Home :: Blogs :: Evan's blog

Tomcat configuration to work with Active Directory

By Evan - April 7th, 2008
Tagged:  

I spent waaaay too much time figuring out this one and the web is full of half-answers to this problem.

To configure a Tomcat 5.5 server realm to work with Active Directory you can crib from the following setup.

Make the following changes to the %CATALINA_HOME%/conf/server.xml file.

<Realm className="org.apache.catalina.realm.JNDIRealm" debug="0"
connectionURL="ldap://<AD SERVER ONE HOST NAME:PORT>"
alternateURL="ldap://<AD SERVER TWO HOST NAME:PORT>"
connectionName="<"DOMAIN"\"USER NAME TO BIND TO AD">" <!-- e.g. internal\serviceacct -->
connectionPassword="<YOUR PASSWORD FOR THE ABOVE ACCOUNT>"
userBase="<DN TO YOUR USERS IN AD>" <!-- e.g. OU=Users, dc=foo, dc=baz -->
userSearch="sAMAccountName={0}"
userSubtree="true"
roleBase="<DN TO YOUR GROUPS IN AD>" <!-- e.g. OU=Groups, dc=foo, dc=baz -->
roleName="CN"
roleSearch="member={0}"
roleSubtree="true"
/>

Then make the required security changes to your web.xml file for your application and you will be able to authenticate against your AD installation.

Comments

LDAP Realm in Sun One Web Server
Submitted by Evan on Thu, 2008-04-10 08:21.

Classname: com.iplanet.ias.security.auth.realm.ldap.LDAPRealm

Property Value
directory ldap://AD SERVER NAME
base-dn BASE USER DN
jaas-context ldapRealm
search-bind-dn SERVICE ACCT
search-bind-password SERVICE ACCT PWD
search-filter sAMAccountName=%s
group-search-filter member=%d
group-base-dn GROUP DN (if different than BASE USER DN)

User login

All content created and copyrighted by justwerks software 2001-2009 unless otherwise noted.