Regarding LDAP environment parameters, there is a missing param which is really useful for LDAP servers with aliases in it. The java.naming.ldap.derefAliases must be specified to NEVER in the JNDIRealm in order to avoid loops in searches containing aliases. (default is always). When set to always, server enter into infinite loops and never returns, preventing authentication to succeed. I'm writing a new Realm to handle this new param, with 4 values.
This is still the case even for Tomcat 5.5 !
Created attachment 12757 [details] Added derefAliases bean to allow searches with aliases
The patch proposed needs catalina.jar in the classpath and MUST be put into the server/classes (or server lib if in a JAR) of the TOMCAT intallation. in order to work For TOMCAT 5, add catalina-optional.jar into the classpath for compilation. Put it in the same place. --> you can now add the derefAliases parameter in the realm declaration
This has been fixed in CVS for 4.1.x, 5.0.x and 5.5.x and will be included in the next respective releases. Many thanks for the patch. I commited a variation that achieves the same result.