1 Reply Latest reply on Aug 30, 2008 5:13 AM by goldfrog

    LdapExtLoginModule && PartialResultException

    jc7442
    jc7442 Feb 8, 2007 3:02 AM

      I try to use LdapExtLoginModue to authenticate over a windows active directory.

      For some of my users I have a very strange exception:
      Exception in thread "main" javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:213) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) at javax.security.auth.login.LoginContext.login(LoginContext.java:579) at Main.main(Main.java:41) Caused by: javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name 'dc=fr,dc=mycompany,dc=net' at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2763) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2737) at com.sun.jndi.ldap.LdapNamingEnumeration.getNextBatch(LdapNamingEnumeration.java:129) at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:198) at com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(LdapNamingEnumeration.java:171) at org.jboss.security.auth.spi.LdapExtLoginModule.rolesSearch(LdapExtLoginModule.java:421) at org.jboss.security.auth.spi.LdapExtLoginModule.createLdapInitContext(LdapExtLoginModule.java:348) at org.jboss.security.auth.spi.LdapExtLoginModule.validatePassword(LdapExtLoginModule.java:229) at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:210) ... 11 more

      When the login module tries to get the role of the authenticated user, the roleSearch method failed. I go through this method with a debugger.

      ctxt.search return a NamingEnumeration that contains 1 element, a while iterate over the enumeration. Exception is thrown in the while when the hasMore method is invoked for the second time.

      I have patch the code to replace hasMore with hasMoreElements. That fiw my problem.

      Finally I replace in searchRole and bindDNAuthentication methods the hasMore() by hasMoreElements().

      I'm not able to understand why hasMore method throws an exception for some of my config and not for others.

      Is that a bug in the LdapExtLoginModule ???

      • 4023 Views
      • Tags:
        • 1. Re: LdapExtLoginModule && PartialResultException
          goldfrog
          goldfrog Aug 30, 2008 5:13 AM (in response to jc7442)

          I meet the same problem when baseCtxDN is set to the root of MSAD
          the problem can be resolved by adding the following line to the login-module.
          <module-option name="java.naming.referral">follow</module-option>

          P.S. please make sure the server where the jboss runs can resolve the DNS name for your domain

            • Actions