Need Assistance with LdapExtLoginModule - Using Wildfly Beta 1
Here is My Configuration
=====================
| <security-domain name="pw-security-domain" cache-type="default"> |
<authentication>
<login-module code="Remoting" flag="optional">
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">
<module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
<module-option name="java.naming.provider.url" value="ldap://10.10.10.232:389"/>
<module-option name="java.naming.security.authentication" value="simple"/>
<module-option name="bindDN" value="CN=administrator,CN=Users,DC=propworks,DC=airit,DC=com"/>
<module-option name="bindCredential" value="propworks@123"/>
<module-option name="baseCtxDN" value="CN=Users,DC=propworks,DC=airit,DC=com"/>
<module-option name="baseFilter" value="(sAMAccountName={0})"/>
<module-option name="searchScope" value="SUBTREE_SCOPE"/>
<module-option name="allowEmptyPasswords" value="false"/>
<module-option name="throwValidateError" value="true"/>
</login-module>
</authentication>
</security-domain>
| LDIF File |
========================
dn: CN=Administrator,CN=Users,DC=propworks,DC=airit,DC=com
changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Administrator
description: Built-in account for administering the computer/domain
distinguishedName: CN=Administrator,CN=Users,DC=propworks,DC=airit,DC=com
instanceType: 4
whenCreated: 20120327161613.0Z
whenChanged: 20131022154357.0Z
uSNCreated: 8196
memberOf: CN=Group Policy Creator Owners,CN=Users,DC=propworks,DC=airit,DC=com
memberOf: CN=Domain Admins,CN=Users,DC=propworks,DC=airit,DC=com
memberOf: CN=Enterprise Admins,CN=Users,DC=propworks,DC=airit,DC=com
memberOf: CN=Schema Admins,CN=Users,DC=propworks,DC=airit,DC=com
memberOf: CN=Administrators,CN=Builtin,DC=propworks,DC=airit,DC=com
uSNChanged: 230532
name: Administrator
objectGUID:: Hf3aqSIgbUe7wXk/naGhSQ==
userAccountControl: 512
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 130269500638404934
lastLogoff: 0
lastLogon: 130269500731746178
logonHours:: ////////////////////////////
pwdLastSet: 130132844187402344
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAAHGXwJS0rDPXUGkwx9AEAAA==
adminCount: 1
accountExpires: 0
logonCount: 259
sAMAccountName: Administrator
sAMAccountType: 805306368
objectCategory:
CN=Person,CN=Schema,CN=Configuration,DC=propworks,DC=airit,DC=com
isCriticalSystemObject: TRUE
dSCorePropagationData: 20120327163223.0Z
dSCorePropagationData: 16010101000000.0Z
lastLogonTimestamp: 130269302373612662
dn: CN=Users,DC=propworks,DC=airit,DC=com
changetype: add
objectClass: top
objectClass: container
cn: Users
description: Default container for upgraded user accounts
distinguishedName: CN=Users,DC=propworks,DC=airit,DC=com
instanceType: 4
whenCreated: 20120327161611.0Z
whenChanged: 20120327161611.0Z
uSNCreated: 5696
uSNChanged: 5696
showInAdvancedViewOnly: FALSE
name: Users
objectGUID:: KWjl31iaQ0aEiGqMiEXz2Q==
systemFlags: -1946157056
objectCategory:
CN=Container,CN=Schema,CN=Configuration,DC=propworks,DC=airit,DC=com
isCriticalSystemObject: TRUE
dSCorePropagationData: 16010101000000.0Z
Error
================================
2013-10-22 17:56:35,553 TRACE [org.jboss.security] (Remoting "dhkfv2m1" task-1) PBOX000200: Begin isValid, principal: PROPWORKS.AIRIT.COM\ADMINISTRATOR, cache entry: null
2013-10-22 17:56:35,553 TRACE [org.jboss.security] (Remoting "dhkfv2m1" task-1) PBOX000209: defaultLogin, principal: PROPWORKS.AIRIT.COM\ADMINISTRATOR
2013-10-22 17:56:35,553 TRACE [org.jboss.security] (Remoting "dhkfv2m1" task-1) PBOX000221: Begin getAppConfigurationEntry(pw-security-domain), size: 9
