tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jérôme Delattre" <>
Subject Re: JNDIRealm - mapping LDAP group to security role
Date Wed, 08 Oct 2008 19:57:01 GMT
2008/10/8 Felix Schumacher <>:
> Hi Jerome,
> have you thought about adding an extra attribute to the groups, so that
> the mapping is done by a normal ldap query?
> Consider having an objectClass tomcatRoleMapping which has one attribute
> tomcatRole. Than with your mapping like below
>> securityrole1=group1,group2,group4
>> securityrole2=group3
>> securityrole3=group5,group6
> you would extend all groups with tomcatRoleMapping. The value of the
> attribute tomcatRole could then be "securityrole1" for group1, group2
> and group4 like this
> dn: cn=group1,...
> objectClass: tomcatRoleMapping
> objectClass: ...
> tomcatRole: securityrole1
> cn: group1
> ...
> Now just change the roleName attribute in your realm definition to
> tomcatRole and you have got a mapping from groups to securityroles.
> Bye
>  Felix

Hi Felix,

Thanks for your proposition, but I want to avoid any change on the LDAP server.
The idea is: if you want to install my webapp in your environment,
just map your existing groups to my webapp's roles before starting
Tomcat and you're done.


To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message