Re: JNDIRealm and 4.1.10 with iPlanet
This was exactly my problem. I had not seen that I needed to do this
while reviewing the documentation. With this help I was able to get
everything working.
It looks like LDAP dynamic groups aren't currently supported by
Tomcat. Does anyone have information that conflicts this? I ended up
using a static group.
---
> Did you protect the resource that you're trying to access with a
> security-constraint in your web.xml?
>
> Jon
>
> - Original Message -
> From: "Douglas L Stewart" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Monday, September 23, 2002 11:31 AM
> Subject: JNDIRealm and 4.1.10 with iPlanet
>
>
> > I'm using Tomcat 4.1.10 trying to authenticate against iPlanet
> > Directory Server 5.0.
> >
> > I've created a Realm inside of the Engine declaration:
> >
> >> debug="999"
> > connectionName="cn=Directory Manager"
> > connectionPassword="mypassword"
> > connectionURL="ldap://192.168.90.120:11592";
> > roleBase="dc=my-company,dc=com"
> > roleName="uid"
> > roleSearch="(uid={0})"
> > roleSubtree="false"
> > userPassword="userPassword"
> > userPattern="uid={0}, ou=People, dc=my-company,
> > dc=com"
> > />
> >
> > I'm getting this in the log when I start Tomcat:
> >
> > 2002-09-23 11:09:49 JNDIRealm[Standalone]: Connecting to URL
> > ldap://192.168.90.120:11592
> >
> > According to the documentation putting the Realm declaration in
the
> > Engine section should make it used globally, but when I try to
view
> > some of my servlets I see nothing in the log and I'm not prompted
for
> > a login, it just shows the page.
> >
> > What am I missing?
> >
> > --
> > To unsubscribe, e-mail:
>
> > For additional commands, e-mail:
>
> >
>
>
> --
> To unsubscribe, e-mail:
> For additional commands, e-mail:
>
>
>
--
To unsubscribe, e-mail:
For additional commands, e-mail:
RE: JNDIRealm and 4.1.10 with iPlanet
Looks like you are using parentheses around the 0 rather than
brackets. That is probably why it is being passed literal rather than
being expanded.
---
> Sorry to jump in on this discussion. But I think people with LDAP
> experience are having a look on it.
>
> > >> > debug="999"
> > > connectionName="cn=Directory Manager"
> > > connectionPassword="mypassword"
> > > connectionURL="ldap://192.168.90.120:11592";
> > > roleBase="dc=my-company,dc=com"
> > > roleName="uid"
> > > roleSearch="(uid={0})"
> > > roleSubtree="false"
> > > userPassword="userPassword"
> > > userPattern="uid={0}, ou=People, dc=my-company,
> > > dc=com"
> > > />
>
> As he has almost the same declaration like I, I'm wondering why in
my
> case the query gets sent to the OpenLDAP server, but uid=(0) is not
> changed to the users name.
>
> connectionURL="ldap://localhost";
> userPattern="uid=(0),ou=people,dc=yikester,dc=net"
> roleBase="ou=groups,dc=yikester,dc=net"
> roleName="cn"
> roleSearch="(uniqueMember=(0))"
> userPassword="userPassword" />
>
> On the OpenLDAP server I see in the logfile:
>
> SRCH base="uid=(0),ou=people,dc=yikester,dc=net" scope=0
> filter="(objectClass=*)"
>
> Can it be that this code in Tomcat still is very new and not many
people
> are using it?
>
> Stephan
>
> --
> To unsubscribe, e-mail:
> For additional commands, e-mail:
>
>
>
--
To unsubscribe, e-mail:
For additional commands, e-mail:
RE: JNDIRealm and 4.1.10 with iPlanet
Sorry to jump in on this discussion. But I think people with LDAP
experience are having a look on it.
> >> debug="999"
> > connectionName="cn=Directory Manager"
> > connectionPassword="mypassword"
> > connectionURL="ldap://192.168.90.120:11592";
> > roleBase="dc=my-company,dc=com"
> > roleName="uid"
> > roleSearch="(uid={0})"
> > roleSubtree="false"
> > userPassword="userPassword"
> > userPattern="uid={0}, ou=People, dc=my-company,
> > dc=com"
> > />
As he has almost the same declaration like I, I'm wondering why in my
case the query gets sent to the OpenLDAP server, but uid=(0) is not
changed to the users name.
ldap://localhost";
userPattern="uid=(0),ou=people,dc=yikester,dc=net"
roleBase="ou=groups,dc=yikester,dc=net"
roleName="cn"
roleSearch="(uniqueMember=(0))"
userPassword="userPassword" />
On the OpenLDAP server I see in the logfile:
SRCH base="uid=(0),ou=people,dc=yikester,dc=net" scope=0
filter="(objectClass=*)"
Can it be that this code in Tomcat still is very new and not many people
are using it?
Stephan
--
To unsubscribe, e-mail:
For additional commands, e-mail:
Re: JNDIRealm and 4.1.10 with iPlanet
Did you protect the resource that you're trying to access with a
security-constraint in your web.xml?
Jon
- Original Message -
From: "Douglas L Stewart" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, September 23, 2002 11:31 AM
Subject: JNDIRealm and 4.1.10 with iPlanet
> I'm using Tomcat 4.1.10 trying to authenticate against iPlanet
> Directory Server 5.0.
>
> I've created a Realm inside of the Engine declaration:
>
>debug="999"
> connectionName="cn=Directory Manager"
> connectionPassword="mypassword"
> connectionURL="ldap://192.168.90.120:11592";
> roleBase="dc=my-company,dc=com"
> roleName="uid"
> roleSearch="(uid={0})"
> roleSubtree="false"
> userPassword="userPassword"
> userPattern="uid={0}, ou=People, dc=my-company,
> dc=com"
> />
>
> I'm getting this in the log when I start Tomcat:
>
> 2002-09-23 11:09:49 JNDIRealm[Standalone]: Connecting to URL
> ldap://192.168.90.120:11592
>
> According to the documentation putting the Realm declaration in the
> Engine section should make it used globally, but when I try to view
> some of my servlets I see nothing in the log and I'm not prompted for
> a login, it just shows the page.
>
> What am I missing?
>
> --
> To unsubscribe, e-mail:
> For additional commands, e-mail:
>
--
To unsubscribe, e-mail:
For additional commands, e-mail:
