Gary wrote:
Hi,
I have JDNIRealm set in the context.xml like this
<Context path="/project" docBase="project" debug="99">
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
connectionURL="ldap://localhost:389";
userPattern="uid={0},ou=people,dc=example,dc=com"
userRoleName="affiliation" />
</Context>
Authentication works fine until I added this to slapd.conf
access to *
by anonymous auth
by users read
Because I don't want to let anonymous users query ldap.
Now when I login, I get http status 403 (access denied).
Without ldap access control set, request.getUserPrincipal() prints
this: GenericPrincipal[gary(member,)]
but with access control, it print this: GenericPrincipal[gary()]
Not sure why the role information would be missing.
Ok, I think I have this figured out... but correct me if I am wrong.
Authentication and authorization are done separately. The realm setting
I have above
was only able to succeed for the authentication part. And failed on the
authorization part,
it wasn't able to get the user role because my ldap access control
prohibited
read from anonymous users.
After I added connectionName, and connectionPassword to the realm tag.
It was able to use that to get the role information out of ldap.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
