[jboss-user] [Security & JAAS/JBoss] - LdapExtLoginModule && PartialResultException
jc7442
do-not-reply at jboss.com
Thu Feb 8 03:02:29 EST 2007
I try to use LdapExtLoginModue to authenticate over a windows active directory.
For some of my users I have a very strange exception:
[url]Exception in thread "main" javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:213)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at Main.main(Main.java:41)
Caused by: javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name 'dc=fr,dc=mycompany,dc=net'
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2763)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2737)
at com.sun.jndi.ldap.LdapNamingEnumeration.getNextBatch(LdapNamingEnumeration.java:129)
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:198)
at com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(LdapNamingEnumeration.java:171)
at org.jboss.security.auth.spi.LdapExtLoginModule.rolesSearch(LdapExtLoginModule.java:421)
at org.jboss.security.auth.spi.LdapExtLoginModule.createLdapInitContext(LdapExtLoginModule.java:348)
at org.jboss.security.auth.spi.LdapExtLoginModule.validatePassword(LdapExtLoginModule.java:229)
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:210)
... 11 more[/url]
When the login module tries to get the role of the authenticated user, the roleSearch method failed. I go through this method with a debugger.
ctxt.search return a NamingEnumeration that contains 1 element, a while iterate over the enumeration. Exception is thrown in the while when the hasMore method is invoked for the second time.
I have patch the code to replace hasMore with hasMoreElements. That fiw my problem.
Finally I replace in searchRole and bindDNAuthentication methods the hasMore() by hasMoreElements().
I'm not able to understand why hasMore method throws an exception for some of my config and not for others.
Is that a bug in the LdapExtLoginModule ???
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4012887#4012887
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4012887
More information about the jboss-user
mailing list