Problems getting roles in JNDI Realm

Sat, 07 Sep 2002 07:19:12 -0700 

I'm trying to get a realm set up via JNDI to an Openldap server. Here is 
my current server.xml config.

                   <Realm   
className="org.apache.catalina.realm.JNDIRealm" debug="99"
                    connectionURL="ldap://vdc.fas.harvard.edu:389";
                    userPattern="uid={0},ou=vdcid,ou=hmdc,o=vdc"
                    roleBase="o=vdc"
                    roleSubtree="true"
                    roleName="vdcGroup"
                    roleSearch="(member={0})"
                    digest="SHA"
            />

I'm using "vdcGroup" entries to store unique member attributes named 
'member'. I can do this search using straight JNDI in a Test Java 
Application. But the realm will not return the vdcGroups that jadmin is 
a member of. Is there something obvious I am missing?

-Mark

2002-09-07 10:40:51 JNDIRealm[Standalone]: Connecting to URL 
ldap://vdc.fas.harvard.edu:389
2002-09-07 10:41:11 JNDIRealm[Standalone]: lookupUser(jadmin)
2002-09-07 10:41:11 JNDIRealm[Standalone]:   
dn=uid=jadmin,ou=vdcid,ou=hmdc,o=vdc
2002-09-07 10:41:11 JNDIRealm[Standalone]:   validating credentials by 
binding as the user
2002-09-07 10:41:11 JNDIRealm[Standalone]:   binding as 
uid=jadmin,ou=vdcid,ou=hmdc,o=vdc
2002-09-07 10:41:11 JNDIRealm[Standalone]: Username jadmin successfully 
authenticated
2002-09-07 10:41:11 JNDIRealm[Standalone]:   
getRoles(uid=jadmin,ou=vdcid,ou=hmdc,o=vdc)
2002-09-07 10:41:11 JNDIRealm[Standalone]:   Searching role base 'o=vdc' 
for attribute 'vdcGroup'
2002-09-07 10:41:11 JNDIRealm[Standalone]:   With filter expression 
'(member=uid=jadmin,ou=vdcid,ou=hmdc,o=vdc)'
2002-09-07 10:41:11 JNDIRealm[Standalone]:   Returning 0 roles
2002-09-07 10:41:12 JNDIRealm[Standalone]: Username jadmin does NOT have 
role tomcat
2002-09-07 10:41:12 JNDIRealm[Standalone]: Username jadmin does NOT have 
role role1
2002-09-07 10:41:12 JNDIRealm[Standalone]: Username jadmin does NOT have 
role administrators


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Reply via email to