Tomcat configuration to work with Active Directory

Posted April 7th, 2008 by Evan

I spent waaaay too much time figuring out this one and the web is full of half-answers to this problem.

To configure a Tomcat 5.5 server realm to work with Active Directory you can crib from the following setup.

Make the following changes to the %CATALINA_HOME%/conf/server.xml file.
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="0" connectionURL="ldap://<AD SERVER ONE HOST NAME:PORT>" alternateURL="ldap://<AD SERVER TWO HOST NAME:PORT>" connectionName="<"DOMAIN"\"USER NAME TO BIND TO AD">"  connectionPassword="<YOUR PASSWORD FOR THE ABOVE ACCOUNT>" userBase="<DN TO YOUR USERS IN AD>"  userSearch="sAMAccountName={0}" userSubtree="true" roleBase="<DN TO YOUR GROUPS IN AD>"  roleName="CN" roleSearch="member={0}" roleSubtree="true" />

Then make the required security changes to your web.xml file for your application and you will be able to authenticate against your AD installation.

Evan's blog
Login or register to post comments

Comments

LDAP Realm in Sun One Web Server

On April 10th, 2008 Evan says:

Classname: com.iplanet.ias.security.auth.realm.ldap.LDAPRealm

Property	Value
directory	ldap://AD SERVER NAME
base-dn	BASE USER DN
jaas-context	ldapRealm
search-bind-dn	SERVICE ACCT
search-bind-password	SERVICE ACCT PWD
search-filter	sAMAccountName=%s
group-search-filter	member=%d
group-base-dn	GROUP DN (if different than BASE USER DN)

.:justwerks software:.

software that just works