2 Replies Latest reply on Aug 15, 2006 12:45 PM by Sreenivasulu Gali

    JBoss LDAP Security with Active Directory

    Marady Prak Newbie

      I can't configure JBoss work work with Active Directory for user and and role authentication. I got the following error. It kept on prompting for the login over and over. Please help.

      2006-04-12 11:24:30,344 DEBUG [org.jboss.security.plugins.JaasSecurityManager.LdapToActiveDirectory] CallbackHandler: org.jboss.security.auth.callback.SecurityAssociationHandler@1a6fb3e
      2006-04-12 11:24:30,344 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Created securityMgr=org.jboss.security.plugins.JaasSecurityManager@1b8d481
      2006-04-12 11:24:30,344 DEBUG [org.jboss.security.plugins.JaasSecurityManager.LdapToActiveDirectory] CachePolicy set to: org.jboss.util.TimedCachePolicy@18787fd
      2006-04-12 11:24:30,344 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] setCachePolicy, c=org.jboss.util.TimedCachePolicy@18787fd
      2006-04-12 11:24:30,344 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Added LdapToActiveDirectory, org.jboss.security.plugins.SecurityDomainContext@f11de2 to map
      2006-04-12 11:24:30,406 DEBUG [org.jboss.security.auth.spi.LdapLoginModule] Failed to validate password
      java.lang.NullPointerException
      at org.jboss.security.auth.spi.LdapLoginModule.createLdapInitContext(LdapLoginModule.java:385)
      at org.jboss.security.auth.spi.LdapLoginModule.validatePassword(LdapLoginModule.java:224)
      at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:186)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:585)
      at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
      at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
      at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
      at java.security.AccessController.doPrivileged(Native Method)
      at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
      at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
      at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:572)
      at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:506)
      at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:315)
      at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:230)
      at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:181)
      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:446)
      at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:59)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744)
      at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
      at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
      at java.lang.Thread.run(Thread.java:595)
      2006-04-12 11:24:30,406 DEBUG [org.jboss.security.auth.spi.LdapLoginModule] Bad password for username=mprak

      Below is my login-config.xml file:
      <application-policy name="LdapToActiveDirectory">

      <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required" >
      <module-option name="java.naming.provider.url">ldap://globalcatalog.cns.com:3268/</module-option>
      <module-option name="baseCtxDN">DC=cns,DC=com</module-option>
      <module-option name="bindDN">CN=WAS Binder Test,OU=WebSphere,OU=Applications,OU=CNS Resource Groups,DC=cns,DC=com</module-option>
      <module-option name="bindCredential">*********</module-option>

      <module-option name="matchOnUserDN">false</module-option>
      <module-option name="principalDNSuffix">@cns.com</module-option>
      <module-option name="uidAttributeID">userPrincipalName</module-option>

      <module-option name="rolesCtxDN">OU=System Administration,OU=Technology Services,OU=Information Systems,DC=cns,DC=com</module-option>
      <module-option name="roleAttributeID">memberOf</module-option>
      <module-option name="roleAttributeIsDN">true</module-option>
      <module-option name="roleNameAttributeID">name</module-option>
      </login-module>

      </application-policy>