2013/8/7 Christopher Schultz <ch...@christopherschultz.net>: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Vicky, > > On 8/6/13 10:46 PM, vicky007aggar...@yahoo.co.in wrote: >> Hi All, >> >> Can somebody pls share the steps requires to setup active directory >> with tomcat . >> >> Is it valid to simply define a user in the active directory ldap >> without assigning any role to it ?? Will we still be able to >> authenticate the user when logged in from the application.if yes >> then kindly share the configuration which i need to do in web.xml >> and server.xml. >> >> I need this because in our application we have ldap users defined >> without any role mapped to them, so i want to know how to configure >> this in server.xml and web.xml,so that user get authenticated >> successfully > > I'm not sure about your LDAP configuration exactly (I've never used > Tomcat with LDAP authentication myself) but Tomcat's security is > entirely based upon roles. Thus, if you have (LDAP) users that are not > in any group, those users are not going to be able to successfully > access any resources unless you have <role-name>*</role-name> in your > <auth-constraint>.
And , at least for tomcat 6 and 7, you will need to set the JNDIRealm attribute "allRolesMode" to "authOnly" if your users don't have any role in the LDAP. http://tomcat.apache.org/tomcat-7.0-doc/config/realm.html#JNDI_Directory_Realm_-_org.apache.catalina.realm.JNDIRealm --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org