JBoss LDAP Security with Active Directory
mprak Apr 12, 2006 12:33 PMI can't configure JBoss work work with Active Directory for user and and role authentication. I got the following error. It kept on prompting for the login over and over. Please help.
2006-04-12 11:24:30,344 DEBUG [org.jboss.security.plugins.JaasSecurityManager.LdapToActiveDirectory] CallbackHandler: org.jboss.security.auth.callback.SecurityAssociationHandler@1a6fb3e
2006-04-12 11:24:30,344 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Created securityMgr=org.jboss.security.plugins.JaasSecurityManager@1b8d481
2006-04-12 11:24:30,344 DEBUG [org.jboss.security.plugins.JaasSecurityManager.LdapToActiveDirectory] CachePolicy set to: org.jboss.util.TimedCachePolicy@18787fd
2006-04-12 11:24:30,344 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] setCachePolicy, c=org.jboss.util.TimedCachePolicy@18787fd
2006-04-12 11:24:30,344 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Added LdapToActiveDirectory, org.jboss.security.plugins.SecurityDomainContext@f11de2 to map
2006-04-12 11:24:30,406 DEBUG [org.jboss.security.auth.spi.LdapLoginModule] Failed to validate password
java.lang.NullPointerException
at org.jboss.security.auth.spi.LdapLoginModule.createLdapInitContext(LdapLoginModule.java:385)
at org.jboss.security.auth.spi.LdapLoginModule.validatePassword(LdapLoginModule.java:224)
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:186)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:572)
at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:506)
at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:315)
at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:230)
at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:181)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:446)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:59)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
at java.lang.Thread.run(Thread.java:595)
2006-04-12 11:24:30,406 DEBUG [org.jboss.security.auth.spi.LdapLoginModule] Bad password for username=mprak
Below is my login-config.xml file:
<application-policy name="LdapToActiveDirectory">
<login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required" >
<module-option name="java.naming.provider.url">ldap://globalcatalog.cns.com:3268/</module-option>
<module-option name="baseCtxDN">DC=cns,DC=com</module-option>
<module-option name="bindDN">CN=WAS Binder Test,OU=WebSphere,OU=Applications,OU=CNS Resource Groups,DC=cns,DC=com</module-option>
<module-option name="bindCredential">*********</module-option>
<module-option name="matchOnUserDN">false</module-option>
<module-option name="principalDNSuffix">@cns.com</module-option>
<module-option name="uidAttributeID">userPrincipalName</module-option>
<module-option name="rolesCtxDN">OU=System Administration,OU=Technology Services,OU=Information Systems,DC=cns,DC=com</module-option>
<module-option name="roleAttributeID">memberOf</module-option>
<module-option name="roleAttributeIsDN">true</module-option>
<module-option name="roleNameAttributeID">name</module-option>
</login-module>
</application-policy>