12 Replies Latest reply on Oct 12, 2010 12:55 PM by Raman B.

    LdapIdentityStore and Active Directory

    Travis De Silva Newbie

      When I try to authenticate to AD, I get the following error.



      [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece




      Error code 525 means that the user that I am trying to bind (i.e. bind-DN) cannot be found.


      The entry that I have is correct since we have other Java apps (not seam) that use these credentials and successfully authenticate. In fact I used JXplorer to check the AD and I was able to login using this user and also checked the distinguished name which is correct.


      Any clues to what could be going wrong? Appreciate any help.


      Thanks




        • 1. Re: LdapIdentityStore and Active Directory
          Travis De Silva Newbie

          Note that I was able to authenticate via jaas using the active directory entry I have in the login-config.xml in Jboss. I guess I prefer to do it the new way using the ldap identity store.

          • 2. Re: LdapIdentityStore and Active Directory
            Travis De Silva Newbie

            I got this to work. The problem was not with the bind user but with the actual user that I was trying to authenticate. Once you put in the correct entries for user-DN-prefix and user-DN-suffix, it works.


            Now I have another issue. When you have complex AD structures, you might not always be able to specify the full DN. For example users can be under different trees (broken by sub divisions) In that instance, if we want to authenticate these uses who are in cross contexts, we will not be able to if we configure it as above. The solution is to add @company.com as the user-DN-suffix and leave the user-DN-prefix as blank.This is called the User Principal Name and when I add the @ sign, I get an error when seam starts up.


            How can we configure seam to use the user principal name? (note that when I remove the @ sign from the components.xml and add that as part of the username, the authentication works. But this is not acceptable as we cannot tell end users to add the @ sign at the end of their user name. What we need is to be able to configure this in the components.xml.




            • 3. Re: LdapIdentityStore and Active Directory
              Shane Bryzak Master

              What error do you get?  Can you post a stack trace?

              • 4. Re: LdapIdentityStore and Active Directory
                Travis De Silva Newbie

                Hi Shane,


                Apologies for the delayed reply. I don't seem to be getting the forum replies in my mailbox. Will check on that later.


                Since I posted, I got it to work by configuring to get the user-DN-suffix from the messsages property file like this.



                user-DN-suffix="#{messages['ldap.user.principal.name.suffix']}"
                



                Given below is the stack trace when I directly put the domain name with the @ sign. I have changed our company domain to the generic company.com name.



