AW: JNDIRealm - Active Directory Roles

Bjoern.Becker Fri, 14 Mar 2014 02:13:30 -0700

Hello,

thanks for your reply. It doesn't make any difference.


I don't understand how the authenticated user receive permissions for one of 
these roles:

        <role rolename="manager"/>
        <role rolename="tomcat"/>
        <role rolename="admin"/>
        <role rolename="manager-gui"/>
        <role rolename="manager-jmx"/>


Best Regards,
Bjoern


-----Ursprüngliche Nachricht-----
Von: Leo Donahue [mailto:donahu...@gmail.com] 
Gesendet: Donnerstag, 13. März 2014 19:31
An: Tomcat Users List
Betreff: Re: JNDIRealm - Active Directory Roles

On Thu, Mar 13, 2014 at 10:15 AM, <bjoern.bec...@easycash.de> wrote:

> Hello,
>
> server.xml:
>         <Realm className="org.apache.catalina.realm.JNDIRealm"  debug="99"
>                 connectionName="CN=SVC,OU=Service 
> Accounts,OU=SITES,OU=\#KONFIGURATION,DC=DOM,DC=de"
>
                connectionPassword="_2VK!WHzybn1SJ8P"
>
> connectionURL="ldap://server:389/OU=SITES,OU=\#KONFIGURATION,DC=DOM,DC=de?sAMAccountName?sub?(objectClass=*)"
>
>                 userSearch="(sAMAccountName={0})"
>                 userSubtree="true"
>
>                 roleSearch="(memberof={0})"
>                 roleSubtree="true"
>                 userRoleName="CN=Tomcat Admins,OU=Roles,OU=Spezielle 
> Gruppen,OU=SITES,OU=\#KONFIGURATION,DC=DOM,DC=de "
>             />
>
> <!--            roleBase="DC=DOM,DC=de"
>                 roleName="cn"
> -->
>

Lines that are different in my context:

connectionURL="ldap://fully.qualified.server.name:389";
userSearch="(&amp;(objectCategory=person)(sAMAccountName={0}))"
roleSearch="(member={0})"
userRoleName="memberOf"

I don't know if it makes a difference for you or not.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

AW: JNDIRealm - Active Directory Roles

Reply via email to