tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jasper Floor" <jasperfl...@gmail.com>
Subject Ldap authentication half working...
Date Mon, 29 Sep 2008 14:54:06 GMT
I have a strange problem. I have a simple app that needs to
authenticate via ldap.

I am using:
 tomcat 6.0.16.
 eclipse 3.3
 Debian  (etch in production, lenny on development)

On my development machine I have no problems. I run tomcat from eclipse 3.3.

The production server is a virtual machine. The strange part is that
it is authenticating people logging in but not authorising them. We
have 2 posix groups in ldap which are supposed to define the roles.
That must be where it is failing because I can log in but immediately
get 403 forbidden error.

this is my realm definition from server.conf

<Realm   className="org.apache.catalina.realm.JNDIRealm" debug="99"
         connectionURL="ldaps://ldapserver.mbuyu.nl"
       connectionName="uid=somuser,ou=services,dc=m4n,dc=nl"
 connectionPassword="apassword"
              userPattern="uid={0},ou=users,dc=m4n,dc=nl"
                  roleBase="ou=groups,dc=m4n,dc=nl"
                 roleName="cn"
               roleSearch="memberUid={0}"
	/>

I've tried substituting {1} in the roleSearch, I've tried it with and
without parentheses. I've restarted every single server that might
have anything to do with anything.

To make it stranger I can tell you that this has also worked. We had
GroupOfUniqueNames first. The problems didn't start with switching to
Posix Groups however. The Posix Groups were made because of sysadmin
random decision. It still shouldn't matter as it works on development
with either configuration.

any help would be appreciated.

mvg,
Jasper

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message