Sorry to jump in on this discussion. But I think people with LDAP experience are having a look on it.
> > <Realm className="org.apache.catalina.realm.JNDIRealm" > > debug="999" > > connectionName="cn=Directory Manager" > > connectionPassword="mypassword" > > connectionURL="ldap://192.168.90.120:11592" > > roleBase="dc=my-company,dc=com" > > roleName="uid" > > roleSearch="(uid={0})" > > roleSubtree="false" > > userPassword="userPassword" > > userPattern="uid={0}, ou=People, dc=my-company, > > dc=com" > > /> As he has almost the same declaration like I, I'm wondering why in my case the query gets sent to the OpenLDAP server, but uid=(0) is not changed to the users name. <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" connectionURL="ldap://localhost" userPattern="uid=(0),ou=people,dc=yikester,dc=net" roleBase="ou=groups,dc=yikester,dc=net" roleName="cn" roleSearch="(uniqueMember=(0))" userPassword="userPassword" /> On the OpenLDAP server I see in the logfile: SRCH base="uid=(0),ou=people,dc=yikester,dc=net" scope=0 filter="(objectClass=*)" Can it be that this code in Tomcat still is very new and not many people are using it? Stephan -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>