-
1. Re: LdapIdentityStore and Active Directory
traviskds Nov 20, 2008 7:07 AM (in response to traviskds)Note that I was able to authenticate via jaas using the active directory entry I have in the login-config.xml in Jboss. I guess I prefer to do it the new way using the ldap identity store.
-
2. Re: LdapIdentityStore and Active Directory
traviskds Nov 24, 2008 3:29 AM (in response to traviskds)I got this to work. The problem was not with the bind user but with the actual user that I was trying to authenticate. Once you put in the correct entries for user-DN-prefix and user-DN-suffix, it works.
Now I have another issue. When you have complex AD structures, you might not always be able to specify the full DN. For example users can be under different trees (broken by sub divisions) In that instance, if we want to authenticate these uses who are in cross contexts, we will not be able to if we configure it as above. The solution is to add
@company.com
as the user-DN-suffix and leave the user-DN-prefix as blank.This is called theUser Principal Name
and when I add the @ sign, I get an error when seam starts up.How can we configure seam to use the user principal name? (note that when I remove the @ sign from the components.xml and add that as part of the username, the authentication works. But this is not acceptable as we cannot tell end users to add the @ sign at the end of their user name. What we need is to be able to configure this in the components.xml.
-
3. Re: LdapIdentityStore and Active Directory
shane.bryzak Nov 25, 2008 5:20 AM (in response to traviskds)What error do you get? Can you post a stack trace?
-
4. Re: LdapIdentityStore and Active Directory
traviskds Dec 3, 2008 8:53 AM (in response to traviskds)Hi Shane,
Apologies for the delayed reply. I don't seem to be getting the forum replies in my mailbox. Will check on that later.
Since I posted, I got it to work by configuring to get the user-DN-suffix from the messsages property file like this.
user-DN-suffix="#{messages['ldap.user.principal.name.suffix']}"
Given below is the stack trace when I directly put the domain name with the @ sign. I have changed our company domain to the generic company.com name.
java.lang.RuntimeException: error while reading /WEB-INF/components.xml at org.jboss.seam.init.Initialization.initComponentsFromXmlDocument(Initialization.java:221) at org.jboss.seam.init.Initialization.create(Initialization.java:124) at org.jboss.seam.servlet.SeamListener.contextInitialized(SeamListener.java:34) at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3856) at org.apache.catalina.core.StandardContext.start(StandardContext.java:4361) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:790) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:770) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:553) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.tomcat.util.modeler.BaseModelMBean.invoke(BaseModelMBean.java:296) at org.jboss.mx.server.RawDynamicInvoker.invoke(RawDynamicInvoker.java:164) at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659) at org.apache.catalina.core.StandardContext.init(StandardContext.java:5312) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.tomcat.util.modeler.BaseModelMBean.invoke(BaseModelMBean.java:296) at org.jboss.mx.server.RawDynamicInvoker.invoke(RawDynamicInvoker.java:164) at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659) at org.jboss.web.tomcat.service.TomcatDeployer.performDeployInternal(TomcatDeployer.java:301) at org.jboss.web.tomcat.service.TomcatDeployer.performDeploy(TomcatDeployer.java:104) at org.jboss.web.AbstractWebDeployer.start(AbstractWebDeployer.java:375) at org.jboss.web.WebModule.startModule(WebModule.java:83) at org.jboss.web.WebModule.startService(WebModule.java:61) at org.jboss.system.ServiceMBeanSupport.jbossInternalStart(ServiceMBeanSupport.java:289) at org.jboss.system.ServiceMBeanSupport.jbossInternalLifecycle(ServiceMBeanSupport.java:245) at sun.reflect.GeneratedMethodAccessor3.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155) at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94) at org.jboss.mx.server.Invocation.invoke(Invocation.java:86) at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264) at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659) at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:978) at $Proxy0.start(Unknown Source) at org.jboss.system.ServiceController.start(ServiceController.java:417) at sun.reflect.GeneratedMethodAccessor9.