[jboss-user] [JBoss Portal] - IdentityException
georgy
do-not-reply at jboss.com
Mon Aug 13 08:53:44 EDT 2007
I have some difficulties with my ldap configuration
My configuration is :
login-config.xml
| <login-module code="org.jboss.portal.identity.auth.IdentityLoginModule" flag="sufficient">
| <module-option name="unauthenticatedIdentity">guest</module-option>
| <module-option name="userModuleJNDIName">java:/portal/UserModule</module-option>
| <module-option name="roleModuleJNDIName">java:/portal/RoleModule</module-option>
| <module-option name="userProfileModuleJNDIName">java:/portal/UserProfileModule</module-option>
| <module-option name="membershipModuleJNDIName">java:/portal/MembershipModule</module-option>
| <module-option name="additionalRole">Authenticated</module-option>
| <module-option name="password-stacking">useFirstPass</module-option>
| </login-module>
|
|
|
| <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">
| <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
| <module-option name="java.naming.provider.url">ldap://192.168.10.240:389</module-option>
| <module-option name="java.naming.security.authentication">simple</module-option>
| <module-option name="bindDN">bind at proxiad-nord.com</module-option>
| <module-option name="bindCredential">****</module-option>
| <module-option name="roleFilter">(sAMAccountName={0})</module-option>
| <module-option name="roleAttributeID">memberOf</module-option>
| <module-option name="roleAttributeIsDN">true</module-option>
| <module-option name="roleNameAttributeID">cn</module-option>
| <module-option name="roleRecursion">-1</module-option>
| <module-option name="searchTimeLimit">10000</module-option>
| <module-option name="searchScope">SUBTREE_SCOPE</module-option>
| <module-option name="allowEmptyPasswords">false</module-option>
| <!--<module-option name="hashAlgorithm">MD5</module-option>-->
| </login-module>
|
ldap_config.xml
| <identity-configuration>
| <datasources>
| <datasource>
| <name>LDAP</name>
| <config>
| <option>
| <name>host</name>
| <value>192.168.10.240</value>
| </option>
| <option>
| <name>port</name>
| <value>389</value>
| </option>
| <option>
| <name>adminDN</name>
| <value>bind at proxiad-nord.com</value>
| </option>
| <option>
| <name>adminPassword</name>
| <value>*****</value>
| </option>
| <!--<option>
| <name>protocol</name>
| <value>ssl</value>
| </option>-->
| </config>
| </datasource>
| </datasources>
| <modules>
| <module>
| <!--type used to correctly map in IdentityContext registry-->
| <type>User</type>
| <implementation>LDAP</implementation>
| <class>org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl</class>
| <config/>
| </module>
| <module>
| <type>Role</type>
| <implementation>LDAP</implementation>
| <config/>
| </module>
| <module>
| <type>Membership</type>
| <implementation>LDAP</implementation>
| <config/>
| </module>
| <module>
| <type>UserProfile</type>
| <implementation>DELEGATING</implementation>
| <config>
| <option>
| <name>ldapModuleJNDIName</name>
| <value>java:/portal/LDAPUserProfileModule</value>
| </option>
| </config>
| </module>
| <module>
| <type>DBDelegateUserProfile</type>
| <implementation>DB</implementation>
| <config>
| <option>
| <name>randomSynchronizePassword</name>
| <value>true</value>
| </option>
| </config>
| </module>
| <module>
| <type>LDAPDelegateUserProfile</type>
| <implementation>LDAP</implementation>
| <config/>
| </module>
| </modules>
|
| <options>
| <option-group>
| <group-name>common</group-name>
| <option>
| <name>userCtxDN</name>
| <value>ou=IDF,ou=Collaborateurs,dc=proxiad-nord,dc=com</value>
| <value>ou=Nord,ou=Collaborateurs,dc=proxiad-nord,dc=com</value>
| </option>
| <!--<option>
| <name>passwordAttributeID</name>
| <value>userPassword</value>
| </option>-->
| <option>
| <name>roleCtxDN</name>
| <value>ou=Groupes,dc=proxiad-nord,dc=com</value>
| </option>
| <option>
| <name>userSearchFilter</name>
| <value><![CDATA[(sAMAccountName={0})]]></value>
| </option>
|
|
| </option-group>
| <option-group>
| <group-name>userCreateAttibutes</group-name>
| <option>
| <name>objectClass</name>
| <!--This objectclasses should work with Red Hat Directory-->
| <value>top</value>
| <value>person</value>
| <value>inetOrgPerson</value>
| </option>
| <!--Schema requires those to have initial value-->
| <option>
| <name>cn</name>
| <value>none</value>
| </option>
| <option>
| <name>sn</name>
| <value>none</value>
| </option>
| </option-group>
| <option-group>
| <group-name>roleCreateAttibutes</group-name>
| <!--Schema requires those to have initial value-->
| <option>
| <name>cn</name>
| <value>none</value>
| </option>
| <!--Some directory servers require this attribute to be valid DN-->
| <!--For safety reasons point to the admin user here-->
| <option>
| <name>member</name>
| <value>cn=Admin,ou=Groupes,dc=proxiad-nord,dc=com</value>
| </option>
| </option-group>
| </options>
| </identity-configuration>
|
here is the exception i get after i try to log in with correct login and password
| 2007-08-13 12:32:43,422 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] Search filter: (sAMAccountName={0})
| 2007-08-13 12:32:43,422 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] Search filter: (sAMAccountName={0})
| 2007-08-13 12:32:43,422 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] Search filterArg: {0}: g.mahop
| 2007-08-13 12:32:43,422 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] Search ctx: ou=Nord,ou=Collaborateurs,dc=proxiad-nord,dc=com
