开发者

creating userPattern for JNDIRealm

问答 作者:

Hey guys, I have to meet a second distinguishion among users. I just pasted out the example given for JNDIRealm

dn: uid=jjones,ou=people,dc=mycompany,dc=开发者_运维技巧com

<Realm   className="org.apache.catalina.realm.JNDIRealm" debug="99"
    connectionName="cn=Manager,dc=mycompany,dc=com"
connectionPassword="secret"
     connectionURL="ldap://localhost:389"
      userPassword="userPassword"
       userPattern="uid={0},ou=people,dc=mycompany,dc=com"
          roleBase="ou=groups,dc=mycompany,dc=com"
          roleName="cn"
        roleSearch="(uniqueMember={0})"
/>

altered

dn: uid=jjones,ou=people,dc=mycompany,dc=com

dn: uid=jjones,ou=robots,dc=mycompany,dc=com

<Realm   className="org.apache.catalina.realm.JNDIRealm" debug="99"
    connectionName="cn=Manager,dc=mycompany,dc=com"
connectionPassword="secret"
     connectionURL="ldap://localhost:389"
      userPassword="userPassword"
       userPattern="uid={0},ou={0},dc=mycompany,dc=com"
          roleBase="ou=groups,dc=mycompany,dc=com"
          roleName="cn"
        roleSearch="(uniqueMember={0})"
/>

Would this adjustment meet my requirement to enable a second distinguishion? I don not know if "{0}" works or if I have to change it to "{1}".

And is it really true, that I don't need the "userBase" attribute, when I have a "userPattern" attribute defined?

the solution is a userPatternArray

as follows:

Sometimes it is necessary for users from different organizational units to have access to Code Collaborator. If you are using direct-bind configuration using the userPattern attribute, you can change the configuration to use userPatternArray instead where the value is a colon-separated list of user patterns. For example, if there are users in ou=foo,dc=mycompany,dc=com and ou=bar,dc=mycompany,dc=com identified by their uid attribute, you can set theuserPatternArray attribute as follows:as follows:

userPatternArray="(uid={0},ou=foo,dc=mycompany,dc=com):(uid={0},ou=bar,dc=mycompany,dc=com)as follows:

Contrary to what I deduct from the manual and the above, I found in Tomcat 6.0.18 that it's the parameter userPattern, not userPatternArray that needs to be set with a colon-separated list.

Try this instead:

<Realm
    className="org.apache.catalina.realm.JNDIRealm"  debug="99"
    connectionName="cn=administrator,ou=users,dc=Filenet,dc=com"
    connectionPassword="Password"
    connectionURL="ldap://localhost:389"
    userPattern="(cn={0},ou=sales,dc=Filenet,dc=com)(cn={0},ou=users,dc=Filenet,dc=com)"
    roleBase="ou=groups,dc=Filenet,dc=com"
    roleName="cn"
    roleSearch="(member={0})"/>

继续阅读:jnditomcat

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9