-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Neil,
On 4/29/15 12:01 PM, Lazarow, Neil wrote: > -----Original Message----- From: Felix Schumacher > [mailto:felix.schumac...@internetallee.de] Sent: Tuesday, April 28, > 2015 10:18 AM To: Tomcat Users List Subject: Re: JNDI realm Global > Catalog question > > > > Am 28. April 2015 17:11:55 MESZ, schrieb Christopher Schultz > <ch...@christopherschultz.net>: >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 >> >> Neil, >> >> On 4/28/15 9:48 AM, Lazarow, Neil wrote: >>> I have multiple domain controllers, all of which are set to >>> function as global catalog servers. >>> >>> Is it possible to put multiple alternateURL entires into your >>> JNDIRealm confiugration (see example below)? >>> >>> Tomcat Version: 6.0.33 on Red Hat Enterprise Linux 5 >>> >>> ------------------ <Realm >>> className="org.apache.catalina.realm.JNDIRealm" >>> adCompat="true" >>> connectionURL="ldaps://ldap1.my.domainname.com:3269" >>> alternateURL="ldaps://ldap2.my.domainname.com:3269" >>> alternateURL="ldaps://ldap3.my.domainname.com:3269" >>> connectionName="u...@my.domain.com" >>> connectionPassword="password" referrals="follow" >>> userBase="CN=Users,dc=my,dc=domainname,dc=com" >>> userSearch="(sAMAccountName={0})" userSubtree="true" >>> userRoleName="memberOf" >>> roleBase="CN=Users,dc=my,dc=domainname,dc=com" roleName="CN" >>> roleSearch="(member={0})" roleNested="true" /> >> >> I don't think this is currently supported, but it would be a >> nice enhancement. Could you make a request in Bugzilla? >> http://bz.apache.org/ >> >> In the meantime, you might be able to get away with a >> configuration like this: >> >> <Realm className="org.apache.catalina.realm.CombinedRealm"> >> <Realm className="org.apache.catalina.realm.JNDIRealm" >> connectionURL="ldaps://server-1" ... /> <Realm >> className="org.apache.catalina.realm.JNDIRealm" >> connectionURL="ldaps://server-2" ... /> <Realm >> className="org.apache.catalina.realm.JNDIRealm" >> connectionURL="ldaps://server-3" ... /> </Realm> >> > > You could even try to set connectionURL to all servers at once > separated by space. I believe jndi supports this. That would be > something like > > connectionURL="ldaps://one ldaps://two ldaps://three" > > I haven't tested it, though. > > Regards Felix > >> The timeouts you'll experience to fail-over from one server to >> the other might not be acceptable for you, though. >> >> - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: >> GPGTools - http://gpgtools.org > > Tomcat appears to accept the list of connectionURL entries > separated by spaces. Great, thanks for testing that. Looks like the documentation could use a tweak. Care to give us a docs patch and get yourself in the Changelog? - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVQSeoAAoJEBzwKT+lPKRYrigQALPoA3EAcGdV1ZjxkYBfZu3J m6fLoDvgRbr9O1WHK9TvyDyhGQEtcgDQvRzv9oI5gAK0Ao99OT1Up5ye36jVDZxw BHPKBBLSBYaRB6hKUTHaoDEyADbHZ9hW+w5ykpwAs3Jloaph5RbSYM5+rVLx+8LJ eGm61qNFaJftY5nawkgK7WrI1BwYLOdJbnbENw7j7le4Q0rJflp6Odng2FwbfQ+8 Y57aJxcfc0/lNXd52/jJhhGMNL+9up4xIBo7CRF4QnTOzHUMy/DdxoCXVaw+uN+D ixHdffGG3DY5YeLvKusQro20FxQeIaTQc4XJSAF+zz1dz8jDnTf77XUhSkqdjOds lqefW/HXls6oHjf8zNOa97TMD7/ewwbJJMn4Nvmxwyh2msl89Sf6+ua5BSy0IT7G g/2IQTQ7AGs7FDsnqy4BLtRGFBpZRM41ecxrHoK52/cJMjqr+GNpWFlDu5lyHfKc qZ0DOOVjLcCifR50e419pKCVzT4Ru7/mP0/r0hUn7kiEaKMKfgH/Xxh+4j8jau5v 3ag8uUOPY6O6EGq9ID9k0c+Zo0ZahPQ8mAYitIa57CLoq8/sRyaYrrWYaIZA8cPP X/EQdhXDcWFo8tUPYjQHvCEplLTjBgFYOlz8H+q+UVG1R9axLw5zQvB8m3hRrFty os74yx2VxZ710EUOynGO =+gdD -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org