Tomcat 6 Realm Config with Windows AD

Posted by mat on Stack Overflow See other posts from Stack Overflow or by mat
Published on 2010-05-25T18:56:41Z Indexed on 2010/05/25 19:01 UTC
Read the original article Hit count: 238

Filed under:
|
|
|

We have Tomcat 6 connecting to a Win2k3 Server running AD.

The realm is configured as such

<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" referrals="follow"
   connectionURL="<url>" 
   connectionName="CN=Query Account,OU=Service Accounts,DC=company,DC=com" 
   connectionPassword="<pwd>" 
   userBase="OU=Users,DC=company,DC=com" userSubtree="true" userSearch="(sAMAccountName={0})" userRoleName="member" 
   roleBase="OU=Security Groups,DC=company,DC=com" roleName="cn" roleSearch="(member={0})" roleSubtree="true"/>

Our groups in AD are such

  Security Groups (OU)
   IT (OU)
     IT Support (OU)
       Support Staff (CN)

The LDAP security works if in the web.xml, I speficy Support Staff. i.e works for Common names.

We want ANY user under Security Groups OU to have access to the application and not just the CN. Tomcat does not search OU's and it just searches CN's in our case. How do we configure our settings so we can do OU level authorization and not just CN level ?

thanks Mat

© Stack Overflow or respective owner

Related posts about tomcat

Related posts about jndi