0 Replies Latest reply on Mar 17, 2004 6:25 AM by Kari Pulkka

    Problem with password using LdapLoginModule

    Kari Pulkka Newbie

      Hi,
      I have the following problem:
      the LdapLoginModule seems to ignore the case of the password the user inputs, eg. it does not differentiate Foo <--> foo. Passwords that are not correct (eg. fee) and empty password fail as expected. Here are my confs:

      web.xml:
      ...
      <security-constraint>
      <web-resource-collection>
      <web-resource-name>Test Protected Area</web-resource-name>
      <url-pattern>/originalDestination.jsp</url-pattern>
      <url-pattern>/originalDestination.do</url-pattern>
      </web-resource-collection>
      <auth-constraint>
      <role-name>TestRole-</role-name>
      </auth-constraint>
      </security-constraint>
      <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>Test</realm-name>
      <form-login-config>
      <form-login-page>/common/login_realm.jsp</form-login-page>
      <form-error-page>/common/login_realm.jsp?err=1</form-error-page>
      </form-login-config>
      ...

      jboss-web.xml:
      <?xml version="1.0" encoding="UTF-8"?>
      <jboss-web>
      <security-domain>java:/jaas/ldap</security-domain>
      </jboss-web>

      login-config.xml:
      <application-policy name = "ldap">

      <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
      <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
      <module-option name="java.naming.provider.url">ldap://ldapserver:389/</module-option>
      <module-option name="java.naming.security.authentication">simple</module-option>
      <module-option name="allowEmptyPasswords">false</module-option>
      <module-option name="principalDNPrefix">uid=</module-option>
      <module-option name="principalDNSuffix">,cn=Users,dc=xxx,dc=com</module-option>
      <module-option name="uidAttributeID">uniquemember</module-option>
      <module-option name="roleAttributeID">cn</module-option>
      <module-option name="rolesCtxDN">cn=Roles,dc=xxx,dc=com</module-option>
      <module-option name="matchOnUserDN">true</module-option>
      </login-module>

      </application-policy>

      I've tried deploying the same war in Tomcat-5.0.16 and I don't have this problem, so it would seem that the problem does not lie with the directory. Any help appreciated. TIA,

      Kari