tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Funk <>
Subject [OT] Re: Tomcat Authenticates to AD. How do I access AD variables?
Date Wed, 12 Nov 2003 14:03:48 GMT
 From the user id that tomcat returns, you'll need to determine the DN. In 
which you can do (I think) this way:

1) When constructing your context, use "follow", which makes it nice when you 
are using a forrest of domains (if thats the right term) for example:
    env.put(Context.REFERRAL, "follow");
2) Get the DN from the userid. Here I assume sAMAccountName is used for userid.
   SearchControls constraints = new SearchControls();
   NamingEnumeration results =
                     "(&(sAMAccountName=" + userId + "))",
3) You should now how have the DN so you may do subsequent attribute lookups. 
Through normal JNDI calls. (I think)

I don't do much JNDI stuff, so I can't vouch that the above is in any manner 
correct. (But I hope it is)


Robyne Vaughn wrote:

> Tim, 
> Thanks for your reply.    I do mean attributes.
> I don't know much about JNDI. (excuse me if I don't know the correct
> wording).
>   I do have one little JNDI program which I copied and altered. It hits
> active directory with an authorized connection name and OU and etc.  All
> of which are hard-coded.  Then, I change context to another hardcoded
> name and OU and can get certain attributes with that info. If I don't
> specify an OU, I don't find what I'm looking for. The problem is that
> when a user logs in, I don't know what their OU is.  Tomcat handles that
> for me.  I don't know how to plug in the correct "path" in to a user's
> data.  All I know is getRemoteUser and that 1 little piece of info isn't
> enough to find a user's attributes with.  When I look in my logs, I can
> see what DN tomcat followed to authenticate my user.  That hints to me
> that I ought to be able to extract the "path" (DN?) to use.
> All I know about JNDI, I've found out in the last 2 weeks.  If you have
> some coding examples you would care to share.  I would greatly
> appreciate it.  (I have seen the sun tutorial - it's incomplete where AD
> is concerned)

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message