LDAP Structure

In this example, we have on Organizational Unit "analytics", containing Groups whose names must match Analytics role names.

  • ou=analytics
    • cn=analyticsConnect: connection right (mandatory)
    • cn=analyticsAdmin: super administrator rights. This role overpasses the other roles, that means that an analyticsAdmin role gives all the rights.
    • cn=analyticsParameterConsult: the user can consult the parameters (Administration menu)
    • cn=analyticsParameterAdmin: the user can modify the parameters (Administration menu)
    • cn=analyticsSessionConsult: the user can consult the sessions
    • cn=analyticsSessionAdmin: the user can administer the sessions (creation of session views)
    • cn=analyticsSessionAction: the user can manage the sessions (start, stop, restart, delete)
    • cn=analyticsRuntimeConsult: the user can consult the Runtimes
    • cn=analyticsRuntimeAdmin: the user can administer the Runtimes
    • cn=analyticsRepositoryConsult: the user can consult the repositories
    • cn=analyticsRepositoryAdmin: the user can administer the repositories

Tomcat Configuration

See this document: https://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html#JNDIRealm

In the "server.xml" file, declare the Realm for example like this:

<Realm   className="org.apache.catalina.realm.JNDIRealm"
connectionName="cn=admin,dc=stambia,dc=org" connectionPassword="abcdef"
connectionURL="ldap://" userPattern="mail={0},ou=stambia,ou=people,dc=stambia,dc=org"
roleNested ="true" roleName="cn"