[jboss-user] [Security & JAAS/JBoss] - Re: JAAS/LDAP Roles configuration pulls superset instead of

sarahm do-not-reply at jboss.com
Thu Oct 12 13:41:54 EDT 2006 

I have tried to use LdapExtLoginModule to see if it pulls my roles correctly, but I cannot even get it to authenticate properly.  I am running JBoss [Zion] 4.0.3SP1 (build: CVSTag=JBoss_4_0_3_SP1 date=200510231054).

I have verfified the search bases and filters via ldapsearch on the command line, and did use the corrent password to authenticate.

Config:

	<application-policy name="testLDAP">
  |         <authentication>
  |             <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule"
  |                           flag="required">
  |                 <module-option name="java.naming.factory.initial"> 
  |                     com.sun.jndi.ldap.LdapCtxFactory
  |                 </module-option>
  |                 <module-option name="java.naming.provider.url">
  |                     ldap://ldap.mydomain.com/
  |                 </module-option>
  |                 <module-option name="java.naming.security.authentication">
  |                     simple
  |                 </module-option>
  |                 <module-option name="baseCtxDN">ou=People,dc=mydomain,dc=com</module-option>
  |             	<module-option name="baseFilter">(uid={0})</module-option>
  |                 <module-option name="rolesCtxDN">ou=Groups,dc=mydomain,dc=com</module-option>
  |                 <module-option name="roleFilter">(memberUid={0})</module-option>
  |                 <module-option name="roleAttributeIsDN">false</module-option>
  |                 <module-option name="roleAttributeID">cn</module-option> 
  |             </login-module>
  |         </authentication>
  |     </application-policy>

Error:


  | 13:31:45,766 DEBUG [testLDAP] CallbackHandler: org.jboss.security.auth.callback.SecurityAssociationHandler at 228ba7
  | 13:31:45,766 DEBUG [JaasSecurityManagerService] Created securityMgr=org.jboss.security.plugins.JaasSecurityManager at 1fea0cf
  | 13:31:45,769 DEBUG [testLDAP] CachePolicy set to: org.jboss.util.TimedCachePolicy at 1ef9e0a
  | 13:31:45,769 DEBUG [JaasSecurityManagerService] setCachePolicy, c=org.jboss.util.TimedCachePolicy at 1ef9e0a
  | 13:31:45,770 DEBUG [JaasSecurityManagerService] Added testLDAP, org.jboss.security.plugins.SecurityDomainContext at 70a698 to map
  | 13:31:45,798 DEBUG [LdapExtLoginModule] Failed to validate password
  | java.lang.NullPointerException
  | 	at java.util.Hashtable.put(Hashtable.java:396)
  | 	at java.util.Properties.setProperty(Properties.java:128)
  | 	at org.jboss.security.auth.spi.LdapExtLoginModule.constructInitialLdapContext(LdapExtLoginModule.java:470)
  | 	at org.jboss.security.auth.spi.LdapExtLoginModule.createLdapInitContext(LdapExtLoginModule.java:317)
  | 	at org.jboss.security.auth.spi.LdapExtLoginModule.validatePassword(LdapExtLoginModule.java:215)
  | 	at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:186)
  | 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  | 	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  | 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  | 	at java.lang.reflect.Method.invoke(Method.java:585)
  | 	at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
  | 	at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
  | 	at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
  | 	at java.security.AccessController.doPrivileged(Native Method)
  | 	at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
  | 	at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
  | 	at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:572)
  | 	at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:506)
  | 	at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:315)
  | 	at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:230)
  | 	at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:256)
  | 	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:391)
  | 	at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:59)
  | 	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
  | 	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
  | 	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
  | 	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
  | 	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
  | 	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744)
  | 	at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
  | 	at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
  | 	at java.lang.Thread.run(Thread.java:595)
  | 13:31:45,800 DEBUG [LdapExtLoginModule] Bad password for username=sarahm

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3977948#3977948

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3977948

More information about the jboss-user mailing list