0 Replies Latest reply on Aug 7, 2003 7:40 AM by sbarnaby

LdapLoginModule - AcceptSecurityContext

sbarnaby Aug 7, 2003 7:40 AM

I am trying to use the LdapLoginModule in JBoss 3.2.1 to authenicate against and Active Directory server. I am communicating with the server, but I know I have the right Organizational Unit (testAdmin). The domain that I have defined in my active directory server is test.org. I know I am connecting to the correct Active Directory server because I am running ethereal and can see the packets that are being sent to Active Directory, and it is sending responses back.

I keep on getting an AcceptSecurityContext (error 0x31) no matter what I try for the DN. I have tried

uid=testUser,ou=testAdmin,dc=test,dc=org
uid=testUser,cn=testAdmin,dc=test,dc=org
uid=testUser,cn=testAdmin,o=test.org
uid=testUser,ou=testAdmin,o=test.org

and many others, but these are the main ones that I have tried.

What am I doing wrong?

--------------------------------------------------------------------------
The following is my login-config.xml that I am using for my LoginContext:

<application-policy name = "TestLogin">

<login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag
= "required">
<module-option name="java.naming.factory.initial">
com.sun.jndi.ldap.LdapCtxFactory
</module-option>
<module-option name="java.naming.provider.url">
ldap://192.168.100.190:389/
</module-option>
<module-option name="java.naming.security.authentication">
simple
</module-option>
<module-option name="uidAttributeID">
userId
</module-option>
<module-option name="roleAttributeID">
roleName
</module-option>
<module-option name="roleAttributeIsDN">
true
</module-option>
<module-option name="roleNameAttributeId">
roleAttr
</module-option>
<module-option name="principalDNPrefix">
uid=
</module-option>
<module-option name="principalDNSuffix">
,ou=testAdmin,dc=test,dc=net
</module-option>
<module-option name="matchOnUserDN">
true
</module-option>
</login-module>

</application-policy>