tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Travis Bowen <tbo...@us.ibm.com>
Subject roleNested seems to not be working in tomcat 6
Date Tue, 09 Jul 2013 21:42:53 GMT


I am using
|-----------------+--------------------------------+------------+-----+-------------------------+------|
|      Apache     |   pxa6460sr13fp2-20130424_01   |     IBM    | Linu| 2.6.32-358.2.1.el6.x86_6|
amd64|
|  Tomcat/6.0.37  |           (SR13 FP2)           | Corporation|  x  |            4     
      |      |
|-----------------+--------------------------------+------------+-----+-------------------------+------|


I have the following context defined for my application:

<?xml version="1.0" encoding="UTF-8"?>
<Context>
    <Realm className="org.apache.catalina.realm.JNDIRealm"
			debug="99"
			connectionURL="ldaps://xxxx.xxxx.xxxx.com:636"
			userBase="ou=xxxxxxx,o=ibm.com"
			userSearch="(mail={0})"
			userSubtree="true"
			roleBase="ou=xxxxxx,ou=xxxxxxx,o=ibm.com"
			roleSubtree="false"
			roleNested="true"
			roleSearch="(uniqueMember={0})"
			roleName="cn"  />
</Context>

I have a user defined who is a member of one group which is a member of
another group under the roleBase.  After authenticating I only get the
role/group that the user is a direct member of, it doesn't return the
role/group that the group is a member of.

I downloaded the source of org.apache.catalina.realm.JNDIRealm and the
roleNested attribute is never used except in the setters and getters.
Seems like it is being ignored.  Is this feature available in tomcat 6?
The docs say it is but it doesn't seem to work.

Thanks,


Travis
                                                                                        
                                                                                        
                                                                                        
                                                                                        
                                                                                        

Mime
  • Unnamed multipart/related (inline, None, 0 bytes)
View raw message