I've written a modification of org.apache.catalina.realm.JNDIRealm.getRoles
to allow for the following :
If the realm descriptor's roleBase (in server.xml) is null or blank,
JNDIRealm will retrieve the assigned roles list from the attribute owned by
the user's DN which is specified in roleName. That's hard to read. Here is
an example.
Given an authenticated user with DN uid=FreakyWill,ou=mycompany
Given that the node uid=FreakyWill,ou=mycompany contains the following
attributes
memberof=beerusers
memberof=freakyusers
Given the following Realm descriptor entries :
roleBase=""
roleName="memberof"
JNDIRealm.getRoles will return the roles beerusers and freakyusers by simply
retrieving the userDN's memberof attribute.
If roleBase is populated (not null + length>0), JNDI will maintain its prior
functionality to retrieve roles.
Any comments? My LDAP implementation requires this functionality. Should I
submit this code to the tomcat project somehow?
Thanks...
...Casey
==============================================
Casey Bragg - Software Engineer
Allegiance Telecom, Inc. Dallas, TX
469-259-2702 - [EMAIL PROTECTED]
==============================================
