1 Reply Latest reply on Aug 16, 2007 5:16 PM by Boleslaw Dawidowicz

    IdentityException

    Georges MAHOP Newbie

      I have some difficulties with my ldap configuration

      My configuration is :

      login-config.xml

       <login-module code="org.jboss.portal.identity.auth.IdentityLoginModule" flag="sufficient">
       <module-option name="unauthenticatedIdentity">guest</module-option>
       <module-option name="userModuleJNDIName">java:/portal/UserModule</module-option>
       <module-option name="roleModuleJNDIName">java:/portal/RoleModule</module-option>
       <module-option name="userProfileModuleJNDIName">java:/portal/UserProfileModule</module-option>
       <module-option name="membershipModuleJNDIName">java:/portal/MembershipModule</module-option>
       <module-option name="additionalRole">Authenticated</module-option>
       <module-option name="password-stacking">useFirstPass</module-option>
       </login-module>
      
      
      
       <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">
       <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
       <module-option name="java.naming.provider.url">ldap://192.168.10.240:389</module-option>
       <module-option name="java.naming.security.authentication">simple</module-option>
       <module-option name="bindDN">bind@proxiad-nord.com</module-option>
       <module-option name="bindCredential">****</module-option>
       <module-option name="roleFilter">(sAMAccountName={0})</module-option>
       <module-option name="roleAttributeID">memberOf</module-option>
       <module-option name="roleAttributeIsDN">true</module-option>
       <module-option name="roleNameAttributeID">cn</module-option>
       <module-option name="roleRecursion">-1</module-option>
       <module-option name="searchTimeLimit">10000</module-option>
       <module-option name="searchScope">SUBTREE_SCOPE</module-option>
       <module-option name="allowEmptyPasswords">false</module-option>
       <!--<module-option name="hashAlgorithm">MD5</module-option>-->
       </login-module>
      



      ldap_config.xml

      <identity-configuration>
       <datasources>
       <datasource>
       <name>LDAP</name>
       <config>
       <option>
       <name>host</name>
       <value>192.168.10.240</value>
       </option>
       <option>
       <name>port</name>
       <value>389</value>
       </option>
       <option>
       <name>adminDN</name>
       <value>bind@proxiad-nord.com</value>
       </option>
       <option>
       <name>adminPassword</name>
       <value>*****</value>
       </option>
       <!--<option>
       <name>protocol</name>
       <value>ssl</value>
       </option>-->
       </config>
       </datasource>
       </datasources>
       <modules>
       <module>
       <!--type used to correctly map in IdentityContext registry-->
       <type>User</type>
       <implementation>LDAP</implementation>
       <class>org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl</class>
       <config/>
       </module>
       <module>
       <type>Role</type>
       <implementation>LDAP</implementation>
       <config/>
       </module>
       <module>
       <type>Membership</type>
       <implementation>LDAP</implementation>
       <config/>
       </module>
       <module>
       <type>UserProfile</type>
       <implementation>DELEGATING</implementation>
       <config>
       <option>
       <name>ldapModuleJNDIName</name>
       <value>java:/portal/LDAPUserProfileModule</value>
       </option>
       </config>
       </module>
       <module>
       <type>DBDelegateUserProfile</type>
       <implementation>DB</implementation>
       <config>
       <option>
       <name>randomSynchronizePassword</name>
       <value>true</value>
       </option>
       </config>
       </module>
       <module>
       <type>LDAPDelegateUserProfile</type>
       <implementation>LDAP</implementation>
       <config/>
       </module>
       </modules>
      
       <options>
       <option-group>
       <group-name>common</group-name>
       <option>
       <name>userCtxDN</name>
       <value>ou=IDF,ou=Collaborateurs,dc=proxiad-nord,dc=com</value>
       <value>ou=Nord,ou=Collaborateurs,dc=proxiad-nord,dc=com</value>
       </option>
       <!--<option>
       <name>passwordAttributeID</name>
       <value>userPassword</value>
       </option>-->
       <option>
       <name>roleCtxDN</name>
       <value>ou=Groupes,dc=proxiad-nord,dc=com</value>
       </option>
       <option>
       <name>userSearchFilter</name>
       <value><![CDATA[(sAMAccountName={0})]]></value>
       </option>
      
