6 Replies Latest reply on Feb 21, 2012 7:14 AM by Janko Joc

    username-attribute may not be null in ldap security realm

    Yves Peter Newbie

      I tried the new JBoss 7.1 CR1 and get a strange error with this configuration that used to work in Beta1b:

       

          <management>
              <security-realms>
                  <security-realm name="PropertiesMgmtSecurityRealm">
                      <authentication>
                          <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir" />
                      </authentication>
                  </security-realm>
                  <security-realm name="LDAPMgmtSecurityRealm">
                      <authentication>
                          <ldap connection="ldap_connection" recursive="true" base-dn="OU=yellow-Acc,DC=uyellow,DC=yellowcorp,DC=test">
                              <advanced-filter filter="(&amp;(sAMAccountName={0})(memberOf=CN=AJBOSSSUPER,OU=Groups,OU=yellow-Acc,DC=uyellow,DC=yellowcorp,DC=test))" />
                          </ldap>
                      </authentication>
                  </security-realm>
              </security-realms>
              <outbound-connections>
                  <ldap name="ldap_connection" url="ldap://addc01.uyellow.yellowcorp.test" search-dn="CN=User,OU=Service-Accounts,OU=yellow-Acc,DC=uyellow,DC=yellowcorp,DC=test"
                      search-credential="pw" />
              </outbound-connections>
              <management-interfaces>
                  <native-interface security-realm="PropertiesMgmtSecurityRealm">
                      <socket-binding native="management-native" />
                  </native-interface>
                  <http-interface security-realm="LDAPMgmtSecurityRealm">
                      <socket-binding http="management-http" />
                  </http-interface>
              </management-interfaces>
          </management>
      
      

       

      Error:

      16:26:24,923 INFO  [org.jboss.modules] JBoss Modules version 1.1.0.CR6
      16:26:25,635 INFO  [org.jboss.msc] JBoss MSC version 1.0.1.GA
      16:26:25,719 INFO  [org.jboss.as] JBoss AS 7.1.0.CR1b "Flux Capacitor" starting
      16:26:27,402 ERROR [org.jboss.as.controller.management-operation] Operation ("add") failed - address: ([
          ("core-service" => "management"),
          ("security-realm" => "LDAPMgmtSecurityRealm"),
          ("authentication" => "ldap")
      ]) - failure description: "JBAS014746: username-attribute may not be null"
      16:26:27,407 INFO  [org.jboss.as] JBoss AS 7.1.0.CR1b "Flux Capacitor" started in 2859ms - Started 19 of 20 services (1 services are passive or on-demand)
      16:29:42,092 INFO  [org.jboss.as] JBoss AS 7.1.0.CR1b "Flux Capacitor" stopped in 9ms
      

       

      It used to work in the 7.1 Beta. I validated my xml and it seams to be valid. Did I miss something or is this a bug?

        • 1. Re: username-attribute may not be null in ldap security realm
          Darran Lofthouse Master

          Can you please raise a Jira with this error and assign it to me?  There was some refactoring of the management of the realms before the release and it looks like it has broken making that element optional.

          1 of 1 people found this helpful
          • 2. Re: username-attribute may not be null in ldap security realm
            Yves Peter Newbie

            I opened a Jira but I have no rights to assign it to you.

            Thanks for looking into it.

            Yves

            • 3. Re: username-attribute may not be null in ldap security realm
              Janko Joc Newbie

              Can you tell me please if AND operation filters (&(racfgroupid=XXXX)(racfuserid={0})) work in jboss 6.1 becouse I have some problems specifying them in login-config.xml.

               

              <module-option name="roleFilter">((&(racfgroupid=XXXX)(racfuserid={0})))</module-option>

               

              Thank you in advancde.

              • 4. Re: username-attribute may not be null in ldap security realm
                Darran Lofthouse Master

                This thread is specifically discussing the security realms added to JBoss AS 7 so unfortunately no this does not apply at all to AS6.

                • 5. Re: username-attribute may not be null in ldap security realm
                  Janko Joc Newbie

                  Thank you for your fast answer. I upgraded to jboss 7.1 but I still have problems. When I enterd the filter (&(racfuserid={0})(racfgroupid=XXXX)) in advanced-filter field, jboss didn't start correctly.

                   

                  Here is the error report:

                   

                  09:14:49,623 ERROR [org.jboss.as.controller] JBAS014601: Error booting the container: java.lang.RuntimeException: org.jboss.as.controller.persistence.ConfigurationPersistenceException: JBAS014676: Failed to parse configuration

                      at org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:161) [jboss-as-controller-7.1.0.Final.jar:7.1.0.Final]

                      at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_02]

                  Caused by: org.jboss.as.controller.persistence.ConfigurationPersistenceException: JBAS014676: Failed to parse configuration

                      at org.jboss.as.controller.persistence.XmlConfigurationPersister.load(XmlConfigurationPersister.java:125) [jboss-as-controller-7.1.0.Final.jar:7.1.0.Final]

                      at org.jboss.as.controller.AbstractControllerService.boot(AbstractControllerService.java:187) [jboss-as-controller-7.1.0.Final.jar:7.1.0.Final]

                      at org.jboss.as.server.ServerService.boot(ServerService.java:261) [jboss-as-server-7.1.0.Final.jar:7.1.0.Final]

                      at org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:155) [jboss-as-controller-7.1.0.Final.jar:7.1.0.Final]

