RE: How to authenticate user against ldap grouper / role

Fri, 01 Oct 2010 11:24:03 -0700 

On Fri, 1 Oct 2010 10:50:53 -0700, "Manish Kashikar -X (mkashika - Zensar
at Cisco)" <mkash...@cisco.com> wrote:
> Appreciate if someone can help us in  doing the setup to validate user
> against ldap role / grouper
I would start reading the documentation at
http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html#JNDIRealm

After that I would switch from userPattern="cn={0},..." to
userSearch="cn={0}" and adding a userBase="...". 
If you really have all your persons directly under that base, than you can
leave userSubtree at its default value, otherwise set it to true, to allow
subtree searches.

Now, having switched to userSearch, you are able to setup a filter on
attributes, such as 
  userSearch="&(cn={0})(specialRole=admin)"
That way you will find only users, which have set the attribute
"specialRole" to "admin".

Next I would configure roles. For that you will have to specify
roleSearch, roleBase and roleName.

After you are done, you could use those roles to setup a security
constraint in your web.xml.

bye
 Felix
> 
> -----Original Message-----
> From: Manish Kashikar -X (mkashika - Zensar at Cisco) 
> Sent: Thursday, September 30, 2010 1:38 PM
> To: users@tomcat.apache.org
> Subject: How to authenticate user against ldap grouper / role
> 
> Hi Team,
> 
>  
> 
> We are able to do tomcat + ldap configuration for authentication. But
> our requirement is to allow only set of users who are part of ldap
> grouper/role. How to do this setup.
> 
>  
> 
> <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
> 
>  
> connectionURL=<ldap URL>
> 
>  
> contextFactory="com.sun.jndi.ldap.LdapCtxFactory" 
> 
>  
> userPattern="uid={0},ou=active,ou=employees,ou=people,o=cisco.com" 
> 
>                                 />
> 
>  
> 
>  
> 
> Thanks
> 
> Manish K
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to