2013-10-22 17:56:35,554 TRACE [org.jboss.security] (Remoting "dhkfv2m1" task-1) PBOX000224: End getAppConfigurationEntry(pw-security-domain), AuthInfo: AppConfigurationEntry[]:
[0]
LoginModule Class: org.jboss.as.security.remoting.RemotingLoginModule
ControlFlag: LoginModuleControlFlag: optional
Options:
name=password-stacking, value=useFirstPass
[1]
LoginModule Class: org.jboss.security.auth.spi.LdapExtLoginModule
ControlFlag: LoginModuleControlFlag: required
Options:
name=baseFilter, value=(sAMAccountName={0})
name=java.naming.security.authentication, value=simple
name=java.naming.factory.initial, value=com.sun.jndi.ldap.LdapCtxFactory
name=allowEmptyPasswords, value=false
name=bindCredential, value=****
name=bindDN, value=CN=administrator,CN=Users,DC=propworks,DC=airit,DC=com
name=java.naming.provider.url, value=ldap://10.10.10.232:389
name=baseCtxDN, value=CN=Users,DC=propworks,DC=airit,DC=com
name=searchScope, value=SUBTREE_SCOPE
name=throwValidateError, value=true
2013-10-22 17:56:35,554 TRACE [org.jboss.security] (Remoting "dhkfv2m1" task-1) PBOX000236: Begin initialize method
2013-10-22 17:56:35,554 TRACE [org.jboss.security] (Remoting "dhkfv2m1" task-1) PBOX000240: Begin login method
2013-10-22 17:56:35,558 TRACE [org.jboss.security] (Remoting "dhkfv2m1" task-1) PBOX000236: Begin initialize method
2013-10-22 17:56:35,558 TRACE [org.jboss.security] (Remoting "dhkfv2m1" task-1) PBOX000240: Begin login method
2013-10-22 17:56:35,565 DEBUG [org.jboss.security] (Remoting "dhkfv2m1" task-1) PBOX000269: Failed to parse roleRecursion as number, using default value 0
2013-10-22 17:56:35,567 TRACE [org.jboss.security] (Remoting "dhkfv2m1" task-1) PBOX000220: Logging into LDAP server with env {java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, searchScope=SUBTREE_SCOPE, java.naming.security.principal=CN=administrator,CN=Users,DC=propworks,DC=airit,DC=com, baseCtxDN=CN=Users,DC=propworks,DC=airit,DC=com, allowEmptyPasswords=false, baseFilter=(sAMAccountName={0}), throwValidateError=true, jboss.security.security_domain=pw-security-domain, java.naming.provider.url=ldap://10.10.10.232:389, java.naming.security.authentication=simple, bindCredential=propworks@123, bindDN=CN=administrator,CN=Users,DC=propworks,DC=airit,DC=com, java.naming.security.credentials=propworks@123}
2013-10-22 17:56:35,592 DEBUG [org.jboss.security] (Remoting "dhkfv2m1" task-1) PBOX000283: Bad password for username PROPWORKS.AIRIT.COM\ADMINISTRATOR
2013-10-22 17:56:35,593 TRACE [org.jboss.security] (Remoting "dhkfv2m1" task-1) PBOX000244: Begin abort method
2013-10-22 17:56:35,593 TRACE [org.jboss.security] (Remoting "dhkfv2m1" task-1) PBOX000244: Begin abort method
2013-10-22 17:56:35,593 DEBUG [org.jboss.security] (Remoting "dhkfv2m1" task-1) PBOX000206: Login failure: javax.security.auth.login.FailedLoginException: PBOX000070: Password invalid/Password required
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:284) [picketbox-4.0.17.SP1.jar:4.0.17.SP1]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_40]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_40]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_40]
at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_40]
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:784) [rt.jar:1.7.0_40]
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) [rt.jar:1.7.0_40]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698) [rt.jar:1.7.0_40]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696) [rt.jar:1.7.0_40]
at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_40]
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695) [rt.jar:1.7.0_40]
