tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dale, Matt" <Matt.D...@beCogent.com>
Subject RE: Tomcat5 - LDAP question.
Date Wed, 07 Jul 2004 16:28:58 GMT

This might be better asked in a Microsoft forum. We use a similar method of authentication
but am unsure of the permissions of the searching user.

Ta
Matt

-----Original Message-----
From: Kal Govindu [mailto:Kalg@waterfield.com]
Sent: 07 July 2004 17:03
To: Tomcat Users List (E-mail)
Subject: Tomcat5 - LDAP question.


Hi All,

Is there a way of setup a user account in Active Directory that can query other user info
and does not have permission to update that information.

Background:

I am trying to setup LDAP authentication on Tomcat5 connecting to Active Directory.

When I bind to active directory as common user account I can query my own account and get
the k"memberOf" field for role information. I can query and get "memberOf" field for Administrator
accounts. I can NOT get "memberOf" field for other user accounts that are not administrators
( just regular users ).

When I bind to active directory as an admin account I can query all accounts and get the "memberOf"
for role information.

But the catch is admin account also has permissions to update this information.

I need one of the following:

1. An account on active directry that can query all users and get "memberOf" field but cannot
update.
2. An admin account where the password does not have to be setup in clear text in "Server.xml".

Thanks
Kal


CONFIDENTIALITY NOTE:  All e-mail sent to or from this address will be received by the Waterfield
Group corporate e-mail system and is subject to archival, monitoring, and/or review by someone
other than the recipient or the sender.

This e-mail and any of its attachments may contain proprietary information, which is privileged
and confidential.  This e-mail is intended solely for the use of the individual or entity
to which it is addressed.  If you are not the intended recipient of this e-mail, you are hereby
notified that any dissemination, distribution, copying, or action taken in relation to the
contents of and attachments to this e-mail is strictly prohibited and may be unlawful.  If
you have received this e-mail in error, please notify the sender immediately and permanently
delete the original and any copy of this e-mail and any printout.  Thank you.


Mime
View raw message