3 Replies Latest reply on Jun 14, 2010 6:47 AM by vasukihn

    ldapIdentityStore - Error invoking login method

      Hi,


      I have setup the ldap-identity-store in my components.xml, but I seem to be getting an exception, and I cant find the actual cause:


      12:19:38,410 WARN [SeamLoginModule] Error invoking login method

      It does not print out any other exception or details...is there anyway to see the full exception so I know where the error is actually coming from?


      Here is my components.xml




      <?xml version="1.0" encoding="UTF-8"?>
      <components xmlns="http://jboss.com/products/seam/components"
                  xmlns:core="http://jboss.com/products/seam/core"
                  xmlns:persistence="http://jboss.com/products/seam/persistence"
                  xmlns:drools="http://jboss.com/products/seam/drools"
                  xmlns:bpm="http://jboss.com/products/seam/bpm"
                  xmlns:security="http://jboss.com/products/seam/security"
                  xmlns:mail="http://jboss.com/products/seam/mail"
                  xmlns:web="http://jboss.com/products/seam/web"
                  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                  xsi:schemaLocation=
                      "http://jboss.com/products/seam/core http://jboss.com/products/seam/core-2.2.xsd
                       http://jboss.com/products/seam/persistence http://jboss.com/products/seam/persistence-2.2.xsd
                       http://jboss.com/products/seam/drools http://jboss.com/products/seam/drools-2.2.xsd
                       http://jboss.com/products/seam/bpm http://jboss.com/products/seam/bpm-2.2.xsd
                       http://jboss.com/products/seam/security http://jboss.com/products/seam/security-2.2.xsd
                       http://jboss.com/products/seam/mail http://jboss.com/products/seam/mail-2.2.xsd
                       http://jboss.com/products/seam/web http://jboss.com/products/seam/web-2.2.xsd
                       http://jboss.com/products/seam/components http://jboss.com/products/seam/components-2.2.xsd">
      
         <core:init debug="@debug@" jndi-pattern="@jndiPattern@"/>
      
         <core:manager concurrent-request-timeout="500"
                       conversation-timeout="120000"
                       conversation-id-parameter="cid"
                       parent-conversation-id-parameter="pid"/>
      
         <!-- Make sure this URL pattern is the same as that used by the Faces Servlet -->
         <web:hot-deploy-filter url-pattern="*.seam"/>
      
         <!-- If you are still using JBoss 4, uncomment this to have you PU started -->
         <!-- <persistence:entity-manager-factory name="entityManagerFactory"
                            persistence-unit-name="koncentrator"
                                        installed="@seamBootstrapsPu@"/>-->
           
         <persistence:managed-persistence-context name="entityManager" auto-create="true"
                                entity-manager-factory="@seamEmfRef@"
                            persistence-unit-jndi-name="@puJndiName@"/>
      
         <drools:rule-base name="securityRules">
            <drools:rule-files><value>/security.drl</value></drools:rule-files>
         </drools:rule-base>
      
         <security:rule-based-permission-resolver security-rules="#{securityRules}"/>
      
         <security:identity  remember-me="true"/>
      
         <security:ldap-identity-store
                   name="ldapIdentityStore" 
               server-address="ldap://ac3adc01"
               server-port="389"
               bind-DN="cn=LDAPReadAccount,cn=Users,dc=StateWater,dc=local"
               bind-credentials="LDAP09SW!"
               user-DN-prefix="sAMAccountName="
               user-DN-suffix=",ou=Parramatta,ou=Offices,ou=Sites,dc=StateWater,dc=local"
               role-DN-prefix="cn="
               role-DN-suffix=",ou=Groups,ou=Sites,dc=StateWater,dc=local"
               user-context-DN="ou=Parramatta,ou=Offices,ou=Sites,dc=StateWater,dc=local"
               role-context-DN="ou=Groups,ou=Sites,dc=StateWater,dc=local"
               user-role-attribute="memberOf"
               role-name-attribute="name"
               user-object-classes="person,user"
               role-object-classes="group"
               enabled-attribute="enabled" />
               
          <security:identity-manager identity-store="#{ldapIdentityStore}"/>
          
         <event type="org.jboss.seam.security.notLoggedIn">
            <action execute="#{redirect.captureCurrentView}"/>
         </event>
         <event type="org.jboss.seam.security.loginSuccessful">
            <action execute="#{redirect.returnToCapturedView}"/>
         </event>
      
         <mail:mail-session host="localhost" port="25"/>
      
         <!-- For use with jBPM pageflow or process management -->
         <!--
         <bpm:jbpm>
            <bpm:process-definitions></bpm:process-definitions>
            <bpm:pageflow-definitions></bpm:pageflow-definitions>
         </bpm:jbpm>
         -->
         
      </components>





      Any suggestions would be appreciated.

