[jboss-jira] [JBoss JIRA] (WFLY-6534) LdapExtLoginModule authentication fails when some part of DN is part of LDAP URL

Ondrej Lukas created WFLY-6534: ---------------------------------- Summary: LdapExtLoginModule authentication fails when some part of DN is part of LDAP URL Key: WFLY-6534 URL: https://issues.jboss.org/browse/WFLY-6534 Project: WildFly Issue Type: Bug Components: Security Reporter: Ondrej Lukas Assignee: Darran Lofthouse In case when part of DN is placed in LDAP URL instead of baseCtxDN then authentication fails (see [1] for details about this URL) in LdapExtLoginModule. Authentication is provided by binding with user DN and password, but in this case user DN does not include DN part from LDAP URL which leads to fail. Thrown exception: {code} javax.naming.AuthenticationException: LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user uid=jduke,ou=People com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3135) com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3081) com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2883) com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2797) com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319) com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192) com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210) com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153) com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83) org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:114) org.jboss.as.naming.InitialContext.init(InitialContext.java:99) javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) org.jboss.as.naming.InitialContext.<init>(InitialContext.java:89) org.jboss.as.naming.InitialContextFactory.getInitialContext(InitialContextFactory.java:43) javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313) javax.naming.InitialContext.init(InitialContext.java:244) javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) org.jboss.security.auth.spi.LdapExtLoginModule.constructInitialLdapContext(LdapExtLoginModule.java:836) org.jboss.security.auth.spi.LdapExtLoginModule.bindDNAuthentication(LdapExtLoginModule.java:565) org.jboss.security.auth.spi.LdapExtLoginModule.createLdapInitContext(LdapExtLoginModule.java:465) org.jboss.security.auth.spi.LdapExtLoginModule.validatePassword(LdapExtLoginModule.java:343) org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:283) sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ... {code} [1] https://tools.ietf.org/html/rfc2255 -- This message was sent by Atlassian JIRA (v6.4.11#64026)