LDAP Realm Improvements
-----------------------
Key: GERONIMO-4513
URL: https://issues.apache.org/jira/browse/GERONIMO-4513
Project: Geronimo
Issue Type: Bug
Security Level: public (Regular issues)
Components: security
Affects Versions: 2.1.3
Reporter: Jürgen Weber
Priority: Blocker
Fix For: 2.2
I suggest several important improvements to the LDAP Realm, generally LDAP
Realm should support the features of Tomcat's JNDIRealm
(http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html#JNDIRealm)
1. a plan should be deployable from the console
2. LDAP Realm should allow anonymous bind (this is cause for "blocker")
3. I guess "User Role Search String" means a user attribute the role names are
taken from (same as Tomcat's userRoleName property). If this is set, all other
role-related attributes should not be necessary. Generally, it should not be
necessary to have role-related attributes at all, if you only want the users to
log in, but have <role-name>*</role-name>
4. if "Role User Search String" is empty, there is the wrong error message
"option-roleSearchMatching must not be empty"
There is no Role SearchMatching on the dialog
5. On the Test Results page: if the test fails, there is only
Login Failed: LDAP Error
There should also be the error message and even stacktrace (right now it's
in the server log)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
