Return-Path: 
 <users-return-161756-apmail-tomcat-users-archive=tomcat.apache.org@tomcat.apache.org>
Delivered-To: apmail-tomcat-users-archive@www.apache.org
Received: (qmail 42104 invoked from network); 23 Apr 2007 13:29:30 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 23 Apr 2007 13:29:30 -0000
Received: (qmail 84508 invoked by uid 500); 23 Apr 2007 13:29:23 -0000
Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org
Received: (qmail 84490 invoked by uid 500); 23 Apr 2007 13:29:23 -0000
Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@tomcat.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@tomcat.apache.org>
List-Post: <mailto:users@tomcat.apache.org>
List-Id: <users.tomcat.apache.org>
Reply-To: "Tomcat Users List" <users@tomcat.apache.org>
Delivered-To: mailing list users@tomcat.apache.org
Received: (qmail 84479 invoked by uid 99); 23 Apr 2007 13:29:23 -0000
Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 23 Apr 2007 06:29:23 -0700
X-ASF-Spam-Status: No, hits=2.0 required=10.0
	tests=HTML_MESSAGE,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (herse.apache.org: domain of allienna@gmail.com designates
 64.233.166.179 as permitted sender)
Received: from [64.233.166.179] (HELO py-out-1112.google.com) (64.233.166.179)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 23 Apr 2007 06:29:16 -0700
Received: by py-out-1112.google.com with SMTP id p76so1353406pyb
        for <users@tomcat.apache.org>; Mon, 23 Apr 2007 06:28:55 -0700 (PDT)
DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed;
        d=gmail.com; s=beta;
        h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type;
        b=cGfcjBaDkwuq7CCu2567s2JZLbZXwr2H39NF9s0j5r7qi6she31aS4OVMlEao3yr0j7ZIFeL9ds7LEZS1GvdvORXTbJmfCS7buACDlD/3sIy/SXXSs1NjiRbeIAs30pheCmYeF6dHdS+JFFTamh4NrMZsoGdYiE9A1GMVw4pork=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=beta;
        h=received:message-id:date:from:to:subject:mime-version:content-type;
        b=AOYLMLdvQLQ42Y0LU7yxrZ9Z2XiY2dtGE2TEBsOeRIROolzoMdC+nJyV/lCN85jLUoGY85Rgx+73YqbC3/P91Ol6XwcaMpojSFQk7tpYs6ymAf7u5R1n1SP45smDMkVCUzMyzn4Uj7MiEcgWu0Ao/PG/TBCt7AONTmKOEKpsPu4=
Received: by 10.35.99.17 with SMTP id b17mr10991741pym.1177334935289;
        Mon, 23 Apr 2007 06:28:55 -0700 (PDT)
Received: by 10.35.124.15 with HTTP; Mon, 23 Apr 2007 06:28:55 -0700 (PDT)
Message-ID: <927953f50704230628x195ab726ha4fbc2c00fa2e63@mail.gmail.com>
Date: Mon, 23 Apr 2007 15:28:55 +0200
From: "=?ISO-8859-1?Q?Aur=E9lien_Allienne?=" <allienna@gmail.com>
To: "Tomcat Users List" <users@tomcat.apache.org>
Subject: JNDI Problem
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_Part_87729_20070040.1177334935210"
X-Virus-Checked: Checked by ClamAV on apache.org

------=_Part_87729_20070040.1177334935210
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

HI,

I have a problem with JNDIRealm.

