EMAIL PROTECTED]> >> > For additional commands, e-mail: >> <mailto:[EMAIL PROTECTED]> >> > >> >> >> -- >> To unsubscribe, e-mail: >> <mailto:[EMAIL PROTECTED]> >> For additional commands, e-mail: >> <mailto:[EMAIL PROTECTED]> >> R> __________________________________________________ R> Do You Yahoo!? R> Yahoo! - Official partner of 2002 FIFA World Cup R> http://fifaworldcup.yahoo.com R> -- R> To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> R> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- Best regards, Jacob mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
