On 6/4/07, Emmanuel Lecharny <[EMAIL PROTECTED]> wrote:
Enrique Rodriguez a écrit : > > Where are you putting that value and what exception are you getting?It's in server.xml : beans> <bean id="environment" class="org.springframework.beans.factory.config.PropertiesFactoryBean"> <property name="properties"> <props> <!-- JNDI security properties used to get initial contexts. --> <prop key="java.naming.security.authentication">simple</prop> <prop key="java.naming.security.principal">uid=admin,ou=system</prop> ... This is a warning, but when you get it in the console, you immediatly think that something is wrong (hopefully, this user is bound, because later in the chain threr is the handleSimple class which deal with this user).
The security.principal set in the props bean is only used for when the LDAP protocol provider binds to the back-end, ie it is for internal binds. The Kerberos service principal in question is for the LDAP protocol provider to "run as" during secure connections over the wire to the user's LDAP client, ie the bind from the user's perspective. Though the security.principal DN can have Kerberos service credentials and thus be used for the server-side of GSSAPI, it doesn't need to be. In fact, in a multi-realm scenario you will want the LDAP protocol to switch the server-side service principal, in which case you'll have to have more than one DN with Kerberos credentials, each with its own service principal name. Enrique