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155) at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94) at org.jboss.mx.server.Invocation.invoke(Invocation.java:86) at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264) at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659) at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210) at $Proxy44.start(Unknown Source) at org.jboss.web.AbstractWebContainer.start(AbstractWebContainer.java:466) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155) at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94) at org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:133) at org.jboss.mx.server.Invocation.invoke(Invocation.java:88) at org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterceptor.java:142) at org.jboss.mx.interceptor.DynamicInterceptor.invoke(DynamicInterceptor.java:97) at org.jboss.system.InterceptorServiceMBeanSupport.invokeNext(InterceptorServiceMBeanSupport.java:238) at org.jboss.wsf.container.jboss42.DeployerInterceptor.start(DeployerInterceptor.java:87) at org.jboss.deployment.SubDeployerInterceptorSupport$XMBeanInterceptor.start(SubDeployerInterceptorSupport.java:188) at org.jboss.deployment.SubDeployerInterceptor.invoke(SubDeployerInterceptor.java:95) at org.jboss.mx.server.Invocation.invoke(Invocation.java:88) at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264) at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659) at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210) at $Proxy45.start(Unknown Source) at org.jboss.deployment.MainDeployer.start(MainDeployer.java:1025) at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:819) at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:782) at sun.reflect.GeneratedMethodAccessor21.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155) at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94) at org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:133) at org.jboss.mx.server.Invocation.invoke(Invocation.java:88) at org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterceptor.java:142) at org.jboss.mx.server.Invocation.invoke(Invocation.java:88) at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264) at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659) at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210) at $Proxy9.deploy(Unknown Source) at org.jboss.deployment.scanner.URLDeploymentScanner.deploy(URLDeploymentScanner.java:421) at org.jboss.deployment.scanner.URLDeploymentScanner.scan(URLDeploymentScanner.java:634) at org.jboss.deployment.scanner.AbstractDeploymentScanner$ScannerThread.doScan(AbstractDeploymentScanner.java:263) at org.jboss.deployment.scanner.AbstractDeploymentScanner.startService(AbstractDeploymentScanner.java:336) at org.jboss.system.ServiceMBeanSupport.jbossInternalStart(ServiceMBeanSupport.java:289) at org.jboss.system.ServiceMBeanSupport.jbossInternalLifecycle(ServiceMBeanSupport.java:245) at sun.reflect.GeneratedMethodAccessor3.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155) at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94) at org.jboss.mx.server.Invocation.invoke(Invocation.java:86) at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264) at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659) at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:978) at $Proxy0.start(Unknown Source) at org.jboss.system.ServiceController.start(ServiceController.java:417) at sun.reflect.GeneratedMethodAccessor9.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155) at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94) at org.jboss.mx.server.Invocation.invoke(Invocation.java:86) at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264) at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659) at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210) at $Proxy4.start(Unknown Source) at org.jboss.deployment.SARDeployer.start(SARDeployer.java:304) at org.jboss.deployment.MainDeployer.start(MainDeployer.java:1025) at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:819) at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:782) at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:766) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155) at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94) at org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:133) at org.jboss.mx.server.Invocation.invoke(Invocation.java:88) at org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterceptor.java:142) at org.jboss.mx.server.Invocation.invoke(Invocation.java:88) at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264) at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659) at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210) at $Proxy5.deploy(Unknown Source) at org.jboss.system.server.ServerImpl.doStart(ServerImpl.java:482) at org.jboss.system.server.ServerImpl.start(ServerImpl.java:362) at org.jboss.Main.boot(Main.java:200) at org.jboss.Main$1.run(Main.java:508) at java.lang.Thread.run(Thread.java:619) Caused by: java.lang.IllegalArgumentException: Exception setting property ldapIdentityStore.userDNSuffix on component ldapIdentityStore. Expression @company.com evaluated to null. at org.jboss.seam.init.Initialization.installComponentFromXmlElement(Initialization.java:518) at org.jboss.seam.init.Initialization.installComponentsFromXmlElements(Initialization.java:354) at org.jboss.seam.init.Initialization.initComponentsFromXmlDocument(Initialization.java:217) ... 137 more Caused by: java.lang.IllegalArgumentException: null value at org.jboss.seam.util.Conversions$FlatPropertyValue.<init>(Conversions.java:291) at org.jboss.seam.init.Initialization.getPropertyValue(Initialization.java:595) at org.jboss.seam.init.Initialization.installComponentFromXmlElement(Initialization.java:513) ... 139 more
-
5. Re: LdapIdentityStore and Active Directory
pjbcaeiro Dec 3, 2008 5:43 PM (in response to traviskds)Hello,
Sorry to use this post to put my question, but its related so i think some one here could help.
