0 Replies Latest reply on Jan 20, 2003 3:44 AM by wasihasi

    principleDNPrefix and principleDNSuffix ignored

    wasihasi
    wasihasi Jan 20, 2003 3:44 AM

      Hello!

      I use the LdapLoginModule and when I try to login to ldap I get the following error:

      09:02:24,046 ERROR [LdapLoginModule] Failed to validate password
      javax.naming.InvalidNameException: [LDAP: error code 34 - invalid DN]
      at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2677)
      at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2483)
      at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2400)
      at com.sun.jndi.ldap.LdapCtx.(LdapCtx.java:244)
      at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:79)

      When I comment out principleDNPrefix and principleDNSuffix in the login.config.xml and create my DN in my code (username = "uid=" + username + ",ou=People,dc=xxx,dc=xxx";) and put this DN instead of username to login, it works. The exception is not thrown and login was successful.

      I've still read some topics in this forums to this topic:
      http://www.jboss.org/modules/bb/index.html?module=bb&op=viewtopic&t=forums/ these topics does not help me.

      The client login works, but when I try to access a bean this exception is thrown.

      login-config.xml:

      <application-policy name="ldap">

      <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
      <module-option name = "java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
      <module-option name = "java.naming.provider.url">ldap://xxx:389/</module-option>
      <module-option name = "java.naming.security.authentication">simple</module-option>

      <module-option name = "principleDNPrefix">uid=</module-option>
      <module-option name = "principleDNSuffix">,ou=People,dc=xxx,dc=xxx</module-option>

      <module-option name = "rolesCtxDN">ou=group,dc=xxx,dc=xxx</module-option>

      <module-option name = "uidAttributeID">uid</module-option>
      <module-option name = "roleAttributeID">cn</module-option>
      <module-option name = "matchOnUserDN">true</module-option>
      <module-option name = "unauthenticatedIdentity">anonymous</module-option>
      </login-module>

      </application-policy>

      auth.conf:

      client {
      org.jboss.security.ClientLoginModule required;
      };

      jboss.xml:

      <?xml version="1.0"?>

      <security-domain>java:/jaas/ldap</security-domain>

      • 1381 Views
      • Tags: