From gforty at gmail.com Wed Jul 1 14:02:36 2009
From: gforty at gmail.com (g f)
Date: Wed, 1 Jul 2009 13:02:36 -0500
Subject: [jboss-security-discuss] JBOSS Negotiate using
AdvancedLdapLoginModule throws "In order to
perform this operatio n a successful bind must be completed on the
connection." error
Message-ID: <4a6e06380907011102v11f12231h856c2ab6ee36cae0@mail.gmail.com>
Hello all,
I am using Negotiate and have successfully gotten all three auth tests to
work using the jboss-negotiate-toolkit after some trials.
Now I am attempting to search the Active Directory rather than the
user-roles.properties file.
I am using chained configuration from the docs.
Here is a snip from the login-config.xml file:
true
true
host/jportal at MYCO.COM
/home/admin/jportal.keytab
true
true
useFirstPass
host
useFirstPass
GSSAPI
host
ldap://dc:389
CN=Users,DC=dc,DC=myco,DC=com
(userPrincipalName={0})
memberOf
true
cn
true
Do I need the first application policy (host)?
My error is as follows:
/error
...skipping
at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Unknown Source)
Caused by: javax.naming.NamingException: [LDAP: error code 1 - 00000000:
LdapErr: DSID-0C090627, comment: In order to perform this operatio
n a successful bind must be completed on the connection., data 0, vece];
remaining name 'OU=Users,DC=myco,DC=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown
Source)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown
Source)
at javax.naming.directory.InitialDirContext.search(Unknown Source)
at
org.jboss.security.negotiation.AdvancedLdapLoginModule.findUserDN(AdvancedLdapLoginModule.java:505)
... 34 more
Any ideas what may be wrong?
Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-security-discuss/attachments/20090701/aa1d71e6/attachment.html