I am using
|-----------------+--------------------------------+------------+-----+-------------------------+------|
|      Apache     |   pxa6460sr13fp2-20130424_01   |     IBM    | Linu| 
2.6.32-358.2.1.el6.x86_6| amd64|
|  Tomcat/6.0.37  |           (SR13 FP2)           | Corporation|  x  |         
   4            |      |
|-----------------+--------------------------------+------------+-----+-------------------------+------|


I have the following context defined for my application:

<?xml version="1.0" encoding="UTF-8"?>
<Context>
    <Realm className="org.apache.catalina.realm.JNDIRealm"
                        debug="99"
                        connectionURL="ldaps://xxxx.xxxx.xxxx.com:636"
                        userBase="ou=xxxxxxx,o=ibm.com"
                        userSearch="(mail={0})"
                        userSubtree="true"
                        roleBase="ou=xxxxxx,ou=xxxxxxx,o=ibm.com"
                        roleSubtree="false"
                        roleNested="true"
                        roleSearch="(uniqueMember={0})"
                        roleName="cn"  />
</Context>

I have a user defined who is a member of one group which is a member of
another group under the roleBase.  After authenticating I only get the
role/group that the user is a direct member of, it doesn't return the
role/group that the group is a member of.

I downloaded the source of org.apache.catalina.realm.JNDIRealm and the
roleNested attribute is never used except in the setters and getters.
Seems like it is being ignored.  Is this feature available in tomcat 6?
The docs say it is but it doesn't seem to work.

Thanks,


Travis
                                                                       
                                                                       
                                                                       
                                                                       
                                                                       

Reply via email to