IdentityException
georgy Aug 13, 2007 8:53 AMI have some difficulties with my ldap configuration
My configuration is :
login-config.xml
<login-module code="org.jboss.portal.identity.auth.IdentityLoginModule" flag="sufficient"> <module-option name="unauthenticatedIdentity">guest</module-option> <module-option name="userModuleJNDIName">java:/portal/UserModule</module-option> <module-option name="roleModuleJNDIName">java:/portal/RoleModule</module-option> <module-option name="userProfileModuleJNDIName">java:/portal/UserProfileModule</module-option> <module-option name="membershipModuleJNDIName">java:/portal/MembershipModule</module-option> <module-option name="additionalRole">Authenticated</module-option> <module-option name="password-stacking">useFirstPass</module-option> </login-module> <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required"> <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option> <module-option name="java.naming.provider.url">ldap://192.168.10.240:389</module-option> <module-option name="java.naming.security.authentication">simple</module-option> <module-option name="bindDN">bind@proxiad-nord.com</module-option> <module-option name="bindCredential">****</module-option> <module-option name="roleFilter">(sAMAccountName={0})</module-option> <module-option name="roleAttributeID">memberOf</module-option> <module-option name="roleAttributeIsDN">true</module-option> <module-option name="roleNameAttributeID">cn</module-option> <module-option name="roleRecursion">-1</module-option> <module-option name="searchTimeLimit">10000</module-option> <module-option name="searchScope">SUBTREE_SCOPE</module-option> <module-option name="allowEmptyPasswords">false</module-option> <!--<module-option name="hashAlgorithm">MD5</module-option>--> </login-module>
ldap_config.xml
<identity-configuration> <datasources> <datasource> <name>LDAP</name> <config> <option> <name>host</name> <value>192.168.10.240</value> </option> <option> <name>port</name> <value>389</value> </option> <option> <name>adminDN</name> <value>bind@proxiad-nord.com</value> </option> <option> <name>adminPassword</name> <value>*****</value> </option> <!--<option> <name>protocol</name> <value>ssl</value> </option>--> </config> </datasource> </datasources> <modules> <module> <!--type used to correctly map in IdentityContext registry--> <type>User</type> <implementation>LDAP</implementation> <class>org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl</class> <config/> </module> <module> <type>Role</type> <implementation>LDAP</implementation> <config/> </module> <module> <type>Membership</type> <implementation>LDAP</implementation> <config/> </module> <module> <type>UserProfile</type> <implementation>DELEGATING</implementation> <config> <option> <name>ldapModuleJNDIName</name> <value>java:/portal/LDAPUserProfileModule</value> </option> </config> </module> <module> <type>DBDelegateUserProfile</type> <implementation>DB</implementation> <config> <option> <name>randomSynchronizePassword</name> <value>true</value> </option> </config> </module> <module> <type>LDAPDelegateUserProfile</type> <implementation>LDAP</implementation> <config/> </module> </modules> <options> <option-group> <group-name>common</group-name> <option> <name>userCtxDN</name> <value>ou=IDF,ou=Collaborateurs,dc=proxiad-nord,dc=com</value> <value>ou=Nord,ou=Collaborateurs,dc=proxiad-nord,dc=com</value> </option> <!--<option> <name>passwordAttributeID</name> <value>userPassword</value> </option>--> <option> <name>roleCtxDN</name> <value>ou=Groupes,dc=proxiad-nord,dc=com</value> </option> <option> <name>userSearchFilter</name> <value><![CDATA[(sAMAccountName={0})]]></value> </option> </option-group> <option-group> <group-name>userCreateAttibutes</group-name> <option> <name>objectClass</name> <!--This objectclasses should work with Red Hat Directory--> <value>top</value> <value>person</value> <value>inetOrgPerson</value> </option> <!--Schema requires those to have initial value--> <option> <name>cn</name> <value>none</value> </option> <option> <name>sn</name> <value>none</value> </option> </option-group> <option-group> <group-name>roleCreateAttibutes</group-name> <!--Schema requires those to have initial value--> <option> <name>cn</name> <value>none</value> </option> <!--Some directory servers require this attribute to be valid DN--> <!--For safety reasons point to the admin user here--> <option> <name>member</name> <value>cn=Admin,ou=Groupes,dc=proxiad-nord,dc=com</value> </option> </option-group> </options> </identity-configuration>
here is the exception i get after i try to log in with correct login and password
2007-08-13 12:32:43,422 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] Search filter: (sAMAccountName={0}) 2007-08-13 12:32:43,422 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] Search filter: (sAMAccountName={0}) 2007-08-13 12:32:43,422 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] Search filterArg: {0}: g.mahop 2007-08-13 12:32:43,422 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] Search ctx: ou=Nord,ou=Collaborateurs,dc=proxiad-nord,dc=com 2007-08-13 12:32:43,484 ERROR [org.jboss.portal.identity.auth.IdentityLoginModule] Error when validating password org.jboss.portal.common.transaction.NestedException: javax.security.auth.login.LoginException: org.jboss.portal.identity.IdentityException: Couldn't create LDAPUserImpl object from ldap entry (SearchResult) at org.jboss.portal.common.transaction.Transactions.apply(Transactions.java:253) at org.jboss.portal.common.transaction.Transactions.required(Transactions.java:289) at org.jboss.portal.identity.auth.IdentityLoginModule.getUserStatus(IdentityLoginModule.java:204) at org.jboss.portal.identity.auth.IdentityLoginModule.validatePassword(IdentityLoginModule.java:158) at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:210) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) at javax.security.auth.login.LoginContext.login(LoginContext.java:579) at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:603) at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:537) at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344) at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:491) at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:258) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:417) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104) at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:580) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) at java.lang.Thread.run(Thread.java:595) Caused by: javax.security.auth.login.LoginException: org.jboss.portal.identity.IdentityException: Couldn't create LDAPUserImpl object from ldap entry (SearchResult) at org.jboss.portal.identity.auth.IdentityLoginModule$1.run(IdentityLoginModule.java:260) at org.jboss.portal.common.transaction.Transactions.apply(Transactions.java:219) ... 30 more 2007-08-13 12:32:43,484 DEBUG [org.jboss.portal.identity.auth.IdentityLoginModule] Bad password for username=g.mahop 2007-08-13 12:32:43,500 DEBUG [org.jboss.security.auth.spi.LdapExtLoginModule] Bad password for username=g.mahop java.lang.NullPointerException at javax.naming.InitialContext.getURLScheme(InitialContext.java:228) at javax.naming.InitialContext.getURLOrDefaultInitCtx(InitialContext.java:277) at javax.naming.directory.InitialDirContext.getURLOrDefaultInitDirCtx(InitialDirContext.java:87) at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267) at org.jboss.security.auth.spi.LdapExtLoginModule.bindDNAuthentication(LdapExtLoginModule.java:375) at org.jboss.security.auth.spi.LdapExtLoginModule.createLdapInitContext(LdapExtLoginModule.java:336) at org.jboss.security.auth.spi.LdapExtLoginModule.validatePassword(LdapExtLoginModule.java:229) at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:210) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) at javax.security.auth.login.LoginContext.login(LoginContext.java:579) at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:603) at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:537) at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344) at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:491) at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:258) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:417) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104) at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:580) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) at java.lang.Thread.run(Thread.java:595)
I am working with
Jboss portal 2.6.1.GA
Active Directory
Any advice?