You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Aurynn Shaw <au...@gmail.com> on 2007/03/26 18:51:31 UTC
Problem with LDAP authentication
Hiya;
I'm trying to get LDAP authentication working correctly in my app,
but I'm not having a lot of success. Single-stepping with a debugger
seems to say that roles aren't getting loaded correctly from LDAP,
and sometimes it appears, in my openLDAP logs, that I'm doing
sequential scans over the entire Roles base, and what might be an
error, but I'm not entirely certain.
If anything else is needed, it can be provided.
Thanks,
Aurynn.
My LDAP JDNI Realm is:
<Realm className="org.apache.catalina.realm.JNDIRealm"
connectionURL="ldap://localhost:389"
userPattern="uid={0},ou=People,dc=example,dc=com"
roleBase="ou=Roles,dc=example,dc=com"
roleName="cn"
roleSearch="(uniqueMember={0})"
debug="99"
/>
And my LDAP schema is:
#
# Top level domain for example.com
dn: dc=example,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
dc: example
o: xxx
postalAddress: xxx
street: xxx
l: xxx
st: xxx
postalCode: xxx
telephoneNumber: xxx
facsimileTelephoneNumber: xxx
# Organizational unit for user accounts
dn: ou=People,dc=example,dc=com
objectClass: top
objectClass: organizationalUnit
ou: People
# User account entry for the system administrator account
dn: uid=Administrator,ou=People,dc=example,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: Administrator
cn: Administrator
sn: Administrator
description: System administrator account
userPassword: xxxx
# User account entry for the guest user
dn: uid=nobody,ou=People,dc=example,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: nobody
cn: nobody
sn: nobody
description: Nobody user account
# User account entry for the guest user
dn: uid=guest,ou=People,dc=example,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: guest
cn: guest
sn: guest
description: Guest user account
userPassword: guest
# User account entry for the basic user
dn: uid=basic,ou=People,dc=example,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: basic
cn: basic
sn: basic
description: Basic user account
userPassword: basic
# User account entry for the expert user
dn: uid=expert,ou=People,dc=example,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: expert
cn: expert
sn: expert
description: Expert user account
userPassword: expert
# Organizational unit for application roles
dn: ou=Roles,dc=example,dc=com
objectClass: top
objectClass: organizationalUnit
ou: Roles
# Role entry for administrators
dn: cn=Administrator,ou=Roles,dc=example,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: Administrator
uniqueMember: uid=Administrator,ou=People,dc=example,dc=com
# Role entry for nobody users
dn: cn=Nobody User,ou=Roles,dc=example,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: Nobody User
uniqueMember: uid=nobody,ou=People,dc=example,dc=com
# Role entry for guest users
dn: cn=Guest User,ou=Roles,dc=example,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: Guest User
uniqueMember: uid=guest,ou=People,dc=example,dc=com
# Role entry for basic users
dn: cn=Basic User,ou=Roles,dc=example,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: Basic User
uniqueMember: uid=basic,ou=People,dc=example,dc=com
# Role entry for expert users
dn: cn=Expert User,ou=Roles,dc=example,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: Expert User
uniqueMember: uid=expert,ou=People,dc=example,dc=com
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org