RE: JNDIRealm
Brandon DuRette schrieb:
> While trying to track down an issue with logins taking a very long time, I
> just discovered in the 5.5.26 source code/Javadoc for JNDIRealm (likewise in
> the 6.0 documentation) that there's a big bold TODO to support connection
> pooling in the JNDIRealm. I think this may be part of the login problem I'm
> seeing.
>
> Looking over the current source code, I can see that it's going to require a
> fairly extensive refactoring of the JNDIRealm code. I'm willing to take a
> shot at fixing it, but wanted to first check with the list on a couple of
>
> Thanks in advance for any pointers.
>
> Regards,
> Brandon
Dear Brandon,
re-doing JNDIRealm seems to me very necesary, but for an other
reason as yours, mentioned above.
As I said in my mail (27 Feb 2008 to bug 42579) JNDIRealm is hardly
useable with (Windows Server 2003) Active Directory Domains --
except for very small / trivial cases.
After a long history of frustrations, I solved all the
Tomcat+AD-issues by an own ADweRealms. Experiences are, so far,
100% good (with Apache Tomcat/6.0.16 on JDK1.6.0_05 and before
also with 5.5.x od 1.5.0_y). I offered the solution, already, in
mentioned mail. (got nil reactions)
Perhaps, you could make your newly designed JNDIRealm realy fit for
Active Directory. It would be warmly welcomed by all who tried to
use / would have liked to use (but, as I know from some, gave up)
Tomcat with AD.
Good luck
Albrecht
--
PS.: For your convinience follows part of mentioned mail, in the
hope of giving some pointers, you asked for in your mail.
--- Comment #2 from
Dr. Albrecht Weinert <[EMAIL PROTECTED]>
2008-02-27 22:48:41 ---
By the way of JNDI/Tomcat + Active Directory:
JNDIRealm is/was never quite happy with Active
Directory for a variety of reasons. After a bunch
of frustrations (of which the lying isUserInGruop()
was one of the worst), some time ago, I decided to
write a new Realm class, which I may contribute.
http://www.a-weinert.de/java/docs/aWeinertBib/de/a_weinert/realm/ADweRealm.html
ADweRealm searches only one way (performance!) from the
(authenticated) user to his groups. It follows
the quite important group-in-group relations (to
any depth), and so on.
Experiences in a Windows Server 2003 domain (3000+ user
accounts, hundreds of groups etc.) are quite encouraging.
None of the Tomcat + Active Directory problems, which
Google is full of, arised any more.
--
working config example,
part of C:\Programme\Apache\Tomcat\conf\server.xml:
ldap://193.175.115.2:389";
alternateURL="ldap://193.175.115.4:389";
connectionName="CN=l,CN=Users,DC=FB3-MEVA,DC=fh-bochum,DC=de"
connectionPassword="ld"
userBase="DC=FB3-MEVA,DC=fh-bochum,DC=de"
defaultRole="fb3-meva_user"
shortRoles="short"
/>
+--
|
| Prof. Dr.-Ing. Albrecht Weinert Fachbereich 3
| Telefon +49 (0)234 / 32 - 10328 Elektrotechnik und Informatik
| Hochschule Bochum
| Lennershofstraße 140 Labor für Medien und
| 44801 Bochumverteilte Anwendungen
|
| Startseite: http://www.a-weinert.de
| E-Mail: [EMAIL PROTECTED] [EMAIL PROTECTED]
|
|
+--
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
JNDIRealm, ADweRealm
Dear Mark,
due to mysterious failure notices, I'm not quite sure,
about your having received below mail.
Apologieses, if it's a repetition.
Anyway, I would appreciate, if it would be possible to
get involved.
Regards
Albrecht
--- mail 11.04.2008 12:40 was:
Mark Thomas schrieb:
> [EMAIL PROTECTED] wrote:
>> Brandon DuRette schrieb:
>> As I said in my mail (27 Feb 2008 to bug 42579) JNDIRealm is hardly
>> useable with (Windows Server 2003) Active Directory Domains --
>> except for very small / trivial cases.
