Home » Blogs » Evan's blog

Tomcat configuration to work with Active Directory

Mon
04/07/08

I spent waaaay too much time figuring out this one and the web is full of half-answers to this problem.

To configure a Tomcat 5.5 server realm to work with Active Directory you can crib from the following setup.

Make the following changes to the %CATALINA_HOME%/conf/server.xml file.

<Realm className="org.apache.catalina.realm.JNDIRealm" debug="0"
connectionURL="ldap://<AD SERVER ONE HOST NAME:PORT>"
alternateURL="ldap://<AD SERVER TWO HOST NAME:PORT>"
connectionName="<"DOMAIN"\"USER NAME TO BIND TO AD">" <!-- e.g. internal\serviceacct -->
connectionPassword="<YOUR PASSWORD FOR THE ABOVE ACCOUNT>"
userBase="<DN TO YOUR USERS IN AD>" <!-- e.g. OU=Users, dc=foo, dc=baz -->
userSearch="sAMAccountName={0}"
userSubtree="true"
roleBase="<DN TO YOUR GROUPS IN AD>" <!-- e.g. OU=Groups, dc=foo, dc=baz -->
roleName="CN"
roleSearch="member={0}"
roleSubtree="true"
/>

Then make the required security changes to your web.xml file for your application and you will be able to authenticate against your AD installation.

Comments

Replied

LDAP Realm in Sun One Web Server

Thu 04/10/08 by Evan

Classname: com.iplanet.ias.security.auth.realm.ldap.LDAPRealm

Property Value
directory ldap://AD SERVER NAME
base-dn BASE USER DN
jaas-context ldapRealm
search-bind-dn SERVICE ACCT
search-bind-password SERVICE ACCT PWD
search-filter sAMAccountName=%s
group-search-filter member=%d
group-base-dn GROUP DN (if different than BASE USER DN)