1 Reply Latest reply on Aug 7, 2003 8:11 AM by vattern

    LDAP problem

    vattern Newbie

      Hi there.
      After much gnashing of teeth, I still have a problem
      I have a client testcase, that calls a SB.
      I want to use a LDAP server for groups etc.
      I have a security.config for the client containing :

      testLdap {
      org.jboss.security.auth.spi.LdapLoginModule required java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
      principalDNPrefix="cn="
      principalDNSuffix=",ou=People,ou=test,dc=lab,dc=com"
      rolesCtxDN="ou=groups,ou=test,dc=lab,dc=com"
      roleAttributeID=cn
      uidAttributeID=uniquemember
      java.naming.provider.url="ldap://arwen/"
      java.naming.security.authentication=simple
      matchOnUserDN=true;
      };

      Now when I run the client, I see that it auths with LDAP and then does the bean call, which then gives me :

      java.rmi.ServerException: RemoteException occurred in server thread; nested exception is:
      java.rmi.ServerException: EJBException:; nested exception is:
      javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
      Authentication exception, principal=null
      at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:292)
      at sun.rmi.transport.Transport$1.run(Transport.java:148)
      at java.security.AccessController.doPrivileged(Native Method)
      at sun.rmi.transport.Transport.serviceCall(Transport.java:144)
      at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460)
      at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:701)
      at java.lang.Thread.run(Thread.java:534)
      at sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(StreamRemoteCall.java:247)
      at sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:223)
      at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:133)
      at org.jboss.invocation.jrmp.server.JRMPInvoker_Stub.invoke(Unknown Source)
      at org.jboss.invocation.jrmp.interfaces.JRMPInvokerProxy.invoke(JRMPInvokerProxy.java:135)
      at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:87)
      at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:46)
      at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:45)
      at org.jboss.proxy.ejb.HomeInterceptor.invoke(HomeInterceptor.java:173)
      at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:85)
      at $Proxy0.create(Unknown Source)
      at com.santam.poc.test.TestClient.main(TestClient.java:74)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:324)
      at com.intellij.rt.execution.application.AppMain.main(AppMain.java:75)

      Any ideas / help ???

      Thanx
      Thys

        • 1. Re: LDAP problem
          vattern Newbie

          Okay .. So I was being a bit ahh .. stupid.

          Now using ClientLoginModule in the client,
          Now the server gives me :

          15:54:17,090 ERROR [LdapLoginModule] Failed to validate password
          javax.naming.InvalidNameException: [LDAP: error code 34 - invalid DN]

          On the LDAP server I see :

          Aug 7 16:36:03 arwen slapd[1592]: bind: invalid dn (thys)

          I have the following in my login-config.xml :

          <application-policy name="testLdap">

          <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
          <module-option name="debug">true</module-option>
          <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
          <module-option name="java.naming.security.authentication">simple</module-option>
          <module-option name="principleDNPrefix">cn=</module-option>
          <module-option name="principleDNSuffix">,ou=people,ou=test,dc=lab,dc=com</module-option>
          <module-option name="uidAttributeID">uniquemember</module-option>
          <module-option name="matchOnUserDN">true</module-option>
          <module-option name="java.naming.provider.url">ldap://arwen:389/</module-option>
          <module-option name="roleAttributeID">cn</module-option>
          <module-option name="rolesCtxDN">ou=groups,ou=test,dc=lab,dc=com</module-option>
          </login-module>

          </application-policy>

          Any Ideas ??