When using a pattern the uid value or whatever that people enter is
substituted into the pattern to generate the dn - users are not expected to
enter the full dn. Search is needed however when the attribute whose value
is entered by the user is not a component of the dn, or when users are held
John Holman wrote:
As said before I'd like to add the ability to search the directory for the
user's dn to cover cases when a fixed pattern will not work, but will wait
to see the fate of this patch before going ahead.
Regarding the search, then bind authentication; what would be the
I was planning to fail authentication if more than one entry is found.
At 09:58 16/05/01, you wrote:
John Holman wrote:
As said before I'd like to add the ability to search the directory for the
user's dn to cover cases when a fixed pattern will not work, but will wait
to see the fate of
My use of search then bind is searching for a non-DN user ID (like UID or
mail, which is presumably unique) then binding witht he retrieved DN and
password. Can you imagine making people type in X.500-style user names
Martin
Torgeir Veimo wrote:
John Holman wrote:
As said before
Here is a patch for the JNDI realm in Catalina that supports authentication
by binding to the directory with the credentials specified by the user.
I've added a configuration parameter bindAsUser which defaults to true.
If set to false the realm authenticates as before: ie it retrieves the
