First i tried to create the LDIF files and import them into OpenLDAP2. This did not work (some error messages i can't remember). Probably the example itself is wrong, probably i had been copy/pasting some non-printing characters into the example, or trailing spaces or whatever. I don't know. There should have been the ldif sources for download to avoid these useless problems.
Then i tried to build the directory with a tool called JXplorer. This did not work, because it ist not possible to set uid to a 'naming value' with the tool. Obviously because uid is not defined as mandatory (MUST) in the schema file.
After getting around all this by building my own subclass it still does not work. The example tells me to set up the JNDIRealm like this:
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
connectionURL="ldap://localhost:389";
userPattern="uid={0},ou=people,dc=mycompany,dc=com"
roleBase="ou=groups,dc=mycompany,dc=com"
roleName="cn"
roleSearch="(uniqueMember={0})"
/>As i said, no positive result. But when i set up the JNDIRealm as follows
<Realm className="org.apache.catalina.realm.JNDIRealm"
debug="9"
connectionURL="ldap://localhost:389";
roleBase="ou=people,dc=mycompany,dc=com"
roleName="cn"
roleSearch="(uniqueMember={0})"
userBase="ou=users,dc=mycompany,dc=com"
userSearch="(uid={0})"
/>
the thing works.I had to read a book about LDAP (LDAP System Administration, O'Reilly), and experiment a lot. I had to convert from a dumb newbie to an LDAP expert, just to get this simple example to work.
A good HOW-TO should provide examples running instantly. This HOW-TO consumed many days of my valuable working time.
Hayo Schmidt
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
