Hi,
I've been watching your emails andI'm still trying to understand. I
have a couple of ldap books and I'm trying to figure some things out. I
can authenticate to AD with known OU's and known common names, but I
can't use basic or form authentication and get them authenticated with
just a user-id and password.
What is:
roleSearch="(memberOf=CN=tomcat,CN=Users,DC=[Domain],DC=com)"
1. specifically, what is CN=tomcat ? Is that a role which has been
set up in AD?
What is: userBase="OU=Users,OU=[My OU],DC=[Domain],DC=com"
2. specifically, what is OU=[My OU] ?
3. What did you put in your web-app web.xml?
My AD administrators have not been able to explain our tree structure to
me. Either I'm asking the wrong questions, or they don't understand it
either. They have given me a copy of the script they used to load it.
I'm trying to look thru the script to discover the tree structure.
Also, they printed a screen print from their AD administrative tool. It
has this sort of structure:
Active Directory Users and Computers
lubbock.isd
Builtin
CO
Computers
Disabled Accounts
Elem
ForeignSecurityPrincipals
HS
JH
LostAndFound
Microsoft Exchange System Object
OG
System
Users
Should that tell me what to plug into the OU? I know if I hit the AD
with an Administrative name, password and its OU, then I authenticate.
For instance "CN=Administratorname,OU=CO,dc=lubbock,dc=isd");. CO
stands for central office (in this case.) I know that this
administrative name is in the OU=CO. What do I do if my user is not in
OU=CO?
How do I authenticate when I'm not given the person's specific OU?
I don't understand why you're specifying 2 different values for OU?
Any help would be appreciated.
Thanks,
rob
-----Original Message-----
From: Hart, Justin [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 04, 2003 9:13 AM
To: Tomcat Users List
Subject: RE: JNDIRealm...more
I just got it working...
A million thank yous! I didn't really understand LDAP until learning
(some) about it yesterday, and once I started learning it, your example
made perfect sense, and now I can authenticate my users!
This rules very much!
Justin
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Monday, November 03, 2003 4:16 PM
To: [EMAIL PROTECTED]
Subject: RE: JNDIRealm...more
Here's what I have......this works for me....hope this helps....
<Realm className="org.apache.catalina.realm.JNDIRealm"
debug="99"
connectionURL="ldap://[domain controller]:389"
userBase="OU=Users,OU=[My OU],DC=[Domain],DC=com"
userSearch="(sAMAccountName={0})"
userRoleName="member"
roleBase="OU=Users,OU=[my OU],DC=[Domain],DC=com"
roleName="memberOf"
roleSearch="(memberOf=CN=tomcat,CN=Users,DC=[Domain],DC=com)"
connectionName="CN=Administrator,CN=Users,DC=[Domain],DC=com"
connectionPassword="[password]"
roleSubtree="true"
userSubtree="true"/>
-----Original Message-----
From: Hart, Justin [mailto:[EMAIL PROTECTED]
Sent: Monday, November 03, 2003 12:57 PM
To: Tomcat Users List
Subject: JNDIRealm...more
My server.xml now looks like this :
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
connectionURL="A good active directory server"
userBase="dc=MY DOMAIN NAME,dc=com"
userRoleName="member"
roleName="cn"
roleSearch="(userPrincipalName={0})"
roleSubtree="false"
userSubtree="false"
referrals="follow"
/>
Reading through the log shows no errors, just that the realm is openning
and closing connections with my LDAP server, after 3 tries, it tells me
that I need to use http authentication.
What's going wrong here?
Justin
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
