On Wed, 2007-07-25 at 22:19 +0200, Rainer Jung wrote:
> Hi Scott,
>
> your post subject is a little generic :)
>
> The code shows, that the various realm classes only log additional
> things for the following debug values:
>
> DataSourceRealm.java: debug >= 2
>
> JAASMemoryLoginModule.java: debug>0
>
> JDBCRealm.java: debug >= 2
>
> JNDIRealm.java: debug 1, 2, 3, 4
>
> UserDatabaseRealm.java: debug >= 2
>
> For the JNDIRalm possible log statements (without the surrounding
> context) are (no guarantees):
>
> debug >= 1
>
> "Closing directory context"
>
> "Connecting to URL " + connectionURL
>
> "Connecting to URL " + alternateURL
>
> debug >= 2
>
> "lookupUser(" + username + ")"
>
> sm.getString("jndiRealm.authenticateSuccess",
> user.username)
> sm.getString("jndiRealm.authenticateFailure",
> user.username)
>
> " getRoles(" + dn + ")"
>
> " Returning " + list.size() + " roles"
> " Found role " + list.get(i)
> " getRoles about to return null "
>
> debug >= 3
>
> " dn=" + dn
>
> " username not found"
>
> " entry found for " + username + " with dn " + dn
>
> " validating credentials"
>
> " validating credentials by binding as the user"
>
> " binding as " + dn
>
> " bind attempt failed"
>
> " Searching role base '" + roleBase + "' for attribute '" +
> roleName + "'"
> " With filter expression '" + filter + "'"
>
> " retrieving attribute " + attrId
>
> " retrieving values for attribute " + attrId
>
>
> debug > 3
>
> " Searching for " + username
> " base: " + userBase + " filter: " + filter
>
> HTH. TC 5.0 now is only under security maintenance. No real chance to
> get the logging in better shape. If you want to have a look at the
> class, it is
>
> container/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java
>
> in a download, resp.
>
> http://svn.apache.org/repos/asf/tomcat/container/branches/tc5.0.x/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java
>
> in the subversion code repository.
>
> Regards,
>
> Rainer
>
> Scott McClanahan wrote:
> > I've inherited a tomcat 5.0.28 server setup to use ldap as an
> > authentication realm. In the server.xml I see this:
> >
> > <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
> >
> > What are valid values for debug within a realm? Currently a massive
> > amount of ldap lookup and connection details are being logged and I
> > don't think it is necessary. Thanks.
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
Thanks. You're the man! I'll remember your advice about the subject
line in the future.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
