Hello!
I need to configure jboss with ldap but I have some problems.
I tried to do this:
web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>HtmlAuth</web-resource-name>
<description>application security constraints
</description>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>LDAP Test</realm-name>
</login-config>
<security-role>
<role-name>admin</role-name>
</security-role>
jboss-web.xml
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>java:/jaas/my_ldap_security_domain</security-domain>
</jboss-web>
standalone.xml
<security-domain name="my_ldap_security_domain">
<authentication>
<login-module code="LdapExtended" flag="required">
<module-option name="java.naming.provider.url" value="ldap://hml-ldap:389"/>
<module-option name="java.naming.security.authentication" value="simple"/>
<module-option name="bindDN" value="cn=admin,dc=company,dc=com,dc=br"/>
<module-option name="bindCredential" value="pass"/>
<module-option name="baseCtxDN" value="ou=users,dc=company,dc=com,dc=br"/>
<module-option name="baseFilter" value="uid={0},dc=company,dc=com,dc=br"/>
<module-option name="rolesCtxDN" value="ou=groups,dc=company,dc=com,dc=br"/>
<module-option name="roleFilter" value="(member={1})"/>
<module-option name="roleAttributeID" value="cn"/>
<module-option name="throwValidateError" value="true"/>
<module-option name="searchScope" value="ONELEVEL_SCOPE"/>
</login-module>
</authentication>
</security-domain>
When a put username and password occur this exception:
11:52:48,535 ERROR org.jboss.security.authentication.JBossCachedAuthenticationManager (http-localhost-127.0.0.1-8080-1) Login failure: javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:270) picketbox-4.0.7.Final.jar:4.0.7.Final
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) Ldap configuration
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) Ldap configuration
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) Ldap configuration
at java.lang.reflect.Method.invoke(Method.java:601) Ldap configuration
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:784) Ldap configuration
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) Ldap configuration
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698) Ldap configuration
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696) Ldap configuration
at java.security.AccessController.doPrivileged(Native Method) Ldap configuration
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695) Ldap configuration
at javax.security.auth.login.LoginContext.login(LoginContext.java:594) Ldap configuration
at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:449) picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final
at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:383) picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final
at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:371) picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final
at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:160) picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final
at org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:214) jboss-as-web-7.1.1.Final.jar:7.1.1.Final
at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:180) jbossweb-7.0.13.Final.jar:
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:455) jbossweb-7.0.13.Final.jar:
at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) jboss-as-web-7.1.1.Final.jar:7.1.1.Final
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) jbossweb-7.0.13.Final.jar:
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) jbossweb-7.0.13.Final.jar:
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) jbossweb-7.0.13.Final.jar:
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) jbossweb-7.0.13.Final.jar:
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) jbossweb-7.0.13.Final.jar:
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) jbossweb-7.0.13.Final.jar:
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) jbossweb-7.0.13.Final.jar:
at java.lang.Thread.run(Thread.java:722) Ldap configuration
Caused by: javax.naming.NamingException: PB00019: Processing Failed:Search of baseDN(ou=users,dc=company,dc=com,dc=br) found no matches
at org.jboss.security.auth.spi.LdapExtLoginModule.bindDNAuthentication(LdapExtLoginModule.java:482) picketbox-4.0.7.Final.jar:4.0.7.Final
at org.jboss.security.auth.spi.LdapExtLoginModule.createLdapInitContext(LdapExtLoginModule.java:438) picketbox-4.0.7.Final.jar:4.0.7.Final
at org.jboss.security.auth.spi.LdapExtLoginModule.validatePassword(LdapExtLoginModule.java:312) picketbox-4.0.7.Final.jar:4.0.7.Final
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:267) picketbox-4.0.7.Final.jar:4.0.7.Final
What is going on?
I changed some configurations and tried a lot but I don't achieve.
There are other programs that connect in the same ldap and work fine. However in this case (with jboss) there are some problems, certainly in my configurations.
Thanks!