3 Replies Latest reply on Mar 7, 2008 3:00 AM by rukh

    LDAP and JBoss

    rukh Mar 5, 2008 6:34 AM

      I have this issue with JBoss and LDAP.
      I've created a configuration for LDAP and JBoss and everything works fine, but everytime user fails to log in the failed login counter pops by 2.

      I've put some logging information in the place where LdapContext is created for a user and it's fired only once.

      Next I've tried to check whats beeing sent over the network (using ethereal) and I've found that there are two requests for login when users fails to login.

      Most weird case is that when users succeeds with login there is only one request for login sent through the network to the LDAP server.

      Anyone has any idea what can be the source of this behaviour?

      • 2177 Views
      • Tags:
        • 1. Re: LDAP and JBoss
          tool
          tool Mar 5, 2008 8:51 AM (in response to rukh)

          Just a thought, but what does your login-config.xml file look like?

          If you had two LDAP login-modules defined for your application policy, with the first one flagged as "sufficient", then this behavior you describe would make sense. There would be two failed logins and only one successful one and both failed logins would result in very similar network traffic.

          EG

            • Actions
          • 2. Re: LDAP and JBoss
            rukh Mar 7, 2008 2:02 AM (in response to rukh)

            thanks for the reply :)

            my login-config.xml looks like this (excluding the standard policies that were there when I set up the server)


            <application-policy name="authPolicy">
            <authentication>
            <login-module code="com.caern.authentication.SecurityLoginModule" flag="required">
            <module-option name="userRolesDbSql">
            SELECT name FROM caern_role, caern_user WHERE caern_user.id=?
            </module-option>
            <module-option name="userRolesDataSource">java:/CaernDS</module-option>
            </login-module>
            </authentication>
            </application-policy>


            I dont use the sufficient flag anywhere so I guess it is not the point :(
            com.caern.authentication.SecurityLoginModule is a decompiled version of LdapLoginModule with some enhanements that were nescessary.

              • Actions
            • 3. Re: LDAP and JBoss
              rukh Mar 7, 2008 3:00 AM (in response to rukh)

              Sorry for the post under a post, but editing is not permitted here..

              I've created a simple application that uses a single class with main method and created there an LdapContext and unfortunately on failed login it also pops by 2... guess I have some LDAP server configuration bug, but I cant see there any "bump failed logins by 2 instead of 1" option...

                • Actions