Casey
Unless I misunderstand, I think the existing JNDIRealm will handle this. In
the roleSearch parameter, {1} is substituted by the username, so in your
example you could have
roleBase= [ basedn for user entries ]
roleName="memberof"
roleSearch = "(uid={1})"
This might involve an additional directory search though.
John.
----- Original Message -----
From: "Bragg, Casey" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, June 07, 2001 8:38 PM
Subject: Suggested change to JNDIRealm
> I've written a modification of
org.apache.catalina.realm.JNDIRealm.getRoles
> to allow for the following :
>
> If the realm descriptor's roleBase (in server.xml) is null or blank,
> JNDIRealm will retrieve the assigned roles list from the attribute owned
by
> the user's DN which is specified in roleName. That's hard to read. Here
is
> an example.
>
> Given an authenticated user with DN uid=FreakyWill,ou=mycompany
> Given that the node uid=FreakyWill,ou=mycompany contains the following
> attributes
> memberof=beerusers
> memberof=freakyusers
> Given the following Realm descriptor entries :
> roleBase=""
> roleName="memberof"
>
> JNDIRealm.getRoles will return the roles beerusers and freakyusers by
simply
> retrieving the userDN's memberof attribute.
>
> If roleBase is populated (not null + length>0), JNDI will maintain its
prior
> functionality to retrieve roles.
>
> Any comments? My LDAP implementation requires this functionality. Should
I
> submit this code to the tomcat project somehow?
>
> Thanks...
>
> ...Casey
>
> ==============================================
> Casey Bragg - Software Engineer
> Allegiance Telecom, Inc. Dallas, TX
> 469-259-2702 - [EMAIL PROTECTED]
> ==============================================
>
>
