[jboss-user] [Security & JAAS/JBoss] - Issue with LdapExtLoginModule

deepadatar do-not-reply at jboss.com
Fri Apr 25 10:42:58 EDT 2008 

Hi All,

I am using LdapExtLoginModule for authentication.
I have configured the login-module in the following way:


  |     <application-policy name="JAAS_LDAP">
  |       <authentication>
  | 	<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
  | 	    <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
  | 	    <module-option name="java.naming.provider.url">ldap://companyserver:389</module-option>
  | 	    <module-option name="java.naming.security.authentication">simple</module-option>
  | 	    <module-option name="bindDN">cn=user,ou=xxx,dc=company,dc=com</module-option>
  | 	    <module-option name="bindCredential">password</module-option>
  | 	    <module-option name="baseCtxDN">ou=xxx,dc=company,dc=com</module-option>                    
  | 	    <module-option name="baseFilter">(cn={0})</module-option>                    
  | 	    <module-option name="rolesCtxDN">ou=xxx,dc=company,dc=com</module-option>
  | 	    <module-option name="roleFilter">(cn={0})</module-option>
  | 	    <module-option name="roleAttributeID">memberOf</module-option>
  | 	    <module-option name="roleRecursion">-1</module-option>
  | 	    <module-option name="roleNameAttributeID">cn</module-option>
  | 	    <module-option name="roleAttributeIsDN">true</module-option>
  | 	    <module-option name="searchTimeLimit">5000</module-option>
  | 	    <module-option name="searchScope">SUBTREE_SCOPE</module-option>
  | 	    <module-option name="allowEmptyPasswords">false</module-option>
  | 	</login-module>
  |       </authentication>
  |      </application-policy>
  | 

I am getting this exception:

  | ERROR [STDERR] Caused by: javax.naming.AuthenticationException: [LD
  | AP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityCon
  | text error, data 525, vece ]
  | 

I am not sure where the configuration is incorrect. 

I created a simple InitialDirContext through which tried to authenticate against LDAP server which works fine.
The Context.SECURITY_PRINCIPAL I used was in this format:
 CN=Jim Wood,OU=xxx,DC=company,DC=com 

Can you please suggest me where the configuration is wrong?

Thanks


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4146834#4146834

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4146834

More information about the jboss-user mailing list