Hi , we are trying to do the AD integration with
Tomcat 7. I have done the below , we have a AD role(Tomcat Development
Test Admins) set up and I can connect and see the AD group from Jexplorer using the bind account . However I am still getting 403 when trying to logon on manager application from my user which is part of AD group.
<Realm className="org.apache.catalina.realm.JNDIRealm"
debug="99"
connectionURL="ldaps://*****:636"
referrals="follow"
connectionName="CN=Tomcatsit,OU=Services,DC=**,DC=**,DC=*****,DC=**"
connectionPassword="******"
userBase="DC=***,DC=**,DC=**,DC=**"
userSubtree="true"
userSearch="(sAMAccountName={0})"
userRoleName="memberOf"
roleBase="DC=***,DC=**,DC=**,DC=**"
roleName="cn"
roleSubtree="true"
roleSearch="(member={0})"
/>
web.xml ( manager application)
<security-constraint>
<display-name>Integration Test Admins</display-name>
<web-resource-collection>
<web-resource-name>Tomcat Development Test Admins</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Tomcat Development Test Admins</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
====================