                java.lang.RuntimeException: error while reading /WEB-INF/components.xml
                     at org.jboss.seam.init.Initialization.initComponentsFromXmlDocument(Initialization.java:221)
                     at org.jboss.seam.init.Initialization.create(Initialization.java:124)
                     at org.jboss.seam.servlet.SeamListener.contextInitialized(SeamListener.java:34)
                     at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3856)
                     at org.apache.catalina.core.StandardContext.start(StandardContext.java:4361)
                     at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:790)
                     at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:770)
                     at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:553)
                     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                     at java.lang.reflect.Method.invoke(Method.java:597)
                     at org.apache.tomcat.util.modeler.BaseModelMBean.invoke(BaseModelMBean.java:296)
                     at org.jboss.mx.server.RawDynamicInvoker.invoke(RawDynamicInvoker.java:164)
                     at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
                     at org.apache.catalina.core.StandardContext.init(StandardContext.java:5312)
                     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                     at java.lang.reflect.Method.invoke(Method.java:597)
                     at org.apache.tomcat.util.modeler.BaseModelMBean.invoke(BaseModelMBean.java:296)
                     at org.jboss.mx.server.RawDynamicInvoker.invoke(RawDynamicInvoker.java:164)
                     at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
                     at org.jboss.web.tomcat.service.TomcatDeployer.performDeployInternal(TomcatDeployer.java:301)
                     at org.jboss.web.tomcat.service.TomcatDeployer.performDeploy(TomcatDeployer.java:104)
                     at org.jboss.web.AbstractWebDeployer.start(AbstractWebDeployer.java:375)
                     at org.jboss.web.WebModule.startModule(WebModule.java:83)
                     at org.jboss.web.WebModule.startService(WebModule.java:61)
                     at org.jboss.system.ServiceMBeanSupport.jbossInternalStart(ServiceMBeanSupport.java:289)
                     at org.jboss.system.ServiceMBeanSupport.jbossInternalLifecycle(ServiceMBeanSupport.java:245)
                     at sun.reflect.GeneratedMethodAccessor3.invoke(Unknown Source)
                     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                     at java.lang.reflect.Method.invoke(Method.java:597)
                     at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
                     at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
                     at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
                     at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
                     at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
                     at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:978)
                     at $Proxy0.start(Unknown Source)
                     at org.jboss.system.ServiceController.start(ServiceController.java:417)
                     at sun.reflect.GeneratedMethodAccessor9.invoke(Unknown Source)
                     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                     at java.lang.reflect.Method.invoke(Method.java:597)
                     at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
                     at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
                     at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
                     at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
                     at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
                     at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210)
                     at $Proxy44.start(Unknown Source)
                     at org.jboss.web.AbstractWebContainer.start(AbstractWebContainer.java:466)
                     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                     at java.lang.reflect.Method.invoke(Method.java:597)
                     at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
                     at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
                     at org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:133)
                     at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
                     at org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterceptor.java:142)
                     at org.jboss.mx.interceptor.DynamicInterceptor.invoke(DynamicInterceptor.java:97)
                     at org.jboss.system.InterceptorServiceMBeanSupport.invokeNext(InterceptorServiceMBeanSupport.java:238)
                     at org.jboss.wsf.container.jboss42.DeployerInterceptor.start(DeployerInterceptor.java:87)
                     at org.jboss.deployment.SubDeployerInterceptorSupport$XMBeanInterceptor.start(SubDeployerInterceptorSupport.java:188)
                     at org.jboss.deployment.SubDeployerInterceptor.invoke(SubDeployerInterceptor.java:95)
                     at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
                     at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
                     at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
                     at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210)
                     at $Proxy45.start(Unknown Source)
                     at org.jboss.deployment.MainDeployer.start(MainDeployer.java:1025)
                     at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:819)
                     at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:782)
                     at sun.reflect.GeneratedMethodAccessor21.invoke(Unknown Source)
                     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                     at java.lang.reflect.Method.invoke(Method.java:597)
                     at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
                     at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
                     at org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:133)
                     at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
                     at org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterceptor.java:142)
                     at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
                     at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
                     at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
                     at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210)
                     at $Proxy9.deploy(Unknown Source)
                     at org.jboss.deployment.scanner.URLDeploymentScanner.deploy(URLDeploymentScanner.java:421)
                     at org.jboss.deployment.scanner.URLDeploymentScanner.scan(URLDeploymentScanner.java:634)
                     at org.jboss.deployment.scanner.AbstractDeploymentScanner$ScannerThread.doScan(AbstractDeploymentScanner.java:263)
                     at org.jboss.deployment.scanner.AbstractDeploymentScanner.startService(AbstractDeploymentScanner.java:336)
                     at org.jboss.system.ServiceMBeanSupport.jbossInternalStart(ServiceMBeanSupport.java:289)
                     at org.jboss.system.ServiceMBeanSupport.jbossInternalLifecycle(ServiceMBeanSupport.java:245)
                     at sun.reflect.GeneratedMethodAccessor3.invoke(Unknown Source)
                     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                     at java.lang.reflect.Method.invoke(Method.java:597)
                     at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
                     at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
                     at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
                     at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
                     at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
                     at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:978)
                     at $Proxy0.start(Unknown Source)
                     at org.jboss.system.ServiceController.start(ServiceController.java:417)
                     at sun.reflect.GeneratedMethodAccessor9.invoke(Unknown Source)
                     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                     at java.lang.reflect.Method.invoke(Method.java:597)
                     at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
                     at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
                     at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
                     at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
                     at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
                     at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210)
                     at $Proxy4.start(Unknown Source)
                     at org.jboss.deployment.SARDeployer.start(SARDeployer.java:304)
                     at org.jboss.deployment.MainDeployer.start(MainDeployer.java:1025)
                     at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:819)
                     at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:782)
                     at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:766)
                     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                     at java.lang.reflect.Method.invoke(Method.java:597)
                     at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
                     at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
                     at org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:133)
                     at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
                     at org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterceptor.java:142)
                     at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
                     at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
                     at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
                     at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210)
                     at $Proxy5.deploy(Unknown Source)
                     at org.jboss.system.server.ServerImpl.doStart(ServerImpl.java:482)
                     at org.jboss.system.server.ServerImpl.start(ServerImpl.java:362)
                     at org.jboss.Main.boot(Main.java:200)
                     at org.jboss.Main$1.run(Main.java:508)
                     at java.lang.Thread.run(Thread.java:619)
                Caused by: java.lang.IllegalArgumentException: Exception setting property ldapIdentityStore.userDNSuffix on component ldapIdentityStore.  Expression @company.com evaluated to null.
                     at org.jboss.seam.init.Initialization.installComponentFromXmlElement(Initialization.java:518)
                     at org.jboss.seam.init.Initialization.installComponentsFromXmlElements(Initialization.java:354)
                     at org.jboss.seam.init.Initialization.initComponentsFromXmlDocument(Initialization.java:217)
                     ... 137 more
                Caused by: java.lang.IllegalArgumentException: null value
                     at org.jboss.seam.util.Conversions$FlatPropertyValue.<init>(Conversions.java:291)
                     at org.jboss.seam.init.Initialization.getPropertyValue(Initialization.java:595)
                     at org.jboss.seam.init.Initialization.installComponentFromXmlElement(Initialization.java:513)
                     ... 139 more
                


