On 21/03/2013 23:49, chris derham wrote: >> <Context> >> <Realm className="org.apache.catalina.realm.JNDIRealm" >> adCompat="true" >> allRolesMode="authOnly" >> referrals="follow" >> connectionURL="ldap://dc01.mydom.local:389" >> connectionName="mydom\tcuser" >> connectionPassword="Pa55w0rd" >> userBase="dc=mydom,dc=local" >> userSubtree="true" >> userSearch="(sAMAccountName={0})" >> roleBase="ou=groups,ou=myappl,dc=mydom,dc=local" >> roleName="cn" >> roleSearch="(member={0})" >> roleSubtree="true" >> /> >> </Context> > > This has come up multiple times on the mailing list - essentially it > can not/should not be done. Please see > http://wiki.apache.org/tomcat/FAQ/Password for details
While generally that is correct, JNDIRealm plus Windows authentication is a special case. It should be possible to remove the connectionName and connectionPassword attributes from the above configuration. See the JNDI docs and the useDelegatedCredential attribute in particular. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org