[jira] Commented: (GERONIMO-5125) Enable connecting to a ldap server anonymously on console

Wed, 24 Feb 2010 01:02:58 -0800 

    [ 
https://issues.apache.org/jira/browse/GERONIMO-5125?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12837695#action_12837695
 ] 

Jürgen Weber commented on GERONIMO-5125:
----------------------------------------

> It appears to me that no one would ever want to use anonymously LDAP access 
> in production though.

a) if you only want to check if the user has entered a valid password it is 
good practice to bind with the user's credentials, without having the need of a 
technical user.

b) an organisation might well keep the users' roles within the user entries, so 
one immediately gets the roles without having to traverse a role tree. So 
again, one can bind with the user's credentials.
Tomcat supports this pattern, see the userRoleName attribute, don't know if 
Geronimo does.

> Enable connecting to a ldap server anonymously on console
> ---------------------------------------------------------
>
>                 Key: GERONIMO-5125
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-5125
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: console
>    Affects Versions: 2.2
>         Environment: OS:windows 7
> Geronimo:2.1.5-SNAPSHOT
>            Reporter: Lu Jiang
>
> After resorving GERONIMO-4997 
> ,https://issues.apache.org/jira/browse/GERONIMO-4997 ,Connecting to a ldap 
> server anonymous is actually supported.
> But we can not generate a security realm file on console wizard if we try to 
> connect the ldap server anonymously
> Steps to reproduce:
> 1. click Security->Security Realms->Add new security realm
> 2.Enter a unique name for the relam file and choose LDAP Realm,click next.
> 3.input all useful information like connectionURL,userBase,etc..according to 
> your ldap server configuration.but Leave the input box for Connect Username 
> and Connect password blank,then click next.
> An waring box will occur saying:option-ConnectionUsername must not be 
> empty.And I cann't generate a realm file successfully if no user name and 
> password is provided.
> I think since we can connect to it in an anonymous way.It's not a must to 
> provide user name and password on console.It would be  better to  provide a 
> way to enable this :)

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to