The active directory equivalent of "uid" in LDAP is samAccountName
(which is what user's type to log into a windows workstation).

------------------------------------------------------------------------
--------------------------
Marc Boorshtein
Sr. Software Engineer, Octet String
marc.boorshtein@(protected)
On Apr 29, 2004, at 8:25 PM, Chong Yu Meng wrote:

> Hi Paulo !
>
> What is the Active Directory equivalent of "uid" in LDAP ? I had the
> same problem as you previously, when I was preparing material for a
> Novell eDirectory course. The "canonical" method of structuring the
> directory (at least in my part of the world) was to use the CN (like
> your ActiveDirectory example). I have a write-up on this at :
> http://cymulacrum.net/writings/adv_tomcat/c487.html
>
> I suppose if you substitute the Active Directory equivalent for UID,
> you should be able to get it to work.
>
> Hope this helps!
>
> Regards,
> pascal chong
>
>
>
> Paulo Alvim wrote:
>
>> Hi!
>>
>> Is there anyone using MS ActiveDirectory with Tomcat 5?
>>
>> I could authenticate using:
>>
>> <Realm  className="org.apache.catalina.realm.JNDIRealm" debug="99"
>>  connectionURL="ldap://plcbhdc:389"
>>   userPattern="cn={0},cn=Users,dc=powerlogic"
>>   roleBase="cn=Users,dc=powerlogic"
>>   roleName="memberOf"
>>  roleSearch="(distinguishedName={0})" />
>>
>> ...but I had to use the full name (ex: Bill Gates) instead of the
>> login (ex:
>> gates).
>>
>> So I tried to use:
>>
>> <Realm  className="org.apache.catalina.realm.JNDIRealm" debug="99"
>>  connectionURL="ldap://plcbhdc:389"
>>   userBase="cn=Users,dc=powerlogic" userSearch="(sAMAccountName={0})"
>> userSubtree="true"
>>   roleBase="cn=Users,dc=powerlogic"
>>   roleName="memberOf"
>>  roleSearch="(distinguishedName={0})" />
>>
>> ... with lots of "userSearch" attributes such as "userPrincipalName",
>> "givenName", etc.. but It didn't work.
>>
>> I'm using the default ActiveDirectory installation...
>>
>> Any help?
>>
>> Thanks in advance!
>>
>> Paulo Alvim
>>
>> -----Mensagem original-----
>> De: Chong Yu Meng [mailto:chongym@(protected)]
>> Enviada em: domingo, 18 de abril de 2004 12:59
>> Para: Tomcat Users List
>> Assunto: [spam] Re: Authentification against NT Domain Controller
>>
>>
>> Hi Frank !
>>
>> I seem to remember ActiveDirectory being discussed here, on this
>> mailing
>> list. The good thing about ActiveDirectory is that, if you do not have
>> an overly complicated schema, you can use the LDAP subset to query the
>> directory (you need to do a fair bit of tweaking to get
>> ActiveDirectory
>> to output results in LDAP-compliant format though. I'm not an expert
>> on
>> ActiveDirectory, so I really cannot advise you on this).
>>
>> If you're using Windows NT as the PDC, I think you can't get the
>> Tomcat
>> realm to work with it (Please, somebody, tell me otherwise!).
>>
>> As for writing your own Realm implementation, unless you are a really
>> seasoned programmer, this can be a very daunting task. An easier way
>> is
>> to download and look at SecurityFilter. The example webapp has source
>> code that you can look at, and not get confused by it. I highly
>> recommend this to implementing your own realm. However, this still
>> does
>> not address the problem of extracting user credentials from a PDC.
>>
>> There is another solution : use Novell's DirXML product to do a
>> periodic
>> sync of data in Active Directory or NTLM into an LDAP directory, then
>> use the JNDI realm in Tomcat. This is not a free solution, and it does
>> require you to read up on another product, but this product is also
>> very
>> good for syncing data between different directories (OpenLDAP,
>> Netscape
>> Directory Server, Novell eDirectory, even flat files).
>>
>> Hope this helps !
>>
>>
>> Frank Schaare wrote:
>>
>>
>>> Hi,
>>>
>>> we´re building an Intranet application running on Tomcat 4.1.30
>>> (Client OS is Win2K). It would be very suitable to authentificate the
>>> users against the NT Domain Controller to avoid a second login.
>>>
>>> I searched this ML and Google but did not find very much about this
>>> theme.
>>>
>>> There is a SourceForce Project called NTDCRealm which seems to fit
>>> our
>>> needs, but has absolutely no documentation.
>>>
>>> Probably, we need to nest a custom NTDCRealm Tag in our WebApp
>>> context. To learn, how to do this, i searched the Tomcat
>>> documentation
>>>
>>>
>> (http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-
>> howto.html#Standard%2
>> 0Realm%20Implementations)
>>
>>> and again, there is a gap:
>>>
>>> "It is also possible to write your own Realm implementation, and
>>> integrate it with Tomcat 4. However, doing this is beyond the scope
>>> of
>>> this document. See (FIXME - reference to developer stuff) for more
>>> information."
>>>
>>> Here are my questions:
>>>
>>> Does this reference to developer stuff exist anywhere ?
>>> Does anyone ever made the NTDCRealm to work ?
>>> Does anyone knows another (documentatet) Implementation of NT
>>> authentification ?
>>>
>>> Any hints, links, documents about this theme are warmly welcome.
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
>>> For additional commands, e-mail: tomcat-user-help@(protected)
>>>
>>>
>>>
>>>
>>
>> --
>> A complex system that works is invariably found to have evolved from a
>> simple system that works.
>> +----------------------------------------------------------------+
>> | Pascal Chong                                  |
>> | email: chongym@(protected)                       |
>> |                                           |
>> | Please visit my site at : http://cymulacrum.net           |
>> | If you're using my documentation, please read the Terms and   |
>> | and Conditions at http://cymulacrum.net/terms.html         |
>> +----------------------------------------------------------------+
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
>> For additional commands, e-mail: tomcat-user-help@(protected)
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
>> For additional commands, e-mail: tomcat-user-help@(protected)
>>
>>
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
> For additional commands, e-mail: tomcat-user-help@(protected)
>


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)