Tomcat 6 Realm Config with Windows AD

Posted by mat on Stack Overflow See other posts from Stack Overflow or by mat
Published on 2010-05-25T18:56:41Z Indexed on 2010/05/25 19:01 UTC
Read the original article Hit count: 233

Filed under:

tomcat

|

jndi

|

ad

|

realm

We have Tomcat 6 connecting to a Win2k3 Server running AD.

The realm is configured as such

<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" referrals="follow"
   connectionURL="<url>" 
   connectionName="CN=Query Account,OU=Service Accounts,DC=company,DC=com" 
   connectionPassword="<pwd>" 
   userBase="OU=Users,DC=company,DC=com" userSubtree="true" userSearch="(sAMAccountName={0})" userRoleName="member" 
   roleBase="OU=Security Groups,DC=company,DC=com" roleName="cn" roleSearch="(member={0})" roleSubtree="true"/>

Our groups in AD are such

  Security Groups (OU)
   IT (OU)
     IT Support (OU)
       Support Staff (CN)

The LDAP security works if in the web.xml, I speficy Support Staff. i.e works for Common names.

We want ANY user under Security Groups OU to have access to the application and not just the CN. Tomcat does not search OU's and it just searches CN's in our case. How do we configure our settings so we can do OU level authorization and not just CN level ?

thanks Mat

© Stack Overflow or respective owner

Related posts about tomcat

SSL in tomcat with apr and Centos 6

as seen on Super User - Search for 'Super User'
I'm facing a problem setting up my tomcat with apr native lib, I have the following: Tomcat: 7.0.42 Java: 1.7.0_40-b43 OS: Centos 6.4 (2.6.32-358.18.1.el6.i686) APR: 1.3.9 Native lib: 1.1.27 OpenSSL: openssl-1.0.0-27.el6_4.2.i686 My server.xml looks like: ... <Listener className="org.apache… >>> More
Apache+Tomcat VS Stand Alone Tomcat or GlassFish

as seen on Server Fault - Search for 'Server Fault'
Hi, I am setting up a Debian server to serve Java web applications. I have done quite a bit of research for several weeks now. Tomcat's web site says it is better to use stand alone Tomcat for speed if you are not clustering. However, I have seen many people suggest that using Apache + Tomcat… >>> More
Tomcat - How to limit the maximum memory Tomcat will use

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi Guys, I am running Tomcat on a small VPS (256MB/512MB) and I want to explicitly limit the amount of memory Tomcat uses. I understand that I can configure this somehow by passing in the java maximum heap and initial heap size arguments; -Xmx256m -Xms128m But I can't find where to put this… >>> More
Tomcat 4.1.X and Tomcat 5.0.X

as seen on Stack Overflow - Search for 'Stack Overflow'
I have a problem about tomcat, Our application designed on Tomcat 4.1.X and When I restart Tomcat 4.1.X there is no problem. But I upgrade it to Tomcat 5.0.X. Now ,when I restart Tomcat 5.0.X session is down and application redirect me to login page. Any idea? >>> More
Restarting Tomcat from Tomcat itself

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello, is it possible to restart Tomcat6 by executing a JSP? This because I would like to deploy the changes of an application by doing it remotely using the webserver. The deploy script is written in bash and it checkouts the latest version from the svn, then package it as a war, then copy it in… >>> More

Related posts about jndi

JMS Step 6 - How to Set Up an AQ JMS (Advanced Queueing JMS) for SOA Purposes

as seen on Oracle Blogs - Search for 'Oracle Blogs'
JMS Step 6 - How to Set Up an AQ JMS (Advanced Queueing JMS) for SOA Purposes .jblist{list-style-type:disc;margin:0;padding:0;padding-left:0pt;margin-left:36pt} ol{margin:0;padding:0} .c17_6{vertical-align:top;width:468pt;border-style:solid;border-color:#000000;border-width:1pt;padding:5pt… >>> More
Glassfish v3 / JNDI entry cannot be found problems!

as seen on Stack Overflow - Search for 'Stack Overflow'
I've been having problems trying to call an EJB's method from a Java Application Client. Here is the code. EJB Remote Interface package com.test; import javax.ejb.Remote; @Remote public interface HelloBeanRemote { public String sayHello(); } EJB package com.test; import javax.ejb.Stateless; @Stateless… >>> More
Legacy application with JDBC and JNDI REALM authentication

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello All, My application currently relies on JDBC realm authentication. Recent needs have forced us to think about having LDAP authentication as well. We are thinking about using Active Directory for both authentication as well as authorization (roles). As a standalone test, I was able to authenticate… >>> More
Common JNDI resources in Tomcat

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, I’m running a couple of servlet applications in Tomcat (5.5). All of the servlets use a common factory resource that is shared out using JNDI. At the moment, I can get everything working by including the factory resource as a GlobalNamingResource in the /conf/server.xml file, and then having… >>> More
Java & Tomcat: SQL JDBC/JNDI Exceptions

as seen on Stack Overflow - Search for 'Stack Overflow'
I am deploying a webapp from eclipse to tomcat. I am having an issue with my application and JNDI lookups. When the app tries to load the JNDI resource I am this stacktrace: javax.naming.ServiceUnavailableException [Root exception is java.rmi.ConnectException: Connection refused to host: localhost;… >>> More