tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kal Govindu" <>
Subject Tomcat5 - LDAP question.
Date Wed, 07 Jul 2004 16:02:34 GMT
Hi All,

Is there a way of setup a user account in Active Directory that can query other user info
and does not have permission to update that information.


I am trying to setup LDAP authentication on Tomcat5 connecting to Active Directory.

When I bind to active directory as common user account I can query my own account and get
the k"memberOf" field for role information. I can query and get "memberOf" field for Administrator
accounts. I can NOT get "memberOf" field for other user accounts that are not administrators
( just regular users ).

When I bind to active directory as an admin account I can query all accounts and get the "memberOf"
for role information.

But the catch is admin account also has permissions to update this information.

I need one of the following:

1. An account on active directry that can query all users and get "memberOf" field but cannot
2. An admin account where the password does not have to be setup in clear text in "Server.xml".


CONFIDENTIALITY NOTE:  All e-mail sent to or from this address will be received by the Waterfield
Group corporate e-mail system and is subject to archival, monitoring, and/or review by someone
other than the recipient or the sender.

This e-mail and any of its attachments may contain proprietary information, which is privileged
and confidential.  This e-mail is intended solely for the use of the individual or entity
to which it is addressed.  If you are not the intended recipient of this e-mail, you are hereby
notified that any dissemination, distribution, copying, or action taken in relation to the
contents of and attachments to this e-mail is strictly prohibited and may be unlawful.  If
you have received this e-mail in error, please notify the sender immediately and permanently
delete the original and any copy of this e-mail and any printout.  Thank you.

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message