Juergen Weber wrote:
Hi,
Hi Juergen,
first sorry for the late answer, but we were all quite busy (Amsterdam
Apache Conference ...)
I have a Tomcat installation that authenticates with JNDI realm
against an LDAP server containing the users. Now I need some
additional technical users that cannot go into the LDAP server.
Unfortunately Tomcat can only use one active security realm. Ideal
were if Tomcat would fall back to the standard memory realm if a user
were not found in JNDI realm.
So another option were to put the additional users into Apache
Directory server and have it delegate against the other LDAP server.
If Directory server knows user
return authenticate user
else
user := other LDAP server lookup
return authenticate user
endif
Can this right now be done with Apache Directory server?
Right now, the short answer is yes. You can define a specific
authenticator to do that (if I'm not completly off rails).
Sadly, I don't have enough time right now to give you some direction,
but I will try to squeeze some time this week-end (no guarantee ...)
However, this is not something complex, and this is also a feature we
_want_ to add to ADS asap.
Hope it helps (at least a little :) !
--
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org
