8 Replies Latest reply on Jan 11, 2013 4:48 AM by Sans Kum

    Jboss7 LDAP configuration

    teena buchade Newbie

      Hi,

       

      I am struggling in doing LDAP conguration in Jboss 7

       

      I have made the following changes in the standalone.xml

       

      <security-domains>

                      <security-domain name="other" cache-type="default">

                          <authentication>

                              <login-module code="Disabled" flag="required"/>

                          </authentication>

                      </security-domain>

                      <security-domain name="LDAP">

                          <authentication>

                              <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">

                                  <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>

                                  <module-option name="java.naming.provider.url" value="ldap://10.10.10.10:389"/>

                                  <module-option name="bindDN value="ou=people,dc=mycompany,dc=com"/>

                                  <module-option name="bindCredential" value="xxxx"/>

                                  <module-option name="baseCtxDN" value="cn=Manager,dc=mycompany,dc=com"/>

                                  <module-option name="baseFilter" value="(uniqueMember={0})"/>

                                  <module-option name="rolesCtxDN" value="ou=groups,dc=mycompany,dc=com"/>

                                  <module-option name="roleFilter" value="(uniqueMember={0})"/>

                                  <module-option name="roleNameAttributeID" value="cn"/>

                                  <module-option name="roleAttributeIsDN" value="true"/>

                                  <module-option name="allowEmptyPasswords" value="false"/>

                                  <module-option name="Context.REFERRAL" value="follow"/>

                                  <module-option name="throwValidateError" value="true"/>

                                  <module-option name="allowEmptyPasswords" value="true"/>

                              </login-module>

                              </authentication>

                      </security-domain>

                  </security-domains>

       

       

      added :

       

      <subsystem xmlns="urn:jboss:domain:ee:1.0">

                  <global-modules>

                      <module name="sun.jdk" slot="main"/>

                  </global-modules>

      </subsystem>

       

      but i amgetting the following error when i try to login :

       

      09:59:13,093 ERROR [org.jboss.security.auth.spi.DisabledLoginModule] (http--127.0.0.1-8080-1) The security domain other has been disabled. All authentication will fail. Please check your configuration to make sure this is expected

      09:59:13,108 ERROR [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http--127.0.0.1-8080-1) Login failure: javax.security.auth.login.LoginException: Login Failure: all modules ignored

              at javax.security.auth.login.LoginContext.invoke(LoginContext.java:921) [:1.6.0_21]

              at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) [:1.6.0_21]

              at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) [:1.6.0_21]

              at java.security.AccessController.doPrivileged(Native Method) [:1.6.0_21]

              at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) [:1.6.0_21]

              at javax.security.auth.login.LoginContext.login(LoginContext.java:579) [:1.6.0_21]

              at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:411) [picketbox-infinispan-4.0.1.jar:4.0.1]

              at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:345) [picketbox-infinispan-4.0.1.jar:4.0.1]

              at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:154) [picketbox-infinispan-4.0.1.jar:4.0.1]

              at org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:127) [jboss-as-web-7.0.2.Final.jar:7.0.2.Final]

              at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:180) [jbossweb-7.0.1.Final.jar:7.0.2.Final]

              at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:446) [jbossweb-7.0.1.Final.jar:7.0.2.Final]

              at org.jboss.as.web.NamingValve.invoke(NamingValve.java:57) [jboss-as-web-7.0.2.Final.jar:7.0.2.Final]

              at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:154) [jbossweb-7.0.1.Final.jar:7.0.2.Final]

              at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.1.Final.jar:7.0.2.Final]

              at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.1.Final.jar:7.0.2.Final]

              at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:362) [jbossweb-7.0.1.Final.jar:7.0.2.Final]

              at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.1.Final.jar:7.0.2.Final]

              at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:667) [jbossweb-7.0.1.Final.jar:7.0.2.Final]

              at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:952) [jbossweb-7.0.1.Final.jar:7.0.2.Final]

              at java.lang.Thread.run(Thread.java:619) [:1.6.0_21]

       

      Kindly help me in getting rid from this error.

       

      Thanks in advance.

        • 1. Re: Jboss7 LDAP configuration
          jaikiran pai Master

          09:59:13,093 ERROR [org.jboss.security.auth.spi.DisabledLoginModule] (http--127.0.0.1-8080-1) The security domain other has been disabled. All authentication will fail. Please check your configuration to make sure this is expected

          It looks like you are using the "other" security domain which has been disabled. Make sure you use the LDAP security domain in your application.

