-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Neil,
On 4/28/15 9:48 AM, Lazarow, Neil wrote:
> I have multiple domain controllers, all of which are set to
> function as global catalog servers.
>
> Is it possible to put multiple alternateURL entires into your
> JNDIRealm confiugration (see example below)?
>
> Tomcat Version: 6.0.33 on Red Hat Enterprise Linux 5
>
> ------------------ <Realm
> className="org.apache.catalina.realm.JNDIRealm" adCompat="true"
> connectionURL="ldaps://ldap1.my.domainname.com:3269"
> alternateURL="ldaps://ldap2.my.domainname.com:3269"
> alternateURL="ldaps://ldap3.my.domainname.com:3269"
> connectionName="u...@my.domain.com" connectionPassword="password"
> referrals="follow" userBase="CN=Users,dc=my,dc=domainname,dc=com"
> userSearch="(sAMAccountName={0})" userSubtree="true"
> userRoleName="memberOf"
> roleBase="CN=Users,dc=my,dc=domainname,dc=com" roleName="CN"
> roleSearch="(member={0})" roleNested="true" />
I don't think this is currently supported, but it would be a nice
enhancement. Could you make a request in Bugzilla? http://bz.apache.org/
In the meantime, you might be able to get away with a configuration
like this:
<Realm className="org.apache.catalina.realm.CombinedRealm">
<Realm className="org.apache.catalina.realm.JNDIRealm"
connectionURL="ldaps://server-1"
... />
<Realm className="org.apache.catalina.realm.JNDIRealm"
connectionURL="ldaps://server-2"
... />
<Realm className="org.apache.catalina.realm.JNDIRealm"
connectionURL="ldaps://server-3"
... />
</Realm>
The timeouts you'll experience to fail-over from one server to the
other might not be acceptable for you, though.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJVP6M7AAoJEBzwKT+lPKRY1H8P/3wVz99mL4m0imxfUjAm/9XQ
2fYdeigii7hzDw0tvJKLZ5jh+wMz2xoqI47CD1b0P/Nl+zQHK7AqwT0GbMidZMN5
+bEHLS66zKfVF+tWoIq1RlvPi78vI1Hzp9dvmlxzp/NOJs8Fm2zeAbPiDkXB48d5
vqA38m/ZBRQemA0DhsxPmnjvavGvX+ifZ9mpfZryLyQYxTEQqm4Ay2Gu+LkkFilb
s/iRxZEJzvIJKxXpr9MyMBwv8DXHwG9EhhDWrZ+cmbvP18jruSRZyPdwQsf1N8vu
jPX+dd5eo9ffDJKT6GjkzNMWLh0S6srZO6HMWMI4YCb2F/z/nB07GcsEd0PDnWl9
JFuEVNhL07fdlJ31rzZ+OksDGae7+r0Jnur2DIOfAMWRKMmQWrQWXAoYm1uck5ra
lvFaQEhlRpV8GAUUmYkf3LPvQGjG+yEINNhJu9OXSX4+pyxvF1Oa0wUbWRFa0aoH
FIfh22ApBsk5KEhPFTVFFQCIoh/yKGS4YDhNlm48606h7SERclz5m50Cicv03vFv
glIdrrXVL4Idbkrl7jON11CB9oZjK0//ODT4bjF7E3kSyN1DM5uBFxzpiaVIIKiO
tzeXubcZ/DYf1Qtt+t0yO66jjkr0uei1i2uPHQgS7kJq41jSmqfg2tewWrDkiRSe
l7hQL8S+t9zWdYmiUdG+
=3lwQ
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
