Forgot to tell you I use jboss-3.0.0beta with Tomcat4.0.2.
And that I get this error when I login with an incorrect username/password:
15:41:45,874 DEBUG [LdapLoginModule] Bad password for username=null
15:41:49,138 ERROR [LdapLoginModule] Failed to validate password
15:41:49,138 DEBUG [LdapLoginModule] Bad password for username=SomeOne
15:41:49,148 DEBUG [ldap] Login failure
javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
So I guess users are authenticated correctly since I
don't get this error with a correct username & password.
And why is there an extra: Bad password for username=null
The stacktrace is from the same login where username=SomeOne.
I have the exact same problem with the DatabaseLoginModule.
If I login with a correct username/password I get "HTTP Status 403".
And if I login in with an invalid username/password I can see that the login fails from the console. And I get a
javax.security.auth.login.FailedLoginException: No matching username found in Principals
Which is what is supposed to happen.
But why do I get this 403 error?
What have I missed?
One more thing.
The following error appears when I access the protected resource and even before I submitted the login information.
17:50:03,970 DEBUG [LdapLoginModule] Bad password for username=null
I installed JBoss with Jetty. And Jetty at least told me that the user is not in role xx. Which was what I suspected.
I fixed the DatabaseLoginModule by following these instructions.
But I still need help in figuring out why the LDAPLoginModule can't retrieve the roles.
Can someone give me an example of their LDAP tree structure and auth.conf file?
This topic turned into a monologue but I'm glad to have solved the problem.
I just added matchOnUserDN=true to my auth.conf and it worked. It just took a while to find out that it was really the roles it could not find.
The member attribute in the Roles groups. Of course contains the full dn of the authenticated user.