tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Scott Blanchard" <Blanch...@medinst.com>
Subject JNDI Realm
Date Fri, 08 Aug 2003 20:39:52 GMT
I am having trouble setting up the JNDI Realm in tomcat (I am using
4.1.27).

I can bind  to the ldap server, authenticate the user, but when it goes
to checking roles, I am unsure how to organize my directory, and what
the application wants back when it does a filtered search.  My ldap
server is Novell Netware 6 eDirectory.  I want to test the JNDI for the
Admin and Manager functions of tomcat first, then set it up for my own
applicatons.

I have a context called ou=zpar,o=med that I have two users defined
cn=adminx,ou=zpar,o=med
cn=test,ou=zpar,o=med

I also have two groups setup that test is a member of:

cn=admin,ou=zpar,o=med
cn=manager,ou=zpar,o=med

This is my Realm definition in server.xml
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="0"
	connectionURL="ldap://192.168.1.23:389"
	connectionName="cn=adminx,ou=zpar,o=med"
	connectionPassword="zparpwd"
	userPattern="cn={0},ou=zpar,o=med"
	roleBase="ou=zpar,o=med"
	roleName="cn"
	roleSearch="(uniqueMember={0})"
	/>

This is a snip of my ldap trace log from the ldap server when tomcat
connects:

DoSearch on connection 0xc9206aa0
Search request:
	base: "ou=zpar,o=med"
	scope:1  derefence:3  sizelimit:0  timelimit:0  attrsonly:0
	filter: "(uniqueMember=cn=test,ou=zpar,o=med)"
	attribute: "cn"
Sending search result entry "cn=manager,ou=zpar,o=med" to connection
0xc9206aa0
Sending search result entry "cn=admin,ou=zpar,o=med" to connection
0xc9206aa0
Sending operation result 0:"":"" to connection 0xc9206aa0

This is a snip from my catalina log (note: there is a bug that I
reported in JNDIRealm.java that crashes when using debug > 2 in the
getRoles() method), so I can't figure out what is setup right so I can
continue.  Any thoughts?

2003-08-07 22:23:16 JNDIRealm[Standalone]: lookupUser(test)
2003-08-07 22:23:16 JNDIRealm[Standalone]:   dn=cn=test,ou=zpar,o=med
2003-08-07 22:23:16 JNDIRealm[Standalone]:   validating credentials by
binding as the user
2003-08-07 22:23:16 JNDIRealm[Standalone]:   binding as
cn=test,ou=zpar,o=med
2003-08-07 22:23:16 JNDIRealm[Standalone]: Username test successfully
authenticated
2003-08-07 22:23:16 JNDIRealm[Standalone]:  
getRoles(cn=test,ou=zpar,o=med)
2003-08-07 22:23:16 JNDIRealm[Standalone]:   Searching role base
'ou=zpar,o=med' for attribute 'cn'
2003-08-07 22:23:16 JNDIRealm[Standalone]:   With filter expression
'(uniqueMember=cn=test,ou=zpar,o=med)'
2003-08-07 22:23:16 JNDIRealm[Standalone]:   retrieving values for
attribute cn
2003-08-07 22:23:16 JNDIRealm[Standalone]:   retrieving values for
attribute cn
2003-08-07 22:23:16 CoyoteAdapter An exception or error occurred in the
container during the request processing
java.lang.NullPointerException
	at
org.apache.catalina.realm.JNDIRealm.getRoles(JNDIRealm.java:1282)
               ...more modules in the exception....

Scott Blanchard
IT Manager
MED Institute, Inc.
West Lafayette, IN  47906
Ph: (765) 463-7537
FAX: (765) 497-0641

Mime
View raw message