geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jürgen Weber (JIRA) <>
Subject [jira] Commented: (GERONIMO-5125) Enable connecting to a ldap server anonymously on console
Date Wed, 24 Feb 2010 09:02:28 GMT


Jürgen Weber commented on GERONIMO-5125:

> It appears to me that no one would ever want to use anonymously LDAP access in production

a) if you only want to check if the user has entered a valid password it is good practice
to bind with the user's credentials, without having the need of a technical user.

b) an organisation might well keep the users' roles within the user entries, so one immediately
gets the roles without having to traverse a role tree. So again, one can bind with the user's
Tomcat supports this pattern, see the userRoleName attribute, don't know if Geronimo does.

> Enable connecting to a ldap server anonymously on console
> ---------------------------------------------------------
>                 Key: GERONIMO-5125
>                 URL:
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: console
>    Affects Versions: 2.2
>         Environment: OS:windows 7
> Geronimo:2.1.5-SNAPSHOT
>            Reporter: Lu Jiang
> After resorving GERONIMO-4997 , ,Connecting
to a ldap server anonymous is actually supported.
> But we can not generate a security realm file on console wizard if we try to connect
the ldap server anonymously
> Steps to reproduce:
> 1. click Security->Security Realms->Add new security realm
> 2.Enter a unique name for the relam file and choose LDAP Realm,click next.
> 3.input all useful information like connectionURL,userBase,etc..according to your ldap
server configuration.but Leave the input box for Connect Username and Connect password blank,then
click next.
> An waring box will occur saying:option-ConnectionUsername must not be empty.And I cann't
generate a realm file successfully if no user name and password is provided.
> I think since we can connect to it in an anonymous way.It's not a must to provide user
name and password on console.It would be  better to  provide a way to enable this :)

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message