Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>According to <a href="http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html#JNDIRealm" rel="nofollow noreferrer">Realm Configuration HOW-TO</a>, </p> <blockquote> <p>The directory realm supports two approaches to the representation of roles in the directory:</p> <ul> <li><strong>Roles as explicit directory entries</strong><br>Roles may be represented by explicit directory entries. A role entry is usually an LDAP group entry with one attribute containing the name of the role and another whose values are the distinguished names or usernames of the users in that role. The following attributes configure a directory search to find the names of roles associated with the authenticated user:</li> </ul> <blockquote> <ul> <li><code>roleBase</code> - the base entry for the role search. If not specified, the search base is the top-level directory context.</li> <li><code>roleSubtree</code> - the search scope. Set to <code>true</code> if you wish to search the entire subtree rooted at the <code>roleBase</code> entry. The default value of <code>false</code> requests a single-level search including the top level only.</li> <li><code>roleSearch</code> - the LDAP search filter for selecting role entries. It optionally includes pattern replacements "<code>{0}</code>" for the distinguished name and/or "<code>{1}</code>" for the username of the authenticated user.</li> <li><code>roleName</code> - the attribute in a role entry containing the name of that role</li> </ul> </blockquote> <ul> <li><strong>Roles as an attribute of the user entry</strong><br> Role names may also be held as the values of an attribute in the user's directory entry. Use <code>userRoleName</code> to specify the name of this attribute.</li> </ul> <p>A combination of both approaches to role representation may be used.</p> </blockquote> <p>So one way is to use an attribute if you have something appropriate. There are tools out there that can do "mass update" or "bulk modify" of AD attributes. If you don't want to contaminate the AD is to wrap it around with ADAM. You can create proxy objects in ADAM that points to AD users and either add attributes in ADAM. See <a href="http://technet.microsoft.com/en-us/library/cc758386.aspx" rel="nofollow noreferrer">Understanding ADAM bind redirection</a> for more info.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload