]
Darran Lofthouse resolved WFLY-6534.
------------------------------------
Resolution: Won't Fix
LdapExtLoginModule authentication fails when some part of DN is part
of LDAP URL
--------------------------------------------------------------------------------
Key: WFLY-6534
URL:
https://issues.jboss.org/browse/WFLY-6534
Project: WildFly
Issue Type: Bug
Components: Security
Affects Versions: 10.0.0.Final
Reporter: Ondrej Lukas
In case when part of DN is placed in LDAP URL instead of baseCtxDN then authentication
fails (see [1] for details about this URL) in LdapExtLoginModule. Authentication is
provided by binding with user DN and password, but in this case user DN does not include
DN part from LDAP URL which leads to fail.
Thrown exception:
{code}
javax.naming.AuthenticationException: LDAP: error code 49 - INVALID_CREDENTIALS: Bind
failed: ERR_229 Cannot authenticate user uid=jduke,ou=People
com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3135)
com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3081)
com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2883)
com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2797)
com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:114)
org.jboss.as.naming.InitialContext.init(InitialContext.java:99)
javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
org.jboss.as.naming.InitialContext.<init>(InitialContext.java:89)
org.jboss.as.naming.InitialContextFactory.getInitialContext(InitialContextFactory.java:43)
javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
javax.naming.InitialContext.init(InitialContext.java:244)
javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
org.jboss.security.auth.spi.LdapExtLoginModule.constructInitialLdapContext(LdapExtLoginModule.java:836)
org.jboss.security.auth.spi.LdapExtLoginModule.bindDNAuthentication(LdapExtLoginModule.java:565)
org.jboss.security.auth.spi.LdapExtLoginModule.createLdapInitContext(LdapExtLoginModule.java:465)
org.jboss.security.auth.spi.LdapExtLoginModule.validatePassword(LdapExtLoginModule.java:343)
org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:283)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
...
{code}
[1]
https://tools.ietf.org/html/rfc2255