tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject svn commit: r812116 - /tomcat/tc6.0.x/trunk/webapps/docs/config/realm.xml
Date Mon, 07 Sep 2009 12:51:56 GMT
Author: markt
Date: Mon Sep  7 12:51:56 2009
New Revision: 812116

URL: http://svn.apache.org/viewvc?rev=812116&view=rev
Log:
Update JNDI realm docs with new attributes

Modified:
    tomcat/tc6.0.x/trunk/webapps/docs/config/realm.xml

Modified: tomcat/tc6.0.x/trunk/webapps/docs/config/realm.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/config/realm.xml?rev=812116&r1=812115&r2=812116&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/config/realm.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/config/realm.xml Mon Sep  7 12:51:56 2009
@@ -292,17 +292,32 @@
     information from the directory:</p>
 
     <attributes>
-       <attribute name="alternateURL" required="false">
-         <p>If a socket connection can not be made to the provider at
-         the <code>connectionURL</code> an attempt will be made to use the
-         <code>alternateURL</code>.</p>
-       </attribute>
-
-       <attribute name="authentication" required="false">
-         <p>A string specifying the type of authentication to use.
-         "none", "simple", "strong" or a provider specific definition
-         can be used. If no value is given the providers default is used.</p>
-       </attribute>
+      <attribute name="adCompat" required="false">
+        <p>Microsoft Active Directory often returns referrals.
+        When iterating over NamingEnumerations these lead to
+        PartialResultExceptions. If you want us to ignore those exceptions,
+        set this attribute to "true". Unfortunately there's no stable way
+        to detect, if the Exceptions really come from an AD referral.
+        The default value is "false".</p>
+      </attribute>
+
+      <attribute name="alternateURL" required="false">
+        <p>If a socket connection can not be made to the provider at
+        the <code>connectionURL</code> an attempt will be made to use the
+        <code>alternateURL</code>.</p>
+      </attribute>
+
+      <attribute name="authentication" required="false">
+        <p>A string specifying the type of authentication to use.
+        "none", "simple", "strong" or a provider specific definition
+        can be used. If no value is given the providers default is used.</p>
+      </attribute>
+
+      <attribute name="commonRole" required="false">
+        <p>A role name assigned to each successfully authenticated user in
+        addition to the roles retrieved from LDAP. If not specified, only
+        the roles retrieved via LDAP are used.</p>
+      </attribute>
 
       <attribute name="connectionName" required="false">
         <p>The directory username to use when establishing a
@@ -351,6 +366,16 @@
          the providers default is used.</p>
       </attribute>
 
+      <attribute name="referrals" required="false">
+        <p>How do we handle JNDI referrals? Allowed values are
+        "ignore", "follow", or "throw"  (see javax.naming.Context.REFERRAL
+        for more information).
+        Microsoft Active Directory often returns referrals.
+        If you need to follow them set referrals to "follow".
+        Caution: if your DNS is not part of AD, the LDAP client lib might try
+        to resolve your domain name in DNS to find another LDAP server.</p>
+      </attribute>
+
       <attribute name="roleBase" required="false">
         <p>The base directory entry for performing role searches. If
         not specified the top-level element in the directory context



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message