2008/10/8 Felix Schumacher <[EMAIL PROTECTED]>: > Hi Jerome, > > have you thought about adding an extra attribute to the groups, so that > the mapping is done by a normal ldap query? > > Consider having an objectClass tomcatRoleMapping which has one attribute > tomcatRole. Than with your mapping like below >> securityrole1=group1,group2,group4 >> securityrole2=group3 >> securityrole3=group5,group6 > you would extend all groups with tomcatRoleMapping. The value of the > attribute tomcatRole could then be "securityrole1" for group1, group2 > and group4 like this > > dn: cn=group1,... > objectClass: tomcatRoleMapping > objectClass: ... > tomcatRole: securityrole1 > cn: group1 > ... > > Now just change the roleName attribute in your realm definition to > tomcatRole and you have got a mapping from groups to securityroles. > > Bye > Felix
Hi Felix, Thanks for your proposition, but I want to avoid any change on the LDAP server. The idea is: if you want to install my webapp in your environment, just map your existing groups to my webapp's roles before starting Tomcat and you're done. Jerome --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
