Re: FW: JNDIRealm and roleNested
On 27/01/2010 17:38, TahitianGabriel wrote: Mark, I've opened a bug : https://issues.apache.org/bugzilla/show_bug.cgi?id=48629 https://issues.apache.org/bugzilla/show_bug.cgi?id=48629 I've also attached a patch that fixed the problem. Many thanks. I'll try and take a look in the next few days. (Unless one of the other committers beats me to it). Mark Regards, Gabriel. Mark Thomas wrote: Please do. Also, if you are able to test any patch produced please indicate that in Bugzilla too. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: FW: JNDIRealm and roleNested
On 26/01/2010 19:45, TahitianGabriel wrote:
Hi Mark,
Tomcat 6.0.24 has been released and the roleNested=true still doesn't work
with roleSearch=(member={1})
Shall I open a bug in https://issues.apache.org/bugzilla bugzilla ?
Please do. Also, if you are able to test any patch produced please
indicate that in Bugzilla too.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: FW: JNDIRealm and roleNested
Should I take the sources files from the
http://svn.apache.org/repos/asf/tomcat/trunk/ trunk
or the http://svn.apache.org/repos/asf/tomcat/tc6.0.x/trunk/ tc6.0.x
branche ?
Mark Thomas wrote:
On 26/01/2010 19:45, TahitianGabriel wrote:
Hi Mark,
Tomcat 6.0.24 has been released and the roleNested=true still doesn't
work
with roleSearch=(member={1})
Shall I open a bug in https://issues.apache.org/bugzilla bugzilla ?
Please do. Also, if you are able to test any patch produced please
indicate that in Bugzilla too.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
--
View this message in context:
http://old.nabble.com/JNDIRealm-and-roleNested-tp24756476p27346607.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: FW: JNDIRealm and roleNested
Mark, I've opened a bug : https://issues.apache.org/bugzilla/show_bug.cgi?id=48629 https://issues.apache.org/bugzilla/show_bug.cgi?id=48629 I've also attached a patch that fixed the problem. Regards, Gabriel. Mark Thomas wrote: Please do. Also, if you are able to test any patch produced please indicate that in Bugzilla too. Mark -- View this message in context: http://old.nabble.com/JNDIRealm-and-roleNested-tp24756476p27347235.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: FW: JNDIRealm and roleNested
Hi Mark,
Tomcat 6.0.24 has been released and the roleNested=true still doesn't work
with roleSearch=(member={1})
Shall I open a bug in https://issues.apache.org/bugzilla bugzilla ?
regards,
Gabriel.
--
View this message in context:
http://old.nabble.com/JNDIRealm-and-roleNested-tp24756476p27331784.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: FW: JNDIRealm and roleNested
Hi,
It's working great with roleSearch=(member={0}), but not with
roleSearch=(member={1})
From tomcat doc :
Use {0} to substitute the distinguished name (DN) of the user, and/or {1} to
substitute the username.
I guess line :
filter = roleFormat.format(new String[] { groupDN });
should be changed into something like
filter = roleFormat.format(new String[] {null, groupDN });
when roleSearch is using {1}
I'm using Domino 8.5 Ldap.
Regards,
Gabriel.
Mark Thomas wrote:
Payne, George (ghp5h) wrote:
I have tested this and it does exactly what I'd hoped. I tested it with
tomcat 6.0.20 as described
Many thanks for testing this. I have proposed the patch for Tomcat 6.
Mark
--
View this message in context:
http://www.nabble.com/JNDIRealm-and-roleNested-tp24756476p26105463.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: FW: JNDIRealm and roleNested
Payne, George (ghp5h) wrote: I have tested this and it does exactly what I'd hoped. I tested it with tomcat 6.0.20 as described Many thanks for testing this. I have proposed the patch for Tomcat 6. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: FW: JNDIRealm and roleNested
I have tested this and it does exactly what I'd hoped. I tested it with tomcat
6.0.20 as described, and I also, in vain and probably inadvisable hopes I could
stick with my yum-updateable RHEL 5.3 tomcat5.5 version, tested it with 5.5
(under server/lib). It didn't throw an exception in 5.5, but it didn't appear
to do a recursive search, either. But, as I said, it works exactly as
advertised in 6.0.20.
