2 Replies Latest reply on Feb 19, 2006 7:19 PM by anil.saldhana

    LdapExtLoginModule Question

    anil.saldhana
    anil.saldhana Feb 18, 2006 3:29 PM

      Looking at the source code for LdapExtLoginModule (Line 331).

      http://anoncvs.forge.jboss.com/viewrep/JBoss/jbosssx/src/main/org/jboss/security/auth/spi/LdapExtLoginModule.java?r=1.1.2.4

       // Get the admin context for searching
331 InitialLdapContext ctx = constructInitialLdapContext(bindDN, bindCredential);
332 // Validate the user by binding against the userDN
333 String userDN = bindDNAuthentication(ctx, username, credential, baseDN, baseFilter);

      There is a first attempt to bind to the admin DN and then to the user DN. The
      question I have is if the bind to the admin DN fails, is the user notified about it? All I see is an Exception thrown by the surrounding method which is caught as: 

      try
226 {
227 // Validate the password by trying to create an initial context
228 String username = getUsername();
229 isValid = createLdapInitContext(username, inputPassword);
230 defaultRole();
231 isValid = true;
232 }
233 catch (Exception e)
234 {
235 log.debug("Failed to validate password", e);
236 }


      If this is true, we need to handle this case properly and provide an appropriate message to the user rather than: "Failed to validate password". This is critical for debugging. :)

      I have not tested this (will do it when I have time). Hence the question here in the forum.



      • 1328 Views
      • Tags:
        • 1. Re: LdapExtLoginModule Question
          starksm64
          starksm64 Feb 19, 2006 12:03 PM (in response to anil.saldhana)

          There is no distinction between the admin password failing and the user password failing. Some will want it others will complain that even indicating the password failed is too much info.

            • Actions
          • 2. Re: LdapExtLoginModule Question
            anil.saldhana
            anil.saldhana Feb 19, 2006 7:19 PM (in response to anil.saldhana)

            I was thinking of the following scenario before I posted this naive thing.

            I am a customer, trying to debug why I am getting a "Password verification failed". I keep thinking that the bind to my userid DN is failing, when in fact the bind to the admin DN may be failing. That is loss of cycles.

            No big deal.

              • Actions