Ldap configuration
jardimpinheiro Jul 24, 2013 11:24 AMHello!
I need to configure jboss with ldap but I have some problems.
I tried to do this:
web.xml
<security-constraint> <web-resource-collection> <web-resource-name>HtmlAuth</web-resource-name> <description>application security constraints </description> <url-pattern>/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>LDAP Test</realm-name> </login-config> <security-role> <role-name>admin</role-name> </security-role>
jboss-web.xml
<?xml version="1.0" encoding="UTF-8"?> <jboss-web> <security-domain>java:/jaas/my_ldap_security_domain</security-domain> </jboss-web>
standalone.xml
<security-domain name="my_ldap_security_domain"> <authentication> <login-module code="LdapExtended" flag="required"> <module-option name="java.naming.provider.url" value="ldap://hml-ldap:389"/> <module-option name="java.naming.security.authentication" value="simple"/> <module-option name="bindDN" value="cn=admin,dc=company,dc=com,dc=br"/> <module-option name="bindCredential" value="pass"/> <module-option name="baseCtxDN" value="ou=users,dc=company,dc=com,dc=br"/> <module-option name="baseFilter" value="uid={0},dc=company,dc=com,dc=br"/> <module-option name="rolesCtxDN" value="ou=groups,dc=company,dc=com,dc=br"/> <module-option name="roleFilter" value="(member={1})"/> <module-option name="roleAttributeID" value="cn"/> <module-option name="throwValidateError" value="true"/> <module-option name="searchScope" value="ONELEVEL_SCOPE"/> </login-module> </authentication> </security-domain>
When I put username and password occur this exception:
11:52:48,535 ERROR [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http-localhost-127.0.0.1-8080-1) Login failure: javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:270) [picketbox-4.0.7.Final.jar:4.0.7.Final]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_11]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_11]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_11]
at java.lang.reflect.Method.invoke(Method.java:601) [rt.jar:1.7.0_11]
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:784) [rt.jar:1.7.0_11]
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) [rt.jar:1.7.0_11]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698) [rt.jar:1.7.0_11]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696) [rt.jar:1.7.0_11]
at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_11]
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695) [rt.jar:1.7.0_11]
at javax.security.auth.login.LoginContext.login(LoginContext.java:594) [rt.jar:1.7.0_11]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:449) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:383) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:371) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:160) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
at org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:214) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:180) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:455) [jbossweb-7.0.13.Final.jar:]
at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.13.Final.jar:]
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.13.Final.jar:]
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) [jbossweb-7.0.13.Final.jar:]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.13.Final.jar:]
at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_11]
Caused by: javax.naming.NamingException: PB00019: Processing Failed:Search of baseDN(ou=users,dc=company,dc=com,dc=br) found no matches
at org.jboss.security.auth.spi.LdapExtLoginModule.bindDNAuthentication(LdapExtLoginModule.java:482) [picketbox-4.0.7.Final.jar:4.0.7.Final]
at org.jboss.security.auth.spi.LdapExtLoginModule.createLdapInitContext(LdapExtLoginModule.java:438) [picketbox-4.0.7.Final.jar:4.0.7.Final]
at org.jboss.security.auth.spi.LdapExtLoginModule.validatePassword(LdapExtLoginModule.java:312) [picketbox-4.0.7.Final.jar:4.0.7.Final]
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:267) [picketbox-4.0.7.Final.jar:4.0.7.Final]
What is going on?
I changed some configurations and tried a lot but I don't achieve.
There are other programs that connect in the same ldap and work fine. However in this case (with jboss) there are some problems, certainly in my configurations.
Thanks!