Re: Working on patch (need feedback)
Gross, Jessica wrote: While using Tomcat and Active Directory, I found a small bug. Normally in LDAP, you escape certain special characters, one of which being the comma. This is done by DN=CN=Doe\, Jane, OU=unit, OU=People However, when I instructed Tomcat to search for roles by inserting the distinguished name, no results were found. This is because I found in Active Directory in an object filter you must put member=CN=Doe\\, Jane, OU=unit, OU=People or member=CN="Doe, Jane", OU=unit, OU=People Does: member=CN=Doe\2C Jane, OU=unit, OU=People Also works? I have written a patch that at the moment can implement either of those two fixes by encoding the filter. I have tried to find the answer at the LDAP specifications at http://rfc.sunsite.dk/rfc/rfc2253.html. Is this just Active Directory messing up? Does my fix seem reasonable? What is the best method to fix my problems and stay within LDAP specifications? Any feedback or suggestions are welcomed. Thanks, Jessica - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Re: Working on patch (need feedback)
Hello, You are receiving this message in follow-up to a report received by the EarthLink Abuse Department. You may have submitted this report to a number of addresses including but not limited to [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], or [EMAIL PROTECTED] Most reports of network abuse sent to this department fall into a few recognizable categories (spam, cracking, viruses, etc.). To increase efficiency, our filters scan incoming reports and attempt to determine the general type of issue being reported. We were not able to process your report because it does not appear to include the information needed for EarthLink Abuse to begin it's investigation. Evidence to Abuse should always include the IP address of the offending party and a valid timestamp, which includes time, date and timezone. To learn how to report spam so action is taken: http://spam.abuse.net/userhelp/howtocomplain.shtml To learn how to locate and interpret e-mail headers in your e-mail client: http://support.earthlink.net/support/TUTORIALS/email/mbx_interpret_headers.jsp Other useful lookup tools: http://samspade.org/ Once you have included the pertinent information needed, please resubmit your report, and include this autoresponse. Your report will then be reprocessed by our filters. However, you should expect to receive another auto-response after your resubmission is re-examined, but due to the large number of reports we receive, please understand that you may not receive a personal response. Our policies can be found at the following page: http://earthlink.net/about/policies/ Thanks, The EarthLink Abuse Staff >>http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16541 >>How close is the working JNDIRealm solution to being added? >I have never got an answer or comment to my added JNDIRealm* classes from an >tomcat-developer, so it looks like there isnt currently a developer assigned >to the JNDI authentication stuff. And i think we have no chances to get >anything of this into 4.1.25. >So maybe the currently only available solution for us, is to copy the >JNDIRealm source out of the tomcat sourcetree and use a self patched >version. This is what i currently do for my client-cert authentication >stuff. >Mario >- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Working on patch (need feedback)
>http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16541 >How close is the working JNDIRealm solution to being added? I have never got an answer or comment to my added JNDIRealm* classes from an tomcat-developer, so it looks like there isnt currently a developer assigned to the JNDI authentication stuff. And i think we have no chances to get anything of this into 4.1.25. So maybe the currently only available solution for us, is to copy the JNDIRealm source out of the tomcat sourcetree and use a self patched version. This is what i currently do for my client-cert authentication stuff. Mario - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Working on patch (need feedback)
I found the bug to which I am referring to is already posted at http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16541 It doesn't seem like it has generated any interest. I think it is rare for someone to encounter this bug do to the rarity of putting a comma within a attribute, but the fix to Tomcat seems easy. How close is the working JNDIRealm solution to being added? Jessica -Original Message- From: Mario Ivankovits [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 24, 2003 1:48 PM To: Tomcat Developers List Subject: Re: Working on patch (need feedback) Hello ! Look at http://nagoya.apache.org/bugzilla/show_bug.cgi?id=7831, there you will find a JNDIRealmCertAD -- Windows Active Directory and JNDIRealmCertOpenExchange -- (Maybe) Standard LDAP Maybe JNDIRealmCertAD already do the job for you. Maybe not, but then we do have a good starting point to build a all working JNDIRealm solution. Mario - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Working on patch (need feedback)
In LDAP, different attributes are separated by a comma, so you must distinguish when you use a comma in the middle of the attribute. This means a comma in the middle of the attribute must be escaped. Sorry for the confusion. Hope this clears it up. Jessica -Original Message- From: Shapira, Yoav [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 24, 2003 1:44 PM To: Tomcat Developers List Subject: RE: Working on patch (need feedback) Howdy, What about the other commas? I'm not that familiar with LDAP specs, so this may be a stupid question, but why are you escaping only the first comma? Yoav Shapira Millennium ChemInformatics >-Original Message- >From: Gross, Jessica [mailto:[EMAIL PROTECTED] >Sent: Tuesday, June 24, 2003 12:08 PM >To: [EMAIL PROTECTED] >Subject: Working on patch (need feedback) > >While using Tomcat and Active Directory, I found a small bug. Normally in >LDAP, you escape certain special characters, one of which being the comma. >This is done by > >DN=CN=Doe\, Jane, OU=unit, OU=People > >However, when I instructed Tomcat to search for roles by inserting the >distinguished name, no results were found. This is because I found in >Active Directory in an object filter you must put > >member=CN=Doe\\, Jane, OU=unit, OU=People or member=CN="Doe, Jane", >OU=unit, OU=People > >I have written a patch that at the moment can implement either of those two >fixes by encoding the filter. I have tried to find the answer at the LDAP >specifications at http://rfc.sunsite.dk/rfc/rfc2253.html. Is this just >Active Directory messing up? Does my fix seem reasonable? What is the >best method to fix my problems and stay within LDAP specifications? > >Any feedback or suggestions are welcomed. > >Thanks, >Jessica > >- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Working on patch (need feedback)
Hello ! Look at http://nagoya.apache.org/bugzilla/show_bug.cgi?id=7831, there you will find a JNDIRealmCertAD -- Windows Active Directory and JNDIRealmCertOpenExchange -- (Maybe) Standard LDAP Maybe JNDIRealmCertAD already do the job for you. Maybe not, but then we do have a good starting point to build a all working JNDIRealm solution. Mario - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Working on patch (need feedback)
Howdy, What about the other commas? I'm not that familiar with LDAP specs, so this may be a stupid question, but why are you escaping only the first comma? Yoav Shapira Millennium ChemInformatics >-Original Message- >From: Gross, Jessica [mailto:[EMAIL PROTECTED] >Sent: Tuesday, June 24, 2003 12:08 PM >To: [EMAIL PROTECTED] >Subject: Working on patch (need feedback) > >While using Tomcat and Active Directory, I found a small bug. Normally in >LDAP, you escape certain special characters, one of which being the comma. >This is done by > >DN=CN=Doe\, Jane, OU=unit, OU=People > >However, when I instructed Tomcat to search for roles by inserting the >distinguished name, no results were found. This is because I found in >Active Directory in an object filter you must put > >member=CN=Doe\\, Jane, OU=unit, OU=People or member=CN="Doe, Jane", >OU=unit, OU=People > >I have written a patch that at the moment can implement either of those two >fixes by encoding the filter. I have tried to find the answer at the LDAP >specifications at http://rfc.sunsite.dk/rfc/rfc2253.html. Is this just >Active Directory messing up? Does my fix seem reasonable? What is the >best method to fix my problems and stay within LDAP specifications? > >Any feedback or suggestions are welcomed. > >Thanks, >Jessica > >- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]