tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Funk <>
Subject Re: LDAP Configuration And Passwords
Date Sun, 09 Nov 2003 15:36:57 GMT
You can extend JNDIRealm on your own to create your own authentication.

The ideal solution is the read protect server.xml so only the appropraite 
parties are allowed to read it. Anything else is "insecure." (Except having 
someone type in a password at start up which tomcat doesn't have that 


Edwin K. Brown wrote:
> Hello,
> I have set up Tomcat in the standalone mode to do user authorization by using LDAP.
> We don't allow anonymous browsing of the LDAP tree, so the connectionUser and connectionPassword
attributes have to be used in the JNDIRealm configuration.
> However, for obvious reasons, having the user name and password in the server.xml file
is not a good idea.
> Is there any other way to address this problem?
> Thank you.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message