1 Reply Latest reply on Apr 30, 2008 10:00 AM by Deepa Datar

    Issue with LdapExtLoginModule

    Deepa Datar Newbie

      Hi All,

      I am using LdapExtLoginModule for authentication.
      I have configured the login-module in the following way:

       <application-policy name="JAAS_LDAP">
       <authentication>
       <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
       <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
       <module-option name="java.naming.provider.url">ldap://companyserver:389</module-option>
       <module-option name="java.naming.security.authentication">simple</module-option>
       <module-option name="bindDN">cn=user,ou=xxx,dc=company,dc=com</module-option>
       <module-option name="bindCredential">password</module-option>
       <module-option name="baseCtxDN">ou=xxx,dc=company,dc=com</module-option>
       <module-option name="baseFilter">(cn={0})</module-option>
       <module-option name="rolesCtxDN">ou=xxx,dc=company,dc=com</module-option>
       <module-option name="roleFilter">(cn={0})</module-option>
       <module-option name="roleAttributeID">memberOf</module-option>
       <module-option name="roleRecursion">-1</module-option>
       <module-option name="roleNameAttributeID">cn</module-option>
       <module-option name="roleAttributeIsDN">true</module-option>
       <module-option name="searchTimeLimit">5000</module-option>
       <module-option name="searchScope">SUBTREE_SCOPE</module-option>
       <module-option name="allowEmptyPasswords">false</module-option>
       </login-module>
       </authentication>
       </application-policy>
      


      I am getting this exception:
      ERROR [STDERR] Caused by: javax.naming.AuthenticationException: [LD
      AP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityCon
      text error, data 525, vece ]
      


      I am not sure where the configuration is incorrect.

      I created a simple InitialDirContext through which tried to authenticate against LDAP server which works fine.
      The Context.SECURITY_PRINCIPAL I used was in this format:
      CN=Jim Wood,OU=xxx,DC=company,DC=com


      Can you please suggest me where the configuration is wrong?

      Thanks