geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Jencks (JIRA)" <>
Subject [jira] Commented: (GERONIMO-4513) LDAP Realm Improvements
Date Mon, 27 Jul 2009 06:24:15 GMT


David Jencks commented on GERONIMO-4513:

Any chance you could supply a patch, at least for the login module?  Working on this would
be 10X easier for someone who already has ldap set up.

> LDAP Realm Improvements
> -----------------------
>                 Key: GERONIMO-4513
>                 URL:
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: security
>    Affects Versions: 2.1.3
>            Reporter: J├╝rgen Weber
>            Priority: Blocker
>             Fix For: 2.2
> I suggest several important improvements to the LDAP Realm, generally LDAP Realm should
support the features of Tomcat's JNDIRealm (
> 1. a plan should be deployable from the console
> 2. LDAP Realm should allow anonymous bind (this is cause for "blocker")
> 3. I guess "User Role Search String" means a user attribute the role names are taken
from (same as Tomcat's userRoleName property). If this is set, all other role-related attributes
should not be necessary. Generally, it should not be necessary to have role-related attributes
at all, if you only want the users to log in, but have <role-name>*</role-name>
> 4. if "Role User Search String" is empty, there is the wrong error message "option-roleSearchMatching
must not be empty"
> There is no Role SearchMatching on the dialog
> 5. On the Test Results page: if the test fails, there is only
> 	Login Failed: LDAP Error
>     There should also be the error message and even stacktrace (right now it's in the
server log)

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message