tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From C├ędric Couralet <>
Subject Re: tomcat 7 ldap error
Date Wed, 07 Aug 2013 07:01:50 GMT
2013/8/7 Christopher Schultz <>:
> Hash: SHA256
> Vicky,
> On 8/6/13 10:46 PM, wrote:
>> Hi All,
>> Can somebody pls share the steps requires to setup active directory
>> with tomcat .
>> Is it valid to simply define a user in the active directory ldap
>> without assigning any role to it ?? Will we still  be able to
>> authenticate the user when logged in from the application.if yes
>> then kindly share the configuration which i need to do in web.xml
>> and server.xml.
>> I need this because in our application we have ldap users defined
>> without any role mapped to them, so i want to know how to configure
>> this in server.xml and web.xml,so that user get authenticated
>> successfully
> I'm not sure about your LDAP configuration exactly (I've never used
> Tomcat with LDAP authentication myself) but Tomcat's security is
> entirely based upon roles. Thus, if you have (LDAP) users that are not
> in any group, those users are not going to be able to successfully
> access any resources unless you have <role-name>*</role-name> in your
> <auth-constraint>.

And , at least for tomcat 6 and 7, you will need to set the JNDIRealm
attribute "allRolesMode" to "authOnly"  if your users don't have any
role in the LDAP.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message