Jon Roberts www.mentata.com
Philippe Maseres wrote:
Hello all. I need to set up Tomcat to use a LDAP directory for authentication and authorization. I successfully configured my iPlanet directory and a JNDI realm in Tomcat, and users and roles checkings work well, but with a restriction. My directory schema, which is quite classical, provides a dedicated tree with two sub-trees : one for users and another for groups. Users assignment in groups is made through the common multivalued attribute 'uniqueMember'. According to my JNDI realm setup, Tomcat matches users from groups using their DN and deduces the right roles. However, i need to organize users in the directory in a hierarchic classification where persons don't belong directly to groups that represent applications roles. At the opposite, users are assigned to profiles themselves forming a compound tree which terminal leaves are the actual roles mapped to the applications constraints. Unfortunately, Tomcat seems not to process the role matching recursively, ie. retrieving first groups from the user's DN, and then groups from each found group. In a past project, the BEA Weblogic LDAP realm was used to perform such a recursive matching with no particular setting. Is there any way to use Tomcat the same way, with its JNDI realm implementation ? Is there any alternative JNDI realm that could be used, or should i implement it myself ? Thanks for answers...
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
