tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jason Beck" <>
Subject Re: Making an LDAP connection available to a web application
Date Tue, 18 Apr 2006 13:45:47 GMT
Hi Graham,

  I was also attempting this about 2 months ago with Active Directory and
Tomcat 5.5.9.  I got everything working about 70%.  The problem that I ran
into was that I did not setup any kind of connection pooling on the AD side
of things.  I have no control over the Windows side of the house and didn't
want to make any waves with keeping a pool of connections open on the AD
server.  so I eventually scapped the idea and just connect and disconnect
per request.  I have copied below the relevant peices of my LDAP/AD JNDI
stuff, maybe you will find them useful.

<!-- WEB-INF/web.xml -->

         <description>AD Connection</description>

<!-- end WEB-INF/web.xml -->

<!-- server.xml -->

<Resource name="ldap/TASC" auth="Container"  type=""
         authMechanism="simple" factory="com.affinity.resources.ldapAccess"
         username="<user>" password="<passwd>"

<!-- end server.xml -->

... I realize this is not the best way to do it, but this was just a proof
of concept.
<!-- -->
package com.affinity.resources;

import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Set;
import javax.naming.Context;
import javax.naming.Name;
import javax.naming.NamingException;
import javax.naming.RefAddr;
import javax.naming.Reference;
import javax.naming.spi.ObjectFactory;

public class ldapAccess implements ObjectFactory {

        public ldapAccess() {}

        public Object getObjectInstance(Object obj, Name nm, Context
nameCtx, Hashtable environment)
                throws NamingException {

                DirContext ctx = null;
                Hashtable<String, String> env = new Hashtable<String,
                Reference ref = (Reference) obj;
                Enumeration addrs = ref.getAll();

                env.put(Context.INITIAL_CONTEXT_FACTORY, "

                while (addrs.hasMoreElements()) {
                        RefAddr addr = (RefAddr) addrs.nextElement();
                        String name = addr.getType();
                        String value = (String) addr.getContent();

                        if (name.equals("password")) {
                        else if (name.equals("username")) {
                                env.put(Context.SECURITY_PRINCIPAL, value);
                        else if (name.equals("authMechanism")) {
                        else if (name.equals("url")) {
                                env.put(Context.PROVIDER_URL, value);

                try {
                        ctx = new InitialDirContext(env);
                } catch (NamingException ne) {
                        throw new NamingException(ne.getMessage());

                return ctx;

<!-- end -->

I believe that was all the configuration I had to do.  Then to call this in
my applications I would do this:

Context initCtx = new InitialContext();
Context envCtx = (Context) initCtx.lookup("java:comp/env");
DirContext ad = (DirContext) envCtx.lookup("ldap/TASC");

 ad would then be my directory connection object. The major problem with
this setup is that if you ever call ad.close() it will close the entire JNDI
resource thus making it unavailable until you restart Tomcat.  The problem
with leaving it open is that there is most likely a timeout enforced on the
LDAP/AD side of things.  So making a class that would handle LDAP connection
pooling would be required for any production use.

I hope you find this helpful.

Best Regards,
Jason Beck

 On 4/6/06, Graham Leggett <> wrote:
> Hi all,
> There are lots of tutorials available explaining how to make a JDBC
> database pool available to a web application.
> I cannot however find any tutorials explaining how to do the same thing
> with a JNDI/LDAP connection.
> Sure, there are lots of tutorials explaining how to secure your webapp
> using container managed security, but this isn't what I am looking for.
> I would like my web application to make queries and changes to an LDAP
> directory, and I would like the LDAP connection to be defined in
> server.xml, the same way I can do it with JDBC.
> Does anyone know whether this is possible?
> Regards,
> Graham
> --

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message