I have a configuration that is not covered in the JNDIRealm HOWTO, and was wondering if someone else has tried this before :
I am using OpenLDAP 2.1.22 on Red Hat 9. For the DN, I am using the CN instead of the UID (i.e., dn: cn=Zhu De,ou=People,o=Cymulacrum instead of uid=zhude,ou=People,o=Cymulacrum), and the roles recognized by Tomcat are in the Groups OU.
My question : how do I setup a Tomcat JNDI Realm such that it looks up roles based on the UID instead of the DN ? In the JNDIRealm HOWTO, the instructions assume that the DN is using the UID instead of the CN. For the userSearch, I would substitute with (uid={0}), since I need to do a search and comparison with an attribute. But to retrieve the role ... I'm not so sure about how to do this. I'm thinking that the stanza below would not work (no, I haven't tried it yet). Does anyone know how it should look ?
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
connectionURL="ldap://localhost:389";
userBase="ou=people,o=Cymulacrum"
userSearch="(uid={0})"
userRoleName="memberOf"
roleBase="ou=groups,o=Cymulacrum"
roleName="cn"
roleSearch="(uniqueMember={0})"
/>Using the CN instead of the UID for the DN is actually (in my experience anyway) quite common -- Lotus Domino/Notes uses the CN for logging in, and Novell eDirectory too (though I suppose both can be configured to use the UID instead).
Thanks in advance,
pascal chong
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
