Tomcat 6 webapp authentication against AD


Tested on RHEL6

Add the following in /etc/tomcat6/server.xml (before the ending host tag) :

<realm userbase="ou=users,dc=intranet,dc=example,dc=org" referrals="follow" connectionpassword="password" usersubtree="true" connectionurl="ldap://" rolebase="ou=users,dc=intranet,dc=example,dc=org" classname="org.apache.catalina.realm.JNDIRealm" rolesubtree="true" authentication="simple" usersearch="(sAMAccountName={0})" connectionname="username" debug="99" rolename="cn" rolesearch="(member={0})"></realm>

Add your users to the group (role in Tomcat terms, which we’ll call “myapplication” in this example) in AD.

Now edit /etc/tomcat6/tomcat-users.xml with the users :

<user name="user01" roles="myapplication"></user>

So here we have a group “myapplication” (matching query ‘roleName=cn’) with member=user01

You webapp must be configured to require auth and define which roles are allowed, this is an example :

WEB-INF/web.xml :

      <web-resource-name>Entire Application</web-resource-name>


      The role allowed in the app

Thanks for reading this post!

Did you find an issue in this article?

- click on the following Github link
- log into Github with your account
- click on the line number containing the error
- click on the "..." button
- choose "Reference in new issue"
- add a title and your comment
- click "Submit new issue"

Your feedback is much appreciated! πŸ€œπŸΌπŸ€›πŸΌ

You can also drop me a line below!