                      ... 1 more

                  Caused by: com.ctc.wstx.exc.WstxUnexpectedCharException: Unexpected character '(' (code 40) (expected a name start character)

                  at [row,col {unknown-source}]: [49,52]

                      at com.ctc.wstx.sr.StreamScanner.throwUnexpectedChar(StreamScanner.java:639)

                      at com.ctc.wstx.sr.StreamScanner.parseFullName(StreamScanner.java:1920)

                      at com.ctc.wstx.sr.StreamScanner.parseEntityName(StreamScanner.java:2044)

                      at com.ctc.wstx.sr.StreamScanner.fullyResolveEntity(StreamScanner.java:1511)

                      at com.ctc.wstx.sr.BasicStreamReader.parseAttrValue(BasicStreamReader.java:1902)

                      at com.ctc.wstx.sr.BasicStreamReader.handleNsAttrs(BasicStreamReader.java:3028)

                      at com.ctc.wstx.sr.BasicStreamReader.handleStartElem(BasicStreamReader.java:2926)

                      at com.ctc.wstx.sr.BasicStreamReader.nextFromTree(BasicStreamReader.java:2802)

                      at com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1050)

                      at com.ctc.wstx.sr.BasicStreamReader.nextTag(BasicStreamReader.java:1125)

                      at org.jboss.staxmapper.XMLExtendedStreamReaderImpl.nextTag(XMLExtendedStreamReaderImpl.java:152) [staxmapper-1.1.0.Final.jar:1.1.0.Final]

                      at org.jboss.as.domain.management.parsing.ManagementXml.parseLdapAuthentication_1_1(ManagementXml.java:665) [jboss-as-domain-management-7.1.0.Final.jar:7.1.0.Final]

                      at org.jboss.as.domain.management.parsing.ManagementXml.parseAuthentication_1_1(ManagementXml.java:497) [jboss-as-domain-management-7.1.0.Final.jar:7.1.0.Final]

                      at org.jboss.as.domain.management.parsing.ManagementXml.parseSecurityRealm_1_1(ManagementXml.java:312) [jboss-as-domain-management-7.1.0.Final.jar:7.1.0.Final]

                      at org.jboss.as.domain.management.parsing.ManagementXml.parseSecurityRealms(ManagementXml.java:247) [jboss-as-domain-management-7.1.0.Final.jar:7.1.0.Final]

                      at org.jboss.as.domain.management.parsing.ManagementXml.parseManagement(ManagementXml.java:130) [jboss-as-domain-management-7.1.0.Final.jar:7.1.0.Final]

                      at org.jboss.as.server.parsing.StandaloneXml.readServerElement_1_1(StandaloneXml.java:324) [jboss-as-server-7.1.0.Final.jar:7.1.0.Final]

                      at org.jboss.as.server.parsing.StandaloneXml.readElement(StandaloneXml.java:126) [jboss-as-server-7.1.0.Final.jar:7.1.0.Final]

                      at org.jboss.as.server.parsing.StandaloneXml.readElement(StandaloneXml.java:100) [jboss-as-server-7.1.0.Final.jar:7.1.0.Final]

                      at org.jboss.staxmapper.XMLMapperImpl.processNested(XMLMapperImpl.java:110) [staxmapper-1.1.0.Final.jar:1.1.0.Final]

                      at org.jboss.staxmapper.XMLMapperImpl.parseDocument(XMLMapperImpl.java:69) [staxmapper-1.1.0.Final.jar:1.1.0.Final]

                      at org.jboss.as.controller.persistence.XmlConfigurationPersister.load(XmlConfigurationPersister.java:117) [jboss-as-controller-7.1.0.Final.jar:7.1.0.Final]

                      ... 4 more

                   

                  and here is my standaone.xml:

                   

                  <security-realm name="LDAPMgmtSecurityRealm">

                                  <authentication>

                                      <ldap connection="ldap_connection" base-dn="profiletype=********,secAuthority=*******" recursive="true">

                                          <advanced-filter filter="(&(racfuserid={0})(racfgroupid=XXXX))"/>

                                      </ldap>

                                  </authentication>

                              </security-realm>

                          </security-realms>

                          <outbound-connections>

                              <ldap name="ldap_connection" url="ldaps://******:636" search-dn="racfid=******,profiletype=******,secAuthority=******" search-credential="*********"/>

                          </outbound-connections>

                          <management-interfaces>

                              <native-interface security-realm="LDAPMgmtSecurityRealm">

                                  <socket-binding native="management-native"/>

                              </native-interface>

                              <http-interface security-realm="LDAPMgmtSecurityRealm">

                                  <socket-binding http="management-http"/>

                              </http-interface>

                   

                  Everything else seems to be correct, because it works with diferent filters. I need this because I want only the users of 'admin' group to be able to connect to admin console.

                  Thank you very much.

                   

                   

                  PS: the Unexpected character '(' at raw,col [49,52] is the second '(' in the advanced-filter. (&(racfuserid={0})(racfgroupid=XXXX))

                  • 6. Re: username-attribute may not be null in ldap security realm
                    Janko Joc Newbie

                    I found the error. The filter now looks like this (&amp;(racfuserid={0})(racfgroupid=XXXX)). I hope this will work. Thank you.