1 Reply Latest reply on Aug 30, 2008 5:13 AM by Haohua xie

    LdapExtLoginModule && PartialResultException

    J-C jc Apprentice

      I try to use LdapExtLoginModue to authenticate over a windows active directory.

      For some of my users I have a very strange exception:
      Exception in thread "main" javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:213) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) at javax.security.auth.login.LoginContext.login(LoginContext.java:579) at Main.main(Main.java:41) Caused by: javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name 'dc=fr,dc=mycompany,dc=net' at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2763) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2737) at com.sun.jndi.ldap.LdapNamingEnumeration.getNextBatch(LdapNamingEnumeration.java:129) at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:198) at com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(LdapNamingEnumeration.java:171) at org.jboss.security.auth.spi.LdapExtLoginModule.rolesSearch(LdapExtLoginModule.java:421) at org.jboss.security.auth.spi.LdapExtLoginModule.createLdapInitContext(LdapExtLoginModule.java:348) at org.jboss.security.auth.spi.LdapExtLoginModule.validatePassword(LdapExtLoginModule.java:229) at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:210) ... 11 more

      When the login module tries to get the role of the authenticated user, the roleSearch method failed. I go through this method with a debugger.

      ctxt.search return a NamingEnumeration that contains 1 element, a while iterate over the enumeration. Exception is thrown in the while when the hasMore method is invoked for the second time.

      I have patch the code to replace hasMore with hasMoreElements. That fiw my problem.

      Finally I replace in searchRole and bindDNAuthentication methods the hasMore() by hasMoreElements().

      I'm not able to understand why hasMore method throws an exception for some of my config and not for others.

      Is that a bug in the LdapExtLoginModule ???