I'm trying the LdapIdentityStore but I keep get the next error:
15:30:31,497 ERROR [SeamLoginModule] Error invoking login method org.jboss.seam.security.management.IdentityManagementException: Authentication error at org.jboss.seam.security.management.LdapIdentityStore.authenticate(LdapIdentityStore.java:441) at org.jboss.seam.security.management.IdentityManager.authenticate(IdentityManager.java:262) at org.jboss.seam.security.jaas.SeamLoginModule.login(SeamLoginModule.java:126) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at javax.security.auth.login.LoginContext.invoke(Unknown Source) at javax.security.auth.login.LoginContext.access$000(Unknown Source) at javax.security.auth.login.LoginContext$5.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokeCreatorPriv(Unknown Source) at javax.security.auth.login.LoginContext.login(Unknown Source) at org.jboss.seam.security.Identity.authenticate(Identity.java:335) at org.jboss.seam.security.Identity.authenticate(Identity.java:324) at org.jboss.seam.security.Identity.login(Identity.java:253) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.jboss.el.util.ReflectionUtil.invokeMethod(ReflectionUtil.java:329) at org.jboss.el.util.ReflectionUtil.invokeMethod(ReflectionUtil.java:342) at org.jboss.el.parser.AstPropertySuffix.invoke(AstPropertySuffix.java:58) at org.jboss.el.parser.AstValue.invoke(AstValue.java:96) at org.jboss.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:276) at com.sun.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:68) at javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:88) at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102) at javax.faces.component.UICommand.broadcast(UICommand.java:387) at org.ajax4jsf.component.AjaxViewRoot.processEvents(AjaxViewRoot.java:321) at org.ajax4jsf.component.AjaxViewRoot.broadcastEvents(AjaxViewRoot.java:296) at org.ajax4jsf.component.AjaxViewRoot.processPhase(AjaxViewRoot.java:253) at org.ajax4jsf.component.AjaxViewRoot.processApplication(AjaxViewRoot.java:466) at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:82) at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:100) at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:118) at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83) at org.jboss.seam.web.IdentityFilter.doFilter(IdentityFilter.java:38) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:90) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:45) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:177) at org.ajax4jsf.webapp.BaseFilter.handleRequest(BaseFilter.java:267) at org.ajax4jsf.webapp.BaseFilter.processUploadsAndHandleRequest(BaseFilter.java:380) at org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:507) at org.jboss.seam.web.Ajax4jsfFilter.doFilter(Ajax4jsfFilter.java:56) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.web.LoggingFilter.doFilter(LoggingFilter.java:58) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.debug.hot.HotDeployFilter.doFilter(HotDeployFilter.java:51) at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69) at org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:432) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446) at java.lang.Thread.run(Unknown Source) Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials] at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source) at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source) at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source) at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source) at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source) at javax.naming.spi.NamingManager.getInitialContext(Unknown Source) at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source) at javax.naming.InitialContext.init(Unknown Source) at javax.naming.ldap.InitialLdapContext.<init>(Unknown Source) at org.jboss.seam.security.management.LdapIdentityStore.initialiseContext(LdapIdentityStore.java:399) at org.jboss.seam.security.management.LdapIdentityStore.authenticate(LdapIdentityStore.java:420) ... 77 more
and here it's my components.xml
<security:ldap-identity-store name="ldapIdentityStore" server-address="sedna.cmarl.pt" server-port="389" user-DN-prefix="uid=" user-DN-suffix=",ou=Users,dc=cmarl,dc=pt" user-context-DN="ou=Users,dc=cmarl,dc=pt" user-password-attribute="userPassword" bind-DN="cn=Manager,dc=cmarl,dc=pt" bind-credentials="secret" role-context-DN="ou=Groups,dc=example,dc=com" role-DN-prefix="cn=" role-DN-suffix=",ou=Groups,dc=example,dc=com"/> <security:identity-manager identity-store="#{ldapIdentityStore}"/>
I think it´s related to the bind credentials because no matter the value i put in there the error it's always the same. Even with the right one.
Tanks in advance
Paulo
-
6. Re: LdapIdentityStore and Active Directory
traviskds Dec 4, 2008 4:37 AM (in response to traviskds)Hi Paulo,
If you are sure that your bind-DN and bind-credentials are correct, then you are most probably getting this error as the user to be authenticated cannot be authenticated. Note this is not the bind user but the actual user you wish to authenticate.
This happened to me when the user-DN-prefix and user-DN-suffix was incorrect. If you don't have the ldap service, (ie part of a large company) then I suggest you use a open source tool like JXplorer (http://www.jxplorer.org/) to get an understanding of the tree structure and attributes. This was very useful for me.
Its frustrating when you get these issues but when you get it right, it certainly is a great feeling!!.
Hope this helps.
Travis
-
7. Re: LdapIdentityStore and Active Directory
pjbcaeiro Dec 4, 2008 11:25 AM (in response to traviskds)Hi Travis and thanks for your reply...
