问题
What I need to know: is it possible to authenticate my Tomcat-Users via two completly different Acitve Directories? So that my Tomcat looks for the credentials in both ADs at the same time? And if its possible, how? Can I just configure them as two realms?
What I tried: Googled a lot, didn't get a satisfying answer. Sadly I do not have a testing environment
回答1:
Yes. Define a JAAS realm, with two LoginModules, either of which is 'sufficient', in the language of JAAS. Each LoginModule should talk to one of the AD servers. There's quite a bit in this, but it's doable.
回答2:
You should try "Using CombinedRealm gives the developer the ability to combine multiple Realms of the same or different types."
https://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html#CombinedRealm
回答3:
If you are in a forest or the hosts have a cross-realm trust, use Kerberos: http://tomcatspnegoad.sourceforge.net/
来源:https://stackoverflow.com/questions/30750453/tomcat-ldap-user-auth