Hi, I need help in configuring the JNDI Realm to connect to LDAP Server and authenticate users. Here are the details:
CN=<AUTH>,OU=XYZ,OU=Application Managed,OU=Groups,DC=rma,DC=corp,DC=ABC,DC=com - *AUTH is the group in which i have to search if the user is a member of or not. All the members in this group are defined in OU=Workers,DC=rma,DC=corp,DC=ABC,DC=com* ** This group has members who are defined in CN=<User>,OU=Workers,DC=rma,DC=corp,DC=ABC,DC=com *I have set my JNDIRealm tag in server.xml as follows:* <Realm className="org.apache.catalina.realm.JNDIRealm" connectionName="CN=123,OU=Serv-Accts,OU=PAS,OU=Resrc,DC=rma,DC=corp,DC=ABC,DC=com" connectionPassword="pwd" connectionURL="ldap://<hostname:port" debug="99" *roleBase*="OU=XYZ,OU=Application Managed,OU=Groups,DC=rma,DC=corp,DC=ABC,DC=com" *roleSubtree*="true" *roleName*="cn" *roleSearch*="CN=<AUTH>,OU=XYZ,OU=Application Managed,OU=Groups,DC=rma,DC=corp,DC=ABC,DC=com" *userBase*="OU=Workers,DC=rma,DC=corp,DC=ABC,DC=com" *userSubtree*="true" *userPattern*="CN={0},OU=Workers,DC=rma,DC=corp,DC=ABC,DC=com"/> *The web.xml is as follows:* ** <security-constraint> <display-name>Security Constraint</display-name> <web-resource-collection> <web-resource-name>Protected Area</web-resource-name> <!-- Define the context-relative URL(s) to be protected --> <url-pattern>/*</url-pattern> <!-- If you list http methods, only those methods are protected --> </web-resource-collection> <auth-constraint> <!-- Anyone with one of the listed roles may access this area --> <role-name>*AUTH*</role-name> </auth-constraint> </security-constraint> <!-- Default login configuration uses form-based authentication --> <login-config> <auth-method>FORM</auth-method> <realm-name>Form-Based Authentication Area</realm-name> <form-login-config> <form-login-page>/Login.jsp</form-login-page> <form-error-page>/error.jsp</form-error-page> </form-login-config> </login-config> <!-- Security roles referenced by this web application --> <security-role> <role-name>*AUTH*</role-name> </security-role> Any help is appreciated. Thanks, Savitha