        • 1. Re: ldapIdentityStore - Error invoking login method

          Hi again,


          I've actually changed the ldap-identity-store to this:




          <security:ldap-identity-store
                  name="ldapIdentityStore"
                   server-address="ac3adc01.StateWater.local"
                   server-port="389"
                   bind-DN="cn=LDAPReadAccount,cn=Users,dc=StateWater,dc=local"
                   bind-credentials="LDAP09SW!"
                   user-DN-prefix="sAMAccountName="
                   user-DN-suffix=",ou=Parramatta,ou=Offices,ou=Sites,dc=StateWater,dc=local"
                   role-DN-prefix="cn="
                   role-DN-suffix=",ou=Groups,ou=Sites,dc=StateWater,dc=local"
                   user-context-DN="ou=Parramatta,ou=Offices,ou=Sites,dc=StateWater,dc=local"
                   role-context-DN="ou=Groups,ou=Sites,dc=StateWater,dc=local"
                   user-role-attribute="memberOf"
                   role-name-attribute="name"
                   user-object-classes="user"
                   role-object-classes="group"
                   enabled-attribute="enabled" />



          • 2. Re: ldapIdentityStore - Error invoking login method

            After more debugging and testing, I have figured out this is the cause of the exception:


            javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece


            It seems that it cannot locate my users when using
            user-DN-prefix="sAMAccountName="
            and
            user-DN-suffix=",ou=Parramatta,ou=Offices,ou=Sites,dc=StateWater,dc=local"


            After reading some posts on the net about this issue, I changed the user-DN-suffix to @StateWater.local and left user-DN-prefix empty.


            That worked and I was able to login successfully.


            So it seems that I can bind to ActiveDirectoy as cbarjel@StateWater.local but not as sAMAccountName=cbarjel,ou=Parramatta,ou=Offices,ou=Sites,dc=StateWater,dc=local


            Anyone have this issue before? How did you solve it?


            Any advice would be appreciated.


            Thanks.

            • 3. Re: ldapIdentityStore - Error invoking login method
              vasukihn

              Hi Charlie,


              I have similar issue. I will paste my code, tell me where i am going wrong.


              My components.xml file


              <?xml version="1.0" encoding="UTF-8"?>
              <components xmlns="http://jboss.com/products/seam/components"
                          xmlns:core="http://jboss.com/products/seam/core"
                          xmlns:persistence="http://jboss.com/products/seam/persistence"
                          xmlns:drools="http://jboss.com/products/seam/drools"
                          xmlns:bpm="http://jboss.com/products/seam/bpm"
                          xmlns:security="http://jboss.com/products/seam/security"
                          xmlns:mail="http://jboss.com/products/seam/mail"
                          xmlns:web="http://jboss.com/products/seam/web"
                          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                          xsi:schemaLocation=
                              "http://jboss.com/products/seam/core http://jboss.com/products/seam/core-2.2.xsd
                               http://jboss.com/products/seam/persistence http://jboss.com/products/seam/persistence-2.2.xsd
                               http://jboss.com/products/seam/drools http://jboss.com/products/seam/drools-2.2.xsd
                               http://jboss.com/products/seam/bpm http://jboss.com/products/seam/bpm-2.2.xsd
                               http://jboss.com/products/seam/security http://jboss.com/products/seam/security-2.2.xsd
                               http://jboss.com/products/seam/mail http://jboss.com/products/seam/mail-2.2.xsd
                               http://jboss.com/products/seam/web http://jboss.com/products/seam/web-2.2.xsd
                               http://jboss.com/products/seam/components http://jboss.com/products/seam/components-2.2.xsd">
              
                 <core:init debug="true" jndi-pattern="@jndiPattern@"/>
              
                 <core:manager concurrent-request-timeout="500"
                               conversation-timeout="120000"
                               conversation-id-parameter="cid"
                               parent-conversation-id-parameter="pid"/>
              
