Good Afternoon Leo i would suggest using wildcard searches using the objectclass,cn,objectcategory or sn as specified here http://msdn.microsoft.com/en-us/library/aa746475(VS.85).aspx
once you have a valid LDAP query then confgure the tc realm Note: i would suggest using LDAP_MATCHING_RULE_IN_CHAIN for MatchingRuleOID which allows you to pull all the attributes that match the value for that subtree hth Martin Gainty ______________________________________________ do not disrupt, alter or modify this transmission. > From: leodona...@mail.maricopa.gov > To: users@tomcat.apache.org > Date: Mon, 8 Mar 2010 14:11:50 -0700 > Subject: JNDI Realm question > > http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html#JNDIRealm > <http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html> > > Using Tomcat 6.0.24 on Windows Server 2003 Standard R2 SP2 > > 1. We use MS Active Directory, is the "uid" in the following example for > userPattern the same as the "sAMAccountName" ? > > <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" > connectionURL="ldap://localhost:389" > userPattern="uid={0},ou=people,dc=mycompany,dc=com" > roleBase="ou=groups,dc=mycompany,dc=com" > roleName="cn" > roleSearch="(uniqueMember={0})" > /> > > 2. The quick start section said to create a user account for the Tomcat user, > if required. That is the account Tomcat uses to browse the LDAP, I understand > that, but where is it used in the Realm? Is it the connectionName and > connectionPassword attributes? > > The way Active Directory is setup for us looks something like this: > > dc=mycompany,dc=com > ou=mydept > ou=division1 > ou=division2 > ou=division...n > ou=service accounts (this is where we created the tomcat user account, > and the role accounts for the webapp) > ou=other depts, etc. > > I would like to set up the realm so that any user in any division, under > "mydept" will be found. Does this look right? (aside from changing the > connection url to ours) Or do I substitue the sAMAccountName for "uid"? > > <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" > connectionURL="ldap://localhost:389" > connectionName="tomcat user account name" > connectionPassword="tomcat user account pw" > userPattern="uid={0},ou=mydept,dc=mycompany,dc=com" > roleBase="ou=mydept,dc=mycompany,dc=com" > roleName="ou=service accounts,cn=ourwebapprolename,dc=mycompany,dc=com" > roleSearch="(uniqueMember={0})" > userSubtree="true" > /> > > > Leo Donahue > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > _________________________________________________________________ Hotmail: Powerful Free email with security by Microsoft. http://clk.atdmt.com/GBL/go/201469230/direct/01/