Tomcat 4: JNDI LDAP - Can't get single role name

2004-05-13 Thread Goerlich, Michael 
Hello Tomcat-Users,

I've got a problem and I don't know if it's my lack (...but I've already
scanned this list).

In my environment I want to authenticate the users against MS AD by JNDI
LDAP. The user authentication is ok and also the roles found by
getRoles() are the right ones. But the returned roles are given in the
complete distinguished name (DN) of the role (i.e.
CN=ERKUSAAdmin,CN=Users,DC=local,DC=bremereb,DC=de) instead of the
single role name (attribute cn) (i.e. ERKUSAAdmin) so I have to
configure the fully DN in web.xml for a security-constraint what is very
undesireable:

Log in catalina.out (tomcat 4.1.7):

2004-05-13 11:33:44 JNDIRealm[Standalone]:   Searching for goerlich
2004-05-13 11:33:44 JNDIRealm[Standalone]:   base:
CN=Users,dc=local,dc=bremereb,dc=de  filter: (sAMAccountName=goerlich)
2004-05-13 11:33:44 JNDIRealm[Standalone]:   entry found for goerlich
with dn CN=Goerlich\, Michael,CN=Users,dc=local,dc=bremereb,dc=de
2004-05-13 11:33:44 JNDIRealm[Standalone]:   retrieving values for
attribute memberOf
2004-05-13 11:33:44 JNDIRealm[Standalone]:   validating credentials by
binding as the user
2004-05-13 11:33:44 JNDIRealm[Standalone]:   binding as CN=Goerlich\,
Michael,CN=Users,dc=local,dc=bremereb,dc=de
2004-05-13 11:33:44 JNDIRealm[Standalone]: Username goerlich
successfully authenticated
2004-05-13 11:33:44 JNDIRealm[Standalone]:   getRoles(CN=Goerlich\,
Michael,CN=Users,dc=local,dc=bremereb,dc=de)
2004-05-13 11:33:44 JNDIRealm[Standalone]:   Searching role base
'CN=Users,dc=local,dc=bremereb,dc=de' for attribute 'cn'
2004-05-13 11:33:44 JNDIRealm[Standalone]:   With filter expression
'member=CN=Goerlich\, Michael,CN=Users,dc=local,dc=bremereb,dc=de'
2004-05-13 11:33:44 JNDIRealm[Standalone]:   Returning 7 roles
2004-05-13 11:33:44 JNDIRealm[Standalone]:   Found role
CN=erkusaverwalter,CN=Users,DC=local,DC=bremereb,DC=de
2004-05-13 11:33:44 JNDIRealm[Standalone]:   Found role
CN=tomcat,CN=Users,DC=local,DC=bremereb,DC=de
2004-05-13 11:33:44 JNDIRealm[Standalone]:   Found role
CN=manager,CN=Users,DC=local,DC=bremereb,DC=de
2004-05-13 11:33:44 JNDIRealm[Standalone]:   Found role
CN=ERKUSAAdmin,CN=Users,DC=local,DC=bremereb,DC=de
2004-05-13 11:33:44 JNDIRealm[Standalone]:   Found role
CN=_Gewerbekunden,CN=Users,DC=local,DC=bremereb,DC=de
2004-05-13 11:33:44 JNDIRealm[Standalone]:   Found role
CN=_Dokumentation,CN=Users,DC=local,DC=bremereb,DC=de
2004-05-13 11:33:44 JNDIRealm[Standalone]:   Found role
CN=_Team_SAP,CN=Users,DC=local,DC=bremereb,DC=de
2004-05-13 11:33:44 JNDIRealm[Standalone]: Username goerlich has role
CN=ERKUSAAdmin,CN=Users,DC=local,DC=bremereb,DC=de
2004-05-13 11:33:57 JNDIRealm[Standalone]: Username goerlich does NOT
have role ERKUSAAdmin
2004-05-13 11:33:57 JNDIRealm[Standalone]: Username goerlich does NOT
have role ERKUSAVerwalter
2004-05-13 11:33:57 JNDIRealm[Standalone]: Username goerlich does NOT
have role ERKUSAAdmin

My configured JNDI-realm in server.xml:

Realm className=org.apache.catalina.realm.JNDIRealm debug=99
connectionURL=... (substituted)
userBase=CN=Users,dc=local,dc=bremereb,dc=de
userSearch=(sAMAccountName={0})
userRoleName=memberOf
roleBase=CN=Users,dc=local,dc=bremereb,dc=de
roleName=cn
roleSearch=member={0}
connectionName=[EMAIL PROTECTED]
connectionPassword=secret
roleSubtree=true
userSubtree=true /

I run this on tomcat 4.1.27.

