2 Replies Latest reply on Jul 28, 2008 12:37 PM by indra_joy

    JBOSS LDAP Authentification

    indra_joy


      Hi,




      I am trying to validate LDAP user before going to jmx_console.

      My jboss-web.xml under jmx_console.war has the java:/jaas/Ldap
      My web.xml under jmx_console.war <!-- A security constraint is uncommented.
      My Login-Config under conf has Application Policy Defined LDAP.


      But I am getting error in my server Logs as below.

      javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, veceatePassword(LdapExtLoginModule.java:229)

      at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:210)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:585)
      at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
      at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
      at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
      at java.security.AccessController.doPrivileged(Native Method)
      at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
      at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
      at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:601)
      at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:535)
      at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
      at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:491)
      at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:180)
      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
      at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
      at org.jboss.web.tomcat.tc5.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:156)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
      at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)

      at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
      at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
      at java.lang.Thread.run(Thread.java:595)


      Can anybody help me in this regards, Reason still it's not validating the LDAP USER in the window and return the error.

      Thanks in advance
      Indrajoy

        • 1. Re: JBOSS LDAP Authentification
          sfisque

          looks like the principal and credentials for the bind are not set up properly.

          check the config for login-config.xml for the specific module you are using.

          == stanton

          • 2. Re: JBOSS LDAP Authentification
            indra_joy

            I m using LdapLogin Module and Parameters are also pretty standard as below

            <application-policy name="testLDAP">

            <login-module code="org.jboss.security.auth.spi.LdapLoginModule"
            flag="required">
            <module-option name="java.naming.factory.initial">
            com.sun.jndi.ldap.LdapCtxFactory
            </module-option>
            <module-option name="java.naming.provider.url">
            ldap://ldaphost.exampledc=example.com:1389/
            </module-option>
            <module-option name="java.naming.security.authentication">
            simple
            </module-option>
            <module-option name="principalDNPrefix">uid=</module-option>
            <module-option name="principalDNSuffix">
            ,ou=People,dc=example,dc=com
            </module-option>

            <module-option name="rolesCtxDN">
            ou=Roles,dc=example,dc=com
            </module-option>
            <module-option name="uidAttributeID">member</module-option>
            <module-option name="matchOnUserDN">true</module-option>

            <module-option name="roleAttributeID">cn</module-option>
            <module-option name="roleAttributeIsDN">false </module-option>
            </login-module>

            </application-policy>