Sunday, March 6, 2011

how to retrieve additional LDAP data fields via Tomcat ( getRemoteUser gives just name)

Hi,

I have configured Tomcat to use LDAP / AD.

How can I get more details about the logged in user, the userid is returned by request.getRemoteUser() but not the full name that I need.

how do I get the actual "displayName" (full name) from AD ?

I am using ldap/activedirectory/tomcat 5.5

From stackoverflow
  • You will need to directly query your LDAP directory to get further information on the user.

  • I suppose the configuration of tomcat with LDAP/AD is about logins (e.g. the Realm). Therefor Natalia is correct: You'll have to query your LDAP-Server for more info. The comment field is too short for this comment, so I've opted for another answer, stating the same.

    The reason for this is, that the Realm interface provides a Principal, that just contains the username and the possibility to query, if the current user is in a given role (it doesn't even provide all the roles that a principal is in). This is sufficient for the purposes of getting access restrictions based on URLs into web.xml. It does not aim at being your central point of contact with everything that is stored in your user database.

    If you don't use the user-id but just want it substituted by the full user name, you can easily write your own LDAP Realm by looking at the tomcat installation, creating a new Realm implementation and adding a jar with this implementation to TOMCAT_HOME/lib (for Tomcat 6.0). Of course you need to reference this implementation from your TOMCAT_HOME/conf/server.xml instead of the standard tomcat implementation.

0 comments:

Post a Comment