at javax.security.auth.login.LoginContext.login(LoginContext.java:594) [rt.jar:1.7.0_40]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:408) [picketbox-infinispan-4.0.17.SP1.jar:4.0.17.SP1]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:345) [picketbox-infinispan-4.0.17.SP1.jar:4.0.17.SP1]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:333) [picketbox-infinispan-4.0.17.SP1.jar:4.0.17.SP1]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:146) [picketbox-infinispan-4.0.17.SP1.jar:4.0.17.SP1]
at org.jboss.as.security.service.SimpleSecurityManager.authenticate(SimpleSecurityManager.java:385) [wildfly-security-8.0.0.Beta1.jar:8.0.0.Beta1]
at org.jboss.as.security.service.SimpleSecurityManager.authenticate(SimpleSecurityManager.java:349) [wildfly-security-8.0.0.Beta1.jar:8.0.0.Beta1]
at org.jboss.as.security.service.SimpleSecurityManager.authenticate(SimpleSecurityManager.java:336) [wildfly-security-8.0.0.Beta1.jar:8.0.0.Beta1]
at org.jboss.as.domain.management.security.JaasCallbackHandler.handle(JaasCallbackHandler.java:164) [wildfly-domain-management-8.0.0.Beta1.jar:8.0.0.Beta1]
at org.jboss.as.domain.management.security.SecurityRealmService$1.handle(SecurityRealmService.java:169) [wildfly-domain-management-8.0.0.Beta1.jar:8.0.0.Beta1]
at org.jboss.as.remoting.RealmSecurityProvider$RealmCallbackHandler.handle(RealmSecurityProvider.java:337) [wildfly-remoting-8.0.0.Beta1.jar:8.0.0.Beta1]
at org.jboss.sasl.util.AbstractSaslParticipant.tryHandleCallbacks(AbstractSaslParticipant.java:98) [jboss-sasl-1.0.3.Final.jar:1.0.3.Final]
at org.jboss.sasl.util.AbstractSaslParticipant.handleCallbacks(AbstractSaslParticipant.java:83) [jboss-sasl-1.0.3.Final.jar:1.0.3.Final]
at org.jboss.sasl.plain.PlainSaslServer.access$000(PlainSaslServer.java:41) [jboss-sasl-1.0.3.Final.jar:1.0.3.Final]
at org.jboss.sasl.plain.PlainSaslServer$1.evaluateMessage(PlainSaslServer.java:88) [jboss-sasl-1.0.3.Final.jar:1.0.3.Final]
at org.jboss.sasl.util.AbstractSaslParticipant.evaluateMessage(AbstractSaslParticipant.java:165) [jboss-sasl-1.0.3.Final.jar:1.0.3.Final]
at org.jboss.sasl.util.AbstractSaslServer.evaluateResponse(AbstractSaslServer.java:56) [jboss-sasl-1.0.3.Final.jar:1.0.3.Final]
at org.xnio.sasl.SaslUtils.evaluateResponse(SaslUtils.java:238) [xnio-api-3.1.0.CR7.jar:3.1.0.CR7]
at org.xnio.sasl.SaslUtils.evaluateResponse(SaslUtils.java:210) [xnio-api-3.1.0.CR7.jar:3.1.0.CR7]
at org.jboss.remoting3.remote.ServerConnectionOpenListener$AuthStepRunnable.run(ServerConnectionOpenListener.java:450) [jboss-remoting-4.0.0.Beta1.jar:4.0.0.Beta1]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_40]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_40]
at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_40]
Caused by: javax.naming.NamingException: PBOX000037: Search for context CN=Users,DC=propworks,DC=airit,DC=com found no results
at org.jboss.security.auth.spi.LdapExtLoginModule.bindDNAuthentication(LdapExtLoginModule.java:533) [picketbox-4.0.17.SP1.jar:4.0.17.SP1]
at org.jboss.security.auth.spi.LdapExtLoginModule.createLdapInitContext(LdapExtLoginModule.java:465) [picketbox-4.0.17.SP1.jar:4.0.17.SP1]
at org.jboss.security.auth.spi.LdapExtLoginModule.validatePassword(LdapExtLoginModule.java:340) [picketbox-4.0.17.SP1.jar:4.0.17.SP1]
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:281) [picketbox-4.0.17.SP1.jar:4.0.17.SP1]
... 33 more
2013-10-22 17:56:35,611 TRACE [org.jboss.security] (Remoting "dhkfv2m1" task-1) PBOX000201: End isValid, result = false
2013-10-22 17:56:35,612 TRACE [org.jboss.security.audit] (Remoting "dhkfv2m1" task-1) [Success]Source=org.jboss.as.security.service.SimpleSecurityManager;Action=authentication;principal=PROPWORKS.AIRIT.COM\ADMINISTRATOR;