The funny thing is that the same configuration on tomcat 5 return 14
roles (for the given example) what work for me, but I need that
functionality in tomcat 4:

Log in catalina.out (tomcat 5.0.24)

2004-05-13 11:59:31 JNDIRealm[Catalina]:   Searching for goerlich
2004-05-13 11:59:31 JNDIRealm[Catalina]:   base:
CN=Users,dc=local,dc=bremereb,dc=de  filter: (sAMAccountName=goerlich)
2004-05-13 11:59:31 JNDIRealm[Catalina]:   entry found for goerlich with
dn CN=Goerlich\, Michael,CN=Users,dc=local,dc=bremereb,dc=de
2004-05-13 11:59:31 JNDIRealm[Catalina]:   retrieving values for
attribute memberOf
2004-05-13 11:59:31 JNDIRealm[Catalina]:   validating credentials by
binding as the user
2004-05-13 11:59:31 JNDIRealm[Catalina]:   binding as CN=Goerlich\,
Michael,CN=Users,dc=local,dc=bremereb,dc=de
2004-05-13 11:59:31 JNDIRealm[Catalina]: Username goerlich successfully
authenticated
2004-05-13 11:59:31 JNDIRealm[Catalina]:   getRoles(CN=Goerlich\,
Michael,CN=Users,dc=local,dc=bremereb,dc=de)
2004-05-13 11:59:31 JNDIRealm[Catalina]:   Searching role base
'CN=Users,DC=local,DC=bremereb,DC=de' for attribute 'cn'
2004-05-13 11:59:31 JNDIRealm[Catalina]:   With filter expression
'member=CN=Goerlich\5c, Michael,CN=Users,dc=local,dc=bremereb,dc=de'
2004-05-13 11:59:31 JNDIRealm[Catalina]:   retrieving values for
attribute cn
2004-05-13 11:59:31 JNDIRealm[Catalina]:   retrieving values for
attribute cn
2004-05-13 11:59:31 JNDIRealm[Catalina]:   retrieving values for
attribute cn
2004-05-13 11:59:31 JNDIRealm[Catalina]:   retrieving values for
attribute cn
2004-05-13 11:59:31 JNDIRealm[Catalina]:   retrieving values for
attribute

Re: Tomcat 4 JNDI

2002-06-18 Thread giluka 


I've tried that but it does not still works ...
It is correct to put jndi.properties (with information that point to my ejb
server) file in my classpath ?

- Original Message -
From: Richard Plukker [EMAIL PROTECTED]
To: Tomcat Users List [EMAIL PROTECTED]
Sent: Tuesday, June 18, 2002 9:27 AM
Subject: Re: Tomcat 4  JNDI


 In tomcat 4 you can also use the ejb-ref element in the server.xml
 look at the tomcat examples, hope it will work.
 good luck

 On Tuesday 18 June 2002 08:56, you wrote:
  I've a problem:
  i want to call my EJB resource (running on a remote machine on JBoss
3.0)
  from a servlet (running on my local machine).
  I've tried to put in classpath jndi.properties file like this:
 
  java.naming.factory.initial=org.jnp.interfaces.NamingContextFactory
  java.naming.provider.url=remote-machine
  java.naming.factory.url.pkgs=org.jboss.naming.org.jnp.interfaces
 
  and to modify web-xml file:
 
  resource-env-ref
  resource-env-ref-nameAddressEJBHome/resource-env-ref-name
 
 
resource-env-ref-typecom.sun.j2ee.blueprints.address.ejb.AddressEJBBean/
 r esource-env-ref-type
  /resource-env-ref
 
  can you help me ?

 --
 To unsubscribe, e-mail:
mailto:[EMAIL PROTECTED]
 For additional commands, e-mail:
mailto:[EMAIL PROTECTED]



--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: Tomcat 4 JNDI

2002-06-18 Thread Richard Plukker 

giluka wrote:

I've tried that but it does not still works ...
It is correct to put jndi.properties (with information that point to my ejb
server) file in my classpath ?

- Original Message -
From: Richard Plukker [EMAIL PROTECTED]
To: Tomcat Users List [EMAIL PROTECTED]
Sent: Tuesday, June 18, 2002 9:27 AM
Subject: Re: Tomcat 4  JNDI


  

In tomcat 4 you can also use the ejb-ref element in the server.xml
look at the tomcat examples, hope it will work.
good luck

On Tuesday 18 June 2002 08:56, you wrote:


I've a problem:
i want to call my EJB resource (running on a remote machine on JBoss
  

3.0)
  

from a servlet (running on my local machine).
I've tried to put in classpath jndi.properties file like this:

java.naming.factory.initial=org.jnp.interfaces.NamingContextFactory
java.naming.provider.url=remote-machine
java.naming.factory.url.pkgs=org.jboss.naming.org.jnp.interfaces

and to modify web-xml file:

resource-env-ref
resource-env-ref-nameAddressEJBHome/resource-env-ref-name


  



resource-env-ref-typecom.sun.j2ee.blueprints.address.ejb.AddressEJBBean/
  

r esource-env-ref-type
/resource-env-ref

can you help me ?
  

--
To unsubscribe, e-mail:


mailto:[EMAIL PROTECTED]
  

For additional commands, e-mail:


mailto:[EMAIL PROTECTED]
  



--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

  


You should try to start tomcat with a

# java -Djava.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory \
  -Djava.naming.provider.url=ldap://localhost:389/o=jnditutorial \
  List
# java -Djava.naming.factory.initial=com.sun.jndi.fscontext.RefFSContextFactory \
  -Djava.naming.provider.url=file:/tmp \
  List 
  

You should take a look at the jndi 
tutorial:http://java.sun.com/products/jndi/tutorial/beyond/env/source.html



--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]