I have this context.xml :

<?xml version="1.0" encoding="UTF-8"?>
<Context path="/test"
     docBase="test"
             debug="0"
             privileged="false"
             reloadable="false">
              <Realm className="org.apache.catalina.realm.JNDIRealm"

connectionName="uid=tomcat,ou=appli,dc=univ-lille2,dc=fr"
                     connectionPassword="g72jfacc"
                     digest="SHA"
                     connectionURL="ldap://ldapmasta:1389"
                     userBase="ou=people,dc=univ-lille2,dc=fr"
                     userSearch="(supannAliasLogin={0})"
                     roleBase="ou=appli,dc=univ-lille2,dc=fr"
                     roleSubtree="true"
                     roleName="cn"
                     roleSearch="(member={0})"
                     debug="99"/>
                     <!--resourceName="UserDatabase"
                     /-->
</Context>


And this web.xml :

<?xml version="1.0" encoding="ISO-8859-1" ?>
<!DOCTYPE web-app PUBLIC
  "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
    "http://java.sun.com/dtd/web-app_2_3.dtd">

    <web-app>
      <display-name>My secure webapp</display-name>
        <security-constraint>
                  <web-resource-collection>
                         <web-resource-name>My secure
webapp</web-resource-name>
                         <description> accessible by authenticated users of
the admin role</description>
                         <url-pattern>/*</url-pattern>
                         <http-method>GET</http-method>
                         <http-method>POST</http-method>
                         <http-method>PUT</http-method>
                         <http-method>DELETE</http-method>
                   </web-resource-collection>
                   <auth-constraint>
                        <description>These roles are allowed
access</description>
                        <role-name>tomcat admin agenda</role-name>
                   </auth-constraint>
        </security-constraint>

        <login-config>
                <auth-method>FORM</auth-method>
                <realm-name>My secure webapp</realm-name>
                <form-login-config>
                        <form-login-page>/login.html</form-login-page>
                        <form-error-page>/autherr.html</form-error-page>
                        <form-default-page>/index.html</form-default-page>
                </form-login-config>
        </login-config>

        <security-role>
                <description>Only 'admin' role is allowed to access this web
application</description>
                <role-name>tomcat admin agenda</role-name>
        </security-role>

</web-app>


I want to authenticate users and get their Roles but in my tomcat.log I have
:

 DEBUG http-8080-Processor25
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/test]
-   entry found for aurelien.allienne with dn
uid=43316,ou=people,dc=univ-lille2,dc=fr
 DEBUG http-8080-Processor25
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/test]
-   entry found for aurelien.allienne with dn
uid=43316,ou=people,dc=univ-lille2,dc=fr
 DEBUG http-8080-Processor25
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/test]
-   validating credentials by binding as the user
 DEBUG http-8080-Processor25
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/test]
-   validating credentials by binding as the user
 DEBUG http-8080-Processor25
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/test]
-   binding as uid=43316,ou=people,dc=univ-lille2,dc=fr
 DEBUG http-8080-Processor25
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/test]
-   binding as uid=43316,ou=people,dc=univ-lille2,dc=fr
 DEBUG http-8080-Processor25
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/test]
- Username aurelien.allienne successfully authenticated
 DEBUG http-8080-Processor25
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/test]
- Username aurelien.allienne successfully authenticated
 DEBUG http-8080-Processor25
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/test]
-   getRoles(uid=43316,ou=people,dc=univ-lille2,dc=fr)
 DEBUG http-8080-Processor25
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/test]
-   getRoles(uid=43316,ou=people,dc=univ-lille2,dc=fr)
 DEBUG http-8080-Processor25
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/test]
-   filter :(member=uid=43316,ou=people,dc=univ-lille2,dc=fr)
 DEBUG http-8080-Processor25
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/test]
-   filter :(member=uid=43316,ou=people,dc=univ-lille2,dc=fr)
 DEBUG http-8080-Processor25
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/test]
-   Returning 0 roles
 DEBUG http-8080-Processor25
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/test]
-   Returning 0 roles

In my ldap i have a "super user" name tomcat who can see all information. I
use it for log in. After I search after a user and this roles. But there is
a problem. I have a group in ldap "tomcat admin agenda" and a user for this
group, me :)

Thanks for your help

Aurelien Allienne

------=_Part_87729_20070040.1177334935210--