Jboss 7.1 Managament authentication with LDAP server
harry009 Sep 3, 2013 5:14 AMHi, I am trying to authenticate the jboss management interface with Ldap server and following is my configuration in standalone.xml -
<management>
<security-realms>
<security-realm name="ManagementRealm">
<authentication>
<ldap connection="LDAPConnections" recursive="true" base-dn="ou=users,dc=cydmodule,dc=com" >
<username-filter attribute="sAMAccountName" />
</ldap>
</authentication>
</security-realm>
<security-realm name="ApplicationRealm">
<authentication>
<local default-user="$local" allowed-users="*"/>
<properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
</authentication>
<authorization>
<properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
</authorization>
</security-realm>
</security-realms>
<management-interfaces>
<native-interface security-realm="ManagementRealm">
<socket-binding native="management-native"/>
</native-interface>
<http-interface security-realm="ManagementRealm">
<socket-binding http="management-http"/>
</http-interface>
</management-interfaces>
<outbound-connections>
<ldap name="LDAPConnections" url="ldap://cym-dc-01.cydmodule.com:389" search-dn="cn=svc_jboss,cn=users,dc=cydmodule,dc=com" search-credential="xxxxxx" />
</outbound-connections>
</management>
But when i try to login in Management interface, i got this error -
10:52:03,758 DEBUG [org.jboss.as.domain.http.api] (HttpManagementService-threads - 1) Callback handle failed.: java.io.IOException: JBAS015220: Unable to perform verification
at org.jboss.as.domain.management.security.UserLdapCallbackHandler.handle(UserLdapCallbackHandler.java:230) [jboss-as-domain-management-7.2.0.Final-redhat-8.jar:7.2.0.Final-redhat-8]
at org.jboss.as.domain.management.security.SecurityRealmService$1.handle(SecurityRealmService.java:168) [jboss-as-domain-management-7.2.0.Final-redhat-8.jar:7.2.0.Final-redhat-8]
at org.jboss.as.domain.http.server.security.BasicAuthenticator.checkCredentials(BasicAuthenticator.java:150) [jboss-as-domain-http-interface-7.2.0.Final-redhat-8.jar:7.2.0.Final-redhat-8]
at org.jboss.com.sun.net.httpserver.BasicAuthenticator.authenticate(BasicAuthenticator.java:77)
at org.jboss.as.domain.http.server.security.BasicAuthenticator._authenticate(BasicAuthenticator.java:115) [jboss-as-domain-http-interface-7.2.0.Final-redhat-8.jar:7.2.0.Final-redhat-8]
at org.jboss.as.domain.http.server.security.BasicAuthenticator.authenticate(BasicAuthenticator.java:92) [jboss-as-domain-http-interface-7.2.0.Final-redhat-8.jar:7.2.0.Final-redhat-8]
at org.jboss.sun.net.httpserver.AuthFilter.doFilter(AuthFilter.java:64)
at org.jboss.com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:81)
at org.jboss.sun.net.httpserver.ServerImpl$Exchange$LinkHandler.handle(ServerImpl.java:710)
at org.jboss.com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:78)
at org.jboss.as.domain.http.server.RealmReadinessFilter.doFilter(RealmReadinessFilter.java:47) [jboss-as-domain-http-interface-7.2.0.Final-redhat-8.jar:7.2.0.Final-redhat-8]
at org.jboss.as.domain.http.server.DmrFailureReadinessFilter.doFilter(DmrFailureReadinessFilter.java:45) [jboss-as-domain-http-interface-7.2.0.Final-redhat-8.jar:7.2.0.Final-redhat-8]
at org.jboss.com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:81)
at org.jboss.sun.net.httpserver.ServerImpl$Exchange.run(ServerImpl.java:682)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110) [rt.jar:1.7.0]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603) [rt.jar:1.7.0]
at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0]
at org.jboss.threads.JBossThread.run(JBossThread.java:122) [jboss-threads-2.1.0.Final-redhat-1.jar:2.1.0.Final-redhat-1]
Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext error,data 52e,v23f0]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3087) [rt.jar:1.7.0]
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033) [rt.jar:1.7.0]
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2835) [rt.jar:1.7.0]
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2749) [rt.jar:1.7.0]
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:316) [rt.jar:1.7.0]
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193) [rt.jar:1.7.0]
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211) [rt.jar:1.7.0]
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154) [rt.jar:1.7.0]
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84) [rt.jar:1.7.0]
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) [rt.jar:1.7.0]
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307) [rt.jar:1.7.0]
at javax.naming.InitialContext.init(InitialContext.java:242) [rt.jar:1.7.0]
at javax.naming.InitialContext.<init>(InitialContext.java:216) [rt.jar:1.7.0]
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101) [rt.jar:1.7.0]
at org.jboss.as.domain.management.connections.ldap.LdapConnectionManagerService.getConnection(LdapConnectionManagerService.java:112) [jboss-as-domain-management-7.2.0.Final-redhat-8.jar:7.2.0.Final-redhat-8]
at org.jboss.as.domain.management.connections.ldap.LdapConnectionManagerService.getConnection(LdapConnectionManagerService.java:93) [jboss-as-domain-management-7.2.0.Final-redhat-8.jar:7.2.0.Final-redhat-8]
at org.jboss.as.domain.management.security.UserLdapCallbackHandler.handle(UserLdapCallbackHandler.java:186) [jboss-as-domain-management-7.2.0.Final-redhat-8.jar:7.2.0.Final-redhat-8]
... 17 more
I have found that "data 52e" error means my credentials are wrong. But I have re-verified that it is correct.
Can anyone faced the same problem and has a clue what am I doing wrong ?