{"id":2541,"date":"2020-06-19T09:47:04","date_gmt":"2020-06-19T16:47:04","guid":{"rendered":"https:\/\/ephesoft.com\/docs\/?p=2541"},"modified":"2022-02-28T09:19:45","modified_gmt":"2022-02-28T16:19:45","slug":"kb00007629-using-combinedrealm-class-for-your-adldap-configuration","status":"publish","type":"post","link":"https:\/\/ephesoft.com\/docs\/kb00007629-using-combinedrealm-class-for-your-adldap-configuration\/","title":{"rendered":"Combined Realm for AD\/LDAP Limitations to Service"},"content":{"rendered":"

Applies to:\u00a0<\/b>All versions of Ephesoft Transact<\/span><\/p>\n

<\/a>Issue<\/span><\/h2>\n

In some cases, the group and users search in LDAP can\u2019t find users and groups unless there are specific context paths entered in the configuration. This required listing all organizational units (OU) that contain the authorized users and groups.<\/span><\/p>\n

Combined realms are used particularly when you have multiple OUs that need to be looked at to authenticate your users. Because the Global Catalog port (Port 3268) in Active Directory is only used for following referrals to the common name (CN) description of a user account, the normal LDAP port (Port 389) could cause issues later on.<\/span><\/p>\n

<\/a>Root Cause<\/span><\/h2>\n

Limitations to the service which is not able to follow referrals down to the lowest sub-organizational unit.<\/span><\/p>\n

<\/a>Solution<\/strong><\/span><\/h2>\n

To resolve this issue, you will need to set up combined realms in Apache Tomcat.<\/span><\/p>\n

