jboss-security-discuss@lists.jboss.org

1 participants
1 discussions

JBOSS Negotiate using AdvancedLdapLoginModule throws "In order to perform this operatio n a successful bind must be completed on the connection." error

by g f

Hello all, I am using Negotiate and have successfully gotten all three auth tests to work using the jboss-negotiate-toolkit after some trials. Now I am attempting to search the Active Directory rather than the user-roles.properties file. I am using chained configuration from the docs. Here is a snip from the login-config.xml file: <application-policy name="host"> <authentication> <login-module code="com.sun.security.auth.module.Krb5LoginModule" flag="required"> <module-option name="storeKey">true</module-option> <module-option name="useKeyTab">true</module-option> <module-option name="principal">host/jportal(a)MYCO.COM </module-option> <module-option name="keyTab">/home/admin/jportal.keytab</module-option> <module-option name="doNotPrompt">true</module-option> <module-option name="debug">true</module-option> </login-module> </authentication> </application-policy> <application-policy name="SPNEGO"> <authentication> <login-module code="org.jboss.security.negotiation.spnego.SPNEGOLoginModule" flag="requisite"> <module-option name="password-stacking">useFirstPass</module-option> <module-option name="serverSecurityDomain">host</module-option> </login-module> <login-module code="org.jboss.security.negotiation.AdvancedLdapLoginModule" flag="required"> <module-option name="password-stacking">useFirstPass</module-option> <module-option name="bindAuthentication">GSSAPI</module-option> <module-option name="jaasSecurityDomain">host</module-option> <module-option name="java.naming.provider.url">ldap://dc:389</module-option> <module-option name="baseCtxDN">CN=Users,DC=dc,DC=myco,DC=com</module-option> <module-option name="baseFilter">(userPrincipalName={0})</module-option> <module-option name="roleAttributeID">memberOf</module-option> <module-option name="roleAttributeIsDN">true</module-option> <module-option name="roleNameAttributeID">cn</module-option> <module-option name="recurseRoles">true</module-option> </login-module> </authentication> </application-policy> Do I need the first application policy (host)? My error is as follows: /error ...skipping at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) at java.lang.Thread.run(Unknown Source) Caused by: javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operatio n a successful bind must be completed on the connection., data 0, vece]; remaining name 'OU=Users,DC=myco,DC=com' at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source) at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source) at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source) at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source) at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source) at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source) at javax.naming.directory.InitialDirContext.search(Unknown Source) at org.jboss.security.negotiation.AdvancedLdapLoginModule.findUserDN(AdvancedLdapLoginModule.java:505) ... 34 more Any ideas what may be wrong? Thanks!

14 years, 10 months

1
0
0 / 0

← Newer
1
Older →

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

jboss-security-discuss July 2009