> From: Samuel Penn [mailto:s...@glendale.org.uk] > Subject: AD Authentication
> <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" > connectionURL="ldap://172.17.10.100:389"; > connectionName="cn=SvcUser,cn=users,dc=myorg,dc=local" > connectionPassword="********" > userBase="ou=staff,dc=myorg,dc=local" > userPattern="sAMAccountName={0}" > roleBase="cn=users,dc=myorg,dc=local" > roleName="cn" > roleSearch="(member={0})" > roleSubtree="false" > userSubtree="true" > authentication="simple" > referrals="follow" > /> The doc says that userPattern can be used *instead of* userSearch, userSubtree, and userBase; no mention is made of what happens when you specify all of them, but it wouldn't surprise me that things get confused. Also, it seems odd that the roleName attribute is part of the roleBase - that doesn't seem to make any sense. > I note that I get a warning message about the debug="99" property, The debug attribute hasn't been used in quite some time, but the doc lags behind. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
