I've got a really strange problem that is probably caused by my eyesight. I followed the JNDI Real HowTo on the Jakarta site, and I setup the necessary LDIF file and put the necessary entries inside server.xml. After struggling with various typo errors and configuration mistakes (I was having a migraine at the time), I finally got Tomcat to authenticate with my OpenLDAP server. The trouble is, it cannot find the role, so I always get kicked out with an authorization error.
This is the error I am getting when I try to login to the Tomcat Web Administration page :
2004-03-25 20:42:53 JNDIRealm[Catalina]: lookupUser(tcadmin)
2004-03-25 20:42:53 JNDIRealm[Catalina]: dn=uid=tcadmin,ou=people,o=cymulacrum
2004-03-25 20:42:53 JNDIRealm[Catalina]: validating credentials by binding as the user
2004-03-25 20:42:53 JNDIRealm[Catalina]: binding as uid=tcadmin,ou=people,o=cymulacrum
2004-03-25 20:42:53 JNDIRealm[Catalina]: Username tcadmin successfully authenticated
2004-03-25 20:42:53 JNDIRealm[Catalina]: getRoles(uid=tcadmin,ou=people,o=cymulacrum)
2004-03-25 20:42:53 JNDIRealm[Catalina]: Searching role base 'ou=groups,o=cymulacrum' for attribute 'cn'
2004-03-25 20:42:53 JNDIRealm[Catalina]: With filter expression '\28uniqueMember=uid=tcadmin,ou=people,o=cymulacrum\29'
2004-03-25 20:42:53 JNDIRealm[Catalina]: Returning 0 roles
My LDIF file only has entries for Tomcat administrator and Tomcat Manager :
=== Begin LDIF file === # Define top-level entry dn: o=cymulacrum objectClass: top objectClass: organization o: cymulacrum description: Cymulacrum directory
# Define an entry to contain people dn: ou=people,o=cymulacrum objectClass: organizationalUnit ou: people
# Define an entry for Tomcat Administrator dn: uid=tcadmin,ou=people,o=cymulacrum objectClass: inetOrgPerson uid: tcadmin sn: Administrator cn: Tomcat Administrator mail: [EMAIL PROTECTED] userPassword: tcsecret
# Define an entry for Tomcat Manager dn: uid=tcmgr,ou=people,o=cymulacrum objectClass: inetOrgPerson uid: tcmgr sn: Manager cn: Tomcat Manager mail: [EMAIL PROTECTED]
=== End LDIF file ===
My Realm definition is inside server.xml, and it looks like this:
<!-- Cymulacrum JNDI Realm -->
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
connectionURL="ldap://localhost:389";
userPattern="uid={0},ou=people,o=cymulacrum"
roleBase="ou=groups,o=cymulacrum"
roleName="cn"
roleSearch="(uniqueMember={0})"
/>What am I doing wrong ?
--
"Men never do evil so completely and cheerfully as when they do it from
religious conviction." -- Blaise Pascal
+----------------------------------------------------------------+
| Pascal Chong |
| email: [EMAIL PROTECTED] |
| |
| Please visit my site at : http://cymulacrum.net |
| If you're using my documentation, please read the Terms and |
| and Conditions at http://cymulacrum.net/terms.html |
+----------------------------------------------------------------+
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