    \n
  1. Open the server.xml <\/strong>file located at [Transact Install Directory<\/em>]\\JavaAppServer\\conf\\server.xml.<\/span><\/li>\n
  2. Add the following to the server.xml <\/strong>file around the current realm configuration for LDAP, in order for the role base to match any group membership:<\/span><\/li>\n<\/ol>\n
    <Realm class Name=\"org.apache.catalina.realm.CombinedRealm\"><\/Realm><\/span><\/pre>\n
      \n
    1. Then add another realm configuration after the already existing realm setting. In the second realm setting, add the secondary OU location you would like Apache Tomcat to identify and authenticate both your users and groups.<\/span><\/li>\n<\/ol>\n
      Example:<\/strong><\/span><\/p>\n
      <Realm class Name=\"org.apache.catalina.realm.CombinedRealm\">\r\n<Realm className=\"org.apache.catalina.realm.JNDIRealm\"\r\nconnectionURL=\"ldap:\/\/<AD ServerName\/IP><\/em><\/strong>:389\"\r\nconnectionName=\"cn=User,OU=Service Accounts,DC=Test,DC=Ephesoft,DC=com\"\r\nconnectionPassword=\"P@ssw0rd\" userPattern=\"cn={0},OU=DomainUsersLocation1,DC=Test,DC=Ephesoft,DC=com<\/strong>\r\nroleBase=\"OU=SecurityGroupsLocation1,DC=Test,DC=Ephesoft,DC=com\"<\/strong>\r\nroleSubtree=\"true\"\r\nroleName=\"cn\"\r\nroleSearch=\"uniqueMember={0}\"\r\n\/>\r\n\r\n<Realm className=\"org.apache.catalina.realm.JNDIRealm\"\r\nconnectionURL=\"ldap:\/\/<AD ServerName\/IP>:389\"\r\nconnectionName=\"cn=User,OU=Service Accounts,DC=Test,DC=Ephesoft,DC=com\"\r\nconnectionPassword=\"P@ssw0rd\"\r\nuserPattern=\"cn={0},OU=DomainUsersLocation2,DC=Test,DC=Ephesoft,DC=com<\/strong>\r\nroleBase=\"OU=SecurityGroupsLocation2,DC=Test,DC=Ephesoft,DC=com\"<\/strong>\r\nroleSubtree=\"true\"\r\nroleName=\"cn\"\r\nroleSearch=\"uniqueMember={0}\"\r\n\/>\r\n<\/Realm><\/strong><\/span><\/pre>\n
      This configuration only needs to be used if you are not able to use the Global Catalog Port in Active Directory. You will need to follow the instructions for setting up AD at the OU level. Refer to How to Configure Active Directory using the Standard LDAP Port<\/span> <\/a>for more information.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"
      Applies to:\u00a0All versions of Ephesoft Transact Issue In some cases, the group and users search in LDAP can\u2019t find users […]<\/p>\n","protected":false},"author":62,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12338,12339],"tags":[729,366,1430,382,383,728,367],"yoast_head":"\nCombined Realm for AD\/LDAP Limitations to Service | Ephesoft Docs<\/title>\n<meta name=\"robots\" content=\"noindex, follow\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Combined Realm for AD\/LDAP Limitations to Service\" \/>\n<meta property=\"og:description\" content=\"Applies to:\u00a0All versions of Ephesoft Transact Issue In some cases, the group and users search in LDAP can\u2019t find users […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/ephesoft.com\/docs\/kb00007629-using-combinedrealm-class-for-your-adldap-configuration\/\" \/>\n<meta property=\"og:site_name\" content=\"Ephesoft Docs\" \/>\n<meta property=\"article:published_time\" content=\"2020-06-19T16:47:04+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-02-28T16:19:45+00:00\" \/>\n<meta name=\"author\" content=\"Breanna Fitzgerald\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Breanna Fitzgerald\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/ephesoft.com\/docs\/kb00007629-using-combinedrealm-class-for-your-adldap-configuration\/\",\"url\":\"https:\/\/ephesoft.com\/docs\/kb00007629-using-combinedrealm-class-for-your-adldap-configuration\/\",\"name\":\"Combined Realm for AD\/LDAP Limitations to Service | Ephesoft Docs\",\"isPartOf\":{\"@id\":\"https:\/\/ephesoft.com\/docs\/#website\"},\"datePublished\":\"2020-06-19T16:47:04+00:00\",\"dateModified\":\"2022-02-28T16:19:45+00:00\",\"author\":{\"@id\":\"https:\/\/ephesoft.com\/docs\/#\/schema\/person\/d74c698404588430489bf05dfdf4bedd\"},\"breadcrumb\":{\"@id\":\"https:\/\/ephesoft.com\/docs\/kb00007629-using-combinedrealm-class-for-your-adldap-configuration\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/ephesoft.com\/docs\/kb00007629-using-combinedrealm-class-for-your-adldap-configuration\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/ephesoft.com\/docs\/kb00007629-using-combinedrealm-class-for-your-adldap-configuration\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/ephesoft.com\/docs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Combined Realm for AD\/LDAP Limitations to Service\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/ephesoft.com\/docs\/#website\",\"url\":\"https:\/\/ephesoft.com\/docs\/\",\"name\":\"Ephesoft Docs\",\"description\":\"Intelligent Document Processing Made Easy\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/ephesoft.com\/docs\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/ephesoft.com\/docs\/#\/schema\/person\/d74c698404588430489bf05dfdf4bedd\",\"name\":\"Breanna Fitzgerald\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/ephesoft.com\/docs\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/e0624b0af4f5f3caa370053f6eef54c8?s=96&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/e0624b0af4f5f3caa370053f6eef54c8?s=96&r=g\",\"caption\":\"Breanna Fitzgerald\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Combined Realm for AD\/LDAP Limitations to Service | Ephesoft Docs","robots":{"index":"noindex","follow":"follow"},"og_locale":"en_US","og_type":"article","og_title":"Combined Realm for AD\/LDAP Limitations to Service","og_description":"Applies to:\u00a0All versions of Ephesoft Transact Issue In some cases, the group and users search in LDAP can\u2019t find users […]","og_url":"https:\/\/ephesoft.com\/docs\/kb00007629-using-combinedrealm-class-for-your-adldap-configuration\/","og_site_name":"Ephesoft Docs","article_published_time":"2020-06-19T16:47:04+00:00","article_modified_time":"2022-02-28T16:19:45+00:00","author":"Breanna Fitzgerald","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Breanna Fitzgerald","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/ephesoft.com\/docs\/kb00007629-using-combinedrealm-class-for-your-adldap-configuration\/","url":"https:\/\/ephesoft.com\/docs\/kb00007629-using-combinedrealm-class-for-your-adldap-configuration\/","name":"Combined Realm for AD\/LDAP Limitations to Service | Ephesoft Docs","isPartOf":{"@id":"https:\/\/ephesoft.com\/docs\/#website"},"datePublished":"2020-06-19T16:47:04+00:00","dateModified":"2022-02-28T16:19:45+00:00","author":{"@id":"https:\/\/ephesoft.com\/docs\/#\/schema\/person\/d74c698404588430489bf05dfdf4bedd"},"breadcrumb":{"@id":"https:\/\/ephesoft.com\/docs\/kb00007629-using-combinedrealm-class-for-your-adldap-configuration\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/ephesoft.com\/docs\/kb00007629-using-combinedrealm-class-for-your-adldap-configuration\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/ephesoft.com\/docs\/kb00007629-using-combinedrealm-class-for-your-adldap-configuration\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/ephesoft.com\/docs\/"},{"@type":"ListItem","position":2,"name":"Combined Realm for AD\/LDAP Limitations to Service"}]},{"@type":"WebSite","@id":"https:\/\/ephesoft.com\/docs\/#website","url":"https:\/\/ephesoft.com\/docs\/","name":"Ephesoft Docs","description":"Intelligent Document Processing Made Easy","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/ephesoft.com\/docs\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/ephesoft.com\/docs\/#\/schema\/person\/d74c698404588430489bf05dfdf4bedd","name":"Breanna Fitzgerald","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/ephesoft.com\/docs\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/e0624b0af4f5f3caa370053f6eef54c8?s=96&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e0624b0af4f5f3caa370053f6eef54c8?s=96&r=g","caption":"Breanna Fitzgerald"}}]}},"_links":{"self":[{"href":"https:\/\/ephesoft.com\/docs\/wp-json\/wp\/v2\/posts\/2541"}],"collection":[{"href":"https:\/\/ephesoft.com\/docs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ephesoft.com\/docs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ephesoft.com\/docs\/wp-json\/wp\/v2\/users\/62"}],"replies":[{"embeddable":true,"href":"https:\/\/ephesoft.com\/docs\/wp-json\/wp\/v2\/comments?post=2541"}],"version-history":[{"count":3,"href":"https:\/\/ephesoft.com\/docs\/wp-json\/wp\/v2\/posts\/2541\/revisions"}],"predecessor-version":[{"id":50405,"href":"https:\/\/ephesoft.com\/docs\/wp-json\/wp\/v2\/posts\/2541\/revisions\/50405"}],"wp:attachment":[{"href":"https:\/\/ephesoft.com\/docs\/wp-json\/wp\/v2\/media?parent=2541"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ephesoft.com\/docs\/wp-json\/wp\/v2\/categories?post=2541"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ephesoft.com\/docs\/wp-json\/wp\/v2\/tags?post=2541"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}