3 Replies Latest reply on Apr 17, 2014 5:35 AM by Darran Lofthouse

    Wildfly : "JBAS014676: Failed to parse configuration" when configuring LDAP authorization

    Johan van Kampen Newbie

      Based on the article LDAP Security Realm Examples I am trying to do this on WildFly, especially to get it working to allow only users in a specific group to be able to log in to the management console.

       

      Trying so, I run in the error (when starting WildFly)  :

      10:28:29,674 ERROR [org.jboss.as.server] (Controller Boot Thread) JBAS015956: Caught exception during boot: org.jboss.as.controller.persistence.ConfigurationPersistenceException: JBAS014676: Failed to parse configuration

        at org.jboss.as.controller.persistence.XmlConfigurationPersister.load(XmlConfigurationPersister.java:112) [wildfly-controller-8.0.0.Final.jar:8.0.0.Final]

        at org.jboss.as.server.ServerService.boot(ServerService.java:331) [wildfly-server-8.0.0.Final.jar:8.0.0.Final]

        at org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:256) [wildfly-controller-8.0.0.Final.jar:8.0.0.Final]

        at java.lang.Thread.run(Thread.java:724) [rt.jar:1.7.0_40]

      Caused by: javax.xml.stream.XMLStreamException: ParseError at [row,col]:[76,25]

      Message: JBAS014724: Missing required attribute(s): FORCE

        at org.jboss.as.controller.parsing.ParseUtils.missingRequired(ParseUtils.java:134) [wildfly-controller-8.0.0.Final.jar:8.0.0.Final]

        at org.jboss.as.domain.management.parsing.ManagementXml.parseUsernameToDn_2_0(ManagementXml.java:2118) [wildfly-domain-management-8.0.0.Final.jar:8.0.0.Final]

       

      My config looks like :

                   <security-realm name="MgtRealm">

                      <authentication>

                          <ldap connection="ovodavLDAP" base-dn="ou=People,dc=hydrogenic,dc=local">

                              <!-- <advanced-filter filter="(&amp;(cn=jboss-admin)(member=uid={0},ou=People,dc=hydrogenic,dc=local))" recursive="true"/> -->

                              <username-filter attribute="uid"/>

                          </ldap>

                      </authentication>

                      <authorization>

                          <ldap connection="ovodavLDAP">

                              <username-to-dn>

                                  <username-filter base-dn="ou=People,dc=hydrogenic,dc=local" recursive="false" attribute="uid" user-dn-attribute="dn" />

                              </username-to-dn>

                              <group-search group-name="SIMPLE" iterative="true" group-dn-attribute="dn" group-name-attribute="uid">

                                  <group-to-principal base-dn="ou=Groups,dc=hydrogenic,dc=local" recursive="true" search-by="DISTINGUISHED_NAME">

                                      <membership-filter principal-attribute="uniqueMember" />

                                  </group-to-principal>

                              </group-search>

                          </ldap>

                      </authorization>              

                  </security-realm>

       

      When removing the 'authorization' part the authentication works against the LDAP.

       

      Any ideas?