tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ross Rankin" <r...@careerfish.com>
Subject RE: LDAP - newbee help
Date Fri, 02 Jul 2004 17:25:44 GMT


-----Original Message-----
From: Ross Rankin [mailto:ross@commercescience.com] 
Sent: Friday, July 02, 2004 1:23 PM
To: 'Kal Govindu'; 'Tomcat Users List (E-mail)'
Subject: RE: LDAP - newbee help

To authenticate users you will need an account / password that has read
privileges and a base DN.  You will need to configure Tomcat with that info
in the server.xml.   

So you will need to ask for an account that has access to the group you will
to authenticate from and the user needs to be a member.  

Here's a good idea of what need to be configured:
<Realm className="org.apache.catalina.realm.JNDIRealm" 
connectionURL="ldap://[Windows 2000 Domain Controller]:389"
userBase="CN=Users,dc=[domain name],dc=com"
userSearch="(userPrincipalName={0})"
userRoleName="member"
roleBase="CN=Users,dc=[domain name],dc=com"
roleName="cn"
roleSearch="(member={0})"
connectionName="CN=[jndi account username],CN=Users,DC=[domain name],DC=com"
connectionPassword="[jndi account password]"
roleSubtree="true"
userSubtree="true" />

Replace [Windows 2000 Domain Controller] with the name of one of your domain
controller
Replace [domain name] with the name of your network domain. If you aren't
sure about what your domain name is, open up ADSI edit, choose the defaults,
and look at what it says next to the Domain NC icon.
Replace [jndi account username] with the name of the user you requested
Replace [jndi account password] with the password of user you requested



-----Original Message-----
From: Kal Govindu [mailto:Kalg@waterfield.com] 
Sent: Friday, July 02, 2004 8:50 AM
To: Tomcat Users List (E-mail)
Subject: RE: LDAP - newbee help

Thank you for clearing that up.

I will take a look at that document. I have made a connection to the Active
Directory, but am not able to authenticate users yet, probably since I don't
know details about how user or members and their corresponding role
information is store in our Directory Server. I will need to contact the
tech guys for that. In Microsoft Active Directory terms, where is this
information stored? and what is called? so I can ask the right questions.

Thanks
Kal

-----Original Message-----
From: Ross Rankin [mailto:ross@careerfish.com]
Sent: Thursday, July 01, 2004 2:09 PM
To: Kal Govindu; 'Tomcat Users List (E-mail)'
Subject: RE: LDAP - newbee help



LDAP, Lightweight Directory Access Protocol, is a protocol that other
programs use to look up contact information from a server, such as Microsoft
Active Directory.  It is a service provided by a server, not a server.  An
LDAP server is a server that provides LDAP services...  The Microsft AD
service is LDAP-compatible.  

http://www.microsoft.com/windowsserver2003/techinfo/overview/ldapcomp.mspx

Ross

-----Original Message-----
From: Kal Govindu [mailto:Kalg@waterfield.com] 
Sent: Thursday, July 01, 2004 1:51 PM
To: Tomcat Users List (E-mail)
Subject: LDAP - newbee help

Hello all,

I am trying to setup tomcat 5 to authenticate against Microsoft Directory
Server through LDAP. I have found a very detailed document for tomcat 5 and
JNDI realm. One question before I go any further: Is LDAP server a server
that needs to be started separately from directory server? If so, where can
I get that?

Thanks
Kal


CONFIDENTIALITY NOTE:  All e-mail sent to or from this address will be
received by the Waterfield Group corporate e-mail system and is subject to
archival, monitoring, and/or review by someone other than the recipient or
the sender.

This e-mail and any of its attachments may contain proprietary information,
which is privileged and confidential.  This e-mail is intended solely for
the use of the individual or entity to which it is addressed.  If you are
not the intended recipient of this e-mail, you are hereby notified that any
dissemination, distribution, copying, or action taken in relation to the
contents of and attachments to this e-mail is strictly prohibited and may be
unlawful.  If you have received this e-mail in error, please notify the
sender immediately and permanently delete the original and any copy of this
e-mail and any printout.  Thank you.






---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message