      
       </option-group>
       <option-group>
       <group-name>userCreateAttibutes</group-name>
       <option>
       <name>objectClass</name>
       <!--This objectclasses should work with Red Hat Directory-->
       <value>top</value>
       <value>person</value>
       <value>inetOrgPerson</value>
       </option>
       <!--Schema requires those to have initial value-->
       <option>
       <name>cn</name>
       <value>none</value>
       </option>
       <option>
       <name>sn</name>
       <value>none</value>
       </option>
       </option-group>
       <option-group>
       <group-name>roleCreateAttibutes</group-name>
       <!--Schema requires those to have initial value-->
       <option>
       <name>cn</name>
       <value>none</value>
       </option>
       <!--Some directory servers require this attribute to be valid DN-->
       <!--For safety reasons point to the admin user here-->
       <option>
       <name>member</name>
       <value>cn=Admin,ou=Groupes,dc=proxiad-nord,dc=com</value>
       </option>
       </option-group>
       </options>
      </identity-configuration>
      




      here is the exception i get after i try to log in with correct login and password

      2007-08-13 12:32:43,422 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] Search filter: (sAMAccountName={0})
      2007-08-13 12:32:43,422 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] Search filter: (sAMAccountName={0})
      2007-08-13 12:32:43,422 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] Search filterArg: {0}: g.mahop
      2007-08-13 12:32:43,422 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] Search ctx: ou=Nord,ou=Collaborateurs,dc=proxiad-nord,dc=com
      2007-08-13 12:32:43,484 ERROR [org.jboss.portal.identity.auth.IdentityLoginModule] Error when validating password
      org.jboss.portal.common.transaction.NestedException: javax.security.auth.login.LoginException: org.jboss.portal.identity.IdentityException: Couldn't create LDAPUserImpl object from ldap entry (SearchResult)
       at org.jboss.portal.common.transaction.Transactions.apply(Transactions.java:253)
       at org.jboss.portal.common.transaction.Transactions.required(Transactions.java:289)
       at org.jboss.portal.identity.auth.IdentityLoginModule.getUserStatus(IdentityLoginModule.java:204)
       at org.jboss.portal.identity.auth.IdentityLoginModule.validatePassword(IdentityLoginModule.java:158)
       at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:210)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:585)
       at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
       at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
       at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
       at java.security.AccessController.doPrivileged(Native Method)
       at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
       at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
       at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:603)
       at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:537)
       at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
       at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:491)
       at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:258)
       at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:417)
       at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
       at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241)
       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
       at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:580)
       at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
       at java.lang.Thread.run(Thread.java:595)
      Caused by: javax.security.auth.login.LoginException: org.jboss.portal.identity.IdentityException: Couldn't create LDAPUserImpl object from ldap entry (SearchResult)
       at org.jboss.portal.identity.auth.IdentityLoginModule$1.run(IdentityLoginModule.java:260)
       at org.jboss.portal.common.transaction.Transactions.apply(Transactions.java:219)
       ... 30 more
      2007-08-13 12:32:43,484 DEBUG [org.jboss.portal.identity.auth.IdentityLoginModule] Bad password for username=g.mahop
      2007-08-13 12:32:43,500 DEBUG [org.jboss.security.auth.spi.LdapExtLoginModule] Bad password for username=g.mahop
      java.lang.NullPointerException
       at javax.naming.InitialContext.getURLScheme(InitialContext.java:228)
       at javax.naming.InitialContext.getURLOrDefaultInitCtx(InitialContext.java:277)
       at javax.naming.directory.InitialDirContext.getURLOrDefaultInitDirCtx(InitialDirContext.java:87)
       at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
       at org.jboss.security.auth.spi.LdapExtLoginModule.bindDNAuthentication(LdapExtLoginModule.java:375)
       at org.jboss.security.auth.spi.LdapExtLoginModule.createLdapInitContext(LdapExtLoginModule.java:336)
       at org.jboss.security.auth.spi.LdapExtLoginModule.validatePassword(LdapExtLoginModule.java:229)
       at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:210)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:585)
       at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
       at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
       at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
       at java.security.AccessController.doPrivileged(Native Method)
       at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
       at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
       at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:603)
       at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:537)
       at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
       at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:491)
       at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:258)
       at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:417)
       at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
       at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241)
       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
       at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:580)
       at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
       at java.lang.Thread.run(Thread.java:595)
      
      



      I am working with

      Jboss portal 2.6.1.GA
      Active Directory


      Any advice?