tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jérôme Delattre" <jer...@delattre.org>
Subject Re: JNDIRealm - mapping LDAP group to security role
Date Wed, 08 Oct 2008 19:57:01 GMT
2008/10/8 Felix Schumacher <felix.schumacher@internetallee.de>:
> Hi Jerome,
>
> have you thought about adding an extra attribute to the groups, so that
> the mapping is done by a normal ldap query?
>
> Consider having an objectClass tomcatRoleMapping which has one attribute
> tomcatRole. Than with your mapping like below
>> securityrole1=group1,group2,group4
>> securityrole2=group3
>> securityrole3=group5,group6
> you would extend all groups with tomcatRoleMapping. The value of the
> attribute tomcatRole could then be "securityrole1" for group1, group2
> and group4 like this
>
> dn: cn=group1,...
> objectClass: tomcatRoleMapping
> objectClass: ...
> tomcatRole: securityrole1
> cn: group1
> ...
>
> Now just change the roleName attribute in your realm definition to
> tomcatRole and you have got a mapping from groups to securityroles.
>
> Bye
>  Felix

Hi Felix,

Thanks for your proposition, but I want to avoid any change on the LDAP server.
The idea is: if you want to install my webapp in your environment,
just map your existing groups to my webapp's roles before starting
Tomcat and you're done.

Jerome

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message