-----Original Message----- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Tuesday, April 28, 2015 10:12 AM To: Tomcat Users List Subject: Re: JNDI realm Global Catalog question
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Neil, On 4/28/15 9:48 AM, Lazarow, Neil wrote: > I have multiple domain controllers, all of which are set to function > as global catalog servers. > > Is it possible to put multiple alternateURL entires into your > JNDIRealm confiugration (see example below)? > > Tomcat Version: 6.0.33 on Red Hat Enterprise Linux 5 > > ------------------ <Realm > className="org.apache.catalina.realm.JNDIRealm" adCompat="true" > connectionURL="ldaps://ldap1.my.domainname.com:3269" > alternateURL="ldaps://ldap2.my.domainname.com:3269" > alternateURL="ldaps://ldap3.my.domainname.com:3269" > connectionName="u...@my.domain.com" connectionPassword="password" > referrals="follow" userBase="CN=Users,dc=my,dc=domainname,dc=com" > userSearch="(sAMAccountName={0})" userSubtree="true" > userRoleName="memberOf" > roleBase="CN=Users,dc=my,dc=domainname,dc=com" roleName="CN" > roleSearch="(member={0})" roleNested="true" /> I don't think this is currently supported, but it would be a nice enhancement. Could you make a request in Bugzilla? http://bz.apache.org/ In the meantime, you might be able to get away with a configuration like this: <Realm className="org.apache.catalina.realm.CombinedRealm"> <Realm className="org.apache.catalina.realm.JNDIRealm" connectionURL="ldaps://server-1" ... /> <Realm className="org.apache.catalina.realm.JNDIRealm" connectionURL="ldaps://server-2" ... /> <Realm className="org.apache.catalina.realm.JNDIRealm" connectionURL="ldaps://server-3" ... /> </Realm> The timeouts you'll experience to fail-over from one server to the other might not be acceptable for you, though. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVP6M7AAoJEBzwKT+lPKRY1H8P/3wVz99mL4m0imxfUjAm/9XQ 2fYdeigii7hzDw0tvJKLZ5jh+wMz2xoqI47CD1b0P/Nl+zQHK7AqwT0GbMidZMN5 +bEHLS66zKfVF+tWoIq1RlvPi78vI1Hzp9dvmlxzp/NOJs8Fm2zeAbPiDkXB48d5 vqA38m/ZBRQemA0DhsxPmnjvavGvX+ifZ9mpfZryLyQYxTEQqm4Ay2Gu+LkkFilb s/iRxZEJzvIJKxXpr9MyMBwv8DXHwG9EhhDWrZ+cmbvP18jruSRZyPdwQsf1N8vu jPX+dd5eo9ffDJKT6GjkzNMWLh0S6srZO6HMWMI4YCb2F/z/nB07GcsEd0PDnWl9 JFuEVNhL07fdlJ31rzZ+OksDGae7+r0Jnur2DIOfAMWRKMmQWrQWXAoYm1uck5ra lvFaQEhlRpV8GAUUmYkf3LPvQGjG+yEINNhJu9OXSX4+pyxvF1Oa0wUbWRFa0aoH FIfh22ApBsk5KEhPFTVFFQCIoh/yKGS4YDhNlm48606h7SERclz5m50Cicv03vFv glIdrrXVL4Idbkrl7jON11CB9oZjK0//ODT4bjF7E3kSyN1DM5uBFxzpiaVIIKiO tzeXubcZ/DYf1Qtt+t0yO66jjkr0uei1i2uPHQgS7kJq41jSmqfg2tewWrDkiRSe l7hQL8S+t9zWdYmiUdG+ =3lwQ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------- Chris, This is what I suspected. I looked through a bunch of documentation before sending this question out, and found nothing. Thanks for your answer. Neil Confidentiality: This transmission, including any attachments, is solely for the use of the intended recipient(s). This transmission may contain information that is confidential or otherwise protected from disclosure. The use or disclosure of the information contained in this transmission, including any attachments, for any purpose other than that intended by its transmittal is strictly prohibited. Unauthorized interception of this email is a violation of federal criminal law. If you are not an intended recipient of this transmission, please immediately destroy all copies received and notify the sender.