tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gary <>
Subject question about JNDIRealm and OpenLDAP with access control
Date Wed, 15 Feb 2006 17:28:17 GMT

I have JDNIRealm set in the context.xml like this

<Context path="/project" docBase="project" debug="99">         
    <Realm   className="org.apache.catalina.realm.JNDIRealm" debug="99"
          userRoleName="affiliation" />

Authentication works fine until I added this to slapd.conf

access to *
       by anonymous auth
       by users read

Because I don't want to let anonymous users query ldap.

Now when I login, I get http status 403 (access denied).

Without ldap access control set, request.getUserPrincipal() prints
this: GenericPrincipal[gary(member,)]
but with access control, it print this: GenericPrincipal[gary()]

Not sure why the role information would be missing.
I am using tomcat 5.5.15, openldap 2.2.29


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message