[jboss-user] [Security & JAAS/JBoss] - Not able to authenticate against ActiveDirectory using LDAPL
sreeni.gali
do-not-reply at jboss.com
Tue Aug 8 17:22:09 EDT 2006
Hi Team,
We have tring hard to secure the webapplication using LDAPLogin module against Active Directory but we are not successfull . Please have a look into the following configuration files and suggest me the solution. Thanks Advance.
Step1: in "login-config.xml" the entry as below
-------------------------
<application-policy name="kwormSecurity">
<login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required" >
<module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
<module-option name="java.naming.provider.url">ldap://151.111.195.26:389/</module-option>
<module-option name="java.naming.security.authentication">simple</module-option>
<module-option name="java.naming.security.principal">ldapbrowse</module-option>
<module-option name="java.naming.security.credentials">ldapbrowse</module-option>
<module-option name="bindDN">@dot.state.mn.us</module-option>
<!--<module-option name="bindCredential">ldapbrowse</module-option> -->
<module-option name="baseCtxDN">DC=ad,DC=dot,DC=state,DC=mn,DC=us</module-option>
<module-option name="baseFilter">(&(sAMAccountName={0})(objectClass=user))</module-option>
<module-option name="roleFilter">(&(member={0})(objectClass=group))</module-option>
<module-option name="rolesCtxDN">DC=ad,DC=dot,DC=state,DC=mn,DC=us</module-option>
<module-option name="roleAttributeID">memberOf</module-option>
<module-option name="roleAttributeIsDN">true</module-option>
<module-option name="roleNameAttributeID">cn</module-option>
<module-option name="roleRecursion">-1</module-option>
<!-- <module-option name="searchScope">ONELEVEL_SCOPE</module-option> -->
</login-module>
</application-policy>
--------------------------
Step2: in "jboss.xml" file the entry as below
------------------
<jboss-web>
<context-root>ara</context-root>
<security-domain>java:/jaas/kwormSecurity</security-domain>
</jboss-web>
------------------
We are getting the following error. Please suggest me the solution .
error:
--------------
2006-08-08 16:08:04,390 DEBUG [org.jboss.security.auth.spi.LdapLoginModule] Failed to validate password
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 525, v893 ]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2988)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2735)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2649)
at com.sun.jndi.ldap.LdapCtx.(LdapCtx.java:290)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:662)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243)
at javax.naming.InitialContext.init(InitialContext.java:219)
at javax.naming.ldap.InitialLdapContext.(InitialLdapContext.java:133)
at org.jboss.security.auth.spi.LdapLoginModule.createLdapInitContext(LdapLoginModule.java:258)
at org.jboss.security.auth.spi.LdapLoginModule.validatePassword(LdapLoginModule.java:208)
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:163)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:483)
at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:425)
at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:251)
at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:230)
at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:256)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:391)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:59)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
at java.lang.Thread.run(Thread.java:534)
2006-08-08 16:08:04,390 DEBUG [org.jboss.security.auth.spi.LdapLoginModule] Bad password for username=gali1sre
----------------
Thanks,
Sreeni Gali
sreeni.gali at gmail.com
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3963912#3963912
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3963912
More information about the jboss-user
mailing list