If anyone is interested in details, here is the realm I used (against a Domino
ldap server):
Realm
className=org.apache.catalina.realm.JNDIRealm
debug=99
connectionURL=ldap://myserver.law.virginia.edu:389;
roleRecursionLimit=2
roleNested=true
roleBase=
roleSearch=(member={0})
roleSubtree=false
roleName=cn
userBase=
userSearch=(uid={0})
userSubtree=false
allRolesMode=authOnly
/
Results from my test jsp showing Principal.toString() and isUserInRole for a
few roles. Jqp1a is in 2009jd which is nested in the Students group.
Old version of JNDIRealm:
userPrincipal: GenericPrincipal[jqp1a(2000JD,2007JDPHD,2009JD,Phoneathon,Test
Students,)] user: jqp1a
isInStudents: false
isInFaculty: false
isInStaff: false
isIn2009JD: true
Logout
New Version
userPrincipal:
GenericPrincipal[jqp1a(2000JD,2007JDPHD,2009JD,Phoneathon,Students,Test
Students,)] user: jqp1a
isInStudents: true
isInFaculty: false
isInStaff: false
isIn2009JD: true
Logout
George Payne
-Original Message-
From: Mark Thomas [mailto:ma...@apache.org]
Sent: Monday, August 03, 2009 12:36 PM
To: Tomcat Users List
Subject: Re: FW: JNDIRealm and roleNested
Mark Thomas wrote:
--- Original Message ---
From: Payne, George (ghp5h) gh...@eservices.virginia.edu
I still don't know the answer to the questions I originally posed below, if
anyone can help, I'd very much appreciate it.
If I produced a binary patch for 6.0.20 and instructions on how to install it
would you be able to test it for us? Positive feedback would greatly increase
the chances of this patch getting into the 6.0.x branch.
George replied off-list that he would be willing to test this. So for
George and anyone else that wants to test this you'll need to do the
following.
1. Understand that this is development code, made available for testing
purposes. In no way should this be construed to be any form of ASF release.
2. Download and install Tomcat 6.0.20.
3. Create the following directory structure under CATALINA_HOME/lib:
org/apache/catalina/realm
4. Download this file:
http://people.apache.org/~markt/dev/JNDIRealm.class
and place it in the CATALINA_HOME/lib/org/apache/catalina/realm
directory you just created.
5. Re-read point 1 :)
6. Configure your JNDI realm as normal. There are some extra options.
Read through the code:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java?annotate=797162
to see what they are.
6. Start Tomcat
7. Let us know how you get on.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: FW: JNDIRealm and roleNested
Mark Thomas wrote: --- Original Message --- From: Payne, George (ghp5h) gh...@eservices.virginia.edu I still don't know the answer to the questions I originally posed below, if anyone can help, I'd very much appreciate it. If I produced a binary patch for 6.0.20 and instructions on how to install it would you be able to test it for us? Positive feedback would greatly increase the chances of this patch getting into the 6.0.x branch. George replied off-list that he would be willing to test this. So for George and anyone else that wants to test this you'll need to do the following. 1. Understand that this is development code, made available for testing purposes. In no way should this be construed to be any form of ASF release. 2. Download and install Tomcat 6.0.20. 3. Create the following directory structure under CATALINA_HOME/lib: org/apache/catalina/realm 4. Download this file: http://people.apache.org/~markt/dev/JNDIRealm.class and place it in the CATALINA_HOME/lib/org/apache/catalina/realm directory you just created. 5. Re-read point 1 :) 6. Configure your JNDI realm as normal. There are some extra options. Read through the code: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java?annotate=797162 to see what they are. 6. Start Tomcat 7. Let us know how you get on. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: FW: JNDIRealm and roleNested
--- Original Message --- From: Payne, George (ghp5h) gh...@eservices.virginia.edu I still don't know the answer to the questions I originally posed below, if anyone can help, I'd very much appreciate it. If I produced a binary patch for 6.0.20 and instructions on how to install it would you be able to test it for us? Positive feedback would greatly increase the chances of this patch getting into the 6.0.x branch. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
