Tomcat LDAP User Auth

398 views Asked by At

What I need to know: is it possible to authenticate my Tomcat-Users via two completly different Acitve Directories? So that my Tomcat looks for the credentials in both ADs at the same time? And if its possible, how? Can I just configure them as two realms?

What I tried: Googled a lot, didn't get a satisfying answer. Sadly I do not have a testing environment

3

There are 3 answers

1
jwilleke On

You should try "Using CombinedRealm gives the developer the ability to combine multiple Realms of the same or different types."

https://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html#CombinedRealm

2
user207421 On

Yes. Define a JAAS realm, with two LoginModules, either of which is 'sufficient', in the language of JAAS. Each LoginModule should talk to one of the AD servers. There's quite a bit in this, but it's doable.

0
Michael-O On

If you are in a forest or the hosts have a cross-realm trust, use Kerberos: http://tomcatspnegoad.sourceforge.net/