JNDI Realm Configuration Review please

Effin_Ell
Effin_Ell used Ask the Experts™
on
My Tomcat web application logs are telling me the user1 isn't in the specified mapped LDAP role/group coming from AD. I believe my issues lie with the JNDI Realm definition. Can someone review it please and see where I may be going wrong, I've included the DN information from AD as well:

My user1 account DN is

DistinguishedName : CN=user1,OU=Users,OU=Lab,DC=example,DC=com

Open in new window


The role/group Users I have specified in the web.xml config is

DistinguishedName : CN=Users,CN=Builtin,DC=example,DC=com

Open in new window


My Realm configuration is

<Realm
   className="org.apache.catalina.realm.JNDIRealm"
   debug="99"
   connectionURL="ldap://example.com:389"
   authentication="simple"
   referrals="follow"
   connectionName="cn=administrator,cn=users,dc=example,dc=com"
   connectionPassword="##########"
   userSearch="(sAMAccountName={0})"
   userBase="cn=users,dc=example,dc=com"
   userSubtree="true"
   userRoleName="memberOf"
   roleSearch="(member={0})"
   roleName="cn"
   roleSubtree="true"
   roleBase="cn=users,cn=builtin,dc=example,dc=com"/>

Open in new window

Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
This was the solution

<Realm
   className="org.apache.catalina.realm.JNDIRealm"
   debug="99"
   connectionURL="ldap://example.com:3268"
   authentication="simple"
   referrals="follow"
   connectionName="cn=administrator,cn=users,dc=example,dc=com"
   connectionPassword="###########"
   userSearch="(sAMAccountName={0})"
   userBase="dc=example,dc=com"
   userSubtree="true"
   userRoleName="memberOf"
   roleName="cn"
   roleSubtree="true"/>

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial