tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gary <gzh...@gmail.com>
Subject question about JNDIRealm and OpenLDAP with access control
Date Wed, 15 Feb 2006 17:28:17 GMT
Hi,

I have JDNIRealm set in the context.xml like this

<Context path="/project" docBase="project" debug="99">         
    <Realm   className="org.apache.catalina.realm.JNDIRealm" debug="99"
         connectionURL="ldap://localhost:389"
           userPattern="uid={0},ou=people,dc=example,dc=com"
          userRoleName="affiliation" />
</Context>

Authentication works fine until I added this to slapd.conf

access to *
       by anonymous auth
       by users read


Because I don't want to let anonymous users query ldap.

Now when I login, I get http status 403 (access denied).

Without ldap access control set, request.getUserPrincipal() prints
this: GenericPrincipal[gary(member,)]
but with access control, it print this: GenericPrincipal[gary()]

Not sure why the role information would be missing.
I am using tomcat 5.5.15, openldap 2.2.29

Thanks,
Gary

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message