{"id":2541,"date":"2020-06-19T09:47:04","date_gmt":"2020-06-19T16:47:04","guid":{"rendered":"https:\/\/ephesoft.com\/docs\/?p=2541"},"modified":"2022-02-28T09:19:45","modified_gmt":"2022-02-28T16:19:45","slug":"kb00007629-using-combinedrealm-class-for-your-adldap-configuration","status":"publish","type":"post","link":"https:\/\/ephesoft.com\/docs\/kb00007629-using-combinedrealm-class-for-your-adldap-configuration\/","title":{"rendered":"Combined Realm for AD\/LDAP Limitations to Service"},"content":{"rendered":"
Applies to:\u00a0<\/b>All versions of Ephesoft Transact<\/span><\/p>\n In some cases, the group and users search in LDAP can\u2019t find users and groups unless there are specific context paths entered in the configuration. This required listing all organizational units (OU) that contain the authorized users and groups.<\/span><\/p>\n Combined realms are used particularly when you have multiple OUs that need to be looked at to authenticate your users. Because the Global Catalog port (Port 3268) in Active Directory is only used for following referrals to the common name (CN) description of a user account, the normal LDAP port (Port 389) could cause issues later on.<\/span><\/p>\n Limitations to the service which is not able to follow referrals down to the lowest sub-organizational unit.<\/span><\/p>\n To resolve this issue, you will need to set up combined realms in Apache Tomcat.<\/span><\/p>\n Example:<\/strong><\/span><\/p>\n This configuration only needs to be used if you are not able to use the Global Catalog Port in Active Directory. You will need to follow the instructions for setting up AD at the OU level. Refer to How to Configure Active Directory using the Standard LDAP Port<\/span> <\/a>for more information.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":" Applies to:\u00a0All versions of Ephesoft Transact Issue In some cases, the group and users search in LDAP can\u2019t find users […]<\/p>\n","protected":false},"author":62,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12338,12339],"tags":[729,366,1430,382,383,728,367],"yoast_head":"\n<\/a>Issue<\/span><\/h2>\n
<\/a>Root Cause<\/span><\/h2>\n
<\/a>Solution<\/strong><\/span><\/h2>\n
\n
<Realm class Name=\"org.apache.catalina.realm.CombinedRealm\"><\/Realm><\/span><\/pre>\n
\n
<Realm class Name=\"org.apache.catalina.realm.CombinedRealm\">\r\n<Realm className=\"org.apache.catalina.realm.JNDIRealm\"\r\nconnectionURL=\"ldap:\/\/<AD ServerName\/IP><\/em><\/strong>:389\"\r\nconnectionName=\"cn=User,OU=Service Accounts,DC=Test,DC=Ephesoft,DC=com\"\r\nconnectionPassword=\"P@ssw0rd\" userPattern=\"cn={0},OU=DomainUsersLocation1,DC=Test,DC=Ephesoft,DC=com<\/strong>\r\nroleBase=\"OU=SecurityGroupsLocation1,DC=Test,DC=Ephesoft,DC=com\"<\/strong>\r\nroleSubtree=\"true\"\r\nroleName=\"cn\"\r\nroleSearch=\"uniqueMember={0}\"\r\n\/>\r\n\r\n<Realm className=\"org.apache.catalina.realm.JNDIRealm\"\r\nconnectionURL=\"ldap:\/\/<AD ServerName\/IP>:389\"\r\nconnectionName=\"cn=User,OU=Service Accounts,DC=Test,DC=Ephesoft,DC=com\"\r\nconnectionPassword=\"P@ssw0rd\"\r\nuserPattern=\"cn={0},OU=DomainUsersLocation2,DC=Test,DC=Ephesoft,DC=com<\/strong>\r\nroleBase=\"OU=SecurityGroupsLocation2,DC=Test,DC=Ephesoft,DC=com\"<\/strong>\r\nroleSubtree=\"true\"\r\nroleName=\"cn\"\r\nroleSearch=\"uniqueMember={0}\"\r\n\/>\r\n<\/Realm><\/strong><\/span><\/pre>\n