incubator-jspwiki-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "swhagy (JIRA)" <j...@apache.org>
Subject [jira] Commented: (JSPWIKI-470) need a way to debug role-name and if it is getting passed from the AD
Date Thu, 15 Jan 2009 23:15:59 GMT

    [ https://issues.apache.org/jira/browse/JSPWIKI-470?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12664317#action_12664317
] 

swhagy commented on JSPWIKI-470:
--------------------------------

passing the role-name in webcontainer is an involved process; there should be a way to debug
what information is being passed back to the application:

my config seems correct:
 <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
      		connectionURL="ldap://ad01.smmcorp.local:389"
      		connectionName="cn=wikisvcacct,cn=users,dc=smmcorp,dc=local"
      		connectionPassword="P@ssw0rd!!"
      		referrals="follow"
      		userBase="cn=users,DC=smmcorp,DC=local"
      		userPattern="cn={0}, cn=users,dc=smmcorp,dc=local"
      		roleBase="cn=users,DC=smmcorp,DC=local"
      		roleName="name"
      		roleSearch="(uniqueMember={0})"
      		/>

but not sure  the correct role-name "users" is being passed from AD, the user is not getting
authenticated (he's authorized but gets the forbidden message).


I traced the packets, and seems LDAP is queried for the correct attribut, but not sure if
it's responding correctly:

from jspwiki:
Lightweight Directory Access Protocol
    LDAP Message, Search Request
        Message Id: 6
        Message Type: Search Request (0x03)
        Message Length: 111
        Response In: 129
        Base DN: cn=users,DC=smmcorp,DC=local
        Scope: Single (0x01)
        Dereference: Always (0x03)
        Size Limit: 0
        Time Limit: 0
        Attributes Only: False
        Filter: (uniqueMember=cn=mohamed, cn=users,dc=smmcorp,dc=local)
        Attribute: name

ldap response:
    Source port: ldap (389)
    Destination port: 1160 (1160)
    Sequence number: 2452    (relative sequence number)
    Next sequence number: 2474    (relative sequence number)
    Acknowledgement number: 371    (relative ack number)
    Header length: 20 bytes
    Flags: 0x0018 (PSH, ACK)
    Window size: 65097
    Checksum: 0x7cd0 [correct]
    SEQ/ACK analysis
        This is an ACK to the segment in frame: 128
        The RTT to ACK the segment was: 0.001674000 seconds
Lightweight Directory Access Protocol
    LDAP Message, Search Result
        Message Id: 6
        Message Type: Search Result (0x05)
        Message Length: 7
        Response To: 128
        Time: 0.001674000 seconds
        Result Code: success (0x00)
        Matched DN: (null)
        Error Message: (null)


> need a way to debug role-name and if it is getting passed from the AD
> ---------------------------------------------------------------------
>
>                 Key: JSPWIKI-470
>                 URL: https://issues.apache.org/jira/browse/JSPWIKI-470
>             Project: JSPWiki
>          Issue Type: Improvement
>          Components: Authentication&Authorization
>    Affects Versions: 2.8.1
>         Environment: ad
>            Reporter: swhagy
>            Priority: Minor
>


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message