On Tue, 24 Nov 2009 19:50:59 +0100, "André Warnier" <a...@ice-sa.com> wrote: > Samuel Penn wrote: >> Hi all, >> >> I'm trying to get Tomcat to authenticate against Active Directory, but >> failing > ... > Not directly related to what your current issue is, but just as > information : http://www.ioplex.com/jespa.html
I've seen that, though it has a license cost associated with it which rules it out as an immediate option. > I have found that in the practice, there is a certain amount of > confusion at the interface between the Java/Open Source world, and the > corporate Windows-centric world. > When a Unix/Linux/Open Source developer type asks the corporate > MS-Windows sysadmin type what the "network user authentication method" > is, very often the answer will be "Active Directory". > > In fact, it isn't. Yeah, I'm vaguely aware of that if pushed, though now to a slightly higher level of detail thanks to your explanation. > There used to be an open source similar solution available, made by the > same people who make jCIFS (at samba.org). It was called the "jCIFS > HTTP NTLM authentication filter" or similar. But that software is no > longer developed or maintained, and does not work with recent revisions > of the Windows NTLM protocol (v2, as standard since Vista and beyond). > Jespa works with all NTLM versions. I've looked at that (that's where I saw the link to Jespa), and I've actually implemented it and got it working. The issue was it doesn't seem to allow checking of groups. I may go down the jCIFS route, and limit access rights on a per-user (rather than the preferred per-group) basis. My explorations of LDAP was to see if this gave me group level checking without having to worry about licensing. Thanks, Sam. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
