0 Replies Latest reply on Jan 27, 2014 12:43 PM by Umar Khan

    JBoss LDAP Configuration not working in case AD CN has Slashes

    Umar Khan Newbie

      I have come accross a problem while configuring the LDAP of JBoss with AD i.e. while autheticating a java based application hosted on JBoss 5.0 with Active Directory the user doesn't get authenticated if his/her CN contains "Slashes". THe java application is simply sending the username to Active Directory using LDAP. Everything works fine if the user's CN doesn't contain "slashes" but when the user's CN/DN contain slashes the AD doesn't authenticate the user no matter what is being passed for authentication. The jboss configuration file (login-config.xml) has following configurations for LDAP: -

      <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required"> <module-option name="debug">true</module-option> <module-option name="java.naming.provider.url">ldap://mycompany.net.pk:389/</module-option> <module-option name="java.naming.security.authentication">simple</module-option> <module-option name="bindDN">MyCompany\edocadmin</module-option> <module-option name="bindCredential">12345</module-option> <module-option name="baseCtxDN">DC=MyCompany,DC=net,DC=pk</module-option> <module-option name="baseFilter">(sAMAccountName={0})</module-option> <module-option name="rolesCtxDN">CN=users,DC=MyCompany,DC=net,DC=pk</module-option> <module-option name="roleFilter">(sAMAccountName={0})</module-option <module-option name="roleAttributeID">memberOf</module-option> <module-option name="roleAttributeIsDN">true</module-option> <module-option name="roleNameAttributeID">CN</module-option> <module-option name="roleRecursion">2</module-option> <module-option name="searchScope">SUBTREE_SCOPE</module-option> <module-option name="allowEmptyPasswords">false</module-option> </login-module> 

      The AD user format is as follows: -

      Test User/Admin/Procurement/My Company/PK 

      Please let me know what combinition of the LDAP configuration will work in the above mentioned scenario.