2 Replies Latest reply on Mar 25, 2011 10:46 AM by dhoyt

Help with JAAS LDAP authentication in Karaf

dhoyt Mar 24, 2011 5:35 PM

I tried to follow the tutorial to enable LDAP authentication, but I am getting errors when I try to connect. The user I am trying to access is valid (uid=dhoyt,ou=employees,dc=example,dc=com). I can see that if I have an invalid password or a non-existent user that I get the expected errors stating such. The problem is that when I try to login to the webconsole using the dhoyt user, I get an error back stating that it can't get the roles for the user (LDAP error code 80). Below is the ldap-module.xml I put in the deploy directory and the error from the servicemix.log file. I am using apache-servicemix-4.3.1-fuse-01-09 on Solaris 10 (JDK 1.6_20). I want to allow logins for anyone in the cn=smxAdmin,ou=roles,dc=example,dc=com role.

Any help with this would be greatly appreciated.

ldap-module.xml is:

Exception is:

javax.security.auth.login.LoginException: Can't get user dhoyt roles: LDAP: error code 80 - An unexpected error was encountered while processing a search in one of the Directory Server backends: NullPointerException(ConcurrentHashMap.java:768)

at org.apache.karaf.jaas.modules.ldap.LDAPLoginModule.doLogin(LDAPLoginModule.java:242)

at org.apache.karaf.jaas.modules.ldap.LDAPLoginModule.login(LDAPLoginModule.java:132)

at org.apache.karaf.jaas.boot.ProxyLoginModule.login(ProxyLoginModule.java:83)[karaf-jaas-boot.jar:]

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)[:1.6.0_20]

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)[:1.6.0_20]

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)[:1.6.0_20]

at java.lang.reflect.Method.invoke(Method.java:597)[:1.6.0_20]

at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)[:1.6.0_20]

at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)[:1.6.0_20]

at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)[:1.6.0_20]

at java.security.AccessController.doPrivileged(Native Method)[:1.6.0_20]

at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)[:1.6.0_20]

at javax.security.auth.login.LoginContext.login(LoginContext.java:579)[:1.6.0_20]

at org.apache.karaf.webconsole.JaasSecurityProvider.authenticate(JaasSecurityProvider.java:66)[198:org.apache.felix.webconsole:3.1.2]

at org.apache.felix.webconsole.internal.servlet.OsgiManager$SecurityProvider.authenticate(OsgiManager.java:995)[198:org.apache.felix.webconsole:3.1.2]

at org.apache.felix.webconsole.internal.servlet.OsgiManagerHttpContext.handleSecurity(OsgiManagerHttpContext.java:123)[198:org.apache.felix.webcons

1. Re: Help with JAAS LDAP authentication in Karaf

mielket Mar 25, 2011 4:48 AM (in response to dhoyt)

Hhhm, its failing to retrieve the roles of the user. So I presume the properties

connection.username = cn=Directory Manager
connection.password = myPassword
connection.url = ldap://localhost:1389
user.base.dn = ou=employees,dc=example,dc=com
user.filter = (uid=%u)
user.search.subtree = true

are correct. Its very likely something to do with these properties

role.base.dn = ou=roles,dc=example,dc=com
role.filter = (member:=uid=%u)
role.name.attribute = cn
role.search.subtree = true

I am not an LDAP expert but is the role.filter property syntactically correct?
Actions
2. Re: Help with JAAS LDAP authentication in Karaf

dhoyt Mar 25, 2011 10:46 AM (in response to mielket)

Thanks for the help! It was the role.filter. It has to match the entry in my role exactly. In my case, the correct setting was:

role.filter = (Member of Group:=uid=%u)

Thanks for the help!
Actions

Go to original post