We have Tomcat 6 connecting to a Win2k3 Server running AD.
The realm is configured as such
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" referrals="follow"
connectionURL="<url>"
connectionName="CN=Query Account,OU=Service Accounts,DC=company,DC=com"
connectionPassword="<pwd>"
userBase="OU=Users,DC=company,DC=com" userSubtree="true" userSearch="(sAMAccountName={0})" userRoleName="member"
roleBase="OU=Security Groups,DC=company,DC=com" roleName="cn" roleSearch="(member={0})" roleSubtree="true"/>
Our groups in AD are such
Security Groups (OU)
IT (OU)
IT Support (OU)
Support Staff (CN)
The LDAP security works if in the web.xml, I speficy Support Staff. i.e works for Common names.
We want ANY user under Security Groups OU to have access to the application and not just the CN. Tomcat does not search OU's and it just searches CN's in our case. How do we configure our settings so we can do OU level authorization and not just CN level ?
thanks
Mat