Bug 31273 - JNDIRealm doesn't take care of env params
JNDIRealm doesn't take care of env params
Status: RESOLVED FIXED
Product: Tomcat 4
Classification: Unclassified
Component: Catalina
4.1.29
All All
: P3 normal (vote)
: ---
Assigned To: Tomcat Developers Mailing List
:
Depends on:
Blocks:
  Show dependency tree
 
Reported: 2004-09-17 08:18 UTC by Cyril Zekser
Modified: 2004-11-16 19:05 UTC (History)
0 users



Attachments
Added derefAliases bean to allow searches with aliases (1.39 KB, patch)
2004-09-17 08:56 UTC, Cyril Zekser
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Cyril Zekser 2004-09-17 08:18:44 UTC
Regarding LDAP environment parameters, there is a missing param which is really 
useful for LDAP servers with aliases in it.

The java.naming.ldap.derefAliases must be specified to NEVER in the JNDIRealm 
in order to avoid loops in searches containing aliases. (default is always).

When set to always, server enter into infinite loops and never returns, 
preventing authentication to succeed.

I'm writing a new Realm to handle this new param, with 4 values.
Comment 1 Cyril Zekser 2004-09-17 08:19:29 UTC
This is still the case even for Tomcat 5.5 !
Comment 2 Cyril Zekser 2004-09-17 08:56:45 UTC
Created attachment 12757 [details]
Added derefAliases bean to allow searches with aliases
Comment 3 Cyril Zekser 2004-09-17 08:59:58 UTC
The patch proposed needs catalina.jar in the classpath and MUST be put into the 
server/classes (or server lib if in a JAR) of the TOMCAT intallation. in order 
to work 

For TOMCAT 5, add catalina-optional.jar into the classpath for compilation. Put 
it in the same place.

--> you can now add the derefAliases parameter in the realm declaration
Comment 4 Mark Thomas 2004-10-10 20:47:29 UTC
This has been fixed in CVS for 4.1.x, 5.0.x and 5.5.x and will be included in 
the next respective releases.

Many thanks for the patch. I commited a variation that achieves the same 
result.