Configure JNDI Realm

Wed, 27 Jun 2007 04:50:36 -0700 

Hi all,

I'm configuring a JNDI Realm with LDAP in Tomcat 5.5. The authentication
process works fine but when Tomcat tries to check role this fails and it
returns me a HTTP 403 page.

Tomcat log is:

DEBUG http-6060-Processor25
org.apache.catalina.authenticator.AuthenticatorBase -  Calling
authenticate()
DEBUG http-6060-Processor25
org.apache.catalina.authenticator.AuthenticatorBase - Authenticated
'tssiweb' with type 'BASIC'
DEBUG http-6060-Processor25
org.apache.catalina.authenticator.AuthenticatorBase -  Calling
accessControl()
DEBUG http-6060-Processor25 org.apache.catalina.realm.RealmBase -   Checking
roles GenericPrincipal[tssiweb()]
DEBUG http-6060-Processor25 org.apache.catalina.realm.RealmBase - El usuario
tssiweb NO desempeƱa el papel de tssiwebuser
DEBUG http-6060-Processor25 org.apache.catalina.realm.RealmBase - No role
found:  tssiwebuser
DEBUG http-6060-Processor25
org.apache.catalina.authenticator.AuthenticatorBase -  Failed
accessControl() test

I have this information in LDAP, the user is tssiweb and the role is
tssiwebuser:

dn: cn=tssiwebuser,ou=groups, o=tmm
objectClass: groupOfUniqueNames
uniqueMember: uid=tssiweb, ou=People, o=tmm
cn: tssiwebuser

dn: uid=tssiweb,ou=People, o=tmm
mail: [EMAIL PROTECTED]
userPassword:: e1NIQX0wRFBpS3VOSXJyVm1EOElVQ3V3MWhReE5xWmM9
uid: tssiweb
objectClass: inetOrgPerson
sn: tssiweb
cn: tssiwebuser

The context file for my web application is:

<Context docBase="${catalina.home}/webapps/TSSIWEB">
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
connectionURL="ldap://10.95.8.110:389";
userPattern="uid={0}, ou=People, o=tmm"
roleBase="ou=groups, o=tmm"
roleName="cn"
roleSearch="(uniqueMember={0})" />
</Context>

And the security definitions in the web.xml are:

<!-- Security definitions -->

 <!-- Define a Security Constraint on this Application -->
<security-constraint>
<web-resource-collection>
   <web-resource-name>Entire Application</web-resource-name>
       <url-pattern>/*</url-pattern>
   </web-resource-collection>
   <auth-constraint>
      <role-name>tssiwebuser</role-name>
   </auth-constraint>
 </security-constraint>

<!-- Define the Login Configuration for this Application -->
 <login-config>
   <auth-method>BASIC</auth-method>
   <realm-name>TSSIWEB</realm-name>
 </login-config>

 <!-- Security roles referenced by this web application -->
 <security-role>
   <description>The role that is required to log in to the TSSIWEB
Application</description>
   <role-name>tssiwebuser</role-name>
 </security-role>

I suppose that it will be some wrong configuration value. I would be very
graceful for some track about.

Thanks,
Edu

Reply via email to