Return-Path: Delivered-To: apmail-jakarta-tomcat-user-archive@www.apache.org Received: (qmail 24052 invoked from network); 12 Nov 2003 14:04:11 -0000 Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12) by minotaur-2.apache.org with SMTP; 12 Nov 2003 14:04:11 -0000 Received: (qmail 41201 invoked by uid 500); 12 Nov 2003 14:03:48 -0000 Delivered-To: apmail-jakarta-tomcat-user-archive@jakarta.apache.org Received: (qmail 41185 invoked by uid 500); 12 Nov 2003 14:03:48 -0000 Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Users List" Reply-To: "Tomcat Users List" Delivered-To: mailing list tomcat-user@jakarta.apache.org Received: (qmail 41172 invoked from network); 12 Nov 2003 14:03:48 -0000 Received: from unknown (HELO sid.armstrong.com) (204.74.20.252) by daedalus.apache.org with SMTP; 12 Nov 2003 14:03:48 -0000 Received: from joedog.org (fnord.armstrong.com [204.74.20.14]) by sid.armstrong.com (8.12.8p1/8.12.8) with ESMTP id hACDrDC0027215 for ; Wed, 12 Nov 2003 08:53:13 -0500 Message-ID: <3FB23DC4.9030700@joedog.org> Date: Wed, 12 Nov 2003 09:03:48 -0500 From: Tim Funk Organization: Human being User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 X-Accept-Language: en-us, en, es-mx, de, sv MIME-Version: 1.0 To: Tomcat Users List Subject: [OT] Re: Tomcat Authenticates to AD. How do I access AD variables? References: In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N From the user id that tomcat returns, you'll need to determine the DN. In which you can do (I think) this way: 1) When constructing your context, use "follow", which makes it nice when you are using a forrest of domains (if thats the right term) for example: env.put(Context.REFERRAL, "follow"); 2) Get the DN from the userid. Here I assume sAMAccountName is used for userid. SearchControls constraints = new SearchControls(); constraints.setSearchScope(SearchControls.SUBTREE_SCOPE); NamingEnumeration results = ctx.search(organization_, "(&(sAMAccountName=" + userId + "))", constraints); 3) You should now how have the DN so you may do subsequent attribute lookups. Through normal JNDI calls. (I think) I don't do much JNDI stuff, so I can't vouch that the above is in any manner correct. (But I hope it is) -Tim Robyne Vaughn wrote: > Tim, > Thanks for your reply. I do mean attributes. > I don't know much about JNDI. (excuse me if I don't know the correct > wording). > > I do have one little JNDI program which I copied and altered. It hits > active directory with an authorized connection name and OU and etc. All > of which are hard-coded. Then, I change context to another hardcoded > name and OU and can get certain attributes with that info. If I don't > specify an OU, I don't find what I'm looking for. The problem is that > when a user logs in, I don't know what their OU is. Tomcat handles that > for me. I don't know how to plug in the correct "path" in to a user's > data. All I know is getRemoteUser and that 1 little piece of info isn't > enough to find a user's attributes with. When I look in my logs, I can > see what DN tomcat followed to authenticate my user. That hints to me > that I ought to be able to extract the "path" (DN?) to use. > > All I know about JNDI, I've found out in the last 2 weeks. If you have > some coding examples you would care to share. I would greatly > appreciate it. (I have seen the sun tutorial - it's incomplete where AD > is concerned) --------------------------------------------------------------------- To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org For additional commands, e-mail: tomcat-user-help@jakarta.apache.org