JNDI Problem

Aurélien Allienne Mon, 23 Apr 2007 06:29:17 -0700

HI,

I have a problem with JNDIRealm.


I have this context.xml :

<?xml version="1.0" encoding="UTF-8"?>
<Context path="/test"
    docBase="test"
            debug="0"
            privileged="false"
            reloadable="false">
             <Realm className="org.apache.catalina.realm.JNDIRealm"

connectionName="uid=tomcat,ou=appli,dc=univ-lille2,dc=fr"
                    connectionPassword="g72jfacc"
                    digest="SHA"
                    connectionURL="ldap://ldapmasta:1389";
                    userBase="ou=people,dc=univ-lille2,dc=fr"
                    userSearch="(supannAliasLogin={0})"
                    roleBase="ou=appli,dc=univ-lille2,dc=fr"
                    roleSubtree="true"
                    roleName="cn"
                    roleSearch="(member={0})"
                    debug="99"/>
                    <!--resourceName="UserDatabase"
                    /-->
</Context>


And this web.xml :

<?xml version="1.0" encoding="ISO-8859-1" ?>
<!DOCTYPE web-app PUBLIC
 "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
   "http://java.sun.com/dtd/web-app_2_3.dtd";>

   <web-app>
     <display-name>My secure webapp</display-name>
       <security-constraint>
                 <web-resource-collection>
                        <web-resource-name>My secure
webapp</web-resource-name>
                        <description> accessible by authenticated users of
the admin role</description>
                        <url-pattern>/*</url-pattern>
                        <http-method>GET</http-method>
                        <http-method>POST</http-method>
                        <http-method>PUT</http-method>
                        <http-method>DELETE</http-method>
                  </web-resource-collection>
                  <auth-constraint>
                       <description>These roles are allowed
access</description>
                       <role-name>tomcat admin agenda</role-name>
                  </auth-constraint>
       </security-constraint>

       <login-config>
               <auth-method>FORM</auth-method>
               <realm-name>My secure webapp</realm-name>
               <form-login-config>
                       <form-login-page>/login.html</form-login-page>
                       <form-error-page>/autherr.html</form-error-page>
                       <form-default-page>/index.html</form-default-page>
               </form-login-config>
       </login-config>

       <security-role>
               <description>Only 'admin' role is allowed to access this web
application</description>
               <role-name>tomcat admin agenda</role-name>
       </security-role>

</web-app>


I want to authenticate users and get their Roles but in my tomcat.log I have
:

DEBUG http-8080-Processor25
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/test]
-   entry found for aurelien.allienne with dn
uid=43316,ou=people,dc=univ-lille2,dc=fr
DEBUG http-8080-Processor25
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/test]
-   entry found for aurelien.allienne with dn
uid=43316,ou=people,dc=univ-lille2,dc=fr
DEBUG http-8080-Processor25
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/test]
-   validating credentials by binding as the user
DEBUG http-8080-Processor25
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/test]
-   validating credentials by binding as the user
DEBUG http-8080-Processor25
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/test]
-   binding as uid=43316,ou=people,dc=univ-lille2,dc=fr
DEBUG http-8080-Processor25
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/test]
-   binding as uid=43316,ou=people,dc=univ-lille2,dc=fr
DEBUG http-8080-Processor25
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/test]
- Username aurelien.allienne successfully authenticated
DEBUG http-8080-Processor25
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/test]
- Username aurelien.allienne successfully authenticated
DEBUG http-8080-Processor25
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/test]
-   getRoles(uid=43316,ou=people,dc=univ-lille2,dc=fr)
DEBUG http-8080-Processor25
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/test]
-   getRoles(uid=43316,ou=people,dc=univ-lille2,dc=fr)
DEBUG http-8080-Processor25
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/test]
-   filter :(member=uid=43316,ou=people,dc=univ-lille2,dc=fr)
DEBUG http-8080-Processor25
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/test]
-   filter :(member=uid=43316,ou=people,dc=univ-lille2,dc=fr)
DEBUG http-8080-Processor25
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/test]
-   Returning 0 roles
DEBUG http-8080-Processor25
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/test]
-   Returning 0 roles

In my ldap i have a "super user" name tomcat who can see all information. I
use it for log in. After I search after a user and this roles. But there is
a problem. I have a group in ldap "tomcat admin agenda" and a user for this
group, me :)

Thanks for your help

Aurelien Allienne

JNDI Problem

Reply via email to