Jacob, I took a quick look at the source, but it looks like the passwords are digested here also (i.e. will not work with Active Directory). From what I understand, with AD the authentication has to be done _on_ the server. Thanks, Ryan
--- Jacob Kjome <[EMAIL PROTECTED]> wrote: > Hello Ryan, > > Check this out: > http://www.peacetech.com/java/files/apache/tomcat/ > > I haven't used it (nor have I used JNDIRealm at all > so far), but I > grab stuff that looks like useful info off the list > and put it in my > Vault ( http://www.personalmicrocosms.com/ ) from > time to time. Hopefully it is useful for you. > > Jake > > Monday, June 10, 2002, 3:18:15 PM, you wrote: > > R> Jonathan, > R> This is sort of off subject, but does your Active > R> Directory setup work for Authentication?? It > seems to > R> me that it wouldn't since there is no > userPassword > R> attribute in AD, but I am hoping I'm wrong. > R> Thanks, > R> Ryan > > R> --- Jonathan Eric Miller <[EMAIL PROTECTED]> > R> wrote: > >> If you are using Tomcat 4.1.3, there are two > modes > >> that you can use for > >> checking roles. If you set roleSearch, it will > look > >> for search for group > >> objects that contain a list of users for each > group. > >> If you set > >> userRoleName, it will get the group information > out > >> of the user's entry > >> instead. i.e. you don't need separate group > objects. > >> > >> If you are using Active Directory, I found that > you > >> can use a setup similar > >> to the following. > >> > >> This goes in server.xml, > >> > >> <Realm > >> className="org.apache.catalina.realm.JNDIRealm" > >> debug="99" > >> connectionName="myadminuser@mydomain" > >> connectionPassword="myadminpassword" > >> connectionURL="ldap://mydomaincontroller"; > >> userBase="cn=Users, dc=mydomain" > >> userRoleName="memberOf" > >> userSearch="(userPrincipalName={0}@mydomain)"/> > >> > >> Group membership is stored in an attribute named > >> memberOf in Active > >> Directory. myadminuser doesn't really have to be > an > >> admin user in AD. It > >> just has to have read permission to the memberOf > >> attribute which is visible > >> to normal user accounts by default. > >> > >> This goes in web.xml, > >> > >> <security-constraint> > >> <web-resource-collection> > >> <web-resource-name>Tomcat</web-resource-name> > >> <url-pattern>/*</url-pattern> > >> </web-resource-collection> > >> <auth-constraint> > >> > >> > R> > <role-name>CN=Tomcat,CN=Users,DC=mydomain</role-name> > >> </auth-constraint> > >> </security-constraint> > >> <login-config> > >> <auth-method>BASIC</auth-method> > >> <realm-name>Tomcat</realm-name> > >> </login-config> > >> > >> In the above example, I created a group in the > Users > >> container named Tomcat. > >> If you want to see how things are organized in > >> Active Directory, you can use > >> LDIFDE to dump the directory into an LDIF file. > >> That's how I figured it out. > >> > >> Jon > >> > >> ----- Original Message ----- > >> From: "Cristina Perez Sanchez" > <[EMAIL PROTECTED]> > >> To: <[EMAIL PROTECTED]> > >> Sent: Monday, June 10, 2002 9:10 AM > >> Subject: Roles in JNDIRealms > >> > >> > >> > Hi, > >> > > >> > could anyone tell me what objectclass must be > >> group > >> > entries that represent roles associated to > users > >> in > >> > JNDIRealms?? I use groupOfUniqueNames as > >> objectclass > >> > but I would like to know if the objectclass > group > >> is > >> > more proper or if the objectclass isn�t > relevant. > >> > > >> > > >> > Thanks for advance, > >> > > >> > Cristina > >> > > >> > > __________________________________________________ > >> > Do You Yahoo!? > >> > Yahoo! - Official partner of 2002 FIFA World > Cup > >> > http://fifaworldcup.yahoo.com > >> > > >> > -- > >> > To unsubscribe, e-mail: > >> > <mailto:[EMAIL PROTECTED]> > >> > For additional commands, e-mail: > >> <mailto:[EMAIL PROTECTED]> > >> > > >> > >> > >> -- > >> To unsubscribe, e-mail: > >> > <mailto:[EMAIL PROTECTED]> > >> For additional commands, e-mail: > >> <mailto:[EMAIL PROTECTED]> > >> > > R> > __________________________________________________ > R> Do You Yahoo!? > R> Yahoo! - Official partner of 2002 FIFA World Cup > R> http://fifaworldcup.yahoo.com > > R> -- > R> To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > R> For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > > > -- > Best regards, > Jacob > mailto:[EMAIL PROTECTED] > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
