Hi Graham, I was also attempting this about 2 months ago with Active Directory and Tomcat 5.5.9. I got everything working about 70%. The problem that I ran into was that I did not setup any kind of connection pooling on the AD side of things. I have no control over the Windows side of the house and didn't want to make any waves with keeping a pool of connections open on the AD server. so I eventually scapped the idea and just connect and disconnect per request. I have copied below the relevant peices of my LDAP/AD JNDI stuff, maybe you will find them useful.
<!-- WEB-INF/web.xml --> <resource-ref> <description>AD Connection</description> <res-ref-name>ldap/TASC</res-ref-name> <res-type>javax.naming.directory.DirContext</res-type> <res-auth>Container</res-auth> </resource-ref> <!-- end WEB-INF/web.xml --> <!-- server.xml --> <Resource name="ldap/TASC" auth="Container" type=" javax.naming.directory.DirContext" authMechanism="simple" factory="com.affinity.resources.ldapAccess" username="<user>" password="<passwd>" url="ldap://<server>:389"/> <!-- end server.xml --> ... I realize this is not the best way to do it, but this was just a proof of concept. <!-- com.affinity.resources.ldapAccess.java --> package com.affinity.resources; import java.util.Enumeration; import java.util.Hashtable; import java.util.Iterator; import java.util.Set; import javax.naming.Context; import javax.naming.Name; import javax.naming.NamingException; import javax.naming.directory.DirContext; import javax.naming.directory.InitialDirContext; import javax.naming.RefAddr; import javax.naming.Reference; import javax.naming.spi.ObjectFactory; public class ldapAccess implements ObjectFactory { public ldapAccess() {} public Object getObjectInstance(Object obj, Name nm, Context nameCtx, Hashtable environment) throws NamingException { DirContext ctx = null; Hashtable<String, String> env = new Hashtable<String, String>(11); Reference ref = (Reference) obj; Enumeration addrs = ref.getAll(); env.put(Context.INITIAL_CONTEXT_FACTORY, " com.sun.jndi.ldap.LdapCtxFactory"); while (addrs.hasMoreElements()) { RefAddr addr = (RefAddr) addrs.nextElement(); String name = addr.getType(); String value = (String) addr.getContent(); if (name.equals("password")) { env.put(Context.SECURITY_CREDENTIALS, value); } else if (name.equals("username")) { env.put(Context.SECURITY_PRINCIPAL, value); } else if (name.equals("authMechanism")) { env.put(Context.SECURITY_AUTHENTICATION, value); } else if (name.equals("url")) { env.put(Context.PROVIDER_URL, value); } } try { ctx = new InitialDirContext(env); } catch (NamingException ne) { ne.printStackTrace(); throw new NamingException(ne.getMessage()); } return ctx; } } <!-- end com.affinity.resources.ldapAccess.java --> I believe that was all the configuration I had to do. Then to call this in my applications I would do this: Context initCtx = new InitialContext(); Context envCtx = (Context) initCtx.lookup("java:comp/env"); DirContext ad = (DirContext) envCtx.lookup("ldap/TASC"); ad would then be my directory connection object. The major problem with this setup is that if you ever call ad.close() it will close the entire JNDI resource thus making it unavailable until you restart Tomcat. The problem with leaving it open is that there is most likely a timeout enforced on the LDAP/AD side of things. So making a class that would handle LDAP connection pooling would be required for any production use. I hope you find this helpful. Best Regards, Jason Beck On 4/6/06, Graham Leggett <[EMAIL PROTECTED]> wrote: > > Hi all, > > There are lots of tutorials available explaining how to make a JDBC > database pool available to a web application. > > I cannot however find any tutorials explaining how to do the same thing > with a JNDI/LDAP connection. > > Sure, there are lots of tutorials explaining how to secure your webapp > using container managed security, but this isn't what I am looking for. > > I would like my web application to make queries and changes to an LDAP > directory, and I would like the LDAP connection to be defined in > server.xml, the same way I can do it with JDBC. > > Does anyone know whether this is possible? > > Regards, > Graham > -- > > >