Author: markt
Date: Mon Sep 7 12:51:56 2009
New Revision: 812116
URL: http://svn.apache.org/viewvc?rev=812116&view=rev
Log:
Update JNDI realm docs with new attributes
Modified:
tomcat/tc6.0.x/trunk/webapps/docs/config/realm.xml
Modified: tomcat/tc6.0.x/trunk/webapps/docs/config/realm.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/config/realm.xml?rev=812116&r1=812115&r2=812116&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/config/realm.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/config/realm.xml Mon Sep 7 12:51:56 2009
@@ -292,17 +292,32 @@
information from the directory:</p>
<attributes>
- <attribute name="alternateURL" required="false">
- <p>If a socket connection can not be made to the provider at
- the <code>connectionURL</code> an attempt will be made to use the
- <code>alternateURL</code>.</p>
- </attribute>
-
- <attribute name="authentication" required="false">
- <p>A string specifying the type of authentication to use.
- "none", "simple", "strong" or a provider specific definition
- can be used. If no value is given the providers default is used.</p>
- </attribute>
+ <attribute name="adCompat" required="false">
+ <p>Microsoft Active Directory often returns referrals.
+ When iterating over NamingEnumerations these lead to
+ PartialResultExceptions. If you want us to ignore those exceptions,
+ set this attribute to "true". Unfortunately there's no stable way
+ to detect, if the Exceptions really come from an AD referral.
+ The default value is "false".</p>
+ </attribute>
+
+ <attribute name="alternateURL" required="false">
+ <p>If a socket connection can not be made to the provider at
+ the <code>connectionURL</code> an attempt will be made to use the
+ <code>alternateURL</code>.</p>
+ </attribute>
+
+ <attribute name="authentication" required="false">
+ <p>A string specifying the type of authentication to use.
+ "none", "simple", "strong" or a provider specific definition
+ can be used. If no value is given the providers default is used.</p>
+ </attribute>
+
+ <attribute name="commonRole" required="false">
+ <p>A role name assigned to each successfully authenticated user in
+ addition to the roles retrieved from LDAP. If not specified, only
+ the roles retrieved via LDAP are used.</p>
+ </attribute>
<attribute name="connectionName" required="false">
<p>The directory username to use when establishing a
@@ -351,6 +366,16 @@
the providers default is used.</p>
</attribute>
+ <attribute name="referrals" required="false">
+ <p>How do we handle JNDI referrals? Allowed values are
+ "ignore", "follow", or "throw" (see javax.naming.Context.REFERRAL
+ for more information).
+ Microsoft Active Directory often returns referrals.
+ If you need to follow them set referrals to "follow".
+ Caution: if your DNS is not part of AD, the LDAP client lib might try
+ to resolve your domain name in DNS to find another LDAP server.</p>
+ </attribute>
+
<attribute name="roleBase" required="false">
<p>The base directory entry for performing role searches. If
not specified the top-level element in the directory context
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
