1 Reply Latest reply on Aug 16, 2007 5:16 PM by bdaw

    IdentityException

    georgy
    georgy Aug 13, 2007 8:53 AM

      I have some difficulties with my ldap configuration

      My configuration is :

      login-config.xml

       <login-module code="org.jboss.portal.identity.auth.IdentityLoginModule" flag="sufficient">
 <module-option name="unauthenticatedIdentity">guest</module-option>
 <module-option name="userModuleJNDIName">java:/portal/UserModule</module-option>
 <module-option name="roleModuleJNDIName">java:/portal/RoleModule</module-option>
 <module-option name="userProfileModuleJNDIName">java:/portal/UserProfileModule</module-option>
 <module-option name="membershipModuleJNDIName">java:/portal/MembershipModule</module-option>
 <module-option name="additionalRole">Authenticated</module-option>
 <module-option name="password-stacking">useFirstPass</module-option>
 </login-module>



 <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">
 <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
 <module-option name="java.naming.provider.url">ldap://192.168.10.240:389</module-option>
 <module-option name="java.naming.security.authentication">simple</module-option>
 <module-option name="bindDN">bind@proxiad-nord.com</module-option>
 <module-option name="bindCredential">****</module-option>
 <module-option name="roleFilter">(sAMAccountName={0})</module-option>
 <module-option name="roleAttributeID">memberOf</module-option>
 <module-option name="roleAttributeIsDN">true</module-option>
 <module-option name="roleNameAttributeID">cn</module-option>
 <module-option name="roleRecursion">-1</module-option>
 <module-option name="searchTimeLimit">10000</module-option>
 <module-option name="searchScope">SUBTREE_SCOPE</module-option>
 <module-option name="allowEmptyPasswords">false</module-option>
 <!--<module-option name="hashAlgorithm">MD5</module-option>-->
 </login-module>



      ldap_config.xml 

      <identity-configuration>
 <datasources>
 <datasource>
 <name>LDAP</name>
 <config>
 <option>
 <name>host</name>
 <value>192.168.10.240</value>
 </option>
 <option>
 <name>port</name>
 <value>389</value>
 </option>
 <option>
 <name>adminDN</name>
 <value>bind@proxiad-nord.com</value>
 </option>
 <option>
 <name>adminPassword</name>
 <value>*****</value>
 </option>
 <!--<option>
 <name>protocol</name>
 <value>ssl</value>
 </option>-->
 </config>
 </datasource>
 </datasources>
 <modules>
 <module>
 <!--type used to correctly map in IdentityContext registry-->
 <type>User</type>
 <implementation>LDAP</implementation>
 <class>org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl</class>
 <config/>
 </module>
 <module>
 <type>Role</type>
 <implementation>LDAP</implementation>
 <config/>
 </module>
 <module>
 <type>Membership</type>
 <implementation>LDAP</implementation>
 <config/>
 </module>
 <module>
 <type>UserProfile</type>
 <implementation>DELEGATING</implementation>
 <config>
 <option>
 <name>ldapModuleJNDIName</name>
 <value>java:/portal/LDAPUserProfileModule</value>
 </option>
 </config>
 </module>
 <module>
 <type>DBDelegateUserProfile</type>
 <implementation>DB</implementation>
 <config>
 <option>
 <name>randomSynchronizePassword</name>
 <value>true</value>
 </option>
 </config>
 </module>
 <module>
 <type>LDAPDelegateUserProfile</type>
 <implementation>LDAP</implementation>
 <config/>
 </module>
 </modules>

 <options>
 <option-group>
 <group-name>common</group-name>
 <option>
 <name>userCtxDN</name>
 <value>ou=IDF,ou=Collaborateurs,dc=proxiad-nord,dc=com</value>
 <value>ou=Nord,ou=Collaborateurs,dc=proxiad-nord,dc=com</value>
 </option>
 <!--<option>
 <name>passwordAttributeID</name>
 <value>userPassword</value>
 </option>-->
 <option>
 <name>roleCtxDN</name>
 <value>ou=Groupes,dc=proxiad-nord,dc=com</value>
 </option>
 <option>
 <name>userSearchFilter</name>
 <value><![CDATA[(sAMAccountName={0})]]></value>
 </option>