                • 5. Re: LdapIdentityStore and Active Directory
                  Paulo Caeiro Newbie

                  Hello,


                  Sorry to use this post to put my question, but its related so i think some one here could help.


                  I'm trying the LdapIdentityStore but I keep get the next error:



                  15:30:31,497 ERROR [SeamLoginModule] Error invoking login method
                  org.jboss.seam.security.management.IdentityManagementException: Authentication error
                       at org.jboss.seam.security.management.LdapIdentityStore.authenticate(LdapIdentityStore.java:441)
                       at org.jboss.seam.security.management.IdentityManager.authenticate(IdentityManager.java:262)
                       at org.jboss.seam.security.jaas.SeamLoginModule.login(SeamLoginModule.java:126)
                       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                       at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
                       at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
                       at java.lang.reflect.Method.invoke(Unknown Source)
                       at javax.security.auth.login.LoginContext.invoke(Unknown Source)
                       at javax.security.auth.login.LoginContext.access$000(Unknown Source)
                       at javax.security.auth.login.LoginContext$5.run(Unknown Source)
                       at java.security.AccessController.doPrivileged(Native Method)
                       at javax.security.auth.login.LoginContext.invokeCreatorPriv(Unknown Source)
                       at javax.security.auth.login.LoginContext.login(Unknown Source)
                       at org.jboss.seam.security.Identity.authenticate(Identity.java:335)
                       at org.jboss.seam.security.Identity.authenticate(Identity.java:324)
                       at org.jboss.seam.security.Identity.login(Identity.java:253)
                       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                       at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
                       at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
                       at java.lang.reflect.Method.invoke(Unknown Source)
                       at org.jboss.el.util.ReflectionUtil.invokeMethod(ReflectionUtil.java:329)
                       at org.jboss.el.util.ReflectionUtil.invokeMethod(ReflectionUtil.java:342)
                       at org.jboss.el.parser.AstPropertySuffix.invoke(AstPropertySuffix.java:58)
                       at org.jboss.el.parser.AstValue.invoke(AstValue.java:96)
                       at org.jboss.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:276)
                       at com.sun.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:68)
                       at javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:88)
                       at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102)
                       at javax.faces.component.UICommand.broadcast(UICommand.java:387)
                       at org.ajax4jsf.component.AjaxViewRoot.processEvents(AjaxViewRoot.java:321)
                       at org.ajax4jsf.component.AjaxViewRoot.broadcastEvents(AjaxViewRoot.java:296)
                       at org.ajax4jsf.component.AjaxViewRoot.processPhase(AjaxViewRoot.java:253)
                       at org.ajax4jsf.component.AjaxViewRoot.processApplication(AjaxViewRoot.java:466)
                       at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:82)
                       at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:100)
                       at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:118)
                       at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
                       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
                       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
                       at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83)
                       at org.jboss.seam.web.IdentityFilter.doFilter(IdentityFilter.java:38)
                       at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
                       at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:90)
                       at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
                       at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64)
                       at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
                       at org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:45)
                       at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
                       at org.ajax4jsf.webapp.BaseXMLFilter.doXmlFilter(BaseXMLFilter.java:177)
                       at org.ajax4jsf.webapp.BaseFilter.handleRequest(BaseFilter.java:267)
                       at org.ajax4jsf.webapp.BaseFilter.processUploadsAndHandleRequest(BaseFilter.java:380)
                       at org.ajax4jsf.webapp.BaseFilter.doFilter(BaseFilter.java:507)
                       at org.jboss.seam.web.Ajax4jsfFilter.doFilter(Ajax4jsfFilter.java:56)
                       at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
                       at org.jboss.seam.web.LoggingFilter.doFilter(LoggingFilter.java:58)
                       at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
                       at org.jboss.seam.debug.hot.HotDeployFilter.doFilter(HotDeployFilter.java:51)
                       at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
                       at org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158)
                       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
                       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
                       at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
                       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
                       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
                       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
                       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
                       at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
                       at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:432)
                       at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
                       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
                       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
                       at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
                       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
                       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
                       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
                       at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
                       at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
                       at java.lang.Thread.run(Unknown Source)
                  Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
                       at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
                       at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
                       at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
                       at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
                       at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
                       at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
                       at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
                       at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
                       at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
                       at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
                       at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
                       at javax.naming.InitialContext.init(Unknown Source)
                       at javax.naming.ldap.InitialLdapContext.<init>(Unknown Source)
                       at org.jboss.seam.security.management.LdapIdentityStore.initialiseContext(LdapIdentityStore.java:399)
                       at org.jboss.seam.security.management.LdapIdentityStore.authenticate(LdapIdentityStore.java:420)
                       ... 77 more
                  



