[JBoss JIRA] (WFLY-6536) AdvancedLdapLoginModule authentication fails when some part of DN is part of LDAP URL

Tuesday, 19 April 2016



     [
https://issues.jboss.org/browse/WFLY-6536?page=com.atlassian.jira.plugin....
]

Ondrej Lukas updated WFLY-6536:
-------------------------------
    Affects Version/s: 10.0.0.Final


...
 AdvancedLdapLoginModule authentication fails when some part of DN is
part of LDAP URL
 -------------------------------------------------------------------------------------

                 Key: WFLY-6536
                 URL: https://issues.jboss.org/browse/WFLY-6536
             Project: WildFly
          Issue Type: Bug
          Components: Security
    Affects Versions: 10.0.0.Final
            Reporter: Ondrej Lukas
            Assignee: Darran Lofthouse

 In case when part of DN is placed in LDAP URL instead of baseCtxDN then authentication
fails (see [1] for details about this URL) in AdvancedLdapLoginModule. Authentication is
provided by binding with user DN and password, but in this case user DN does not include
DN part from LDAP URL which leads to fail.
 Thrown exception:
 {code}
 javax.naming.AuthenticationException: LDAP: error code 49 - INVALID_CREDENTIALS: Bind
failed: ERR_229 Cannot authenticate user uid=jduke,ou=People
     com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3135)
     com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3081)
     com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2883)
     com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2797)
     com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
     com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
     com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
     com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
     com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
     org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:114)
     org.jboss.as.naming.InitialContext.init(InitialContext.java:99)
     javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
     org.jboss.as.naming.InitialContext.<init>(InitialContext.java:89)
    
org.jboss.as.naming.InitialContextFactory.getInitialContext(InitialContextFactory.java:43)
     javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
     javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
     javax.naming.InitialContext.init(InitialContext.java:244)
     javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
    
org.jboss.security.negotiation.AdvancedLdapLoginModule.constructLdapContext(AdvancedLdapLoginModule.java:486)
    
org.jboss.security.negotiation.AdvancedLdapLoginModule.authenticate(AdvancedLdapLoginModule.java:669)
    
org.jboss.security.negotiation.AdvancedLdapLoginModule.innerLogin(AdvancedLdapLoginModule.java:397)
    
org.jboss.security.negotiation.AdvancedLdapLoginModule$AuthorizeAction.run(AdvancedLdapLoginModule.java:967)
    
org.jboss.security.negotiation.AdvancedLdapLoginModule.login(AdvancedLdapLoginModule.java:326)
     sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     ...
 {code}
 [1] https://tools.ietf.org/html/rfc2255 


--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006