geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Jencks (JIRA)" <>
Subject [jira] Updated: (GERONIMO-4513) LDAP Realm Improvements
Date Wed, 23 Sep 2009 23:40:16 GMT


David Jencks updated GERONIMO-4513:

    Fix Version/s:     (was: 2.2)
                   Wish List

great feature, need a patch or some time.

> LDAP Realm Improvements
> -----------------------
>                 Key: GERONIMO-4513
>                 URL:
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: security
>    Affects Versions: 2.1.3
>            Reporter: J├╝rgen Weber
>            Priority: Blocker
>             Fix For: Wish List
> I suggest several important improvements to the LDAP Realm, generally LDAP Realm should
support the features of Tomcat's JNDIRealm (
> 1. a plan should be deployable from the console
> 2. LDAP Realm should allow anonymous bind (this is cause for "blocker")
> 3. I guess "User Role Search String" means a user attribute the role names are taken
from (same as Tomcat's userRoleName property). If this is set, all other role-related attributes
should not be necessary. Generally, it should not be necessary to have role-related attributes
at all, if you only want the users to log in, but have <role-name>*</role-name>
> 4. if "Role User Search String" is empty, there is the wrong error message "option-roleSearchMatching
must not be empty"
> There is no Role SearchMatching on the dialog
> 5. On the Test Results page: if the test fails, there is only
> 	Login Failed: LDAP Error
>     There should also be the error message and even stacktrace (right now it's in the
server log)

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message