                 <!-- Make sure this URL pattern is the same as that used by the Faces Servlet -->
                 <web:hot-deploy-filter url-pattern="*.seam"/>
              
                 <persistence:entity-manager-factory name="entityManagerFactory"
                                    persistence-unit-name="user"/>
              
                 <persistence:managed-persistence-context name="entityManager" auto-create="true"
                                        entity-manager-factory="#{entityManagerFactory}"/>
                 <drools:rule-base name="securityRules">
                    <drools:rule-files><value>/security.drl</value></drools:rule-files>
                 </drools:rule-base>
              
                 <security:rule-based-permission-resolver security-rules="#{securityRules}"/>
              
                <!--<security:identity authenticate-method="#{authenticator.authenticate}" remember-me="true" />-->
                 
                 <security:identity-manager identity-store="#{ldapIdentityStore}" /> 
                 <security:ldap-identity-store name="ldapIdentityStore" 
                        server-address="intra.cogitate-it.com"
                        server-port="389"
                        bind-DN="CN=Administrator,CN=Users,DC=intra,DC=cogitate-it,DC=com"
                        bind-credentials="W3lc0m3" 
                        user-DN-prefix="cn="
                          user-name-attribute="cn"
                        user-DN-suffix=",OU=HQ, OU=DEV, dc=intra, dc=cogitate-it, dc=com"
                        user-context-DN="OU=HQ, OU=DEV, dc=intra, dc=cogitate-it, dc=com"
                        user-object-classes="user"
              />
                 
                 <!-- newly added on 09-04-10-->
              <!-- <identity-management:jpa-identity-store name="identityStore" account-class="com.user.Customer"/> -->
              <!-- add ended-->
              
                 <event type="org.jboss.seam.security.notLoggedIn">
                    <action execute="#{redirect.captureCurrentView}"/>
                 </event>
                 <event type="org.jboss.seam.security.loginSuccessful">
                    <action execute="#{redirect.returnToCapturedView}"/>
                 </event>
              
                 <mail:mail-session host="localhost" port="25"/>
              
                 <!-- For use with jBPM pageflow or process management -->
                 <!--
                 <bpm:jbpm>
                    <bpm:process-definitions></bpm:process-definitions>
                    <bpm:pageflow-definitions></bpm:pageflow-definitions>
                 </bpm:jbpm>
                 -->
                 
              </components>
              



              My login file




              <!DOCTYPE composition PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
                  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
              <ui:composition xmlns="http://www.w3.org/1999/xhtml"
                  xmlns:s="http://jboss.com/products/seam/taglib"
                  xmlns:ui="http://java.sun.com/jsf/facelets"
                  xmlns:f="http://java.sun.com/jsf/core"
                  xmlns:h="http://java.sun.com/jsf/html"
                  xmlns:rich="http://richfaces.org/rich"
                  template="layout/templateLogin.xhtml">
              
              <ui:define name="body">
              
                  <h:form id="loginForm">
              
                      <rich:panel>
                          <f:facet name="header">Login</f:facet>
              
                          <p>Please login here</p>
              
                          <div class="dialog">
                              <h:panelGrid columns="2" rowClasses="prop" columnClasses="name,value">
                                  <h:outputLabel for="username">Username</h:outputLabel>
                                  <h:inputText id="username"
                                            value="#{credentials.username}"/>
                                  <h:outputLabel for="password">Password</h:outputLabel>
                                  <h:inputSecret id="password"
                                              value="#{credentials.password}"/>
                                  <h:outputLabel for="rememberMe">Remember me</h:outputLabel>
                                  <h:selectBooleanCheckbox id="rememberMe"
                                                        value="#{rememberMe.enabled}"/>
                              </h:panelGrid>
                          </div>
              
                         <!--  <p>
                            <i>Note - </i> You may login with the username 'admin' and a blank password.
                          </p>--> 
              
                      </rich:panel>
              
                      <div class="actionButtons">
                          <h:commandButton id="submit" value="Login" action="#{identity.login}"/>
                      </div>
              
                  </h:form>
              
               </ui:define>
              </ui:composition>
              


              i get the following error






              WARN  SeamLoginModule Error invoking login method




              I have not written any java file for Ldap implementation.
              Please help me in solving the problem.



              Thanks
              Vasuki