Ok I found where it is being used in the getRoles method however I'm still
wondering why it doesn't work. I don't see any way to define the member
group attribute name, it is uniqueGroup in the dir server I am connecting
to.
Thanks,
Travis
From: Travis Bowen/Tucson/IBM@IBMUS
To: users@tomcat.apache.org,
Date: 07/09/2013 02:43 PM
Subject: roleNested seems to not be working in tomcat 6
I am using
|-----------------+--------------------------------+------------+-----+-------------------------+------|
| Apache |pxa6460sr13fp2-20130424_01 (SR13| IBM
|Linux|2.6.32-358.2.1.el6.x86_64|amd64 |
| Tomcat/6.0.37 | FP2) |Corporation | |
| |
|-----------------+--------------------------------+------------+-----+-------------------------+------|
I have the following context defined for my application:
<?xml version="1.0" encoding="UTF-8"?>
<Context>
<Realm className="org.apache.catalina.realm.JNDIRealm"
debug="99"
connectionURL="ldaps://xxxx.xxxx.xxxx.com:636"
userBase="ou=xxxxxxx,o=ibm.com"
userSearch="(mail={0})"
userSubtree="true"
roleBase="ou=xxxxxx,ou=xxxxxxx,o=ibm.com"
roleSubtree="false"
roleNested="true"
roleSearch="(uniqueMember={0})"
roleName="cn" />
</Context>
I have a user defined who is a member of one group which is a member of
another group under the roleBase. After authenticating I only get the
role/group that the user is a direct member of, it doesn't return the
role/group that the group is a member of.
I downloaded the source of org.apache.catalina.realm.JNDIRealm and the
roleNested attribute is never used except in the setters and getters.
Seems like it is being ignored. Is this feature available in tomcat 6?
The docs say it is but it doesn't seem to work.
Thanks,
Travis