| 2007-08-13 12:32:43,484 ERROR [org.jboss.portal.identity.auth.IdentityLoginModule] Error when validating password
| org.jboss.portal.common.transaction.NestedException: javax.security.auth.login.LoginException: org.jboss.portal.identity.IdentityException: Couldn't create LDAPUserImpl object from ldap entry (SearchResult)
| at org.jboss.portal.common.transaction.Transactions.apply(Transactions.java:253)
| at org.jboss.portal.common.transaction.Transactions.required(Transactions.java:289)
| at org.jboss.portal.identity.auth.IdentityLoginModule.getUserStatus(IdentityLoginModule.java:204)
| at org.jboss.portal.identity.auth.IdentityLoginModule.validatePassword(IdentityLoginModule.java:158)
| at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:210)
| at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
| at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
| at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
| at java.lang.reflect.Method.invoke(Method.java:585)
| at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
| at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
| at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
| at java.security.AccessController.doPrivileged(Native Method)
| at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
| at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
| at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:603)
| at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:537)
| at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
| at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:491)
| at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:258)
| at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:417)
| at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
| at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
| at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
| at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
| at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
| at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241)
| at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
| at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:580)
| at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
| at java.lang.Thread.run(Thread.java:595)
| Caused by: javax.security.auth.login.LoginException: org.jboss.portal.identity.IdentityException: Couldn't create LDAPUserImpl object from ldap entry (SearchResult)
| at org.jboss.portal.identity.auth.IdentityLoginModule$1.run(IdentityLoginModule.java:260)
| at org.jboss.portal.common.transaction.Transactions.apply(Transactions.java:219)
| ... 30 more
| 2007-08-13 12:32:43,484 DEBUG [org.jboss.portal.identity.auth.IdentityLoginModule] Bad password for username=g.mahop
| 2007-08-13 12:32:43,500 DEBUG [org.jboss.security.auth.spi.LdapExtLoginModule] Bad password for username=g.mahop
| java.lang.NullPointerException
| at javax.naming.InitialContext.getURLScheme(InitialContext.java:228)
| at javax.naming.InitialContext.getURLOrDefaultInitCtx(InitialContext.java:277)
| at javax.naming.directory.InitialDirContext.getURLOrDefaultInitDirCtx(InitialDirContext.java:87)
| at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
| at org.jboss.security.auth.spi.LdapExtLoginModule.bindDNAuthentication(LdapExtLoginModule.java:375)
| at org.jboss.security.auth.spi.LdapExtLoginModule.createLdapInitContext(LdapExtLoginModule.java:336)
| at org.jboss.security.auth.spi.LdapExtLoginModule.validatePassword(LdapExtLoginModule.java:229)
| at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:210)
| at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
| at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
| at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
| at java.lang.reflect.Method.invoke(Method.java:585)
| at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
| at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
| at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
| at java.security.AccessController.doPrivileged(Native Method)
| at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
| at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
| at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:603)
| at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:537)
| at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
| at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:491)
| at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:258)
| at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:417)
| at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
| at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
| at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
| at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
| at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
| at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241)
| at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
| at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:580)
| at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
| at java.lang.Thread.run(Thread.java:595)
|
|
I am working with
Jboss portal 2.6.1.GA
Active Directory
Any advice?
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4073529#4073529
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4073529
More information about the jboss-user
mailing list