Lotus Domino

<Realm
   className="org.apache.catalina.realm.JNDIRealm" 
   debug="99"
   connectionURL="ldap://ldap.company.com:389"
   roleSearch="(member={0})" 
   roleName="cn"
   userSearch="(cn={0})" />

Oracle Internet Directory (OID)

<Realm
   className="org.apache.catalina.realm.JNDIRealm" 
   debug="99"
   connectionURL="ldap://ldap.company.com:389"
   roleBase="cn=Groups,dc=company,dc=com"
   roleSearch="(uniquemember={0})" 
   roleName="cn"
   userBase="cn=Users,dc=company,dc=com"
   userSearch="(uid={0})" />

Microsoft Active Directory

<Realm
   className="org.apache.catalina.realm.JNDIRealm" 
   debug="99"
   connectionURL="ldap://ldap.company.com:3268"
   authentication="simple"
   referrals="follow"
   connectionName="cn=LDAPUser,ou=Service Accounts,dc=company,dc=com"
   connectionPassword="VerySecretPassword" 
   userSearch="(sAMAccountName={0})"
   userBase="dc=company,dc=com" 
   userSubtree="true"
   roleSearch="(member={0})" 
   roleName="cn" 
   roleSubtree="true"
   roleBase="dc=company,dc=com" />

The port number (3268) connects to the global catalog. This is important because 389 might throw errors when getting referrals. (It sends a referral to ldap://company.com:389.) With this setting we don't have to change anything in /etc/hosts.

For a reference on startTLS, see Self:JNDI_startTLs_HowTo 

  • No labels