You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Chong Yu Meng <ch...@cymulacrum.net> on 2003/12/01 11:49:40 UTC
JNDIRealm question
Hi All,
I have a configuration that is not covered in the JNDIRealm HOWTO, and
was wondering if someone else has tried this before :
I am using OpenLDAP 2.1.22 on Red Hat 9. For the DN, I am using the CN
instead of the UID (i.e., dn: cn=Zhu De,ou=People,o=Cymulacrum instead
of uid=zhude,ou=People,o=Cymulacrum), and the roles recognized by Tomcat
are in the Groups OU.
My question : how do I setup a Tomcat JNDI Realm such that it looks up
roles based on the UID instead of the DN ? In the JNDIRealm HOWTO, the
instructions assume that the DN is using the UID instead of the CN. For
the userSearch, I would substitute with (uid={0}), since I need to do a
search and comparison with an attribute. But to retrieve the role ...
I'm not so sure about how to do this. I'm thinking that the stanza below
would not work (no, I haven't tried it yet). Does anyone know how it
should look ?
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
connectionURL="ldap://localhost:389"
userBase="ou=people,o=Cymulacrum"
userSearch="(uid={0})"
userRoleName="memberOf"
roleBase="ou=groups,o=Cymulacrum"
roleName="cn"
roleSearch="(uniqueMember={0})"
/>
Using the CN instead of the UID for the DN is actually (in my experience
anyway) quite common -- Lotus Domino/Notes uses the CN for logging in,
and Novell eDirectory too (though I suppose both can be configured to
use the UID instead).
Thanks in advance,
pascal chong
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org