tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Turner <>
Subject Re: realm-howto.html JNDI OpenLDAP example does not work for me
Date Mon, 28 Jul 2003 14:42:00 GMT

Patches welcome.


Hayo Schmidt wrote:

> I am not able to get the Example in 
> tomcat-docs/realm-howto.html#JNDIRealm to run as is.
> First i tried to create the LDIF files and import them into OpenLDAP2. 
> This did not work (some error messages i can't remember). Probably the 
> example itself is wrong, probably i had been copy/pasting some 
> non-printing characters into the example, or trailing spaces or 
> whatever. I don't know. There should have been the ldif sources for 
> download to avoid these useless problems.
> Then i tried to build the directory with a tool called JXplorer. This 
> did not work, because it ist not possible to set uid to a 'naming value' 
> with the tool. Obviously because uid is not defined as mandatory (MUST)  
> in the schema file.
> After getting around all this by building my own subclass it still does 
> not work. The example tells me to set up the JNDIRealm like this:
> <Realm   className="org.apache.catalina.realm.JNDIRealm" debug="99"
>             connectionURL="ldap://localhost:389"
>            userPattern="uid={0},ou=people,dc=mycompany,dc=com"
>            roleBase="ou=groups,dc=mycompany,dc=com"
>            roleName="cn"
>            roleSearch="(uniqueMember={0})"
> />
> As i said, no positive result. But when i set up the JNDIRealm as follows
>      <Realm className="org.apache.catalina.realm.JNDIRealm"
>             debug="9"
>             connectionURL="ldap://localhost:389"
>             roleBase="ou=people,dc=mycompany,dc=com"
>             roleName="cn"
>             roleSearch="(uniqueMember={0})"
>             userBase="ou=users,dc=mycompany,dc=com"
>             userSearch="(uid={0})"
>      />
> the thing works.
> I had to read a book about LDAP (LDAP System Administration, O'Reilly), 
> and experiment a lot. I had to convert from a dumb newbie to an LDAP 
> expert, just to get this simple example to work.
> A good HOW-TO should provide examples running instantly. This HOW-TO 
> consumed many days of my valuable working time.
> Hayo Schmidt
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message