geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jürgen Weber (JIRA) <>
Subject [jira] Created: (GERONIMO-4513) LDAP Realm Improvements
Date Wed, 14 Jan 2009 10:45:00 GMT
LDAP Realm Improvements

                 Key: GERONIMO-4513
             Project: Geronimo
          Issue Type: Bug
      Security Level: public (Regular issues)
          Components: security
    Affects Versions: 2.1.3
            Reporter: Jürgen Weber
            Priority: Blocker
             Fix For: 2.2

I suggest several important improvements to the LDAP Realm, generally LDAP Realm should support
the features of Tomcat's JNDIRealm (

1. a plan should be deployable from the console

2. LDAP Realm should allow anonymous bind (this is cause for "blocker")

3. I guess "User Role Search String" means a user attribute the role names are taken from
(same as Tomcat's userRoleName property). If this is set, all other role-related attributes
should not be necessary. Generally, it should not be necessary to have role-related attributes
at all, if you only want the users to log in, but have <role-name>*</role-name>

4. if "Role User Search String" is empty, there is the wrong error message "option-roleSearchMatching
must not be empty"
There is no Role SearchMatching on the dialog

5. On the Test Results page: if the test fails, there is only
	Login Failed: LDAP Error
    There should also be the error message and even stacktrace (right now it's in the server

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message