LDAP support, active directory


With the recent release of 4.1.5 (with support for ACLs on groups), we tried to use the LDAP security support to use this.

We turned on LDAP security successfully, and configured it (serverType=“ActiveDirectory”, and appropriate changes to serverHost, personBindDn, groupBindDn for out Active Directory server).

It works, however, there is one major problem: to log in, the user has to use their cn (cn attribute) rather than their login name - for me, this means I log in as “Michael Smith” instead of “msmith”.

Is there any way to change this behaviour in the current version, or, if not, are there plans to fix this in the near future?



Hi Michael,

with the undocumented server parameter ‘userIdField’ the TWS can be configured to use a different LDAP logon attribute (e.g. userIdField=“uid”). This parameter can be defined as Realm parameter in the …\Tamino WebDav Server 4.1.5\jakarta-tomcat\conf\server.xml file. But be aware, this parameter is not an official, documented feature of the TWS.

kind regards,

Eckehard Hermann
Software AG R&D

Hi Eckehard,

Unfortunately, this doesn’t do what we need. This URL describes how to setup tomcat’s standard JNDI/LDAP Realm implementation to authenticate against Active Directory. We need to be able to configure this similarly.


The key part of this is that this sets it up to bind as a fixed user, and searches for the appropriate username via LDAP, doing a search on a particular attribute, rather than binding as the user connecting (which, with Active Directory, appears to require using the full username of the user, not just the login name).


Hello Michael,

we have the same problem with Active Directory integration, currently.

The JNDIRealm offers more configuration parameters (e.g. userBase, userSubtree, userSearch) for this task.

Are there any news on this issue ?

Roland Betz