Re: FW: JNDIRealm and roleNested
On 27/01/2010 17:38, TahitianGabriel wrote: Mark, I've opened a bug : https://issues.apache.org/bugzilla/show_bug.cgi?id=48629 https://issues.apache.org/bugzilla/show_bug.cgi?id=48629 I've also attached a patch that fixed the problem. Many thanks. I'll try and take a look in the next few days. (Unless one of the other committers beats me to it). Mark Regards, Gabriel. Mark Thomas wrote: Please do. Also, if you are able to test any patch produced please indicate that in Bugzilla too. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: FW: JNDIRealm and roleNested
On 26/01/2010 19:45, TahitianGabriel wrote: Hi Mark, Tomcat 6.0.24 has been released and the roleNested=true still doesn't work with roleSearch=(member={1}) Shall I open a bug in https://issues.apache.org/bugzilla bugzilla ? Please do. Also, if you are able to test any patch produced please indicate that in Bugzilla too. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: FW: JNDIRealm and roleNested
Should I take the sources files from the http://svn.apache.org/repos/asf/tomcat/trunk/ trunk or the http://svn.apache.org/repos/asf/tomcat/tc6.0.x/trunk/ tc6.0.x branche ? Mark Thomas wrote: On 26/01/2010 19:45, TahitianGabriel wrote: Hi Mark, Tomcat 6.0.24 has been released and the roleNested=true still doesn't work with roleSearch=(member={1}) Shall I open a bug in https://issues.apache.org/bugzilla bugzilla ? Please do. Also, if you are able to test any patch produced please indicate that in Bugzilla too. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://old.nabble.com/JNDIRealm-and-roleNested-tp24756476p27346607.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: FW: JNDIRealm and roleNested
Mark, I've opened a bug : https://issues.apache.org/bugzilla/show_bug.cgi?id=48629 https://issues.apache.org/bugzilla/show_bug.cgi?id=48629 I've also attached a patch that fixed the problem. Regards, Gabriel. Mark Thomas wrote: Please do. Also, if you are able to test any patch produced please indicate that in Bugzilla too. Mark -- View this message in context: http://old.nabble.com/JNDIRealm-and-roleNested-tp24756476p27347235.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: FW: JNDIRealm and roleNested
Hi Mark, Tomcat 6.0.24 has been released and the roleNested=true still doesn't work with roleSearch=(member={1}) Shall I open a bug in https://issues.apache.org/bugzilla bugzilla ? regards, Gabriel. -- View this message in context: http://old.nabble.com/JNDIRealm-and-roleNested-tp24756476p27331784.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: FW: JNDIRealm and roleNested
Hi, It's working great with roleSearch=(member={0}), but not with roleSearch=(member={1}) From tomcat doc : Use {0} to substitute the distinguished name (DN) of the user, and/or {1} to substitute the username. I guess line : filter = roleFormat.format(new String[] { groupDN }); should be changed into something like filter = roleFormat.format(new String[] {null, groupDN }); when roleSearch is using {1} I'm using Domino 8.5 Ldap. Regards, Gabriel. Mark Thomas wrote: Payne, George (ghp5h) wrote: I have tested this and it does exactly what I'd hoped. I tested it with tomcat 6.0.20 as described Many thanks for testing this. I have proposed the patch for Tomcat 6. Mark -- View this message in context: http://www.nabble.com/JNDIRealm-and-roleNested-tp24756476p26105463.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: FW: JNDIRealm and roleNested
Payne, George (ghp5h) wrote: I have tested this and it does exactly what I'd hoped. I tested it with tomcat 6.0.20 as described Many thanks for testing this. I have proposed the patch for Tomcat 6. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: FW: JNDIRealm and roleNested
