James Shepherd

Tomcat LDAP with AD

I didn't find much on the web on getting tomcat to authenticate using Active Directory, so here is what I learned.
  1. Find a copy of ldp.exe for your version of Windows, google will find one for you. This lets you look at Active Directory from an LDAP perspective.
  2. Now you just have to figure out what to put in the Realm fragment:
<Realm className="org.apache.catalina.realm.JNDIRealm" 
debug="99"
connectionURL="ldap://my.domain.controller:389"
userBase="OU=myOU,DC=my,DC=dotted,DC=domain"
userSearch="(sAMAccountName={0})"
connectionName="CN=SomeGuestAccount,OU=myOU,DC=my,DC=dotted,DC=domain"
connectionPassword="guestAccountPassword"
userSubtree="true"
userRoleName="member"
roleBase="OU=myOtherOrSameOU,dc=my,dc=dotted,dc=domain"
roleName="cn"
roleSearch="(member={0})"
roleSubtree="true"/>


sAMAccountName is the entry for the (old) NT username. I found this the most reliable entry to use, but you may find another entry more obvious - use ldp.exe to figure it out - there are different ways to set up AD.