          1 of 1 people found this helpful
          • 2. Re: Jboss7 LDAP configuration
            teena buchade Newbie

            Hi i have changed the configuration but now i am getting the following error:

             

             

            15:14:09,157 ERROR [org.jboss.security.auth.spi.UsersRolesLoginModule] (http--127.0.0.1-8080-1) Failed to load users/passwords/role files: java.io.IOException: No properties file: users.properties or defaults: defaultUsers.properties f

                    at org.jboss.security.auth.spi.Util.loadProperties(Util.java:227) [picketbox-4.0.1.jar:4.0.1]

                    at org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRolesLoginModule.java:188) [picketbox-4.0.1.jar:4.0.1]

                    at org.jboss.security.auth.spi.UsersRolesLoginModule.createUsers(UsersRolesLoginModule.java:202) [picketbox-4.0.1.jar:4.0.1]

                    at org.jboss.security.auth.spi.UsersRolesLoginModule.initialize(UsersRolesLoginModule.java:129) [picketbox-4.0.1.jar:4.0.1]

                    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [:1.6.0_21]

                    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [:1.6.0_21]

                    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [:1.6.0_21]

                    at java.lang.reflect.Method.invoke(Method.java:597) [:1.6.0_21]

                    at javax.security.auth.login.LoginContext.invoke(LoginContext.java:756) [:1.6.0_21]

                    at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) [:1.6.0_21]

                    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) [:1.6.0_21]

                    at java.security.AccessController.doPrivileged(Native Method) [:1.6.0_21]

                    at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) [:1.6.0_21]

                    at javax.security.auth.login.LoginContext.login(LoginContext.java:579) [:1.6.0_21]

                    at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:411) [picketbox-infinispan-4.0.1.jar:4.0.1]

                    at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:345) [picketbox-infinispan-4.0.1.jar:4.0.1]

                    at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:154) [picketbox-infinispan-4.0.1.jar:4.0.1]

                    at org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:127) [jboss-as-web-7.0.2.Final.jar:7.0.2.Final]

                    at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:180) [jbossweb-7.0.1.Final.jar:7.0.2.Final]

                    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:446) [jbossweb-7.0.1.Final.jar:7.0.2.Final]

                    at org.jboss.as.web.NamingValve.invoke(NamingValve.java:57) [jboss-as-web-7.0.2.Final.jar:7.0.2.Final]

                    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:154) [jbossweb-7.0.1.Final.jar:7.0.2.Final]

                    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.1.Final.jar:7.0.2.Final]

                    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.1.Final.jar:7.0.2.Final]

                    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:362) [jbossweb-7.0.1.Final.jar:7.0.2.Final]

                    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.1.Final.jar:7.0.2.Final]

                    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:667) [jbossweb-7.0.1.Final.jar:7.0.2.Final]

                    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:952) [jbossweb-7.0.1.Final.jar:7.0.2.Final]

                    at java.lang.Thread.run(Thread.java:619) [:1.6.0_21]

             

             

            15:14:09,157 ERROR [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http--127.0.0.1-8080-1) Login failure: javax.security.auth.login.LoginException: Missing users.properties file.

                    at org.jboss.security.auth.spi.UsersRolesLoginModule.login(UsersRolesLoginModule.java:150) [picketbox-4.0.1.jar:4.0.1]

                    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [:1.6.0_21]

                    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [:1.6.0_21]

                    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [:1.6.0_21]

                    at java.lang.reflect.Method.invoke(Method.java:597) [:1.6.0_21]

                    at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) [:1.6.0_21]

                    at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) [:1.6.0_21]

                    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) [:1.6.0_21]

                    at java.security.AccessController.doPrivileged(Native Method) [:1.6.0_21]

                    at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) [:1.6.0_21]

                    at javax.security.auth.login.LoginContext.login(LoginContext.java:579) [:1.6.0_21]

                    at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:411) [picketbox-infinispan-4.0.1.jar:4.0.1]

                    at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:345) [picketbox-infinispan-4.0.1.jar:4.0.1]

                    at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:154) [picketbox-infinispan-4.0.1.jar:4.0.1]

                    at org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:127) [jboss-as-web-7.0.2.Final.jar:7.0.2.Final]

                    at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:180) [jbossweb-7.0.1.Final.jar:7.0.2.Final]

                    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:446) [jbossweb-7.0.1.Final.jar:7.0.2.Final]

                    at org.jboss.as.web.NamingValve.invoke(NamingValve.java:57) [jboss-as-web-7.0.2.Final.jar:7.0.2.Final]

