geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Field, John" <>
Subject Support for <distinguished-name> in geronimo-web.xml
Date Fri, 24 May 2013 17:47:02 GMT

I have a Geronimo 3 deployment and I have configured my application to use the LDAPLoginModule
against Fortress (i.e. OpenLDAP).  

I have included a security role as part of the web.xml, and I've successfully mapped that
abstract role to LDAP groups using 

<principal name="myAbstractRoleName" class=">

in my geronimo-web.xml.

However, the configuration option for a <distinguished-name> here does not seem to work.

Does anyone know i this is implemented in the runtime, or perhaps there is something wrong
in my configuration?

Below is a simple geronimo-web.xml configuration that I've done against one of the sample
EJB applications to demonstrate the problem.


<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns=""  xmlns:sec="">

	<dep:environment xmlns:dep="">



			<sec:principal name="anonymous"
				class="" />
			<sec:role role-name="EnmasseSuperUserRole">
				<sec:principal name="EnmasseSuperUser" 
					class="" />
				<sec:principal name="role1" 
					class="" />

				<!-- Support for this does not seem to be implemented: -->				 			
				<sec:distinguished-name name="uid=johnfield,ou=People,dc=jts,dc=us"></sec:distinguished-name>

				<sec:distinguished-name name="cn=EnmasseSuperUser,ou=Roles,ou=RBAC,dc=jts,dc=us"></sec:distinguished-name>
				<sec:distinguished-name name="cn=role1,ou=Roles,ou=RBAC,dc=jts,dc=us"></sec:distinguished-name>
				<!-- This works, but is not my preferred approach. -->				
 				<sec:principal name="johnfield" class=""


View raw message