tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Caldarale, Charles R" <Chuck.Caldar...@unisys.com>
Subject RE: AD Authentication
Date Tue, 24 Nov 2009 19:04:34 GMT
> From: Samuel Penn [mailto:sam@glendale.org.uk]
> Subject: AD Authentication

> <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
>        connectionURL="ldap://172.17.10.100:389"
>        connectionName="cn=SvcUser,cn=users,dc=myorg,dc=local"
>        connectionPassword="********"
>        userBase="ou=staff,dc=myorg,dc=local"
>        userPattern="sAMAccountName={0}"
>        roleBase="cn=users,dc=myorg,dc=local"
>        roleName="cn"
>        roleSearch="(member={0})"
>        roleSubtree="false"
>        userSubtree="true"
>        authentication="simple"
>        referrals="follow"
> />

The doc says that userPattern can be used *instead of* userSearch, userSubtree, and userBase;
no mention is made of what happens when you specify all of them, but it wouldn't surprise
me that things get confused.

Also, it seems odd that the roleName attribute is part of the roleBase - that doesn't seem
to make any sense.
 
> I note that I get a warning message about the debug="99" property,

The debug attribute hasn't been used in quite some time, but the doc lags behind.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus
for use only by the intended recipient. If you received this in error, please contact the
sender and delete the e-mail and its attachments from all computers.

Mime
View raw message