0 Replies Latest reply on Aug 7, 2003 7:40 AM by sbarnaby

    LdapLoginModule - AcceptSecurityContext

    sbarnaby Newbie

      I am trying to use the LdapLoginModule in JBoss 3.2.1 to authenicate against and Active Directory server. I am communicating with the server, but I know I have the right Organizational Unit (testAdmin). The domain that I have defined in my active directory server is test.org. I know I am connecting to the correct Active Directory server because I am running ethereal and can see the packets that are being sent to Active Directory, and it is sending responses back.

      I keep on getting an AcceptSecurityContext (error 0x31) no matter what I try for the DN. I have tried

      uid=testUser,ou=testAdmin,dc=test,dc=org
      uid=testUser,cn=testAdmin,dc=test,dc=org
      uid=testUser,cn=testAdmin,o=test.org
      uid=testUser,ou=testAdmin,o=test.org

      and many others, but these are the main ones that I have tried.

      What am I doing wrong?

      --------------------------------------------------------------------------
      The following is my login-config.xml that I am using for my LoginContext:

      <application-policy name = "TestLogin">

      <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag
      = "required">
      <module-option name="java.naming.factory.initial">
      com.sun.jndi.ldap.LdapCtxFactory
      </module-option>
      <module-option name="java.naming.provider.url">
      ldap://192.168.100.190:389/
      </module-option>
      <module-option name="java.naming.security.authentication">
      simple
      </module-option>
      <module-option name="uidAttributeID">
      userId
      </module-option>
      <module-option name="roleAttributeID">
      roleName
      </module-option>
      <module-option name="roleAttributeIsDN">
      true
      </module-option>
      <module-option name="roleNameAttributeId">
      roleAttr
      </module-option>
      <module-option name="principalDNPrefix">
      uid=
      </module-option>
      <module-option name="principalDNSuffix">
      ,ou=testAdmin,dc=test,dc=net
      </module-option>
      <module-option name="matchOnUserDN">
      true
      </module-option>
      </login-module>

      </application-policy>