On Tue, 8 Jun 2010 08:25:04 -0700 (PDT), Mark-E <mer...@hbs.edu> wrote:
> I have setup an https instance of Tomcat and I am trying to allow only
> specific users access.
>
> In the current configuration, anyone who is in LDAP can get in.
>
> Here is the current configuration in the server.xml
>
> <Realm className="org.apache.catalina.realm.JNDIRealm"
> connectionName=<connection name>
> connectionURL="ldap://ldap.domain.com:<port>"
> roleSearch="memberUid={0}"
> allRolesMode="authOnly"
> userPattern="uid={0},ou=People,dc=domain,dc=com"
> />
>
> So I tried using userSearch=(user{1}) to allow only user1 in but that
did
> not limit access. I tried {1} since the docs mention that is to search
for
> a
> specific username.
You can't use {1} in userSearch. You have to use {0}.
If you have only a very limited set of users and want to risk a management
nightmare, you can hardcode those users into the search pattern like
userSearch="(&(uid={0})(|(uid=user1)(uid=user2)))"
But I think it would be better to use an attribute or a group for that
kind of thing:
userSearch="(&(uid={0})(specialAttribute=specialValue))"
Bye
Felix
>
> Anyone know how I need to edit this to allow only a list of specific
users
> in? I will define them in this file.
>
> Thanks,
> Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
