Ondrej Lukas created WFLY-6536:
----------------------------------
Summary: AdvancedLdapLoginModule authentication fails when some part of DN is
part of LDAP URL
Key: WFLY-6536
URL:
https://issues.jboss.org/browse/WFLY-6536
Project: WildFly
Issue Type: Bug
Components: Security
Reporter: Ondrej Lukas
Assignee: Darran Lofthouse
In case when part of DN is placed in LDAP URL instead of baseCtxDN then authentication
fails (see [1] for details about this URL) in AdvancedLdapLoginModule. Authentication is
provided by binding with user DN and password, but in this case user DN does not include
DN part from LDAP URL which leads to fail.
Thrown exception:
{code}
javax.naming.AuthenticationException: LDAP: error code 49 - INVALID_CREDENTIALS: Bind
failed: ERR_229 Cannot authenticate user uid=jduke,ou=People
com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3135)
com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3081)
com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2883)
com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2797)
com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:114)
org.jboss.as.naming.InitialContext.init(InitialContext.java:99)
javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
org.jboss.as.naming.InitialContext.<init>(InitialContext.java:89)
org.jboss.as.naming.InitialContextFactory.getInitialContext(InitialContextFactory.java:43)
javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
javax.naming.InitialContext.init(InitialContext.java:244)
javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
org.jboss.security.negotiation.AdvancedLdapLoginModule.constructLdapContext(AdvancedLdapLoginModule.java:486)
org.jboss.security.negotiation.AdvancedLdapLoginModule.authenticate(AdvancedLdapLoginModule.java:669)
org.jboss.security.negotiation.AdvancedLdapLoginModule.innerLogin(AdvancedLdapLoginModule.java:397)
org.jboss.security.negotiation.AdvancedLdapLoginModule$AuthorizeAction.run(AdvancedLdapLoginModule.java:967)
org.jboss.security.negotiation.AdvancedLdapLoginModule.login(AdvancedLdapLoginModule.java:326)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
...
{code}
[1]
https://tools.ietf.org/html/rfc2255
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)