On Wed, 2007-07-25 at 22:19 +0200, Rainer Jung wrote: > Hi Scott, > > your post subject is a little generic :) > > The code shows, that the various realm classes only log additional > things for the following debug values: > > DataSourceRealm.java: debug >= 2 > > JAASMemoryLoginModule.java: debug>0 > > JDBCRealm.java: debug >= 2 > > JNDIRealm.java: debug 1, 2, 3, 4 > > UserDatabaseRealm.java: debug >= 2 > > For the JNDIRalm possible log statements (without the surrounding > context) are (no guarantees): > > debug >= 1 > > "Closing directory context" > > "Connecting to URL " + connectionURL > > "Connecting to URL " + alternateURL > > debug >= 2 > > "lookupUser(" + username + ")" > > sm.getString("jndiRealm.authenticateSuccess", > user.username) > sm.getString("jndiRealm.authenticateFailure", > user.username) > > " getRoles(" + dn + ")" > > " Returning " + list.size() + " roles" > " Found role " + list.get(i) > " getRoles about to return null " > > debug >= 3 > > " dn=" + dn > > " username not found" > > " entry found for " + username + " with dn " + dn > > " validating credentials" > > " validating credentials by binding as the user" > > " binding as " + dn > > " bind attempt failed" > > " Searching role base '" + roleBase + "' for attribute '" + > roleName + "'" > " With filter expression '" + filter + "'" > > " retrieving attribute " + attrId > > " retrieving values for attribute " + attrId > > > debug > 3 > > " Searching for " + username > " base: " + userBase + " filter: " + filter > > HTH. TC 5.0 now is only under security maintenance. No real chance to > get the logging in better shape. If you want to have a look at the > class, it is > > container/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java > > in a download, resp. > > http://svn.apache.org/repos/asf/tomcat/container/branches/tc5.0.x/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java > > in the subversion code repository. > > Regards, > > Rainer > > Scott McClanahan wrote: > > I've inherited a tomcat 5.0.28 server setup to use ldap as an > > authentication realm. In the server.xml I see this: > > > > <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" > > > > What are valid values for debug within a realm? Currently a massive > > amount of ldap lookup and connection details are being logged and I > > don't think it is necessary. Thanks. > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
Thanks. You're the man! I'll remember your advice about the subject line in the future. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]