Hi:I'm currently using Geronimo 2.2 and OpenLDAP: slapd 2.3.43.I’m trying to create an LDAP Security Realm on the Geronimo server that will query my OpenLDAP server. For the most part, it works. However, the realm cannot seem to differentiate between the two different groups on the LDAP server. Resulting in any member being authenticated no matter which group they belong to, which is not what I want. I’m only trying to authenticate users if they are members of the 'CLINICS' group.Here’s how my LDAP is setup:dc=mydomain,dc=on,dc=ca (objectClass=dcObject, organization) ou=groups (objectClass=organizationalUnit) cn=ADMIN (objectClass=groupOfUniqueNames) cn=CLINICS (objectClass=groupOfUniqueNames) uid=User1,ou=people,dc=mydomain,dc=on,dc=ca uid=User2,ou=people,dc=mydomain,dc=on,dc=ca uid=User3,ou=people,dc=mydomain,dc=on,dc=ca cn=SUPPLIERS (objectClass=groupOfUniqueNames) uid=Supplier1,ou=people,dc=mydomain,dc=on,dc=ca uid=Supplier2,ou=people,dc=mydomain,dc=on,dc=ca ou=people (objectClass=organizationalUnit) uid=User1 (objectClass=inetOrgPerson) uid=User2 (objectClass=inetOrgPerson) uid=User3 (objectClass=inetOrgPerson) uid=Supplier1 (objectClass=inetOrgPerson) uid=Supplier1 (objectClass=inetOrgPerson)On the Geronimo Side, here is how I set up my realm:Initial Context Factory: com.sun.jndi.ldap.LdapCtxFactoryConnection URL: ldap://localhost:389Connect Username: cn=someuser,dc=mydomain,dc=on,dc=ca Connect Password: secretConfirm Password: secretConnect Protocol:Authentication: simpleUser Base: ou=people,dc=mydomain,dc=on,dc=ca User Search Matching: uid={0}User Search Subtree: falseRole Base: cn=CLINICS,ou=groups,dc=vpcl,dc=on,dc=caRole Name: cnRole User Search String: uid={0}Role Search Subtree: falseUser Role Search String: memberOf={0}I’ve tried replacing the ‘User Search Matching’ and or the ‘Role User Search String’ with stuff like:(&(uid={0})(cn=CLINICS,ou=groups,dc=mydomain,dc=on,dc=ca)(attr=uniqueMember))But it’s just not working out. On a side note: I do have Apache directives using this LDAP database as well as some PHP Applications. I just don’t know why I can’t get Geronimo to work with it.Any help would be appreciated.Thanks...Fred
-- View this message in context: http://apache-geronimo.328035.n3.nabble.com/Geronino-2-2-LDAP-REALM-OpenLDAP-not-quite-working-tp3986518.html Sent from the Users mailing list archive at Nabble.com.