Bug 31273

Summary: JNDIRealm doesn't take care of env params
Product: Tomcat 4 Reporter: Cyril Zekser <peetez>
Component: CatalinaAssignee: Tomcat Developers Mailing List <dev>
Status: RESOLVED FIXED    
Severity: normal    
Priority: P3    
Version: 4.1.29   
Target Milestone: ---   
Hardware: All   
OS: All   
Attachments: Added derefAliases bean to allow searches with aliases

Description Cyril Zekser 2004-09-17 08:18:44 UTC
Regarding LDAP environment parameters, there is a missing param which is really 
useful for LDAP servers with aliases in it.

The java.naming.ldap.derefAliases must be specified to NEVER in the JNDIRealm 
in order to avoid loops in searches containing aliases. (default is always).

When set to always, server enter into infinite loops and never returns, 
preventing authentication to succeed.

I'm writing a new Realm to handle this new param, with 4 values.
Comment 1 Cyril Zekser 2004-09-17 08:19:29 UTC
This is still the case even for Tomcat 5.5 !
Comment 2 Cyril Zekser 2004-09-17 08:56:45 UTC
Created attachment 12757 [details]
Added derefAliases bean to allow searches with aliases
Comment 3 Cyril Zekser 2004-09-17 08:59:58 UTC
The patch proposed needs catalina.jar in the classpath and MUST be put into the 
server/classes (or server lib if in a JAR) of the TOMCAT intallation. in order 
to work 

For TOMCAT 5, add catalina-optional.jar into the classpath for compilation. Put 
it in the same place.

--> you can now add the derefAliases parameter in the realm declaration
Comment 4 Mark Thomas 2004-10-10 20:47:29 UTC
This has been fixed in CVS for 4.1.x, 5.0.x and 5.5.x and will be included in 
the next respective releases.

Many thanks for the patch. I commited a variation that achieves the same 
result.