1 Reply Latest reply on Sep 6, 2013 3:08 AM by Harinder Singh

    Jboss 7.1 Managament authentication with LDAP server

    Harinder Singh Newbie

      Hi, I am trying to authenticate the jboss management interface with Ldap server and following is my configuration in standalone.xml -

       

      <management>

              <security-realms>

                  <security-realm name="ManagementRealm">

                      <authentication>

                            <ldap connection="LDAPConnections" recursive="true" base-dn="ou=users,dc=cydmodule,dc=com" >

                     <username-filter attribute="sAMAccountName" />                   

                           </ldap>

                      </authentication>

                  </security-realm>

                  <security-realm name="ApplicationRealm">

                      <authentication>

                          <local default-user="$local" allowed-users="*"/>

                          <properties path="application-users.properties" relative-to="jboss.server.config.dir"/>

                      </authentication>

                      <authorization>

                          <properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>

                      </authorization>

                  </security-realm>

              </security-realms>

              <management-interfaces>

                  <native-interface security-realm="ManagementRealm">

                      <socket-binding native="management-native"/>

                  </native-interface>

                  <http-interface security-realm="ManagementRealm">

                      <socket-binding http="management-http"/>

                  </http-interface>

              </management-interfaces>

              <outbound-connections>

           <ldap name="LDAPConnections" url="ldap://cym-dc-01.cydmodule.com:389" search-dn="cn=svc_jboss,cn=users,dc=cydmodule,dc=com" search-credential="xxxxxx" />

               </outbound-connections>

          </management>

       

       

      But when i try to login in Management interface, i got this error -

       

      10:52:03,758 DEBUG [org.jboss.as.domain.http.api] (HttpManagementService-threads - 1) Callback handle failed.: java.io.IOException: JBAS015220: Unable to perform verification

        at org.jboss.as.domain.management.security.UserLdapCallbackHandler.handle(UserLdapCallbackHandler.java:230) [jboss-as-domain-management-7.2.0.Final-redhat-8.jar:7.2.0.Final-redhat-8]

        at org.jboss.as.domain.management.security.SecurityRealmService$1.handle(SecurityRealmService.java:168) [jboss-as-domain-management-7.2.0.Final-redhat-8.jar:7.2.0.Final-redhat-8]

        at org.jboss.as.domain.http.server.security.BasicAuthenticator.checkCredentials(BasicAuthenticator.java:150) [jboss-as-domain-http-interface-7.2.0.Final-redhat-8.jar:7.2.0.Final-redhat-8]

        at org.jboss.com.sun.net.httpserver.BasicAuthenticator.authenticate(BasicAuthenticator.java:77)

        at org.jboss.as.domain.http.server.security.BasicAuthenticator._authenticate(BasicAuthenticator.java:115) [jboss-as-domain-http-interface-7.2.0.Final-redhat-8.jar:7.2.0.Final-redhat-8]

        at org.jboss.as.domain.http.server.security.BasicAuthenticator.authenticate(BasicAuthenticator.java:92) [jboss-as-domain-http-interface-7.2.0.Final-redhat-8.jar:7.2.0.Final-redhat-8]

        at org.jboss.sun.net.httpserver.AuthFilter.doFilter(AuthFilter.java:64)

        at org.jboss.com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:81)

        at org.jboss.sun.net.httpserver.ServerImpl$Exchange$LinkHandler.handle(ServerImpl.java:710)

        at org.jboss.com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:78)

        at org.jboss.as.domain.http.server.RealmReadinessFilter.doFilter(RealmReadinessFilter.java:47) [jboss-as-domain-http-interface-7.2.0.Final-redhat-8.jar:7.2.0.Final-redhat-8]

        at org.jboss.as.domain.http.server.DmrFailureReadinessFilter.doFilter(DmrFailureReadinessFilter.java:45) [jboss-as-domain-http-interface-7.2.0.Final-redhat-8.jar:7.2.0.Final-redhat-8]

        at org.jboss.com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:81)

        at org.jboss.sun.net.httpserver.ServerImpl$Exchange.run(ServerImpl.java:682)

        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110) [rt.jar:1.7.0]

        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603) [rt.jar:1.7.0]

        at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0]

        at org.jboss.threads.JBossThread.run(JBossThread.java:122) [jboss-threads-2.1.0.Final-redhat-1.jar:2.1.0.Final-redhat-1]

      Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext error,data 52e,v23f0]

        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3087) [rt.jar:1.7.0]

        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033) [rt.jar:1.7.0]

        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2835) [rt.jar:1.7.0]

        at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2749) [rt.jar:1.7.0]

        at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:316) [rt.jar:1.7.0]

        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193) [rt.jar:1.7.0]

        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211) [rt.jar:1.7.0]

        at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154) [rt.jar:1.7.0]

        at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84) [rt.jar:1.7.0]

        at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) [rt.jar:1.7.0]

        at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307) [rt.jar:1.7.0]

        at javax.naming.InitialContext.init(InitialContext.java:242) [rt.jar:1.7.0]

        at javax.naming.InitialContext.<init>(InitialContext.java:216) [rt.jar:1.7.0]

        at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101) [rt.jar:1.7.0]

        at org.jboss.as.domain.management.connections.ldap.LdapConnectionManagerService.getConnection(LdapConnectionManagerService.java:112) [jboss-as-domain-management-7.2.0.Final-redhat-8.jar:7.2.0.Final-redhat-8]

        at org.jboss.as.domain.management.connections.ldap.LdapConnectionManagerService.getConnection(LdapConnectionManagerService.java:93) [jboss-as-domain-management-7.2.0.Final-redhat-8.jar:7.2.0.Final-redhat-8]

        at org.jboss.as.domain.management.security.UserLdapCallbackHandler.handle(UserLdapCallbackHandler.java:186) [jboss-as-domain-management-7.2.0.Final-redhat-8.jar:7.2.0.Final-redhat-8]

        ... 17 more

       

       

      I have found that "data 52e" error means my credentials are wrong. But I have re-verified that it is correct.

       

      Can anyone faced the same problem and has a clue what am I doing wrong ?