Tim Funk wrote:
> To use JNDIRealm with Netscape Directory server you need the 4.1.X
> series of tomcat and you need to bind as the user. So do not provide
> connectionName and connection password.
Actually it's userPassword that should not be provided if you want
JNDIRealm to bind as the user for authentication. connectionName and
connectionPassword will still be used if provided to retrieve role
information and to search the directory for the user's entry if
required, but are optional.
This is documented in some detail in the realm howto included with 4.1.8
and later.
John.
>
>
> In the 4.0.X series the passwords are compared in an incompatible
> manner with respect to Netscape Dir server.
>
> - - wrote:
>
>> hi
>> This looks long but it's actually straightforward.
>>
>> I can't get the JNDIRealm config to work Netscape Directory Server 3.1.
>>
>> I suspect the conf. of the JNDIRealm elment is wrong but don't know why.
>> I have a LDIF file exported from Netscape Directory Server 3.1 which
>> define(loosely speaking)
>>
>> - an admin user that I use in JNDIRealm for initial connection
>>
>> - a sales person
>>
>> - a SalesGroup role which has sales person as a member
>>
>> Other stuff removed for clarity.
>>
>>
>>
>> dn: uid=admin,o=company.com
>>
>> objectclass: top
>>
>> objectclass: person
>>
>> objectclass: organizationalperson
>>
>> objectclass: inetorgperson
>>
>> cn: SuiteSpot Administrator
>>
>> sn: Administrator
>>
>> givenname: SuiteSpot
>>
>> uid: admin
>>
>> userpassword: {SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=
>>
>>
>>
>>
>>
>> dn: uid=salesID,o=company.com
>>
>> objectclass: top
>>
>> objectclass: person
>>
>> objectclass: organizationalPerson
>>
>> objectclass: inetOrgPerson
>>
>> objectclass: nsLicenseUser
>>
>> givenname: salesFir
>>
>> sn: salesSur
>>
>> cn: salesFul
>>
>> uid: salesID
>>
>> userpassword: {SHA}W6ph5Mm5Pz8GgiULbPgzG37mj9g=
>>
>>
>>
>>
>>
>> dn: cn=SalesGroup,o=company.com
>>
>> objectclass: top
>>
>> objectclass: groupOfUniqueNames
>>
>> cn: SalesGroup
>>
>> uniquemember: uid=salesID,o=company.com
>>
>>
>>
>> So my JNDIRealm config is,
>>
>> <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
>>
>> connectionName="uid=admin,o=company.com"
>>
>> connectionPassword="password"
>>
>> connectionURL="ldap://localhost:390";
>>
>> roleName="cn"
>>
>> roleSearch="(uniquemember={0})"
>>
>> roleSubtree="true"
>>
>> userPassword="userpassword"
>>
>> userPattern="uid={0},o=company.com"
>>
>> />
>>
>> I have tried many combinations of patterns and attributes in the
>> above configuration but none worked.
>>
>> The initial connection and authentication using admin seemed to work OK.
>>
>> But I can't get it to authenticate the sales person/salesGroup.
>>
>> I enter the salesID as the username and its password in the auth.
>> dialog box
>>
>>
>>
>> web.xml has
>>
>>
>> <security-constraint>
>>
>> <web-resource-collection>
>>
>> <web-resource-name>Sales</web-resource-name>
>>
>> <url-pattern>/jsp/SalesIndex.jsp</url-pattern>
>>
>> </web-resource-collection>
>>
>> <auth-constraint>
>>
>> <role-name>SalesGroup</role-name>
>>
>> </auth-constraint>
>>
>> </security-constraint>
>>
>> <login-config>
>>
>> <auth-method>DIGEST</auth-method>
>>
>> <realm-name>SID</realm-name>
>>
>> </login-config>
>>
>> <security-role>
>>
>> <role-name>SalesGroup</role-name>
>>
>> </security-role>
>>
>>
>>
>> Thanks very much
>>
>>
>>
>> ---------------------------------
>> Do You Yahoo!?
>> Yahoo! Health - Feel better, live better
>
>
>
>
> --
> To unsubscribe, e-mail:
> <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
> <mailto:[EMAIL PROTECTED]>
>
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
