funkman 2003/09/04 12:59:47
Modified:catalina build.xml
webapps/tomcat-docs realm-howto.xml
catalina/src/share/org/apache/catalina/realm JNDIRealm.java
Added: catalina/src/test/org/apache/catalina/realm
JNDIRealmTestCase.java
Log:
Per http://marc.theaimsgroup.com/?l=tomcat-dev&m=106254937722504&w=2
Allow Multiple user patterns in JNDIRealm and doc patch.
Patch provided by Jeff Tulley (jtulley at novell.com)
Revision ChangesPath
1.133 +11 -1 jakarta-tomcat-4.0/catalina/build.xml
Index: build.xml
===
RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/build.xml,v
retrieving revision 1.132
retrieving revision 1.133
diff -u -r1.132 -r1.133
--- build.xml 12 Mar 2003 21:38:05 - 1.132
+++ build.xml 4 Sep 2003 19:59:46 - 1.133
@@ -979,7 +979,7 @@
+ depends="build-tests,test-dir-context,test-realm,test-util">
@@ -1004,6 +1004,16 @@
+
+
+
+
+
+
+
+
+
1.13 +56 -14jakarta-tomcat-4.0/webapps/tomcat-docs/realm-howto.xml
Index: realm-howto.xml
===
RCS file: /home/cvs/jakarta-tomcat-4.0/webapps/tomcat-docs/realm-howto.xml,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- realm-howto.xml 7 May 2003 15:56:00 - 1.12
+++ realm-howto.xml 4 Sep 2003 19:59:47 - 1.13
@@ -362,7 +362,7 @@
Password to be recognized by Tomcat when the user logs in.
This value may in cleartext or digested - see below for more
information.
-
+
There must be a table, referenced below as the user roles table,
that contains one row for every valid role that is assigned to a
particular user. It is legal for a user to have zero, one, or more than
@@ -373,13 +373,13 @@
Username to be recognized by Tomcat (same value as is specified
in the users table).
Role name of a valid role associated with this user.
-
+
Quick Start
-
+
To set up Tomcat to use DataSourceRealm, you will need to follow these steps:
-
+
If you have not yet done so, create tables and columns in your database
that conform to the requirements described above.
Configure a database username and password for use by Tomcat, that has
@@ -418,7 +418,7 @@
generate more detailed output. If not specified, the default
debugging detail level is zero (0).
-
+
The digest algorithm used to store passwords in non-plaintext formats.
Valid values are those accepted for the algorithm name by the
@@ -426,18 +426,18 @@
Digested Passwords for more
information. If not specified, passwords are stored in clear text.
-
+
The name of the column, in the user roles table, that
contains the name of a role assigned to this user.
-
+
The name of the column, in the users table, that contains
the password for this user (either in clear text, or digested if the
digest attribute is set).
-
+
The name of the column, in the users and user roles
tables, that contains the username of this user.
@@ -559,11 +559,19 @@
attribute containing the username that is presented for
authentication.
-Often the distinguished name of the user's entry contains the
-username presented for authentication but is otherwise the same for
-all users. In this case the userPattern attribute may
-be used to specify the DN, with "{0}" marking where
-the username should be substituted.
+There are multiple options for specifying where to look for users.
+One is through the use of userPattern. This is set
+to the distinguished name of the user entry, but with "{0}" marking
+where the username should be substituted. If you want Tomcat to
+search for the username in multiple places, you can supply multiple
+locations in the userPattern. This is done by
+surrounding each separate location with parentheses. For example,
+"(cn={0},ou=users1,o=myorg)(cn={0},ou=users2,o=myorg)" will result in
+Tomcat looking in ou=users1,o=myorg, and then ou=users2,o=myorg for the
+username passed in from the authentication process. You can also use
+the standard LDAP "OR" search format, for instance
+"(|(cn={0},o=myorg)({0}))". Note that, as in this example, you can
+do both context-less and fully-typed logins using this technique.
Otherwise the realm must search the directory to find a unique entry
containing the username. The following attributes configure this
@@ -831,7 +839,8 @@
directory