Thanks, Tim. That's a lot of help. Robyne -----Original Message----- From: Tim Funk [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 12, 2003 8:04 AM To: Tomcat Users List Subject: [OT] Re: Tomcat Authenticates to AD. How do I access AD variables?
From the user id that tomcat returns, you'll need to determine the DN. In which you can do (I think) this way: 1) When constructing your context, use "follow", which makes it nice when you are using a forrest of domains (if thats the right term) for example: env.put(Context.REFERRAL, "follow"); 2) Get the DN from the userid. Here I assume sAMAccountName is used for userid. SearchControls constraints = new SearchControls(); constraints.setSearchScope(SearchControls.SUBTREE_SCOPE); NamingEnumeration results = ctx.search(organization_, "(&(sAMAccountName=" + userId + "))", constraints); 3) You should now how have the DN so you may do subsequent attribute lookups. Through normal JNDI calls. (I think) I don't do much JNDI stuff, so I can't vouch that the above is in any manner correct. (But I hope it is) -Tim Robyne Vaughn wrote: > Tim, > Thanks for your reply. I do mean attributes. > I don't know much about JNDI. (excuse me if I don't know the correct > wording). > > I do have one little JNDI program which I copied and altered. It > hits active directory with an authorized connection name and OU and > etc. All of which are hard-coded. Then, I change context to another > hardcoded name and OU and can get certain attributes with that info. > If I don't specify an OU, I don't find what I'm looking for. The > problem is that when a user logs in, I don't know what their OU is. > Tomcat handles that for me. I don't know how to plug in the correct > "path" in to a user's data. All I know is getRemoteUser and that 1 > little piece of info isn't enough to find a user's attributes with. > When I look in my logs, I can see what DN tomcat followed to > authenticate my user. That hints to me that I ought to be able to > extract the "path" (DN?) to use. > > All I know about JNDI, I've found out in the last 2 weeks. If you > have some coding examples you would care to share. I would greatly > appreciate it. (I have seen the sun tutorial - it's incomplete where > AD is concerned) --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]