Hi, I have setup Tomcat to authenticate users against openldap. I want roles to be retrieved from the user record itself.
<Realm className="org.apache.catalina.realm.JNDIRealm" connectionURL="ldap://127.0.0.1:389"; userPattern="uid={0},ou=users,dc=admin,dc=company,dc=com" userRoleName="ou" /> Authentication did not work initially because of an openldap acl I had in place. access to * by self write by anonymous auth by * I checked the network trace in wireshark. The acl did not prevent the bind to succeed. However, it blocked the anonymous search request Tomcat performs after the bind. ... 257 2015-04-09 09:59:51.614162 127.0.0.1 127.0.0.1 LDAP 80 bindResponse(11) success 258 2015-04-09 09:59:51.614311 127.0.0.1 127.0.0.1 LDAP 134 searchRequest(12) "<ROOT>" baseObject 259 2015-04-09 09:59:51.614416 127.0.0.1 127.0.0.1 LDAP 116 searchResEntry(12) "<ROOT>" 260 2015-04-09 09:59:51.614436 127.0.0.1 127.0.0.1 LDAP 80 searchResDone(12) success [1 result] What is the reason of this final search request? Should I change my acl? Or is Tomcat wrong doing this last search request? This is with Tomcat 7.0.53. Thanks. -- Philippe Anctil --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
