Re: JNDIRealm config
Tim Funk wrote:
To use JNDIRealm with Netscape Directory server you need the 4.1.X
series of tomcat and you need to bind as the user. So do not provide
connectionName and connection password.
Actually it's userPassword that should not be provided if you want
JNDIRealm to bind as the user for authentication. connectionName and
connectionPassword will still be used if provided to retrieve role
information and to search the directory for the user's entry if
required, but are optional.
This is documented in some detail in the realm howto included with 4.1.8
and later.
John.
In the 4.0.X series the passwords are compared in an incompatible
manner with respect to Netscape Dir server.
- - wrote:
hi
This looks long but it's actually straightforward.
I can't get the JNDIRealm config to work Netscape Directory Server 3.1.
I suspect the conf. of the JNDIRealm elment is wrong but don't know why.
I have a LDIF file exported from Netscape Directory Server 3.1 which
define(loosely speaking)
- an admin user that I use in JNDIRealm for initial connection
- a sales person
- a SalesGroup role which has sales person as a member
Other stuff removed for clarity.
dn: uid=admin,o=company.com
objectclass: top
objectclass: person
objectclass: organizationalperson
objectclass: inetorgperson
cn: SuiteSpot Administrator
sn: Administrator
givenname: SuiteSpot
uid: admin
userpassword: {SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=
dn: uid=salesID,o=company.com
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
objectclass: nsLicenseUser
givenname: salesFir
sn: salesSur
cn: salesFul
uid: salesID
userpassword: {SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=
dn: cn=SalesGroup,o=company.com
objectclass: top
objectclass: groupOfUniqueNames
cn: SalesGroup
uniquemember: uid=salesID,o=company.com
So my JNDIRealm config is,
Realm className=org.apache.catalina.realm.JNDIRealm debug=99
connectionName=uid=admin,o=company.com
connectionPassword=password
connectionURL=ldap://localhost:390;
roleName=cn
roleSearch=(uniquemember={0})
roleSubtree=true
userPassword=userpassword
userPattern=uid={0},o=company.com
/
I have tried many combinations of patterns and attributes in the
above configuration but none worked.
The initial connection and authentication using admin seemed to work OK.
But I can't get it to authenticate the sales person/salesGroup.
I enter the salesID as the username and its password in the auth.
dialog box
web.xml has
security-constraint
web-resource-collection
web-resource-nameSales/web-resource-name
url-pattern/jsp/SalesIndex.jsp/url-pattern
/web-resource-collection
auth-constraint
role-nameSalesGroup/role-name
/auth-constraint
/security-constraint
login-config
auth-methodDIGEST/auth-method
realm-nameSID/realm-name
/login-config
security-role
role-nameSalesGroup/role-name
/security-role
Thanks very much
-
Do You Yahoo!?
Yahoo! Health - Feel better, live better
--
To unsubscribe, e-mail:
mailto:[EMAIL PROTECTED]
For additional commands, e-mail:
mailto:[EMAIL PROTECTED]
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: JNDIRealm config
To use JNDIRealm with Netscape Directory server you need the 4.1.X
series of tomcat and you need to bind as the user. So do not provide
connectionName and connection password.
In the 4.0.X series the passwords are compared in an incompatible manner
with respect to Netscape Dir server.
- - wrote:
hi
This looks long but it's actually straightforward.
I can't get the JNDIRealm config to work Netscape Directory Server 3.1.
I suspect the conf. of the JNDIRealm elment is wrong but don't know why.
I have a LDIF file exported from Netscape Directory Server 3.1 which define(loosely
speaking)
- an admin user that I use in JNDIRealm for initial connection
- a sales person
- a SalesGroup role which has sales person as a member
Other stuff removed for clarity.
dn: uid=admin,o=company.com
objectclass: top
objectclass: person
objectclass: organizationalperson
objectclass: inetorgperson
cn: SuiteSpot Administrator
sn: Administrator
givenname: SuiteSpot
uid: admin
userpassword: {SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=
dn: uid=salesID,o=company.com
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
objectclass: nsLicenseUser
givenname: salesFir
sn: salesSur
cn: salesFul
uid: salesID
userpassword: {SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=
dn: cn=SalesGroup,o=company.com
objectclass: top
objectclass: groupOfUniqueNames
cn: SalesGroup
uniquemember: uid=salesID,o=company.com
So my JNDIRealm config is,
Realm className=org.apache.catalina.realm.JNDIRealm debug=99
connectionName=uid=admin,o=company.com
connectionPassword=password
connectionURL=ldap://localhost:390;
roleName=cn
roleSearch=(uniquemember={0})
roleSubtree=true
userPassword=userpassword
userPattern=uid={0},o=company.com
/
I have tried many combinations of patterns and attributes in the above configuration
but none worked.
The initial connection and authentication using admin seemed to work OK.
But I can't get it to authenticate the sales person/salesGroup.
I enter the salesID as the username and its password in the auth. dialog box
web.xml has
security-constraint
web-resource-collection
web-resource-nameSales/web-resource-name
url-pattern/jsp/SalesIndex.jsp/url-pattern
/web-resource-collection
auth-constraint
role-nameSalesGroup/role-name
/auth-constraint
/security-constraint
login-config
auth-methodDIGEST/auth-method
realm-nameSID/realm-name
/login-config
security-role
role-nameSalesGroup/role-name
/security-role
Thanks very much
-
Do You Yahoo!?
Yahoo! Health - Feel better, live better
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
JNDIRealm config
hi
This looks long but it's actually straightforward.
I can't get the JNDIRealm config to work Netscape Directory Server 3.1.
I suspect the conf. of the JNDIRealm elment is wrong but don't know why.
I have a LDIF file exported from Netscape Directory Server 3.1 which define(loosely
speaking)
- an admin user that I use in JNDIRealm for initial connection
- a sales person
- a SalesGroup role which has sales person as a member
Other stuff removed for clarity.
dn: uid=admin,o=company.com
objectclass: top
objectclass: person
objectclass: organizationalperson
objectclass: inetorgperson
cn: SuiteSpot Administrator
sn: Administrator
givenname: SuiteSpot
uid: admin
userpassword: {SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=
dn: uid=salesID,o=company.com
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
objectclass: nsLicenseUser
givenname: salesFir
sn: salesSur
cn: salesFul
uid: salesID
userpassword: {SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=
dn: cn=SalesGroup,o=company.com
objectclass: top
objectclass: groupOfUniqueNames
cn: SalesGroup
uniquemember: uid=salesID,o=company.com
So my JNDIRealm config is,
Realm className=org.apache.catalina.realm.JNDIRealm debug=99
connectionName=uid=admin,o=company.com
connectionPassword=password
connectionURL=ldap://localhost:390;
roleName=cn
roleSearch=(uniquemember={0})
roleSubtree=true
userPassword=userpassword
userPattern=uid={0},o=company.com
/
I have tried many combinations of patterns and attributes in the above configuration
but none worked.
The initial connection and authentication using admin seemed to work OK.
But I can't get it to authenticate the sales person/salesGroup.
I enter the salesID as the username and its password in the auth. dialog box
web.xml has
security-constraint
web-resource-collection
web-resource-nameSales/web-resource-name
url-pattern/jsp/SalesIndex.jsp/url-pattern
/web-resource-collection
auth-constraint
role-nameSalesGroup/role-name
/auth-constraint
/security-constraint
login-config
auth-methodDIGEST/auth-method
realm-nameSID/realm-name
/login-config
security-role
role-nameSalesGroup/role-name
/security-role
Thanks very much
-
Do You Yahoo!?
Yahoo! Health - Feel better, live better