I have tested this and it does exactly what I'd hoped. I tested it with tomcat 6.0.20 as described, and I also, in vain and probably inadvisable hopes I could stick with my yum-updateable RHEL 5.3 tomcat5.5 version, tested it with 5.5 (under server/lib). It didn't throw an exception in 5.5, but it didn't appear to do a recursive search, either. But, as I said, it works exactly as advertised in 6.0.20. If anyone is interested in details, here is the realm I used (against a Domino ldap server): Realm className=org.apache.catalina.realm.JNDIRealm debug=99 connectionURL=ldap://myserver.law.virginia.edu:389; roleRecursionLimit=2 roleNested=true roleBase= roleSearch=(member={0}) roleSubtree=false roleName=cn userBase= userSearch=(uid={0}) userSubtree=false allRolesMode=authOnly / Results from my test jsp showing Principal.toString() and isUserInRole for a few roles. Jqp1a is in 2009jd which is nested in the Students group. Old version of JNDIRealm: userPrincipal: GenericPrincipal[jqp1a(2000JD,2007JDPHD,2009JD,Phoneathon,Test Students,)] user: jqp1a isInStudents: false isInFaculty: false isInStaff: false isIn2009JD: true Logout New Version userPrincipal: GenericPrincipal[jqp1a(2000JD,2007JDPHD,2009JD,Phoneathon,Students,Test Students,)] user: jqp1a isInStudents: true isInFaculty: false isInStaff: false isIn2009JD: true Logout George Payne -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Monday, August 03, 2009 12:36 PM To: Tomcat Users List Subject: Re: FW: JNDIRealm and roleNested Mark Thomas wrote: --- Original Message --- From: Payne, George (ghp5h) gh...@eservices.virginia.edu I still don't know the answer to the questions I originally posed below, if anyone can help, I'd very much appreciate it. If I produced a binary patch for 6.0.20 and instructions on how to install it would you be able to test it for us? Positive feedback would greatly increase the chances of this patch getting into the 6.0.x branch. George replied off-list that he would be willing to test this. So for George and anyone else that wants to test this you'll need to do the following. 1. Understand that this is development code, made available for testing purposes. In no way should this be construed to be any form of ASF release. 2. Download and install Tomcat 6.0.20. 3. Create the following directory structure under CATALINA_HOME/lib: org/apache/catalina/realm 4. Download this file: http://people.apache.org/~markt/dev/JNDIRealm.class and place it in the CATALINA_HOME/lib/org/apache/catalina/realm directory you just created. 5. Re-read point 1 :) 6. Configure your JNDI realm as normal. There are some extra options. Read through the code: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java?annotate=797162 to see what they are. 6. Start Tomcat 7. Let us know how you get on. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: FW: JNDIRealm and roleNested
Mark Thomas wrote: --- Original Message --- From: Payne, George (ghp5h) gh...@eservices.virginia.edu I still don't know the answer to the questions I originally posed below, if anyone can help, I'd very much appreciate it. If I produced a binary patch for 6.0.20 and instructions on how to install it would you be able to test it for us? Positive feedback would greatly increase the chances of this patch getting into the 6.0.x branch. George replied off-list that he would be willing to test this. So for George and anyone else that wants to test this you'll need to do the following. 1. Understand that this is development code, made available for testing purposes. In no way should this be construed to be any form of ASF release. 2. Download and install Tomcat 6.0.20. 3. Create the following directory structure under CATALINA_HOME/lib: org/apache/catalina/realm 4. Download this file: http://people.apache.org/~markt/dev/JNDIRealm.class and place it in the CATALINA_HOME/lib/org/apache/catalina/realm directory you just created. 5. Re-read point 1 :) 6. Configure your JNDI realm as normal. There are some extra options. Read through the code: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java?annotate=797162 to see what they are. 6. Start Tomcat 7. Let us know how you get on. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: FW: JNDIRealm and roleNested
--- Original Message --- From: Payne, George (ghp5h) gh...@eservices.virginia.edu I still don't know the answer to the questions I originally posed below, if anyone can help, I'd very much appreciate it. If I produced a binary patch for 6.0.20 and instructions on how to install it would you be able to test it for us? Positive feedback would greatly increase the chances of this patch getting into the 6.0.x branch. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org