You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@geronimo.apache.org by "Jürgen Weber (JIRA)" <ji...@apache.org> on 2009/01/14 11:45:00 UTC

[jira] Created: (GERONIMO-4513) LDAP Realm Improvements

LDAP Realm Improvements
-----------------------

                 Key: GERONIMO-4513
                 URL: https://issues.apache.org/jira/browse/GERONIMO-4513
             Project: Geronimo
          Issue Type: Bug
      Security Level: public (Regular issues)
          Components: security
    Affects Versions: 2.1.3
            Reporter: Jürgen Weber
            Priority: Blocker
             Fix For: 2.2


I suggest several important improvements to the LDAP Realm, generally LDAP Realm should support the features of Tomcat's JNDIRealm (http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html#JNDIRealm)

1. a plan should be deployable from the console

2. LDAP Realm should allow anonymous bind (this is cause for "blocker")

3. I guess "User Role Search String" means a user attribute the role names are taken from (same as Tomcat's userRoleName property). If this is set, all other role-related attributes should not be necessary. Generally, it should not be necessary to have role-related attributes at all, if you only want the users to log in, but have <role-name>*</role-name>

4. if "Role User Search String" is empty, there is the wrong error message "option-roleSearchMatching must not be empty"
There is no Role SearchMatching on the dialog

5. On the Test Results page: if the test fails, there is only
	Login Failed: LDAP Error
    There should also be the error message and even stacktrace (right now it's in the server log)

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (GERONIMO-4513) LDAP Realm Improvements

Posted by "David Jencks (JIRA)" <ji...@apache.org>.
    [ https://issues.apache.org/jira/browse/GERONIMO-4513?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12735493#action_12735493 ] 

David Jencks commented on GERONIMO-4513:
----------------------------------------

Any chance you could supply a patch, at least for the login module?  Working on this would be 10X easier for someone who already has ldap set up.

> LDAP Realm Improvements
> -----------------------
>
>                 Key: GERONIMO-4513
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-4513
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: security
>    Affects Versions: 2.1.3
>            Reporter: Jürgen Weber
>            Priority: Blocker
>             Fix For: 2.2
>
>
> I suggest several important improvements to the LDAP Realm, generally LDAP Realm should support the features of Tomcat's JNDIRealm (http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html#JNDIRealm)
> 1. a plan should be deployable from the console
> 2. LDAP Realm should allow anonymous bind (this is cause for "blocker")
> 3. I guess "User Role Search String" means a user attribute the role names are taken from (same as Tomcat's userRoleName property). If this is set, all other role-related attributes should not be necessary. Generally, it should not be necessary to have role-related attributes at all, if you only want the users to log in, but have <role-name>*</role-name>
> 4. if "Role User Search String" is empty, there is the wrong error message "option-roleSearchMatching must not be empty"
> There is no Role SearchMatching on the dialog
> 5. On the Test Results page: if the test fails, there is only
> 	Login Failed: LDAP Error
>     There should also be the error message and even stacktrace (right now it's in the server log)

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (GERONIMO-4513) LDAP Realm Improvements

Posted by "David Jencks (JIRA)" <ji...@apache.org>.
     [ https://issues.apache.org/jira/browse/GERONIMO-4513?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

David Jencks updated GERONIMO-4513:
-----------------------------------

    Fix Version/s:     (was: 2.2)
                   Wish List

great feature, need a patch or some time.

> LDAP Realm Improvements
> -----------------------
>
>                 Key: GERONIMO-4513
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-4513
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: security
>    Affects Versions: 2.1.3
>            Reporter: Jürgen Weber
>            Priority: Blocker
>             Fix For: Wish List
>
>
> I suggest several important improvements to the LDAP Realm, generally LDAP Realm should support the features of Tomcat's JNDIRealm (http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html#JNDIRealm)
> 1. a plan should be deployable from the console
> 2. LDAP Realm should allow anonymous bind (this is cause for "blocker")
> 3. I guess "User Role Search String" means a user attribute the role names are taken from (same as Tomcat's userRoleName property). If this is set, all other role-related attributes should not be necessary. Generally, it should not be necessary to have role-related attributes at all, if you only want the users to log in, but have <role-name>*</role-name>
> 4. if "Role User Search String" is empty, there is the wrong error message "option-roleSearchMatching must not be empty"
> There is no Role SearchMatching on the dialog
> 5. On the Test Results page: if the test fails, there is only
> 	Login Failed: LDAP Error
>     There should also be the error message and even stacktrace (right now it's in the server log)

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.