You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Sauer, Christian {PGSQ~Basel}" <ch...@Roche.COM> on 2004/06/09 08:26:02 UTC
4.0.29: does JNDIRealm (LDAP) perform authorization right after
authentication??
Hello,
I have LDAP users that are members of one or more groups and I also have
users that aren't members in any group at all. Only users that have
successfully authenticated themselves may use my web application. Some
other users (e.g. those being member of the admin group) may use
additional functionality of the application automatically depending on
their group membership (which is checked using method isUserInRole at
runtime).
It seems that the LDAP JNDIRealm of tomcat automatically performs an
authorisation for given groups after a successful user authentication
... Is this generally the case, or do I have to change the config of may
JNDIRealm in some way?
This is the configuration as it appears in my server.xml
<Realm className="org.apache.catalina.realm.JNDIRealm"
debug="99"
connectionURL="ldap://ldap.mycompany.com:389"
userBase="ou=People,dc=MyCompany,dc=COM"
roleBase="ou=Groups,dc=MyCompany,dc=COM"
roleSubtree="true"
roleName="cn"
userSearch="(uid={0})"
roleSearch="(uniqueMember={0})"
/>
Thanks in advance for a hint.
Cheers,
chris
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org