[jboss-jira] [JBoss JIRA] (WFLY-6534) LdapExtLoginModule authentication fails when some part of DN is part of LDAP URL
Ondrej Lukas (JIRA)
issues at jboss.org
Tue Apr 19 02:08:00 EDT 2016
Ondrej Lukas created WFLY-6534:
----------------------------------
Summary: LdapExtLoginModule authentication fails when some part of DN is part of LDAP URL
Key: WFLY-6534
URL: https://issues.jboss.org/browse/WFLY-6534
Project: WildFly
Issue Type: Bug
Components: Security
Reporter: Ondrej Lukas
Assignee: Darran Lofthouse
In case when part of DN is placed in LDAP URL instead of baseCtxDN then authentication fails (see [1] for details about this URL) in LdapExtLoginModule. Authentication is provided by binding with user DN and password, but in this case user DN does not include DN part from LDAP URL which leads to fail.
Thrown exception:
{code}
javax.naming.AuthenticationException: LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user uid=jduke,ou=People
com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3135)
com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3081)
com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2883)
com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2797)
com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:114)
org.jboss.as.naming.InitialContext.init(InitialContext.java:99)
javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
org.jboss.as.naming.InitialContext.<init>(InitialContext.java:89)
org.jboss.as.naming.InitialContextFactory.getInitialContext(InitialContextFactory.java:43)
javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
javax.naming.InitialContext.init(InitialContext.java:244)
javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
org.jboss.security.auth.spi.LdapExtLoginModule.constructInitialLdapContext(LdapExtLoginModule.java:836)
org.jboss.security.auth.spi.LdapExtLoginModule.bindDNAuthentication(LdapExtLoginModule.java:565)
org.jboss.security.auth.spi.LdapExtLoginModule.createLdapInitContext(LdapExtLoginModule.java:465)
org.jboss.security.auth.spi.LdapExtLoginModule.validatePassword(LdapExtLoginModule.java:343)
org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:283)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
...
{code}
[1] https://tools.ietf.org/html/rfc2255
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list