6 Replies Latest reply on Jan 1, 2010 1:54 PM by longbeach

    [JBoss 6.0 M1] Connection to LDAP server through LdapExtLoginModule

    longbeach
    longbeach Dec 31, 2009 2:51 PM

      Hi,

      I have been battling for days to make that LDAP connection work.

      Here is my login-config.xml file :

       

       <application-policy name="venteEnLigne_domaine_LDAP">
               <authentication>
                   <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
                       <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
                       <module-option name="java.naming.provider.url">ldap://localhost:10389</module-option>
                       <module-option name="java.naming.security.authentication">simple</module-option>
                      
                       <module-option name="bindDN">uid=log6,ou=users,ou=system</module-option>
                       <module-option name="bindCredential">pwd6</module-option>
                       
                        <module-option name="baseCtxDN">ou=users,ou=system</module-option>
                       
                       <module-option name="principalDNPrefix">uid=</module-option>                    
                   <module-option name="principalDNSuffix">,ou=users,ou=system</module-option>
                                
                       <module-option name="searchScope">ONELEVEL_SCOPE</module-option>
                       <module-option name="allowEmptyPasswords">true</module-option>
                 </login-module>
               </authentication>
           </application-policy>

       

      I can connect to the LDAP server through this program :

       

       String url = "ldap://localhost:10389/ou=users,ou=system";
                  String userName = "log6";
                  String password = "pwd6";
                  String base = "ou=users,ou=system";
                  String dn = "uid=" + userName + "," + base;
                  
                  Hashtable env = new Hashtable();
                  env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
                  env.put(Context.PROVIDER_URL, url);
                  env.put(Context.SECURITY_AUTHENTICATION, "simple");
                  env.put(Context.SECURITY_PRINCIPAL, dn);
                  env.put(Context.SECURITY_CREDENTIALS, password);
                  DirContext context = new InitialDirContext(env);
                  System.out.println("Authentication Success!");
                

       

      But i cannot connect when i use these lines, I do not even get any error message :

       

      import org.jboss.security.client.SecurityClient;
      import org.jboss.security.client.SecurityClientFactory;
      ...
      SecurityClient securityClient;
       securityClient = SecurityClientFactory.getSecurityClient();
       securityClient.setSimple("log6", "pwd6");                             
                      securityClient.login();

       

      I know the connection is not working because when i try to access an EJB method with restricted access, it fails (Invalid user).

      Does anyone know what's wrong and how to fix this ?

       

      That would be a really nice way to end the year 2009 and start the year 2010.

      Happy new year !

      And thanks in advance.

      • 4969 Views
      • Tags:
        • 1. Re: [JBoss 6.0 M1] Connection to LDAP server through LdapExtLoginModule
          longbeach
          longbeach Dec 31, 2009 2:56 PM (in response to longbeach)

          It looks like the content of the login-config.xml file did not go through in my previous post. So here is the code again :


          <application-policy name="venteEnLigne_domaine_LDAP">
                   <authentication>
                       <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
                           <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
                           <module-option name="java.naming.provider.url">ldap://localhost:10389</module-option>
                           <module-option name="java.naming.security.authentication">simple</module-option>
                         
                           <module-option name="bindDN">uid=log6,ou=users,ou=system</module-option>
                           <module-option name="bindCredential">pwd6</module-option>
                          
                            <module-option name="baseCtxDN">ou=users,ou=system</module-option>
                          
                           <module-option name="principalDNPrefix">uid=</module-option>                   
                       <module-option name="principalDNSuffix">,ou=users,ou=system</module-option>
                                   
                           <module-option name="searchScope">ONELEVEL_SCOPE</module-option>
                           <module-option name="allowEmptyPasswords">true</module-option>
                     </login-module>
                   </authentication>
               </application-policy>

           

          Does anyone have a clue ?

          Thanks again for helping.

            • Actions
          • 2. Re: [JBoss 6.0 M1] Connection to LDAP server through LdapExtLoginModule
            longbeach
            longbeach Dec 31, 2009 3:54 PM (in response to longbeach)
            do we still need to add a jaas.conf file ?
              • Actions
            • 3. Re: [JBoss 6.0 M1] Connection to LDAP server through LdapExtLoginModule
              longbeach
              longbeach Dec 31, 2009 4:10 PM (in response to longbeach)
              do we still need to add a jaas.conf file ?
                • Actions
              • 4. Re: [JBoss 6.0 M1] Connection to LDAP server through LdapExtLoginModule
                jaikiran
                jaikiran Jan 1, 2010 9:10 AM (in response to longbeach)
                Please post the entire exception stacktrace, the bean configuration and also the TRACE level output of jboss security package as explained in Q4 at http://community.jboss.org/wiki/SecurityFAQ
                  • Actions
                • 5. Re: [JBoss 6.0 M1] Connection to LDAP server through LdapExtLoginModule
                  longbeach
                  longbeach Jan 1, 2010 10:47 AM (in response to jaikiran)

                  That is exactly what i did in my other post here : http://community.jboss.org/thread/146305

                   

                  I added these additional properties in conf/jboss-log4j.xml to get a bit more traces in the log.

                   

                  Regarding the bean configuration, it is a basic stateless session bean annotated with @Stateless and the jboss security domain annotation @SecurityDomain.

                   

                  The bean is definitely not the problem because I tried 2 other security domains (based on 2 other login modules : DatabaseServerLoginModule and on UsersRolesLoginModule) and they worked.

                   

                  There is something not well configured either in the login-config.xml file or in my java client (the 5 lines i posted previously) or both.

                  It's very hard to figure it out, considering i have little knowledge about LDAP and the Security Client API, although i am starting to know more and more about it, and there is not much info in the logs.

                   

                  Making the loging module LdapExtLoginModule work is not easy due to a painful LDAP configuration i guess. Does anyone know what's wrong ?

                  Thanks.

                    • Actions