On Wed, Sep 16, 2009 at 3:11 AM, Tobias Crefeld <t...@cataneo.eu> wrote:
> Am Tue, 15 Sep 2009 15:00:39 -0500 > schrieb sharda k <sktom...@gmail.com>: > > > - User ids are being stored in LDAP > > - User credentials(password) are being stored in Active Directory > > (AD). > > - User roles are gain being stored in LDAP > > And how are ADS-credentials and LDAP'S "IDs" synchronized? > > Why don't you put the roles into ADS? ADS is based on LDAP with > Kerberos-authentication, so it should be no problem to add the > necessary schema extensions (untested - I have no ADS). > > BTW: There is a book called "Professional Apache Tomcat 6" at John > Wiley (www.wrox.com) with some advice how to setup authentication by > file, LDAP, PAM or database. > > > Regards, > Tobias. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > Thank you all for your responses. I will try it and will see how it goes :) Tobias- Yes adding roles to AD would have a been the best way to simplify this scenario. But unfortunatly this was setup like this initially and roles are defined already in AD but are not in sync with LDAP which is the real user ID and role warehouse. AD is being used by many other systems for authentication so it cannot be modified now. So I am stuck with connecting to two servers for authentication and authorization. Regards, Sharda
