Hi,
I have really tried to get to the bottom of this without resorting to
the list but this should work but it doesn't.
Tomcat v 5.5.4
OpenLDAP
I have the Realm configured in server.xml as:
<Realm className="org.apache.catalina.realm.JNDIRealm"
connectionURL="ldap://localhost:389";
userPattern="uid={0},ou=iuap,dc=becta,dc=org"
userRoleName="memberOf"
/>
Entry in LDAP
# User1 entry with TOMCAT roles 'admin' and 'manager'
dn: uid=user1,ou=iuap,dc=becta,dc=org
objectClass: iuapPerson
sn: user1
cn: super user1
uid: user1
mail: [EMAIL PROTECTED]
userPassword: secret
memberOf: admin
memberOf: manager
Produces the following in the logs when I try it against the manager
application:
Security checking request GET /manager/html
Checking constraint 'SecurityConstraint[HTMLManger and Manager command]'
against GET /html --> true
Calling hasUserDataPermission()
User data constraint has no restrictions
Calling authenticate()
retrieving values for attribute memberOf
validating credentials by binding as the user
binding as uid=user1,ou=iuap,dc=becta,dc=org
Username user1 successfully authenticated
getRoles(uid=user1,ou=iuap,dc=becta,dc=org)
Authenticated 'user1' with type 'BASIC'
Calling accessControl()
Checking roles GenericPrincipal[user1()]
*Username user1 does NOT have role manager
No role found: manager
Failed accessControl() test
*As you can see the roles are not being picked up.
Any ideas?
TIA
Regards
Paul Worrall
Portal Technology and Innovation
BECTA
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.
www.mimesweeper.com
**********************************************************************
