Frederic > # Define an entry to base role searches on > dn: dc=roles,dc=mycompany,dc=com > cn: roles > objectClass: person > sn: Roles Entry
This entry has the wrong object class - should be dcObject. Probably it has not been created in the directory, so the role search is failing with the "no such object error" you are seeing. You should have seen an error when you tried to load the LDIF file, by the way. You can check whether it has been created using the ldapsearch utility. John At 09:29 27/02/02, Fredrick Rinald wrote >Hello, > >Please help me. >I'm a french student and I need to implement LDAP authentication with >tomcat 4 for my project. The user authentication is correct but the >authorization failed because of the role search. Tomcat is unable to get >the corresponding role in my ldap directory. > >Here's my LDAP directory definition (I use openldap): > > include /usr/local/etc/openldap/schema/core.schema > pidfile /usr/local/var/slapd.pid > argsfile /usr/local/var/slapd.args > database ldbm > suffix dc="mycompany",dc="com" > rootdn "cn=Manager,dc=mycompany,dc=com" > directory /usr/local/var/openldap-ldbm > rootpw secret > index objectClass eq > > >Here's my LDAP directory (LDIF file): > > dn : dc=mycompany,dc=com > objectclass: dcObject > objectclass: organization > o: Example Company > > # Define a user named 'tomcat' > dn: cn=tomcat,dc=mycompany,dc=com > cn: tomcat > userPassword: tomcat > sn: Tomcat User > objectClass: person > > # Define a user named 'role1' > dn: cn=role1,dc=mycompany,dc=com > cn: role1 > userPassword: tomcat > sn: Role1 User > objectClass: person > > # Define a user named 'both' > dn: cn=both,dc=mycompany,dc=com > cn: both > userPassword: tomcat > sn: Both User > objectClass: person > > # Define an entry to base role searches on > dn: dc=roles,dc=mycompany,dc=com > cn: roles > objectClass: person > sn: Roles Entry > > # Define all members of the 'tomcat' role > dn: cn=tomcat,dc=roles,dc=mycompany,dc=com > cn: tomcat > objectClass: groupOfUniqueNames > uniqueMember: cn=tomcat,dc=mycompany,dc=com > uniqueMember: cn=both,dc=mycompany,dc=com > > # Define all members of the 'role1' role > dn: cn=role1,dc=roles,dc=mycompany,dc=com > cn: role1 > objectClass: groupOfUniqueNames > uniqueMember: cn=role1,dc=mycompany,dc=com > uniqueMember: cn=both,dc=mycompany,dc=com > > >Here's my Tomcat 4 REALM declaration : > > > <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" > connectionName="cn=Manager,dc=mycompany,dc=com" > connectionPassword="secret" > connectionURL="ldap://localhost"; > roleBase="dc=roles" > roleName="cn" > roleSearch="(uniqueMember={0})" > roleSubtree="false" > userPassword="userPassword" > userPattern="cn={0},dc=mycompany,dc=com" > /> > >Here's my catalina_log.2002-02-27.txt file : > > > 2002-02-27 10:15:46 HttpConnector Opening server socket on all host > IP addresses > 2002-02-27 10:15:46 JNDIRealm[Standalone]: Connecting to URL > ldap://localhost > 2002-02-27 10:15:59 HttpConnector[8080] Starting background thread > 2002-02-27 10:15:59 HttpProcessor[8080][1] Starting background thread > 2002-02-27 10:15:59 HttpProcessor[8080][0] Starting background thread > 2002-02-27 10:15:59 HttpProcessor[8080][2] Starting background thread > 2002-02-27 10:15:59 HttpProcessor[8080][3] Starting background thread > 2002-02-27 10:15:59 HttpProcessor[8080][4] Starting background thread > 2002-02-27 10:16:19 JNDIRealm[Standalone]: getUserDN(tomcat) > 2002-02-27 10:16:19 JNDIRealm[Standalone]: > dn=cn=tomcat,dc=mycompany,dc=com > 2002-02-27 10:16:19 JNDIRealm[Standalone]: retrieving attribute > userPassword > 2002-02-27 10:16:19 JNDIRealm[Standalone]: retrieving value > 2002-02-27 10:16:19 JNDIRealm[Standalone]: validating credentials > 2002-02-27 10:16:19 JNDIRealm[Standalone]: Username tomcat > successfully authenticated > 2002-02-27 10:16:19 JNDIRealm[Standalone]: > getRoles(cn=tomcat,dc=mycompany,dc=com) > 2002-02-27 10:16:19 JNDIRealm[Standalone]: Searching role base > 'dc=roles' for attribute 'cn' > 2002-02-27 10:16:19 JNDIRealm[Standalone]: With filter expression > '(uniqueMember=cn=tomcat,dc=mycompany,dc=com)' > 2002-02-27 10:16:19 JNDIRealm[Standalone]: Exception performing > authentication > javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such > Object]; remaining name 'dc=roles' > at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2761) > at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2682) > at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2488) > at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1660) > at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1583) > at > >com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:371) > at > >com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:331) > at > >com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:316) > at > >javax.naming.directory.InitialDirContext.search(InitialDirContext.java:241) > at org.apache.catalina.realm.JNDIRealm.getRoles(Unknown Source) > at org.apache.catalina.realm.JNDIRealm.authenticate(Unknown Source) > at org.apache.catalina.realm.JNDIRealm.authenticate(Unknown Source) > at > org.apache.catalina.authenticator.FormAuthenticator.authenticate(Unknown > Source) > at > org.apache.catalina.authenticator.AuthenticatorBase.invoke(Unknown > Source) > at org.apache.catalina.core.StandardPipeline.invokeNext(Unknown > Source) > at org.apache.catalina.core.StandardPipeline.invoke(Unknown Source) > at org.apache.catalina.core.ContainerBase.invoke(Unknown Source) > at org.apache.catalina.core.StandardContext.invoke(Unknown Source) > at org.apache.catalina.core.StandardHostValve.invoke(Unknown Source) > at org.apache.catalina.core.StandardPipeline.invokeNext(Unknown > Source) > at org.apache.catalina.valves.AccessLogValve.invoke(Unknown Source) > at org.apache.catalina.core.StandardPipeline.invokeNext(Unknown > Source) > at org.apache.catalina.core.StandardPipeline.invoke(Unknown Source) > at org.apache.catalina.core.ContainerBase.invoke(Unknown Source) > at org.apache.catalina.core.StandardEngineValve.invoke(Unknown > Source) > at org.apache.catalina.core.StandardPipeline.invokeNext(Unknown > Source) > at org.apache.catalina.core.StandardPipeline.invoke(Unknown Source) > at org.apache.catalina.core.ContainerBase.invoke(Unknown Source) > at > org.apache.catalina.connector.http.HttpProcessor.process(Unknown Source) > at org.apache.catalina.connector.http.HttpProcessor.run(Unknown > Source) > at java.lang.Thread.run(Thread.java:484) > > 2002-02-27 10:16:19 JNDIRealm[Standalone]: Closing directory context > >Thank you for helping me. It's very important because it's an important >part of the work that I need to do in my training period. >------------------------------------------------------------------------ >Frédéric RINALDI, [EMAIL PROTECTED], INRIA, FRANCE >------------------------------------------------------------------------ > -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
