Return-Path: 
 <dev-return-98507-apmail-tomcat-dev-archive=tomcat.apache.org@tomcat.apache.org>
Delivered-To: apmail-tomcat-dev-archive@www.apache.org
Received: (qmail 10427 invoked from network); 7 Sep 2009 12:52:20 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3)
  by minotaur.apache.org with SMTP; 7 Sep 2009 12:52:20 -0000
Received: (qmail 66502 invoked by uid 500); 7 Sep 2009 12:52:19 -0000
Delivered-To: apmail-tomcat-dev-archive@tomcat.apache.org
Received: (qmail 66439 invoked by uid 500); 7 Sep 2009 12:52:18 -0000
Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@tomcat.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@tomcat.apache.org>
List-Post: <mailto:dev@tomcat.apache.org>
List-Id: <dev.tomcat.apache.org>
Reply-To: "Tomcat Developers List" <dev@tomcat.apache.org>
Delivered-To: mailing list dev@tomcat.apache.org
Received: (qmail 66428 invoked by uid 99); 7 Sep 2009 12:52:18 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 07 Sep 2009 12:52:18 +0000
X-ASF-Spam-Status: No, hits=-2000.0 required=10.0
	tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 07 Sep 2009 12:52:17 +0000
Received: by eris.apache.org (Postfix, from userid 65534)
	id B80CD2388882; Mon,  7 Sep 2009 12:51:56 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r812116 -
 /tomcat/tc6.0.x/trunk/webapps/docs/config/realm.xml
Date: Mon, 07 Sep 2009 12:51:56 -0000
To: dev@tomcat.apache.org
From: markt@apache.org
X-Mailer: svnmailer-1.0.8
Message-Id: <20090907125156.B80CD2388882@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org

Author: markt
Date: Mon Sep  7 12:51:56 2009
New Revision: 812116

URL: http://svn.apache.org/viewvc?rev=812116&view=rev
Log:
Update JNDI realm docs with new attributes

Modified:
    tomcat/tc6.0.x/trunk/webapps/docs/config/realm.xml

Modified: tomcat/tc6.0.x/trunk/webapps/docs/config/realm.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/config/realm.xml?rev=812116&r1=812115&r2=812116&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/config/realm.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/config/realm.xml Mon Sep  7 12:51:56 2009
@@ -292,17 +292,32 @@
     information from the directory:</p>
 
     <attributes>
-       <attribute name="alternateURL" required="false">
-         <p>If a socket connection can not be made to the provider at
-         the <code>connectionURL</code> an attempt will be made to use the
-         <code>alternateURL</code>.</p>
-       </attribute>
-
-       <attribute name="authentication" required="false">
-         <p>A string specifying the type of authentication to use.
-         "none", "simple", "strong" or a provider specific definition
-         can be used. If no value is given the providers default is used.</p>
-       </attribute>
+      <attribute name="adCompat" required="false">
+        <p>Microsoft Active Directory often returns referrals.
+        When iterating over NamingEnumerations these lead to
+        PartialResultExceptions. If you want us to ignore those exceptions,
+        set this attribute to "true". Unfortunately there's no stable way
+        to detect, if the Exceptions really come from an AD referral.
+        The default value is "false".</p>
+      </attribute>
+
+      <attribute name="alternateURL" required="false">
+        <p>If a socket connection can not be made to the provider at
+        the <code>connectionURL</code> an attempt will be made to use the
+        <code>alternateURL</code>.</p>
+      </attribute>
+
+      <attribute name="authentication" required="false">
+        <p>A string specifying the type of authentication to use.
+        "none", "simple", "strong" or a provider specific definition
+        can be used. If no value is given the providers default is used.</p>
+      </attribute>
+
+      <attribute name="commonRole" required="false">
+        <p>A role name assigned to each successfully authenticated user in
+        addition to the roles retrieved from LDAP. If not specified, only
+        the roles retrieved via LDAP are used.</p>
+      </attribute>
 
       <attribute name="connectionName" required="false">
         <p>The directory username to use when establishing a
@@ -351,6 +366,16 @@
          the providers default is used.</p>
       </attribute>
 
+      <attribute name="referrals" required="false">
+        <p>How do we handle JNDI referrals? Allowed values are
+        "ignore", "follow", or "throw"  (see javax.naming.Context.REFERRAL
+        for more information).
+        Microsoft Active Directory often returns referrals.
+        If you need to follow them set referrals to "follow".
+        Caution: if your DNS is not part of AD, the LDAP client lib might try
+        to resolve your domain name in DNS to find another LDAP server.</p>
+      </attribute>
+
       <attribute name="roleBase" required="false">
         <p>The base directory entry for performing role searches. If
         not specified the top-level element in the directory context



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org