Providing a connectionName and connectionPassword does *not* cause
JNDIRealm to lookup the password. It will still authenticate by binding
as the user unless you specify the userPassword configuration attribute.
Looking up roles as the administrator (or anonymously if connectionName
and
Thank you for responding John,
John Holman wrote:
Providing a connectionName and connectionPassword does *not* cause
JNDIRealm to lookup the password. It will still authenticate by
binding as the user unless you specify the userPassword configuration
attribute.
I'm working with
Mark
Looking up roles as the administrator (or anonymously if
connectionName and connectionPassword are not specified) is a
deliberate design decision.
John.
?? But, if you've already established a connection with the users
principle and credentials, why would ever want to convert
John Holman wrote:
Mark
Looking up roles as the administrator (or anonymously if
connectionName and connectionPassword are not specified) is a
deliberate design decision.
John.
?? But, if you've already established a connection with the users
principle and credentials, why would
Looking over the JNDIRealm Code I notice that in the bindAsUser method
that the users principle and credentials are stripped out of the
context. It is after this point that the JNDI search request is made to
gather the roles from the ldap server. Shouldn't it be *after* the
search for the