>>
>> After a long history of frustrations, I solved all the
>> Tomcat+AD-issues by an own ADweRealms. Experiences are, so far,
>> 100% good (with Apache Tomcat/6.0.16 on JDK1.6.0_05 and before
>> also with 5.5.x od 1.5.0_y). I offered the solution, already, in
>> mentioned mail. (got nil reactions)
>
> No you didn't. You provided the javadocs and the binary but not the source.
. se below ...
> Mark
-
Dear Mark,
thanks for your answer.
> Without the source code there is nothing comment on - hence the
> lack of reaction.
There is a link to the source in the javadoc. But thats an
indirection. Sorry. So I interpreted no reaction as no interest.
> If you want to contribute your realm then you'll need to provide a
> source code patch (???) to the existing Tomcat source.
Well it's an an extra Realm class for AD -- no patch to an existing
one. With my class, source or jar anybody can use ADweRealm in
Tomcat 5.somting and 6.somthing without modifying or patching
any existing Tomcat code. (It's an extra.)
> Having just looked through your jar file it appears that there is more
> in there than just a realm. If you have other contributions you could
> make that would be great.
Yes, with pleasure, if possible. How? (see below.)
To make them easier track please open a new
> bugzilla item for each and attached the relevant source code patch.
Well this (and other things) I can't understand yet.
Some time ago I did questions / search through the Tomcat Web site
on how to contribute -- as a volunteer developer -- bits of
code or improvements to Tomcat. All this search ended reliably in
just in the command "Do subscribe the dev-mail list".
Which I then did.
On the negative side this brought me a lot of extra mail
filter work, as most of mails per se contain no info for
a (still) outsider. (svn-commits e.g.)
On the positive side I learned a lot of other peoples problems,
what a great work you do and got many valuable hints to my own
work. Thanks a lot!
But the "How to get involved / more inside?" didn't become any
clearer to me, since. (How did YOU get involved in beginning?)
Best regards
Albrecht
+--
|
| Prof. Dr.-Ing. Albrecht Weinert Fachbereich 3
| Telefon +49 (0)234 / 32 - 10328 Elektrotechnik und Informatik
| Hochschule Bochum
| Lennershofstraße 140 Labor für Medien und
| 44801 Bochumverteilte Anwendungen
|
| Startseite: http://www.a-weinert.de
| E-Mail: [EMAIL PROTECTED] [EMAIL PROTECTED]
|
|
+--
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: path to becoming a committer
Quintin Beukes schrieb: I'm not sure exactly what is invovled in becoming a committer for Tomcat, but it generally involves submitting patches, and when the amount you submitted becomes extensive/large, then you are offered an SVN account. Q On Sat, Jul 19, 2008 at 4:28 PM, ilango_g <[EMAIL PROTECTED]> wrote: Hi How will I qualify to become a committer on an Apache project like Tomcat. What can be a path to becoming one. What do I need to do? thanks ilango -- View this message in context: http://www.nabble.com/path-to-becoming-a-committer-tp18545119p18545119.html Sent from the Tomcat - Dev mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Well, some times ago I under-went the same sought for answers, on: How to commit? What is Tomcat's definition of patch? (wrt changed or new source code) etc. It brought me to just using substantial improvements in a very limited scope of users. I'm a bit consoled, seeing not to be the only (stupid) one who can't find the answers easily. Sincerely Albrecht To sum it up: A manual "How to become co-developper" would be a great help. +------ | | Prof. Dr.-Ing. Albrecht Weinert Fachbereich 3 | Telefon +49 (0)234 / 32 - 10328 Elektrotechnik und Informatik | Hochschule Bochum | Lennershofstraße 140 Labor für Medien und | 44801 Bochumverteilte Anwendungen | | Startseite: http://www.a-weinert.de | E-Mail: [EMAIL PROTECTED] [EMAIL PROTECTED] | | | Gesellschaft der Förderer der Fachhochschule Bochum e.V. | Telefon +49 (0)234 / 32 - 10301 Mail: [EMAIL PROTECTED] | Startseite: http://fg.hochschule-bochum.de | +-- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
