tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ryan <nies...@yahoo.com>
Subject Re: Roles in JNDIRealms
Date Mon, 10 Jun 2002 20:18:15 GMT
Jonathan,
This is sort of off subject, but does your Active
Directory setup work for Authentication?? It seems to
me that it wouldn't since there is no userPassword
attribute in AD, but I am hoping I'm wrong.
Thanks,
Ryan

--- Jonathan Eric Miller <jemiller@uchicago.edu>
wrote:
> If you are using Tomcat 4.1.3, there are two modes
> that you can use for
> checking roles. If you set roleSearch, it will look
> for search for group
> objects that contain a list of users for each group.
> If you set
> userRoleName, it will get the group information out
> of the user's entry
> instead. i.e. you don't need separate group objects.
> 
> If you are using Active Directory, I found that you
> can use a setup similar
> to the following.
> 
> This goes in server.xml,
> 
> <Realm
> className="org.apache.catalina.realm.JNDIRealm"
>  debug="99"
>  connectionName="myadminuser@mydomain"
>  connectionPassword="myadminpassword"
>  connectionURL="ldap://mydomaincontroller"
>  userBase="cn=Users, dc=mydomain"
>  userRoleName="memberOf"
>  userSearch="(userPrincipalName={0}@mydomain)"/>
> 
> Group membership is stored in an attribute named
> memberOf in Active
> Directory. myadminuser doesn't really have to be an
> admin user in AD. It
> just has to have read permission to the memberOf
> attribute which is visible
> to normal user accounts by default.
> 
> This goes in web.xml,
> 
> <security-constraint>
>  <web-resource-collection>
>   <web-resource-name>Tomcat</web-resource-name>
>   <url-pattern>/*</url-pattern>
>  </web-resource-collection>
>  <auth-constraint>
>  
>
<role-name>CN=Tomcat,CN=Users,DC=mydomain</role-name>
>  </auth-constraint>
> </security-constraint>
> <login-config>
>  <auth-method>BASIC</auth-method>
>  <realm-name>Tomcat</realm-name>
> </login-config>
> 
> In the above example, I created a group in the Users
> container named Tomcat.
> If you want to see how things are organized in
> Active Directory, you can use
> LDIFDE to dump the directory into an LDIF file.
> That's how I figured it out.
> 
> Jon
> 
> ----- Original Message -----
> From: "Cristina Perez Sanchez" <cgparrifo@yahoo.com>
> To: <tomcat-user@jakarta.apache.org>
> Sent: Monday, June 10, 2002 9:10 AM
> Subject: Roles in JNDIRealms
> 
> 
> > Hi,
> >
> > could anyone tell me what objectclass must be
> group
> > entries that represent roles associated to users
> in
> > JNDIRealms?? I use groupOfUniqueNames as
> objectclass
> > but I would like to know if the objectclass group
> is
> > more proper or if the objectclass isnīt relevant.
> >
> >
> > Thanks for advance,
> >
> > Cristina
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Yahoo! - Official partner of 2002 FIFA World Cup
> > http://fifaworldcup.yahoo.com
> >
> > --
> > To unsubscribe, e-mail:
> <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> > For additional commands, e-mail:
> <mailto:tomcat-user-help@jakarta.apache.org>
> >
> 
> 
> --
> To unsubscribe, e-mail:  
> <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail:
> <mailto:tomcat-user-help@jakarta.apache.org>
> 

__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message