                  and here it's my components.xml



                  <security:ldap-identity-store      
                                  name="ldapIdentityStore"
                                server-address="sedna.cmarl.pt" 
                                   server-port="389"                                                                     
                                user-DN-prefix="uid="
                                user-DN-suffix=",ou=Users,dc=cmarl,dc=pt"
                                user-context-DN="ou=Users,dc=cmarl,dc=pt"
                                user-password-attribute="userPassword"                                        
                                bind-DN="cn=Manager,dc=cmarl,dc=pt"
                  bind-credentials="secret"                                                                                       
                                role-context-DN="ou=Groups,dc=example,dc=com"
                               role-DN-prefix="cn="
                               role-DN-suffix=",ou=Groups,dc=example,dc=com"/>                                                                                                                                  
                    
                     <security:identity-manager identity-store="#{ldapIdentityStore}"/> 
                  



                  I think it´s related to the bind credentials because no matter the value i put in there the error it's always the same. Even with the right one.


                  Tanks in advance


                  Paulo


                  • 6. Re: LdapIdentityStore and Active Directory
                    Travis De Silva Newbie

                    Hi Paulo,


                    If you are sure that your bind-DN and bind-credentials are correct, then you are most probably getting this error as the user to be authenticated cannot be authenticated. Note this is not the bind user but the actual user you wish to authenticate.


                    This happened to me when the user-DN-prefix and user-DN-suffix was incorrect. If you don't have the ldap service, (ie part of a large company) then I suggest you use a open source tool like JXplorer (http://www.jxplorer.org/) to get an understanding of the tree structure and attributes. This was very useful for me.


                    Its frustrating when you get these issues but when you get it right, it certainly is a great feeling!!.


                    Hope this helps.


                    Travis

                    • 7. Re: LdapIdentityStore and Active Directory
                      Paulo Caeiro Newbie
                      Hi Travis and thanks for your reply...

                      Well i have made some progress but still stuck in here... :)

                      I have changed the user-DN-prefix from "uid=" to "cn=" for a quick test and i was able to do the login with the canonical name of the users but this is not what i want, i need to do it with the uid attribute.

                      Do you have any suggestion for this?

                      Thanks again for your help

                      Paulo
                      • 8. Re: LdapIdentityStore and Active Directory
                        Travis De Silva Newbie

                        Were you able to login via the JXplorer tool. If you can do that, and then do a search for the user you are trying to authenticate, you can look at that users distinguished name. from that you can get an idea what should go into the DN prefix and surfix which is basically the part before the name and part after the name.

                        • 9. Re: LdapIdentityStore and Active Directory
                          SIBUT Nicolas Newbie

                          Hi !


