3 Replies Latest reply on Apr 25, 2005 12:08 PM by tfsquare

    Expanding JNDI via LDAP

    tfsquare

      I posted this to "JBOSS Public" over at google groups, afterwards I noticed not much is poster there ;). So...

      All,

      I'm having a terrible time configuring JBoss (4.0.1 sp1) to talk with
      an external LDAP server.

      The documentation I've read all point to creating the following entry
      in server/default/conf/jboss-service.xml...

       <!-- Bind a remote LDAP server -->
       <mbean code="org.jboss.naming.ExternalContext"
      
      name="jboss.jndi:service=ExternalContext,jndiName=external/ldap/jboss">
       <attribute name="JndiName">external/ldap/jboss</attribute>
       <attribute name="Properties">ldap.properties</attribute>
       <attribute
      name="InitialContext">javax.naming.ldap.InitialLdapContext</attribute>
       <attribute name="RemoteAccess">true</attribute>
       </mbean>
      

      I created the file 'ldap.properties' in the conf directory with the
      following contents...

      java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
      java.naming.provider.url=ldap://myldap-server:389/ou=USER,ou=JMS,ou=Services,o=MyCompany%20Name
      java.naming.security.principal=cn=Directory Manager
      java.naming.security.authentication=simple
      java.naming.security.credentials=secret
      


      Attempts to start JBoss after this wound up with a socket time-out
      exception. After some review of the code in NamingContext.java I
      decided to add the following line to the conf/jndi.properties...

      jnp.disableDiscovery=true

      This appears to disable an attempt by JBoss to 'discover' other servers
      via multi-cast packets which indeed do time-out on my network.
      However, I now get the following exception during start up...

      No valid Context.PROVIDER_URL was found

      Here is where I've given up for the time being. My questions are:

      (a) Has ANYONE out there been able to get an external JNDI namespace
      via LDAP to work with JBoss? Just knowing it is possible, would be a
      boost :)

      (b) Based on my description here, can you point me in a direction of
      resolution of this problem?

      (c) Is my "Properties" attribute correct? It follows closely the
      examples I've seen but a couple things I find disturbing. Although
      JBoss reports serveral things about my config when I have DEBUG level
      logging on, nothing in ldap.properties is reported. Furthermore, I can
      give a non-existent file name here and there is no complaint.

      (d) Where should the ldap.properties file (based on my setting above)
      go? Should it be in server/default, server/default/conf,
      server/default/deploy or somehwere else?

      Thanks in advance.
      Tfsquare.

        • 1. Re: Expanding JNDI via LDAP
          tfsquare

          Self followup,

          Upon further research I discovered attribute "Properties" should _not_ reference a file, but instead spell out properties as they would appear in a properties file. So now I have...

          <attribute name="Properties">
          java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
          java.naming.provider.url=ldap://myldap-server:389/ou=USER,ou=JMS,ou=Services,o=MyCompany%20Name
          java.naming.security.principal=cn=Directory Manager
          java.naming.security.authentication=simple
          java.naming.security.credentials=secret
          </attribute>
          


          Which leads to my next question. In real life, my LDAP server is accessed via an anonymous login, not "cn=Directory Manager" and "secret" for a password. Does anyone know what the trick is to specify anonymous access?

          Btw- If you wanted to put your properties in a file, apparently there is a attribute called "PropertiesURL" which will do the trick, but I haven't tried that.

          Regards,
          Tfsquare


          • 2. Re: Expanding JNDI via LDAP
            starksm64

            Simply remove the login related properties.

            • 3. Re: Expanding JNDI via LDAP
              tfsquare

              Scott,

              Thanks for the response. I thought of that (and probably should have mentioned it in my last post). In any regards when I have just this...

              <attribute name="Properties">
              java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
              java.naming.provider.url=ldap://myldap-server:389/ou=USER,ou=JMS,ou=Services,o=MyCompany%20Name
              </attribute>
              


              A start of JBoss via run.sh reveals the following:

              (a) tcpdump definately shows packets being sent to the ldap server. (I"ve also verified I can access the server anonymously via 'JXplorer' (a Java-based LDAP viewer))

              (b) The server/default/log/server.log shows the following:

              2005-04-25 08:51:20,369 DEBUG [org.jboss.system.ServiceController] starting service jboss.jndi:service=ExternalContext,jndiName=external/ldap/jboss
              2005-04-25 08:51:20,369 DEBUG [org.jboss.naming.ExternalContext] Starting jboss.jndi:service=ExternalContext,jndiName=external/ldap/jboss
              2005-04-25 08:51:20,389 DEBUG [org.jboss.deployment.scanner.AbstractDeploymentScanner$ScannerThread] Running
              2005-04-25 08:51:20,389 DEBUG [org.jboss.deployment.scanner.AbstractDeploymentScanner$ScannerThread] Disabled, waiting for notification
              2005-04-25 08:51:20,808 DEBUG [org.jboss.naming.ExternalContext] ctx=javax.naming.ldap.InitialLdapContext@1ba94d, env={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldap://myldap-server:389/ou=USER,ou=JMS,ou=Services,o=MyCompany%20Name, jnp.disableDiscovery=true, java.naming.ldap.version=3, java.naming.factory.url.pkgs=org.jboss.naming:org.jnp.interfaces}
              2005-04-25 08:51:20,809 DEBUG [org.jboss.naming.ExternalContext] fullName=external/ldap/jboss
              2005-04-25 08:51:20,810 DEBUG [org.jboss.naming.ExternalContext] parentName=external/ldap
              2005-04-25 08:51:20,816 ERROR [org.jboss.naming.ExternalContext] Starting failed jboss.jndi:service=ExternalContext,jndiName=external/ldap/jboss
              javax.naming.ConfigurationException: No valid Context.PROVIDER_URL was found
               at org.jnp.interfaces.NamingContext.checkRef(NamingContext.java:1277)
               at org.jnp.interfaces.NamingContext.createSubcontext(NamingContext.java:868)
              ...stack trace continues...
              


              Any idea what make of the "No valid Context.PROVIDER_URL was found"? In the mean time I'll keep searching and post back any further findings. (Just a sec... I noticed something...)

              Ok, I'm back.... IF I remove my "jnp.disableDiscovery=true" from the jndi.properties I no longer get the Context.PROVIDER_URL issue, but I'm back to the socket time-out. As mentioned I'll keep trying, but any insight/suggestions a JBoss guru may have will be met with showers of praise and thanks :)

              Regards,
              Tfsquare