Well i have made some progress but still stuck in here... :)
I have changed the user-DN-prefix from "uid=" to "cn=" for a quick test and i was able to do the login with the canonical name of the users but this is not what i want, i need to do it with the uid attribute.
Do you have any suggestion for this?
Thanks again for your help
Paulo -
8. Re: LdapIdentityStore and Active Directory
traviskds Dec 6, 2008 6:12 AM (in response to traviskds)Were you able to login via the JXplorer tool. If you can do that, and then do a search for the user you are trying to authenticate, you can look at that users distinguished name. from that you can get an idea what should go into the DN prefix and surfix which is basically the part before the name and part after the name.
-
9. Re: LdapIdentityStore and Active Directory
monstor Dec 18, 2008 4:44 PM (in response to traviskds)Hi !
I have exaxtly the same problem.
I can login with my canonical name with user-DN-prefixcn
but don't work with uid.Have you find a solution ?
Thanks
-
10. Re: LdapIdentityStore and Active Directory
superduperguy Feb 27, 2010 3:59 AM (in response to traviskds)I am having the same issue, the distinguished name does not have user id i.e. uid in it but only cn in it. Did anyone get this working? How?
-
11. Re: LdapIdentityStore and Active Directory
robinfoe Mar 7, 2010 5:04 PM (in response to traviskds)Hi All,
Based on what mentioned by travis, by putting domain name actually does the trick. However it do come with certain workaround towards ldapIdentityStore. below here is workaround and hope it could help others who have struggle through ldapIdentityStore and Active Directory
first, create your own custom class
@SuppressWarnings("serial") public class CustomLdapIdentityStore extends org.jboss.seam.security.management.LdapIdentityStore{ @Override protected String getUserDN(String username) { return String.format("%s%s%s", getUserDNPrefix(), username, "@"+getUserDNSuffix()); } }
The custom class must be placed under main folder of seam directory structure.
the next step is to register the class as seam component.<component class="com.base.security.identity.CustomLdapIdentityStore" name="customLdapIdentityStore" startup="true" scope="APPLICATION"> <property name="serverAddress">directory.mycompany.com</property> <property name="bindDN">cn=Manager,dc=mycompany,dc=com</property> <property name="bindCredentials">secret</property> <property name="firstNameAttribute">givenName</property> <property name="userNameAttribute">sAMAccountName</property> <property name="userDNSuffix">mycompany.com</property> <property name="userDNPrefix"></property> <property name="userContextDN">ou=Person,dc=mycompany,dc=com</property> <property name="userObjectClasses">person,uidObject</property> </component>
and to use the custom ldap identity store, it is as simple as including the codes below in the components.xml
<security:identity-manager identity-store="#{customLdapIdentityStore}" />
The solution provided is actually is not too fine grained workaround, if others who have better opinion or proper way to get ldapIdentityStore work with active directory, i would be grateful to hear one :D
-
12. Re: LdapIdentityStore and Active Directory
raman Oct 12, 2010 12:55 PM (in response to traviskds)For those who are using war projects with hot deploy:
create a CustomLdapIdentityStore class:
package org.braman.action; import javax.annotation.PostConstruct; import org.jboss.seam.ScopeType; import org.jboss.seam.annotations.AutoCreate; import org.jboss.seam.annotations.Name; import org.jboss.seam.annotations.Scope; import org.jboss.seam.annotations.Startup; @Name("customLdapIdentityStore") @Startup @AutoCreate @Scope(ScopeType.APPLICATION) public class CustomLdapIdentityStore extends org.jboss.seam.security.management.LdapIdentityStore{ private static final long serialVersionUID = -1250675501823301128L; @PostConstruct public void init() { setServerAddress("192.168.0.1"); setServerPort(389); setBindDN("raman@sdu.edu.kz"); setBindCredentials("HSDGJH!@$@"); setUserContextDN("OU=ALL USERS,DC=sdu,DC=edu,DC=kz"); setUserDNPrefix(""); setUserDNSuffix("sdu.edu.kz"); setUserObjectClasses(new String[]{"person","user","organizationalPerson"}); setUserNameAttribute("sAMAccountName"); } @Override protected String getUserDN(String username) { return String.format("%s%s%s", getUserDNPrefix(), username, "@"+getUserDNSuffix()); } }
and put these lines of code into components.xml file:
<security:identity authenticate-method="#{authenticator.authenticate}" remember-me="true" /> <security:identity-manager name="identityManager" identity-store="#{customLdapIdentityStore}" > </security:identity-manager>
That's all, good luck!