Re: JNDI Realm Problem

Mon, 29 Mar 2004 11:32:57 -0800

I ran into the same problem after upgrading from Tomcat 4.1.29 to 4.1.30. The problem was with the parens in the roleSearch attribute of my JNDIRealm. It does look like the parenthesis are being encoded (the \28 and \29) when they shouldn't be. For now, though, I got it working by removing them.

        <Realm  className="org.apache.catalina.realm.JNDIRealm" debug="99"
                resourceName="UserDatabase"
                connectionURL="ldap://localhost:389";
                userBase="dc=mydomain,dc=net"
                userSearch="(&amp;(uid={0})(objectClass=inetOrgPerson))"
                userSubtree="true"
                roleBase="ou=groups,dc=mydomain,dc=net"
                roleSearch="uniqueMember={0}"
                roleName="cn"
        />

Chong Yu Meng wrote:
Hello, all !

I've got a really strange problem that is probably caused by my eyesight. I followed the JNDI Real HowTo on the Jakarta site, and I setup the necessary LDIF file and put the necessary entries inside server.xml. After struggling with various typo errors and configuration mistakes (I was having a migraine at the time), I finally got Tomcat to authenticate with my OpenLDAP server. The trouble is, it cannot find the role, so I always get kicked out with an authorization error.

This is the error I am getting when I try to login to the Tomcat Web Administration page :

2004-03-25 20:42:53 JNDIRealm[Catalina]: lookupUser(tcadmin)
2004-03-25 20:42:53 JNDIRealm[Catalina]: dn=uid=tcadmin,ou=people,o=cymulacrum
2004-03-25 20:42:53 JNDIRealm[Catalina]: validating credentials by binding as the user
2004-03-25 20:42:53 JNDIRealm[Catalina]: binding as uid=tcadmin,ou=people,o=cymulacrum
2004-03-25 20:42:53 JNDIRealm[Catalina]: Username tcadmin successfully authenticated
2004-03-25 20:42:53 JNDIRealm[Catalina]: getRoles(uid=tcadmin,ou=people,o=cymulacrum)
2004-03-25 20:42:53 JNDIRealm[Catalina]: Searching role base 'ou=groups,o=cymulacrum' for attribute 'cn'
2004-03-25 20:42:53 JNDIRealm[Catalina]: With filter expression '\28uniqueMember=uid=tcadmin,ou=people,o=cymulacrum\29'
2004-03-25 20:42:53 JNDIRealm[Catalina]: Returning 0 roles


My LDIF file only has entries for Tomcat administrator and Tomcat Manager :

=== Begin LDIF file ===
# Define top-level entry
dn: o=cymulacrum
objectClass: top
objectClass: organization
o: cymulacrum
description: Cymulacrum directory

# Define an entry to contain people
dn: ou=people,o=cymulacrum
objectClass: organizationalUnit
ou: people

# Define an entry for Tomcat Administrator
dn: uid=tcadmin,ou=people,o=cymulacrum
objectClass: inetOrgPerson
uid: tcadmin
sn: Administrator
cn: Tomcat Administrator
mail: [EMAIL PROTECTED]
userPassword: tcsecret

# Define an entry for Tomcat Manager
dn: uid=tcmgr,ou=people,o=cymulacrum
objectClass: inetOrgPerson
uid: tcmgr
sn: Manager
cn: Tomcat Manager
mail: [EMAIL PROTECTED]

=== End LDIF file ===

My Realm definition is inside server.xml, and it looks like this:

<!-- Cymulacrum JNDI Realm -->

     <Realm   className="org.apache.catalina.realm.JNDIRealm" debug="99"
          connectionURL="ldap://localhost:389";
            userPattern="uid={0},ou=people,o=cymulacrum"
               roleBase="ou=groups,o=cymulacrum"
               roleName="cn"
             roleSearch="(uniqueMember={0})"
      />

What am I doing wrong ?



--
============================================================================
                               Chris Egolf
             http://www.ugholf.net     [EMAIL PROTECTED]
============================================================================


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to