                          I have exaxtly the same problem.
                          I can login with my canonical name with user-DN-prefix cn but don't work with uid.


                          Have you find a solution ?


                          Thanks

                          • 10. Re: LdapIdentityStore and Active Directory
                            Shrikant Mabrukar Newbie

                            I am having the same issue, the distinguished name does not have user id i.e. uid in it but only cn in it. Did anyone get this working? How?

                            • 11. Re: LdapIdentityStore and Active Directory
                              Robin Foe Newbie

                              Hi All,


                              Based on what mentioned by travis, by putting domain name actually does the trick. However it do come with certain workaround towards ldapIdentityStore. below here is workaround and hope it could help others who have struggle through ldapIdentityStore and Active Directory


                              first, create your own custom class


                               @SuppressWarnings("serial")
                              public class CustomLdapIdentityStore extends org.jboss.seam.security.management.LdapIdentityStore{
                               @Override
                               protected String getUserDN(String username)
                               {
                                return String.format("%s%s%s", getUserDNPrefix(), username, "@"+getUserDNSuffix());
                               }
                              }



                              The custom class must be placed under main folder of seam directory structure.
                              the next step is to register the class as seam component.


                              <component class="com.base.security.identity.CustomLdapIdentityStore" 
                                        name="customLdapIdentityStore"
                                        startup="true"
                                        scope="APPLICATION">
                                      <property name="serverAddress">directory.mycompany.com</property>
                                      <property name="bindDN">cn=Manager,dc=mycompany,dc=com</property>
                                      <property name="bindCredentials">secret</property>
                                      <property name="firstNameAttribute">givenName</property>
                                      <property name="userNameAttribute">sAMAccountName</property>
                                      <property name="userDNSuffix">mycompany.com</property>
                                      <property name="userDNPrefix"></property>
                                      <property name="userContextDN">ou=Person,dc=mycompany,dc=com</property>
                                      <property name="userObjectClasses">person,uidObject</property>
                                  </component>



                              and to use the custom ldap identity store, it is as simple as including the codes below in the components.xml


                              <security:identity-manager identity-store="#{customLdapIdentityStore}"  />



                              The solution provided is actually is not too fine grained workaround, if others who have better opinion or proper way to get ldapIdentityStore work with active directory, i would be grateful to hear one :D





                              • 12. Re: LdapIdentityStore and Active Directory
                                Raman B. Newbie

                                For those who are using war projects with hot deploy:


                                create a CustomLdapIdentityStore class:




                                package org.braman.action;
                                
                                import javax.annotation.PostConstruct;
                                
                                import org.jboss.seam.ScopeType;
                                import org.jboss.seam.annotations.AutoCreate;
                                import org.jboss.seam.annotations.Name;
                                import org.jboss.seam.annotations.Scope;
                                import org.jboss.seam.annotations.Startup;
                                
                                @Name("customLdapIdentityStore")
                                @Startup
                                @AutoCreate
                                @Scope(ScopeType.APPLICATION)
                                public class CustomLdapIdentityStore extends org.jboss.seam.security.management.LdapIdentityStore{
                                     
                                     private static final long serialVersionUID = -1250675501823301128L;
                                
                                     @PostConstruct
                                     public void init()     {
                                         setServerAddress("192.168.0.1");
                                         setServerPort(389);
                                         setBindDN("raman@sdu.edu.kz");
                                         setBindCredentials("HSDGJH!@$@");
                                         
                                         setUserContextDN("OU=ALL USERS,DC=sdu,DC=edu,DC=kz");
                                         setUserDNPrefix("");
                                         setUserDNSuffix("sdu.edu.kz");
                                         setUserObjectClasses(new String[]{"person","user","organizationalPerson"});
                                         setUserNameAttribute("sAMAccountName");
                                          
                                          
                                     }
                                     
                                     
                                     
                                     @Override
                                     protected String getUserDN(String username)
                                     {
                                          return String.format("%s%s%s", getUserDNPrefix(), username, "@"+getUserDNSuffix());
                                     }
                                }




                                and put these lines of code into components.xml file:




                                <security:identity authenticate-method="#{authenticator.authenticate}" 
                                     remember-me="true" />
                                          
                                <security:identity-manager name="identityManager" 
                                     identity-store="#{customLdapIdentityStore}" >
                                </security:identity-manager>
                                



                                That's all, good luck!