tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <Bjoern.Bec...@easycash.de>
Subject AW: JNDIRealm - Active Directory Roles
Date Fri, 14 Mar 2014 09:12:09 GMT
Hello,

thanks for your reply. It doesn't make any difference. 

I don't understand how the authenticated user receive permissions for one of these roles:

	<role rolename="manager"/>
	<role rolename="tomcat"/>
	<role rolename="admin"/>
	<role rolename="manager-gui"/>
	<role rolename="manager-jmx"/>


Best Regards,
Bjoern


-----Ursprüngliche Nachricht-----
Von: Leo Donahue [mailto:donahulf2@gmail.com] 
Gesendet: Donnerstag, 13. März 2014 19:31
An: Tomcat Users List
Betreff: Re: JNDIRealm - Active Directory Roles

On Thu, Mar 13, 2014 at 10:15 AM, <Bjoern.Becker@easycash.de> wrote:

> Hello,
>
> server.xml:
>         <Realm className="org.apache.catalina.realm.JNDIRealm"  debug="99"
>                 connectionName="CN=SVC,OU=Service 
> Accounts,OU=SITES,OU=\#KONFIGURATION,DC=DOM,DC=de"
>
                connectionPassword="_2VK!WHzybn1SJ8P"
>
> connectionURL="ldap://server:389/OU=SITES,OU=\#KONFIGURATION,DC=DOM,DC=de?sAMAccountName?sub?(objectClass=*)"
>
>                 userSearch="(sAMAccountName={0})"
>                 userSubtree="true"
>
>                 roleSearch="(memberof={0})"
>                 roleSubtree="true"
>                 userRoleName="CN=Tomcat Admins,OU=Roles,OU=Spezielle 
> Gruppen,OU=SITES,OU=\#KONFIGURATION,DC=DOM,DC=de "
>             />
>
> <!--            roleBase="DC=DOM,DC=de"
>                 roleName="cn"
> -->
>

Lines that are different in my context:

connectionURL="ldap://fully.qualified.server.name:389"
userSearch="(&amp;(objectCategory=person)(sAMAccountName={0}))"
roleSearch="(member={0})"
userRoleName="memberOf"

I don't know if it makes a difference for you or not.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message