 </option-group>
 <option-group>
 <group-name>userCreateAttibutes</group-name>
 <option>
 <name>objectClass</name>
 <!--This objectclasses should work with Red Hat Directory-->
 <value>top</value>
 <value>person</value>
 <value>inetOrgPerson</value>
 </option>
 <!--Schema requires those to have initial value-->
 <option>
 <name>cn</name>
 <value>none</value>
 </option>
 <option>
 <name>sn</name>
 <value>none</value>
 </option>
 </option-group>
 <option-group>
 <group-name>roleCreateAttibutes</group-name>
 <!--Schema requires those to have initial value-->
 <option>
 <name>cn</name>
 <value>none</value>
 </option>
 <!--Some directory servers require this attribute to be valid DN-->
 <!--For safety reasons point to the admin user here-->
 <option>
 <name>member</name>
 <value>cn=Admin,ou=Groupes,dc=proxiad-nord,dc=com</value>
 </option>
 </option-group>
 </options>
</identity-configuration>




      here is the exception i get after i try to log in with correct login and password 

      2007-08-13 12:32:43,422 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] Search filter: (sAMAccountName={0})
2007-08-13 12:32:43,422 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] Search filter: (sAMAccountName={0})
2007-08-13 12:32:43,422 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] Search filterArg: {0}: g.mahop
2007-08-13 12:32:43,422 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] Search ctx: ou=Nord,ou=Collaborateurs,dc=proxiad-nord,dc=com
2007-08-13 12:32:43,484 ERROR [org.jboss.portal.identity.auth.IdentityLoginModule] Error when validating password
org.jboss.portal.common.transaction.NestedException: javax.security.auth.login.LoginException: org.jboss.portal.identity.IdentityException: Couldn't create LDAPUserImpl object from ldap entry (SearchResult)
 at org.jboss.portal.common.transaction.Transactions.apply(Transactions.java:253)
 at org.jboss.portal.common.transaction.Transactions.required(Transactions.java:289)
 at org.jboss.portal.identity.auth.IdentityLoginModule.getUserStatus(IdentityLoginModule.java:204)
 at org.jboss.portal.identity.auth.IdentityLoginModule.validatePassword(IdentityLoginModule.java:158)
 at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:210)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:585)
 at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
 at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
 at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
 at java.security.AccessController.doPrivileged(Native Method)
 at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
 at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
 at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:603)
 at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:537)
 at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
 at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:491)
 at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:258)
 at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:417)
 at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
 at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
 at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
 at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241)
 at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
 at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:580)
 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
 at java.lang.Thread.run(Thread.java:595)
Caused by: javax.security.auth.login.LoginException: org.jboss.portal.identity.IdentityException: Couldn't create LDAPUserImpl object from ldap entry (SearchResult)
 at org.jboss.portal.identity.auth.IdentityLoginModule$1.run(IdentityLoginModule.java:260)
 at org.jboss.portal.common.transaction.Transactions.apply(Transactions.java:219)
 ... 30 more
2007-08-13 12:32:43,484 DEBUG [org.jboss.portal.identity.auth.IdentityLoginModule] Bad password for username=g.mahop
2007-08-13 12:32:43,500 DEBUG [org.jboss.security.auth.spi.LdapExtLoginModule] Bad password for username=g.mahop
java.lang.NullPointerException
 at javax.naming.InitialContext.getURLScheme(InitialContext.java:228)
 at javax.naming.InitialContext.getURLOrDefaultInitCtx(InitialContext.java:277)
 at javax.naming.directory.InitialDirContext.getURLOrDefaultInitDirCtx(InitialDirContext.java:87)
 at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
 at org.jboss.security.auth.spi.LdapExtLoginModule.bindDNAuthentication(LdapExtLoginModule.java:375)
 at org.jboss.security.auth.spi.LdapExtLoginModule.createLdapInitContext(LdapExtLoginModule.java:336)
 at org.jboss.security.auth.spi.LdapExtLoginModule.validatePassword(LdapExtLoginModule.java:229)
 at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:210)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:585)
 at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
 at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
 at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
 at java.security.AccessController.doPrivileged(Native Method)
 at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
 at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
 at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:603)
 at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:537)
 at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
 at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:491)
 at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:258)
 at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:417)
 at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
 at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
 at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
 at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241)
 at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
 at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:580)
 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
 at java.lang.Thread.run(Thread.java:595)



      I am working with

      Jboss portal 2.6.1.GA
      Active Directory


      Any advice?

      • 1316 Views
      • Tags:
        • 1. Re: IdentityException
          bdaw
          bdaw Aug 16, 2007 5:16 PM (in response to georgy)

          First - Why do you have both IdentityLoginModule setup against LDAP and LdapExtLoginModule in your login-config.xml? Also I see that you even failed to authenticate using the second one which doesn't seem to be portal related issue.

            • Actions