1 Reply Latest reply on Apr 23, 2007 5:24 AM by bdaw

    Failing to login using LDAP UserModule

    maph2880
    maph2880 Apr 22, 2007 9:36 PM

      I am trying to configure LDAP for jboss portal BETA1. I am attempting to login but the site returns a generic login exception when using valid credentials. There are no exceptions generated in the log.

      I have configured per the instructions at..

      http://cruisecontrol.jboss.com/cc/artifacts/jboss-portal-latest-doc/referenceGuide/html/ldap.html

      I am using the LDAPUserModuleImpl user module.. For the user module, i have specified the common properties for userCtxDN and uidAttributeID. For the Role and Membership modules, I am using DB. I have the server configured to use Mysql. (when i use the DB specific usermodule, I can login using user credentials from the DB so the DB is configured correctely) In the DB the user mpetteys is assigned the roles for Admin and User.

      When I attempt a login i see the following messages are logged..

      2007-04-22 07:34:13,680 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Authenticating username 'mpetteys'
      2007-04-22 07:34:13,686 DEBUG [org.jboss.portal.identity.ldap.LDAPUserModuleImpl] findUserByUserName(): username = mpetteys
      2007-04-22 07:34:13,686 DEBUG [org.jboss.portal.identity.ldap.LDAPUserModuleImpl] Search filter: (uid=mpetteys)
      2007-04-22 07:34:13,686 DEBUG [org.jboss.portal.identity.ldap.LDAPUserModuleImpl] Search filter: (uid=mpetteys)
      2007-04-22 07:34:13,705 DEBUG [org.jboss.portal.identity.ldap.LDAPUserModule] user uid: cn=Matt Petteys,ou=people,dc=yellowguppy,dc=com
      2007-04-22 07:34:13,705 DEBUG [org.jboss.portal.identity.ldap.LDAPUserModule] user dn: cn=Matt Petteys,ou=people,dc=yellowguppy,dc=com
      2007-04-22 07:34:13,715 DEBUG [org.jboss.portal.identity.ldap.LDAPUserModuleImpl] findUserByUserName(): username = mpetteys
      2007-04-22 07:34:13,715 DEBUG [org.jboss.portal.identity.ldap.LDAPUserModuleImpl] Search filter: (uid=mpetteys)
      2007-04-22 07:34:13,715 DEBUG [org.jboss.portal.identity.ldap.LDAPUserModuleImpl] Search filter: (uid=mpetteys)
      2007-04-22 07:34:13,736 DEBUG [org.jboss.portal.identity.ldap.LDAPUserModule] user uid: cn=Matt Petteys,ou=people,dc=yellowguppy,dc=com
      2007-04-22 07:34:13,736 DEBUG [org.jboss.portal.identity.ldap.LDAPUserModule] user dn: cn=Matt Petteys,ou=people,dc=yellowguppy,dc=com
      2007-04-22 07:34:13,739 DEBUG [org.apache.catalina.core.ApplicationDispatcher] servletPath=/error.jsp, pathInfo=null, queryString=null, name=null
      2007-04-22 07:34:13,739 DEBUG [org.apache.catalina.core.ApplicationDispatcher] Path Based Forward
      2007-04-22 07:34:13,740 DEBUG [org.apache.jasper.servlet.JspServlet] JspEngine --> /error.jsp
      2007-04-22 07:34:13,740 DEBUG [org.apache.jasper.servlet.JspServlet] ServletPath: /error.jsp
      2007-04-22 07:34:13,740 DEBUG [org.apache.jasper.servlet.JspServlet] PathInfo: null
      2007-04-22 07:34:13,740 DEBUG [org.apache.jasper.servlet.JspServlet] RealPath: /opt/jboss-portal-2.6-BETA1/server/default/./deploy/jboss-portal.sar/portal-server.war/error.jsp
      2007-04-22 07:34:13,740 DEBUG [org.apache.jasper.servlet.JspServlet] RequestURI: /portal/error.jsp
      2007-04-22 07:34:13,740 DEBUG [org.apache.jasper.servlet.JspServlet] QueryString: null

      I see valid bind requests for LDAP but there are not queries sent to mysql to lookup role associations. There is no apparent reasons why the authentication fails. Any ideas..?

      The only weirdness that i have found in the error messages..

      007-04-22 07:34:13,736 DEBUG [org.jboss.portal.identity.ldap.LDAPUserModule] user uid: cn=Matt Petteys,ou=people,dc=yellowguppy,dc=com
      2007-04-22 07:34:13,736 DEBUG [org.jboss.portal.identity.ldap.LDAPUserModule] user dn: cn=Matt Petteys,ou=people,dc=yellowguppy,dc=com

      My ldap entries look something like..

      # Matt Petteys, people, yellowguppy.com
      dn: cn=Matt Petteys,ou=people,dc=yellowguppy,dc=com
      sn: Petteys
      givenName: Matt
      cn: Matt Petteys
      gecos: Matt Petteys
      uid: mpetteys
      userPassword:: xxxxx=

      As you can see, i suspect the uid value should be mpetteys.. This appears to be caused by..

      http://anonsvn.jboss.org/repos/portal/tags/JBoss_Portal_2_6_0_BETA1/identity/src/main/org/jboss/portal/identity/ldap/LDAPUserModule.java

      Note in.. LDAPUserImpl createUserInstance(Attributes attrs, String dn)

      The LDAPUserImpl is initialized using the dn in the third parameters which represents the uid..

      ldapu = new LDAPUserImpl(dn,getIdentityContext(), dn);

      There is a commented out initializer using the uid attribute in this function..

      //ldapu = new LDAPUserImpl(dn,getIdentityContext(), uida.get().toString());

      I don't know if this is related..?

      • 2864 Views
      • Tags:
        • 1. Re: Failing to login using LDAP UserModule
          bdaw
          bdaw Apr 23, 2007 5:24 AM (in response to maph2880)

           

          "maph2880" wrote:

          I am using the LDAPUserModuleImpl user module.. For the user module, i have specified the common properties for userCtxDN and uidAttributeID. For the Role and Membership modules, I am using DB.


          I think the simple reason is that you are mixing UserModule from LDAP with RoleModule and MembershipModule from DB. HibernateMembershipModuleImpl won't be able to resolve user/role relationship in such scenario and I suspect this is the root of exception during login process.
          So simply you cannot mix modules in such way. Only usage of delegating UserProfileModule for DB is allowed - like configured in default ldap config.
          Sorry if documentation wasn't clear enough about this. I will add a note there.

          If you'll have any other issues don't hesitate to ask.


            • Actions