I've been using tomcat for many years (so thanks to the devs!) but this is the first time I've had to use LDAP for authentication. Reading over the docs on this page were very useful:
http://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html#JNDIRealm However, at the bottom of the section where it talks about using 'userRoleName': This realm configuration would satisfy the new requirements: <Realm className="org.apache.catalina.realm.JNDIRealm" connectionURL="ldap://localhost:389"; userBase="ou=people,dc=mycompany,dc=com" userSearch="(mail={0})" userRoleName="memberOf" roleBase="ou=groups,dc=mycompany,dc=com" roleName="cn" roleSearch="(uniqueMember={0})" /> I think the last 3 attributes for role are unnecessary, and if so, then they're confusing. In my test, which is similar to the LDIF right above it: dn: uid=jjones,ou=people,dc=mycompany,dc=com objectClass: inetOrgPerson uid: jjones sn: jones cn: janet jones mail: j.jo...@mycompany.com memberOf: role2 memberOf: role3 userPassword: janet I didn't need those last 3 role entries and everything worked fine. Just a note because this section is already confusing enough and I thought that made it worse. Sorry if I'm wrong in my assumptions. Thanks- Robert --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
