"Rick Maddy" wrote in message
news:3ee9eccc$1@newsgroups.bea.com...
>
> I am trying to configure WLS 8.1 to use LDAP for

authentication/authorization.
> I have the basics working so now I am trying to move to the next hurdle.
>
> We are building a single webapp that will serve several different

companies. The
> main difference will be that the look and feel will be branded for each

company
> so when a user logs in to the app via a URL such as foo.domain.com they

see the
> "foo" branding and using bar.domain.com will see the "bar" branding.

Simple so
> far. The real problem is that we will be adding new companies over time

and we
> need to allow two users from two different companies to have the same

userid.
>
> How can I setup LDAP in WLS 8.1 so I can use a different "User Base DN"

depending
> on the company the user appears to be coming from? I need this for both

authentication
> and authorization.
>


It sounds like you need multiple realm support in additional to virtual host
support. WLS
currently only supports one realm activate at a time.

> - Maybe a custom LDAP realm? Where to begin?


You might be able to do this with a custom provider, but I am not sure if
you can
get at the original URL in the login module.

> - How about the "User From Name Filter" field in the console? It seems to

take
> a %u variable for the username. Are there any other variables I can use?


You can use %u for username, %g for group, but I don't think they are going
to help
you.

> - Do I create a different authenticator for each company? If so, how do I

resolve
> one authenticator saying username/password is valid and other says it

isn't? Then
> how do I use the correct authorizer for that user?


You can use the control flags to specify the behavior of the login modules.
But unless
your usernames are scoped, then it could succeed in one provider when you
really
want it to go to the other provider.