You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Jasper Floor <ja...@gmail.com> on 2008/09/29 16:54:06 UTC
Ldap authentication half working...
I have a strange problem. I have a simple app that needs to
authenticate via ldap.
I am using:
tomcat 6.0.16.
eclipse 3.3
Debian (etch in production, lenny on development)
On my development machine I have no problems. I run tomcat from eclipse 3.3.
The production server is a virtual machine. The strange part is that
it is authenticating people logging in but not authorising them. We
have 2 posix groups in ldap which are supposed to define the roles.
That must be where it is failing because I can log in but immediately
get 403 forbidden error.
this is my realm definition from server.conf
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
connectionURL="ldaps://ldapserver.mbuyu.nl"
connectionName="uid=somuser,ou=services,dc=m4n,dc=nl"
connectionPassword="apassword"
userPattern="uid={0},ou=users,dc=m4n,dc=nl"
roleBase="ou=groups,dc=m4n,dc=nl"
roleName="cn"
roleSearch="memberUid={0}"
/>
I've tried substituting {1} in the roleSearch, I've tried it with and
without parentheses. I've restarted every single server that might
have anything to do with anything.
To make it stranger I can tell you that this has also worked. We had
GroupOfUniqueNames first. The problems didn't start with switching to
Posix Groups however. The Posix Groups were made because of sysadmin
random decision. It still shouldn't matter as it works on development
with either configuration.
any help would be appreciated.
mvg,
Jasper
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org