                    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:154) [jbossweb-7.0.1.Final.jar:7.0.2.Final]

                    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.1.Final.jar:7.0.2.Final]

                    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.1.Final.jar:7.0.2.Final]

                    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:362) [jbossweb-7.0.1.Final.jar:7.0.2.Final]

                    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.1.Final.jar:7.0.2.Final]

                    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:667) [jbossweb-7.0.1.Final.jar:7.0.2.Final]

                    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:952) [jbossweb-7.0.1.Final.jar:7.0.2.Final]

                    at java.lang.Thread.run(Thread.java:619) [:1.6.0_21]

            • 3. Re: Jboss7 LDAP configuration
              jaikiran pai Master

              What does the new configuration look like and what does your jboss-web.xml (or jboss-ejb3.xml) with the security-domain configuration look like?

              • 4. Re: Jboss7 LDAP configuration
                teena buchade Newbie

                Hi jaikiran

                 

                Thanks for the reply the current configuration is as below:

                 

                <security-domain name="other" cache-type="default">

                                    <authentication>

                                        <login-module code="LdapExtended" flag="required"/>

                                    </authentication>

                   </security-domain>

                 

                 

                <security-domain name="LDAP" cache-type="default">

                                    <authentication>

                                        <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">

                                            <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>

                                            <module-option name="java.naming.provider.url" value="ldap://10.10.10.10:389"/>

                                            <module-option name="bindDN" value="cn=Manager,dc=mycompany,dc=com"/>

                                            <module-option name="bindCredential" value="password"/>

                                            <module-option name="baseCtxDN" value="ou=people,dc=mycompany,dc=com"/>

                                            <module-option name="baseFilter" value="uid={0},ou=people,dc=mycompany,dc=com"/>

                                            <module-option name="rolesCtxDN" value="ou=groups,dc=mycompany,dc=com"/>

                                            <module-option name="roleFilter" value="(uniqueMember={0})"/>

                                            <module-option name="roleNameAttributeID" value="cn"/>

                                            <module-option name="roleAttributeIsDN" value="true"/>

                                            <module-option name="allowEmptyPasswords" value="false"/>

                                            <module-option name="Context.REFERRAL" value="follow"/>

                                            <module-option name="throwValidateError" value="true"/>

                                        </login-module>

                                    </authentication>

                                </security-domain>

                 

                 

                jboss-web.xml is as below:

                 

                <?xml version="1.0" encoding="UTF-8"?>

                <!DOCTYPE jboss-web PUBLIC

                   "-//JBoss//DTD Web Application 5.0//EN"

                   "http://www.jboss.org/j2ee/dtd/jboss-web_5_0.dtd">

                <jboss-web>

                          <security-domain>java:/jaas/LDAP</security-domain>

                </jboss-web>

                 


                • 5. Re: Jboss7 LDAP configuration
                  jaikiran pai Master

                  teena buchade wrote:

                   

                            <security-domain>java:/jaas/LDAP</security-domain>

                   


                  This is incorrect. It should just be the name of the security domain.

                   

                  <security-domain>LDAP</security-domain>

                  • 6. Re: Jboss7 LDAP configuration
                    teena buchade Newbie

                    Hi jaiKiran

                     

                    Thanks for the help.

                     

                    I got rid from the above error but still i am not able to log in my application i am getting the below page after submitting the username and password but cant see any error or stacktrace on the console.

                     

                    HTTP Status 403 - Access to the requested resource has been denied


                    type Status report

                    message Access to the requested resource has been denied

                    description Access to the specified resource (Access to the requested resource has been denied) has been forbidden.


                    JBoss Web/7.0.1.Final

                     

                     

                    I tried to enable the enable TRACE level logging of security using the below configuration but failed in that part .

                     

                          <subsystem xmlns="urn:jboss:domain:logging:1.1">

                                   ......

                               <logger category="org.jboss.security">

                                    <level name="TRACE"/>

                                </logger>

                                <logger category="org.jboss.as.web.security">

                                    <level name="TRACE"/>

                                </logger>

                          </subsystem>

                     

                     

                    Kindly help in in configurting TRACE level logging and to solve the above problem.

                     


                     


                    • 7. Re: Jboss7 LDAP configuration
                      teena buchade Newbie

                      Hi

                       

                      Any update on the above mentioned issue.

                       

                      Kindly let me know any possible solution.

                      • 8. Re: Jboss7 LDAP configuration
                        Sans Kum Newbie

                        Hi Teena,

                         

                        I do have the same issue now.

                         

                        Did you fix that? If so, please share the solution here...