To use JNDIRealm with Netscape Directory server you need the 4.1.X
series of tomcat and you need to bind as the user. So do not provide
connectionName and connection password.
In the 4.0.X series the passwords are compared in an incompatible manner
with respect to Netscape Dir server.
- - wrote:
> hi
>
> This looks long but it's actually straightforward.
>
> I can't get the JNDIRealm config to work Netscape Directory Server 3.1.
>
> I suspect the conf. of the JNDIRealm elment is wrong but don't know why.
>
> I have a LDIF file exported from Netscape Directory Server 3.1 which define(loosely
>speaking)
>
> - an admin user that I use in JNDIRealm for initial connection
>
> - a sales person
>
> - a SalesGroup role which has sales person as a member
>
> Other stuff removed for clarity.
>
>
>
> dn: uid=admin,o=company.com
>
> objectclass: top
>
> objectclass: person
>
> objectclass: organizationalperson
>
> objectclass: inetorgperson
>
> cn: SuiteSpot Administrator
>
> sn: Administrator
>
> givenname: SuiteSpot
>
> uid: admin
>
> userpassword: {SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=
>
>
>
>
>
> dn: uid=salesID,o=company.com
>
> objectclass: top
>
> objectclass: person
>
> objectclass: organizationalPerson
>
> objectclass: inetOrgPerson
>
> objectclass: nsLicenseUser
>
> givenname: salesFir
>
> sn: salesSur
>
> cn: salesFul
>
> uid: salesID
>
> userpassword: {SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=
>
>
>
>
>
> dn: cn=SalesGroup,o=company.com
>
> objectclass: top
>
> objectclass: groupOfUniqueNames
>
> cn: SalesGroup
>
> uniquemember: uid=salesID,o=company.com
>
>
>
> So my JNDIRealm config is,
>
> <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
>
> connectionName="uid=admin,o=company.com"
>
> connectionPassword="password"
>
> connectionURL="ldap://localhost:390";
>
> roleName="cn"
>
> roleSearch="(uniquemember={0})"
>
> roleSubtree="true"
>
> userPassword="userpassword"
>
> userPattern="uid={0},o=company.com"
>
> />
>
> I have tried many combinations of patterns and attributes in the above configuration
>but none worked.
>
> The initial connection and authentication using admin seemed to work OK.
>
> But I can't get it to authenticate the sales person/salesGroup.
>
> I enter the salesID as the username and its password in the auth. dialog box
>
>
>
> web.xml has
>
>
>
> <security-constraint>
>
> <web-resource-collection>
>
> <web-resource-name>Sales</web-resource-name>
>
> <url-pattern>/jsp/SalesIndex.jsp</url-pattern>
>
> </web-resource-collection>
>
> <auth-constraint>
>
> <role-name>SalesGroup</role-name>
>
> </auth-constraint>
>
> </security-constraint>
>
> <login-config>
>
> <auth-method>DIGEST</auth-method>
>
> <realm-name>SID</realm-name>
>
> </login-config>
>
> <security-role>
>
> <role-name>SalesGroup</role-name>
>
> </security-role>
>
>
>
> Thanks very much
>
>
>
> ---------------------------------
> Do You Yahoo!?
> Yahoo! Health - Feel better, live better
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
