2 Replies Latest reply on Feb 19, 2006 7:19 PM by Anil Saldanha

    LdapExtLoginModule Question

    Anil Saldanha Master

      Looking at the source code for LdapExtLoginModule (Line 331).

      http://anoncvs.forge.jboss.com/viewrep/JBoss/jbosssx/src/main/org/jboss/security/auth/spi/LdapExtLoginModule.java?r=1.1.2.4

       // Get the admin context for searching
      331 InitialLdapContext ctx = constructInitialLdapContext(bindDN, bindCredential);
      332 // Validate the user by binding against the userDN
      333 String userDN = bindDNAuthentication(ctx, username, credential, baseDN, baseFilter);
      

      There is a first attempt to bind to the admin DN and then to the user DN. The
      question I have is if the bind to the admin DN fails, is the user notified about it? All I see is an Exception thrown by the surrounding method which is caught as:

      try
      226 {
      227 // Validate the password by trying to create an initial context
      228 String username = getUsername();
      229 isValid = createLdapInitContext(username, inputPassword);
      230 defaultRole();
      231 isValid = true;
      232 }
      233 catch (Exception e)
      234 {
      235 log.debug("Failed to validate password", e);
      236 }
      


      If this is true, we need to handle this case properly and provide an appropriate message to the user rather than: "Failed to validate password". This is critical for debugging. :)

      I have not tested this (will do it when I have time). Hence the question here in the forum.