Re: JNDIRealm config
Tim Funk wrote: To use JNDIRealm with Netscape Directory server you need the 4.1.X series of tomcat and you need to bind as the user. So do not provide connectionName and connection password. Actually it's userPassword that should not be provided if you want JNDIRealm to bind as the user for authentication. connectionName and connectionPassword will still be used if provided to retrieve role information and to search the directory for the user's entry if required, but are optional. This is documented in some detail in the realm howto included with 4.1.8 and later. John. In the 4.0.X series the passwords are compared in an incompatible manner with respect to Netscape Dir server. - - wrote: hi This looks long but it's actually straightforward. I can't get the JNDIRealm config to work Netscape Directory Server 3.1. I suspect the conf. of the JNDIRealm elment is wrong but don't know why. I have a LDIF file exported from Netscape Directory Server 3.1 which define(loosely speaking) - an admin user that I use in JNDIRealm for initial connection - a sales person - a SalesGroup role which has sales person as a member Other stuff removed for clarity. dn: uid=admin,o=company.com objectclass: top objectclass: person objectclass: organizationalperson objectclass: inetorgperson cn: SuiteSpot Administrator sn: Administrator givenname: SuiteSpot uid: admin userpassword: {SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g= dn: uid=salesID,o=company.com objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson objectclass: nsLicenseUser givenname: salesFir sn: salesSur cn: salesFul uid: salesID userpassword: {SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g= dn: cn=SalesGroup,o=company.com objectclass: top objectclass: groupOfUniqueNames cn: SalesGroup uniquemember: uid=salesID,o=company.com So my JNDIRealm config is, Realm className=org.apache.catalina.realm.JNDIRealm debug=99 connectionName=uid=admin,o=company.com connectionPassword=password connectionURL=ldap://localhost:390; roleName=cn roleSearch=(uniquemember={0}) roleSubtree=true userPassword=userpassword userPattern=uid={0},o=company.com / I have tried many combinations of patterns and attributes in the above configuration but none worked. The initial connection and authentication using admin seemed to work OK. But I can't get it to authenticate the sales person/salesGroup. I enter the salesID as the username and its password in the auth. dialog box web.xml has security-constraint web-resource-collection web-resource-nameSales/web-resource-name url-pattern/jsp/SalesIndex.jsp/url-pattern /web-resource-collection auth-constraint role-nameSalesGroup/role-name /auth-constraint /security-constraint login-config auth-methodDIGEST/auth-method realm-nameSID/realm-name /login-config security-role role-nameSalesGroup/role-name /security-role Thanks very much - Do You Yahoo!? Yahoo! Health - Feel better, live better -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: JNDIRealm config
To use JNDIRealm with Netscape Directory server you need the 4.1.X series of tomcat and you need to bind as the user. So do not provide connectionName and connection password. In the 4.0.X series the passwords are compared in an incompatible manner with respect to Netscape Dir server. - - wrote: hi This looks long but it's actually straightforward. I can't get the JNDIRealm config to work Netscape Directory Server 3.1. I suspect the conf. of the JNDIRealm elment is wrong but don't know why. I have a LDIF file exported from Netscape Directory Server 3.1 which define(loosely speaking) - an admin user that I use in JNDIRealm for initial connection - a sales person - a SalesGroup role which has sales person as a member Other stuff removed for clarity. dn: uid=admin,o=company.com objectclass: top objectclass: person objectclass: organizationalperson objectclass: inetorgperson cn: SuiteSpot Administrator sn: Administrator givenname: SuiteSpot uid: admin userpassword: {SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g= dn: uid=salesID,o=company.com objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson objectclass: nsLicenseUser givenname: salesFir sn: salesSur cn: salesFul uid: salesID userpassword: {SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g= dn: cn=SalesGroup,o=company.com objectclass: top objectclass: groupOfUniqueNames cn: SalesGroup uniquemember: uid=salesID,o=company.com So my JNDIRealm config is, Realm className=org.apache.catalina.realm.JNDIRealm debug=99 connectionName=uid=admin,o=company.com connectionPassword=password connectionURL=ldap://localhost:390; roleName=cn roleSearch=(uniquemember={0}) roleSubtree=true userPassword=userpassword userPattern=uid={0},o=company.com / I have tried many combinations of patterns and attributes in the above configuration but none worked. The initial connection and authentication using admin seemed to work OK. But I can't get it to authenticate the sales person/salesGroup. I enter the salesID as the username and its password in the auth. dialog box web.xml has security-constraint web-resource-collection web-resource-nameSales/web-resource-name url-pattern/jsp/SalesIndex.jsp/url-pattern /web-resource-collection auth-constraint role-nameSalesGroup/role-name /auth-constraint /security-constraint login-config auth-methodDIGEST/auth-method realm-nameSID/realm-name /login-config security-role role-nameSalesGroup/role-name /security-role Thanks very much - Do You Yahoo!? Yahoo! Health - Feel better, live better -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
JNDIRealm config
hi This looks long but it's actually straightforward. I can't get the JNDIRealm config to work Netscape Directory Server 3.1. I suspect the conf. of the JNDIRealm elment is wrong but don't know why. I have a LDIF file exported from Netscape Directory Server 3.1 which define(loosely speaking) - an admin user that I use in JNDIRealm for initial connection - a sales person - a SalesGroup role which has sales person as a member Other stuff removed for clarity. dn: uid=admin,o=company.com objectclass: top objectclass: person objectclass: organizationalperson objectclass: inetorgperson cn: SuiteSpot Administrator sn: Administrator givenname: SuiteSpot uid: admin userpassword: {SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g= dn: uid=salesID,o=company.com objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson objectclass: nsLicenseUser givenname: salesFir sn: salesSur cn: salesFul uid: salesID userpassword: {SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g= dn: cn=SalesGroup,o=company.com objectclass: top objectclass: groupOfUniqueNames cn: SalesGroup uniquemember: uid=salesID,o=company.com So my JNDIRealm config is, Realm className=org.apache.catalina.realm.JNDIRealm debug=99 connectionName=uid=admin,o=company.com connectionPassword=password connectionURL=ldap://localhost:390; roleName=cn roleSearch=(uniquemember={0}) roleSubtree=true userPassword=userpassword userPattern=uid={0},o=company.com / I have tried many combinations of patterns and attributes in the above configuration but none worked. The initial connection and authentication using admin seemed to work OK. But I can't get it to authenticate the sales person/salesGroup. I enter the salesID as the username and its password in the auth. dialog box web.xml has security-constraint web-resource-collection web-resource-nameSales/web-resource-name url-pattern/jsp/SalesIndex.jsp/url-pattern /web-resource-collection auth-constraint role-nameSalesGroup/role-name /auth-constraint /security-constraint login-config auth-methodDIGEST/auth-method realm-nameSID/realm-name /login-config security-role role-nameSalesGroup/role-name /security-role Thanks very much - Do You Yahoo!? Yahoo! Health - Feel better, live better