You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Stephan Schwab <sc...@dinx.net> on 2002/09/22 18:14:08 UTC

JNDI Realm on Tomcat 4 does not work

Hi,

I want to secure a webapp with the JNDI realm. But the LDAP query is
sent
wrong to my OpenLDAP server.

Here is a snippet from server.xml:

<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
            connectionURL="ldap://localhost"
            userPattern="uid=(0),ou=people,dc=yikester,dc=net"
            roleBase="ou=groups,dc=yikester,dc=net"
            roleName="cn"
            roleSearch="(uniqueMember=(0))"
            userPassword="userPassword" />

On the OpenLDAP server I see in the logfile:

SRCH base="uid=(0),ou=people,dc=yikester,dc=net" scope=0
filter="(objectClass=*)"

So, the problem is that something prevents the exchange of uid=(0) with
the
username in question.

I've tried with Tomcat 4.0.4 included in Netbeans 3.4 IDE and with
Tomcat
4.1.10. ldap.jar is from java.sun.com. I've tried with ldap.jar from
Novell
Too, but the result is the same.

Any hints?

Stephan

--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Re: JNDI Realm on Tomcat 4 does not work

Posted by John Holman <j....@qmul.ac.uk>.

You need to use "curly brackets" {} for the substitions, not parentheses ()

e.g.

              userPattern="uid={0},ou=people,dc=yikester,dc=net"

not

              userPattern="uid=(0),ou=people,dc=yikester,dc=net"

John.





Stephan Schwab wrote:
> Hi,
> 
> I want to secure a webapp with the JNDI realm. But the LDAP query is
> sent
> wrong to my OpenLDAP server.
> 
> Here is a snippet from server.xml:
> 
> <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
>             connectionURL="ldap://localhost"
>             userPattern="uid=(0),ou=people,dc=yikester,dc=net"
>             roleBase="ou=groups,dc=yikester,dc=net"
>             roleName="cn"
>             roleSearch="(uniqueMember=(0))"
>             userPassword="userPassword" />
> 
> On the OpenLDAP server I see in the logfile:
> 
> SRCH base="uid=(0),ou=people,dc=yikester,dc=net" scope=0
> filter="(objectClass=*)"
> 
> So, the problem is that something prevents the exchange of uid=(0) with
> the
> username in question.
> 
> I've tried with Tomcat 4.0.4 included in Netbeans 3.4 IDE and with
> Tomcat
> 4.1.10. ldap.jar is from java.sun.com. I've tried with ldap.jar from
> Novell
> Too, but the result is the same.
> 
> Any hints?
> 
> Stephan
> 
> --
> To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
> For additional commands, e-mail: <ma...@jakarta.apache.org>
> 



--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>