tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Paul Worrall" <Paul.Worr...@becta.org.uk>
Subject Can not get roles to resolve in LDAP Realm
Date Mon, 07 Feb 2005 12:16:53 GMT
Hi,

 

I have really tried to get to the bottom of this without resorting to
the list but this should work but it doesn't.

 

Tomcat v 5.5.4

OpenLDAP 

 

I have the Realm configured in server.xml as:

 

<Realm className="org.apache.catalina.realm.JNDIRealm"

                        connectionURL="ldap://localhost:389"

                        userPattern="uid={0},ou=iuap,dc=becta,dc=org"

                        userRoleName="memberOf"

                        />

 

Entry in LDAP

# User1 entry with TOMCAT roles 'admin' and 'manager'

dn: uid=user1,ou=iuap,dc=becta,dc=org

objectClass: iuapPerson

sn: user1

cn: super user1

uid: user1

mail: user1@becta.org

userPassword: secret

memberOf: admin

memberOf: manager

 

 

Produces the following in the logs when I try it against the manager
application:

Security checking request GET /manager/html

Checking constraint 'SecurityConstraint[HTMLManger and Manager command]'
against GET /html --> true

Calling hasUserDataPermission()

User data constraint has no restrictions

Calling authenticate()

retrieving values for attribute memberOf

validating credentials by binding as the user

binding as uid=user1,ou=iuap,dc=becta,dc=org

Username user1 successfully authenticated

getRoles(uid=user1,ou=iuap,dc=becta,dc=org)

Authenticated 'user1' with type 'BASIC'

Calling accessControl()

Checking roles GenericPrincipal[user1()]

*Username user1 does NOT have role manager

No role found:  manager

Failed accessControl() test

 

*As you can see the roles are not being picked up.

 

 

Any ideas?

 

TIA 

 

 

Regards

 

 

Paul Worrall

Portal Technology and Innovation

BECTA

 



**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.
www.mimesweeper.com
**********************************************************************


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message