嘿伙计们, 我必须满足用户之间的第二个区别。我刚刚粘贴了 JNDIRealm 给出的示例
dn: uid=jjones,ou=people,dc=mycompany,dc=com
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
connectionName="cn=Manager,dc=mycompany,dc=com"
connectionPassword="secret"
connectionURL="ldap://localhost:389"
userPassword="userPassword"
userPattern="uid={0},ou=people,dc=mycompany,dc=com"
roleBase="ou=groups,dc=mycompany,dc=com"
roleName="cn"
roleSearch="(uniqueMember={0})"
/>
已更改
dn: uid=jjones,ou=people,dc=mycompany,dc=com
dn: uid=jjones,ou=robots,dc=mycompany,dc=com
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
connectionName="cn=Manager,dc=mycompany,dc=com"
connectionPassword="secret"
connectionURL="ldap://localhost:389"
userPassword="userPassword"
userPattern="uid={0},ou={0},dc=mycompany,dc=com"
roleBase="ou=groups,dc=mycompany,dc=com"
roleName="cn"
roleSearch="(uniqueMember={0})"
/>
这个调整是否可以满足我启用二次区分的要求? 我不知道“{0}”是否有效,或者是否必须将其更改为“{1}”。
当我定义了“userPattern”属性时,我真的不需要“userBase”属性吗?
最佳答案
解决方案是 userPatternArray
如下:
Sometimes it is necessary for users from different organizational units to have access to Code Collaborator. If you are using direct-bind configuration using the userPattern attribute, you can change the configuration to use userPatternArray instead where the value is a colon-separated list of user patterns. For example, if there are users in ou=foo,dc=mycompany,dc=com and ou=bar,dc=mycompany,dc=com identified by their uid attribute, you can set theuserPatternArray attribute as follows:as follows:
userPatternArray="(uid={0},ou=foo,dc=mycompany,dc=com):(uid={0},ou=bar,dc=mycompany,dc=com)as follows:
关于tomcat - 为 JNDIRealm 创建 userPattern,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/3830722/