>-----Original Message-----
>From: S.V. [mailto:svku...@googlemail.com]
>Subject: Tomcat 6.0.18 JNDIRealm ConnectException: Connection timed out
>
> userBase="DC=host,DC=de"
>
I had this same problem. It depends on where your users are located in AD and
how large the tree is.
This is probably not the right way to do it, but I limited the roleBase and
userBase to specific nodes.
<Realm className="org.apache.catalina.realm.JNDIRealm"
connectionURL="ldap://url:389";
connectionName="CN=ad_user_account,OU=Service
Accounts,OU=PLANDEV Dept,DC=plandev,DC=maricopa,DC=gov"
connectionPassword="***"
roleBase="OU=Groups,OU=PLANDEV
Dept,DC=plandev,DC=maricopa,DC=gov"
roleSubtree="true"
roleName="cn"
roleSearch="(member={0})"
userBase="OU=PLANDEV Dept,DC=plandev,DC=maricopa,DC=gov"
userSearch="(&(objectCategory=person)(sAMAccountName={0}))"
userSubtree="true"
userRoleName="memberOf"
/>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
