-----Original Message-----
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Tuesday, April 28, 2015 10:12 AM
To: Tomcat Users List
Subject: Re: JNDI realm Global Catalog question
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Neil,
On 4/28/15 9:48 AM, Lazarow, Neil wrote:
> I have multiple domain controllers, all of which are set to function
> as global catalog servers.
>
> Is it possible to put multiple alternateURL entires into your
> JNDIRealm confiugration (see example below)?
>
> Tomcat Version: 6.0.33 on Red Hat Enterprise Linux 5
>
> ------------------ <Realm
> className="org.apache.catalina.realm.JNDIRealm" adCompat="true"
> connectionURL="ldaps://ldap1.my.domainname.com:3269"
> alternateURL="ldaps://ldap2.my.domainname.com:3269"
> alternateURL="ldaps://ldap3.my.domainname.com:3269"
> connectionName="u...@my.domain.com" connectionPassword="password"
> referrals="follow" userBase="CN=Users,dc=my,dc=domainname,dc=com"
> userSearch="(sAMAccountName={0})" userSubtree="true"
> userRoleName="memberOf"
> roleBase="CN=Users,dc=my,dc=domainname,dc=com" roleName="CN"
> roleSearch="(member={0})" roleNested="true" />
I don't think this is currently supported, but it would be a nice enhancement.
Could you make a request in Bugzilla? http://bz.apache.org/
In the meantime, you might be able to get away with a configuration like this:
<Realm className="org.apache.catalina.realm.CombinedRealm">
<Realm className="org.apache.catalina.realm.JNDIRealm"
connectionURL="ldaps://server-1"
... />
<Realm className="org.apache.catalina.realm.JNDIRealm"
connectionURL="ldaps://server-2"
... />
<Realm className="org.apache.catalina.realm.JNDIRealm"
connectionURL="ldaps://server-3"
... />
</Realm>
The timeouts you'll experience to fail-over from one server to the other might
not be acceptable for you, though.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJVP6M7AAoJEBzwKT+lPKRY1H8P/3wVz99mL4m0imxfUjAm/9XQ
2fYdeigii7hzDw0tvJKLZ5jh+wMz2xoqI47CD1b0P/Nl+zQHK7AqwT0GbMidZMN5
+bEHLS66zKfVF+tWoIq1RlvPi78vI1Hzp9dvmlxzp/NOJs8Fm2zeAbPiDkXB48d5
vqA38m/ZBRQemA0DhsxPmnjvavGvX+ifZ9mpfZryLyQYxTEQqm4Ay2Gu+LkkFilb
s/iRxZEJzvIJKxXpr9MyMBwv8DXHwG9EhhDWrZ+cmbvP18jruSRZyPdwQsf1N8vu
jPX+dd5eo9ffDJKT6GjkzNMWLh0S6srZO6HMWMI4YCb2F/z/nB07GcsEd0PDnWl9
JFuEVNhL07fdlJ31rzZ+OksDGae7+r0Jnur2DIOfAMWRKMmQWrQWXAoYm1uck5ra
lvFaQEhlRpV8GAUUmYkf3LPvQGjG+yEINNhJu9OXSX4+pyxvF1Oa0wUbWRFa0aoH
FIfh22ApBsk5KEhPFTVFFQCIoh/yKGS4YDhNlm48606h7SERclz5m50Cicv03vFv
glIdrrXVL4Idbkrl7jON11CB9oZjK0//ODT4bjF7E3kSyN1DM5uBFxzpiaVIIKiO
tzeXubcZ/DYf1Qtt+t0yO66jjkr0uei1i2uPHQgS7kJq41jSmqfg2tewWrDkiRSe
l7hQL8S+t9zWdYmiUdG+
=3lwQ
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------
Chris,
This is what I suspected. I looked through a bunch of documentation
before
sending this question out, and found nothing. Thanks for your answer.
Neil
Confidentiality: This transmission, including any attachments, is solely for
the use of the intended recipient(s). This transmission may contain information
that is confidential or otherwise protected from disclosure. The use or
disclosure of the information contained in this transmission, including any
attachments, for any purpose other than that intended by its transmittal is
strictly prohibited. Unauthorized interception of this email is a violation of
federal criminal law. If you are not an intended recipient of this
transmission, please immediately destroy all copies received and notify the
sender.
