> All, > > Hoping that someone can help. Checked google/marc etc. Similar > posts, but no solutions?? > > Looking to authenticate & authorise Tomcat 5.5.7 against AD 2003. > > Authentication works great. Authorisation doesn't. > > Server.xml: > > <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" > > connectionURL="ldap://x.x.x.x:yyy"; > connectionName="[EMAIL PROTECTED]" > connectionPassword="user_password" > userBase="cn=xxxxx,dc=xxxxx,dc=xxxxx" > userSearch="(sAMAccountName={0})" > userSubtree="true" > userRoleName="memberOf" > roleBase="cn=xxxxx,dc=xxxxx,dc=xxxxx" > roleName="cn" > roleSubtree="true" > roleSearch="(uniqueMember={0})" > /> > > > Roles (users windows domain groups) are being returned, however the > issue is that AD is returning the DN, and not the 'cn'. Have tried > various values in the roleName field - but these have no effect. > > I can change the <role-name> definitions in the web.xml files to match > what is being returned - but this isn't ideal, and I still have issues > with the ',' in the role when using struts..... > > > Logging below shows issue: > > FINE: Checking roles > GenericPrincipal[RHWhitefield(CN=group1,CN=xxxx,DC=yyy,DC=zzzz, > > CN=group2,CN=xxxx,DC=yyy,DC=zzzz, > > CN=group3,CN=xxxx,DC=yyy,DC=zzzz, > > CN=group4,CN=xxxx,DC=yyy,DC=zzzz,)] > > I am ideally looking for just the cn or name or sAMAccountName, rather > than the DN. > > Any guidance would be gratefully appreciated. > > Thanks > > Rupert. >
This message should be regarded as confidential. If you have received this email in error please notify the sender and destroy it immediately. Statements of intent shall only become binding when confirmed in hard copy by an authorised signatory. The contents of this email may relate to dealings with other companies within the Detica Group plc group of companies. Detica Limited is registered in England under No: 1337451. Registered offices: Surrey Research Park, Guildford, Surrey, GU2 7YP, England.
