Tomcat 6 Realm Config with Windows AD
Posted
by mat
on Stack Overflow
See other posts from Stack Overflow
or by mat
Published on 2010-05-25T18:56:41Z
Indexed on
2010/05/25
19:01 UTC
Read the original article
Hit count: 238
We have Tomcat 6 connecting to a Win2k3 Server running AD.
The realm is configured as such
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" referrals="follow"
connectionURL="<url>"
connectionName="CN=Query Account,OU=Service Accounts,DC=company,DC=com"
connectionPassword="<pwd>"
userBase="OU=Users,DC=company,DC=com" userSubtree="true" userSearch="(sAMAccountName={0})" userRoleName="member"
roleBase="OU=Security Groups,DC=company,DC=com" roleName="cn" roleSearch="(member={0})" roleSubtree="true"/>
Our groups in AD are such
Security Groups (OU)
IT (OU)
IT Support (OU)
Support Staff (CN)
The LDAP security works if in the web.xml, I speficy Support Staff. i.e works for Common names.
We want ANY user under Security Groups OU to have access to the application and not just the CN. Tomcat does not search OU's and it just searches CN's in our case. How do we configure our settings so we can do OU level authorization and not just CN level ?
thanks Mat
© Stack Overflow or respective owner