[
https://issues.apache.org/jira/browse/GERONIMO-4513?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12735493#action_12735493
]
David Jencks commented on GERONIMO-4513:
----------------------------------------
Any chance you could supply a patch, at least for the login module? Working on
this would be 10X easier for someone who already has ldap set up.
> LDAP Realm Improvements
> -----------------------
>
> Key: GERONIMO-4513
> URL: https://issues.apache.org/jira/browse/GERONIMO-4513
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security
> Affects Versions: 2.1.3
> Reporter: Jürgen Weber
> Priority: Blocker
> Fix For: 2.2
>
>
> I suggest several important improvements to the LDAP Realm, generally LDAP
> Realm should support the features of Tomcat's JNDIRealm
> (http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html#JNDIRealm)
> 1. a plan should be deployable from the console
> 2. LDAP Realm should allow anonymous bind (this is cause for "blocker")
> 3. I guess "User Role Search String" means a user attribute the role names
> are taken from (same as Tomcat's userRoleName property). If this is set, all
> other role-related attributes should not be necessary. Generally, it should
> not be necessary to have role-related attributes at all, if you only want the
> users to log in, but have <role-name>*</role-name>
> 4. if "Role User Search String" is empty, there is the wrong error message
> "option-roleSearchMatching must not be empty"
> There is no Role SearchMatching on the dialog
> 5. On the Test Results page: if the test fails, there is only
> Login Failed: LDAP Error
> There should also be the error message and even stacktrace (right now
> it's in the server log)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
