tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Payne, George (ghp5h)" <>
Subject FW: JNDIRealm and roleNested
Date Sat, 01 Aug 2009 15:55:09 GMT
I still don't know the answer to the questions I originally posed below, if anyone can help,
I'd very much appreciate it, but one way to get around this issue (for me, at least) would
be able to do an ldap subquery for group membership.  I suspect this is not possible, but
I have been unable to find a definitive answer.  I can't get a test to work with ldapsearch.

Eg, to search for group membership of a one-deep group, you could do something like this:


and then to get all groups the user is in directly or one-deep, you'd do this:


I can't get this to work.  I suspect it's illegal/unsupported, but I'm not sure.

From: Payne, George (ghp5h)
Sent: Friday, July 31, 2009 9:17 AM
Subject: JNDIRealm and roleNested

I’ve discovered that there is apparently a fairly recent patch (3 mos old now) to JNDIRealm
to allow searches for nested ldap groups, which sounds like a functionality I very much need
to be able use my domino server’s ldap.

My question, for someone wiser in the ways of tomcat releases, is how exactly I can best GET
this new patch and what state it is in (alpha? Tomcat 6? Catalina.jar? ), since I do not understand
the subversion system it is in.  The patch, by Rainier Jung, is referenced here:

Alternately, is there a better option to convert nested ldap groups to roles (eg if Bob is
in the NevadaSales Group and the NevadaSales group is nested in the NationalSales group, if
Bob is logged in and I check isUserInRole(“NationalSales”), it returns true)?  I very
much like the RHEL yum auto-updating scheme I would have to abandon to move  (I think) to
tomcat 6 (they are still on a version of 5.5).

Thanks for any wisdom,

George Payne

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message