tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <Bjoern.Bec...@easycash.de>
Subject JNDIRealm - Active Directory Roles
Date Thu, 13 Mar 2014 17:15:45 GMT
Hello,

I try to implement the authentification for the tomcat manager application against active
directory. 

Unfortunately I don't understand the role concept. I like to give the users permissions to
open the manager when they're in this group:

> memberOf: CN=Tomcat Admins,OU=Roles,OU=Spezielle Gruppen,OU=SITES,OU=\#KONFIGURATION,DC=DOM,DC=de

server.xml:
        <Realm className="org.apache.catalina.realm.JNDIRealm"  debug="99"
                connectionName="CN=SVC,OU=Service Accounts,OU=SITES,OU=\#KONFIGURATION,DC=DOM,DC=de"
                connectionPassword="_2VK!WHzybn1SJ8P"
                connectionURL="ldap://server:389/OU=SITES,OU=\#KONFIGURATION,DC=DOM,DC=de?sAMAccountName?sub?(objectClass=*)"
        
                userSearch="(sAMAccountName={0})"
                userSubtree="true"

                roleSearch="(memberof={0})"
                roleSubtree="true"
                userRoleName="CN=Tomcat Admins,OU=Roles,OU=Spezielle Gruppen,OU=SITES,OU=\#KONFIGURATION,DC=DOM,DC=de
"
            />

<!--            roleBase="DC=DOM,DC=de"
                roleName="cn"
-->

With this configuration I can open the Manager, but got no permissions.

Even if the user role relationship will found, I don't understand how I can assign tomcat
roles (e.g. manager-gui) to the user.

Thanks! 

Best Regards,
Bjoern



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message