I still don't know the answer to the questions I originally posed below, if
anyone can help, I'd very much appreciate it, but one way to get around this
issue (for me, at least) would be able to do an ldap subquery for group
membership. I suspect this is not possible, but I have been unable to find a
definitive answer. I can't get a test to work with ldapsearch.
Eg, to search for group membership of a one-deep group, you could do something
like this:
(member=(member={0}))
and then to get all groups the user is in directly or one-deep, you'd do this:
|(member={0})(member=(member={0}))
I can't get this to work. I suspect it's illegal/unsupported, but I'm not sure.
________________________________
From: Payne, George (ghp5h)
Sent: Friday, July 31, 2009 9:17 AM
To: users@tomcat.apache.org
Subject: JNDIRealm and roleNested
I’ve discovered that there is apparently a fairly recent patch (3 mos old now)
to JNDIRealm to allow searches for nested ldap groups, which sounds like a
functionality I very much need to be able use my domino server’s ldap.
My question, for someone wiser in the ways of tomcat releases, is how exactly I
can best GET this new patch and what state it is in (alpha? Tomcat 6?
Catalina.jar? ), since I do not understand the subversion system it is in. The
patch, by Rainier Jung, is referenced here:
http://marc.info/?l=tomcat-dev&m=124085853600925&q=raw
or
http://mail-archives.apache.org/mod_mbox/tomcat-dev/200904.mbox/%3c20090427185457.0ccf82388...@eris.apache.org%3e
Alternately, is there a better option to convert nested ldap groups to roles
(eg if Bob is in the NevadaSales Group and the NevadaSales group is nested in
the NationalSales group, if Bob is logged in and I check
isUserInRole(“NationalSales”), it returns true)? I very much like the RHEL yum
auto-updating scheme I would have to abandon to move (I think) to tomcat 6
(they are still on a version of 5.5).
Thanks for any wisdom,
George Payne
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
