[jboss-user] [Security & JAAS/JBoss] - Re: JAAS/LDAP Roles configuration pulls superset instead of
sarahm
do-not-reply at jboss.com
Thu Oct 12 13:41:54 EDT 2006
I have tried to use LdapExtLoginModule to see if it pulls my roles correctly, but I cannot even get it to authenticate properly. I am running JBoss [Zion] 4.0.3SP1 (build: CVSTag=JBoss_4_0_3_SP1 date=200510231054).
I have verfified the search bases and filters via ldapsearch on the command line, and did use the corrent password to authenticate.
Config:
<application-policy name="testLDAP">
| <authentication>
| <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule"
| flag="required">
| <module-option name="java.naming.factory.initial">
| com.sun.jndi.ldap.LdapCtxFactory
| </module-option>
| <module-option name="java.naming.provider.url">
| ldap://ldap.mydomain.com/
| </module-option>
| <module-option name="java.naming.security.authentication">
| simple
| </module-option>
| <module-option name="baseCtxDN">ou=People,dc=mydomain,dc=com</module-option>
| <module-option name="baseFilter">(uid={0})</module-option>
| <module-option name="rolesCtxDN">ou=Groups,dc=mydomain,dc=com</module-option>
| <module-option name="roleFilter">(memberUid={0})</module-option>
| <module-option name="roleAttributeIsDN">false</module-option>
| <module-option name="roleAttributeID">cn</module-option>
| </login-module>
| </authentication>
| </application-policy>
Error:
| 13:31:45,766 DEBUG [testLDAP] CallbackHandler: org.jboss.security.auth.callback.SecurityAssociationHandler at 228ba7
| 13:31:45,766 DEBUG [JaasSecurityManagerService] Created securityMgr=org.jboss.security.plugins.JaasSecurityManager at 1fea0cf
| 13:31:45,769 DEBUG [testLDAP] CachePolicy set to: org.jboss.util.TimedCachePolicy at 1ef9e0a
| 13:31:45,769 DEBUG [JaasSecurityManagerService] setCachePolicy, c=org.jboss.util.TimedCachePolicy at 1ef9e0a
| 13:31:45,770 DEBUG [JaasSecurityManagerService] Added testLDAP, org.jboss.security.plugins.SecurityDomainContext at 70a698 to map
| 13:31:45,798 DEBUG [LdapExtLoginModule] Failed to validate password
| java.lang.NullPointerException
| at java.util.Hashtable.put(Hashtable.java:396)
| at java.util.Properties.setProperty(Properties.java:128)
| at org.jboss.security.auth.spi.LdapExtLoginModule.constructInitialLdapContext(LdapExtLoginModule.java:470)
| at org.jboss.security.auth.spi.LdapExtLoginModule.createLdapInitContext(LdapExtLoginModule.java:317)
| at org.jboss.security.auth.spi.LdapExtLoginModule.validatePassword(LdapExtLoginModule.java:215)
| at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:186)
| at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
| at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
| at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
| at java.lang.reflect.Method.invoke(Method.java:585)
| at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
| at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
| at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
| at java.security.AccessController.doPrivileged(Native Method)
| at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
| at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
| at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:572)
| at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:506)
| at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:315)
| at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:230)
| at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:256)
| at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:391)
| at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:59)
| at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
| at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
| at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
| at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
| at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
| at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744)
| at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
| at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
| at java.lang.Thread.run(Thread.java:595)
| 13:31:45,800 DEBUG [LdapExtLoginModule] Bad password for username=sarahm
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3977948#3977948
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3977948
More information about the jboss-user
mailing list