0 Replies Latest reply on Jan 20, 2003 3:44 AM by Caroline Augustin

    principleDNPrefix and principleDNSuffix ignored

    Caroline Augustin Newbie

      Hello!

      I use the LdapLoginModule and when I try to login to ldap I get the following error:

      09:02:24,046 ERROR [LdapLoginModule] Failed to validate password
      javax.naming.InvalidNameException: [LDAP: error code 34 - invalid DN]
      at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2677)
      at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2483)
      at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2400)
      at com.sun.jndi.ldap.LdapCtx.(LdapCtx.java:244)
      at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:79)


      When I comment out principleDNPrefix and principleDNSuffix in the login.config.xml and create my DN in my code (username = "uid=" + username + ",ou=People,dc=xxx,dc=xxx";) and put this DN instead of username to login, it works. The exception is not thrown and login was successful.

      I've still read some topics in this forums to this topic:
      http://www.jboss.org/modules/bb/index.html?module=bb&op=viewtopic&t=forums/ these topics does not help me.

      The client login works, but when I try to access a bean this exception is thrown.

      login-config.xml:

      <application-policy name="ldap">

      <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
      <module-option name = "java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
      <module-option name = "java.naming.provider.url">ldap://xxx:389/</module-option>
      <module-option name = "java.naming.security.authentication">simple</module-option>

      <module-option name = "principleDNPrefix">uid=</module-option>
      <module-option name = "principleDNSuffix">,ou=People,dc=xxx,dc=xxx</module-option>

      <module-option name = "rolesCtxDN">ou=group,dc=xxx,dc=xxx</module-option>

      <module-option name = "uidAttributeID">uid</module-option>
      <module-option name = "roleAttributeID">cn</module-option>
      <module-option name = "matchOnUserDN">true</module-option>
      <module-option name = "unauthenticatedIdentity">anonymous</module-option>
      </login-module>

      </application-policy>


      auth.conf:

      client {
      org.jboss.security.ClientLoginModule required;
      };


      jboss.xml:

      <?xml version="1.0"?>

      <security-domain>java:/jaas/ldap</security-domain>