Hello,
I have LDAP users that are members of one or more groups and I also have
users that aren't members in any group at all. Only users that have
successfully authenticated themselves may use my web application. Some
other users (e.g. those being member of the admin group) may use
additional functionality of the application automatically depending on
their group membership (which is checked using method isUserInRole at
runtime).
It seems that the LDAP JNDIRealm of tomcat automatically performs an
authorisation for given groups after a successful user authentication
... Is this generally the case, or do I have to change the config of may
JNDIRealm in some way?
This is the configuration as it appears in my server.xml
<Realm className="org.apache.catalina.realm.JNDIRealm"
debug="99"
connectionURL="ldap://ldap.mycompany.com:389";
userBase="ou=People,dc=MyCompany,dc=COM"
roleBase="ou=Groups,dc=MyCompany,dc=COM"
roleSubtree="true"
roleName="cn"
userSearch="(uid={0})"
roleSearch="(uniqueMember={0})"
/>
Thanks in advance for a hint.
Cheers,
chris
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
