Reputation: 6707
ldap authentication to AD works for groups except "domain users"
ldap authentication to AD works for groups except "domain users" - Is this issue with whitespace? ( apache6 )
Do I need to edit this row somehow to support whitespacE?
roleSearch="(member={0})"
Upvotes: 0
Views: 341
Answers (1)
Reputation: 532465
User objects aren't typically added to Domain Users. It's usually marked as their primary group in the user object. I would avoid using membership in Domain Users for role-based security as it will complicate any role provider that you need to write. For most purposes, membership in Domain Users simply means that you have an account in the domain. This can easily be checked by doing a lookup on the user object itself. I've only had one situation in which I've used Domain Users -- this was in a Windows login access solution -- and that was as a fallback to keep using our group-based access when the original group management scheme broke down for political reasons.
Upvotes: 1
Related Questions
- Configuring Tomcat to authenticate using Windows Active Directory
- Tomcat 7.0.14 LDAP authentication
- Java ldap authentication issue
- Setup Tomcat to use LDAP user from a specific group
- Tomcat LDAP User Auth
- LDAP (JNDI Realm) authentication with apache tomcat 7
- How do I set up Tomcat with authentication in LDAP?
- Can not add user to a group with Ldap in Java
- How to configure Tomcat 5.5 to authenticate against Win2003 Activedirectory(LDAP)
- Apache/Tomcat - LDAP Authentication based on AD Group Membership