DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=7831>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=7831 ------- Additional Comments From [EMAIL PROTECTED] 2006-01-20 07:36 ------- > I am minded, however, to use your > patch as a basis for an implementation of getPrincipal() rather than > over-riding > authenticate(X509Certificate). Sorry, I dont know what you mean. I use "authenticate(X509Certificate)", whats bad with it? Thats the place where authentication should occur, no? But I dont know the latest codebase, so it will be that some stuff has been changed. > In terms of suporting muliple LDAP servers my intention is to provide > something > that works for OpenLDAP and can be over-ridden as required for other > directories. Something which my patch tries to address to. There are implementations for ActiveDirectory and OpenExchange (I guess this is OpenLDAP) > 1. I moved the classes into the o.a.c.Realm package. > 2. Please keep to the coding standards of the original when copying source. It > makes it much easier to find where you have made any subtle changes. Yes. Sorry for this. > 3. CertUser looks to be unnecessary - why not use User from JNDIRealm? I need CertUser to be able to hold both, the username and the dn of the ldap entry. Internally it works with the "dn" but as username it will use what ever the user configured to use. I dont wanted to pass the rather large dn (and meaningless from the point of the application) back to the application. > 4. Your changes to authenticate(String, String) appear to be unrelated to > adding > support for certificates. Please keep patches for different issues separate so > they can be considered separately. Feel free to file a new bug for this one. As you might have seen I started coding mid 2003, so I cant remember what I changed here, though, the best would be to make it possible to extend JNDIRealm and change only what needed to handle the certificate stuff. For some reason I cant rembemer this was not possible. > 5. You appear to have reverted the patches for bugs 23190, 16541 and 26487. > What > is the reason for this? > 6. The patch for bug 22236 has also been reverted. Is this intentional? As I said, I started mid 2003, the last addition in 2005 is based on this rather old version - none of those bugs were there when I started. > 7. If there a reason that getCertUserByPattern() isn't supported? I cant remember. > 8. A change commiited at the same time as bug 22236 to > addAttributeValues(String, Attributes, ArrayList) that modified the return > value > from null to values in a couple of places has also been reverted. Why? See 5 & 6. All in all I waited all the time to find a tomcat committer which will start looking at it and point me to the right direction. My "patch" was meant to be a discussion base and hopefully not that bad so we can have a cleaned wersion sometimes in the codebase. Now, it looks like there is one :-) I can update the patch to the tomcat 5.5.x codebase if wanted. E.g. starting to refactor JNDIRealm so that in JNDIRealmCertBase only the certificate relevant stuff is included. That way I wont mask the other patches. It just I am so out of time, so I'll do this only when I know that you pick it up. Ciao, Mario -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
