Geronimo maps roles to security principals: http://cwiki.apache.org/GMOxDOC10/jboss-to-geronimo-security-migration.html
Maybe this feature could be ported into tomcat. On Thu, Oct 9, 2008 at 3:18 PM, Kevin Jackson <[EMAIL PROTECTED]> wrote: >>> I am trying to configure a JNDIRealm to authenticate against an Active >>> Directory. >>> http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html#JNDIRealm >>> >>> The authentication seems to work but I wonder how to map LDAP groups >>> to security roles. >>> I do not want to add groups in the LDAP server, but to map existing >>> ones to the roles defined in my web application instead. >>> >>> Is it possible ? I did not found any doc / post about this topic. > > You could write a custom JNDIRealm that does the > mapping/authentication. I've seen this done with postgres, but not > with an LDAP server (or AD), but it should be a similar process. Then > you add it to tomca/lib and configure your context and web.xml to use > the custom JNDIRealm instead of the provided realm > > Kev > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]