[jboss-user] [Security & JAAS/JBoss] - LDAPExtLoginModule binds with credentials from webauth (user
TiJay
do-not-reply at jboss.com
Wed Jun 13 09:33:09 EDT 2007
Hi at all,
this problem I now want to describe you already exists for a long time and I had no idea how to fix it.
My job was to create a LDAP-using authentication for a JEE-project with 'LdapExtLoginModule', so I used the page http://wiki.jboss.org/wiki/Wiki.jsp?page=LdapExtLoginModule to get some information about this module.
Then I set up an OpenLDAP-server on my vServer.
suffix "dc=jonischkat,dc=de"
| rootdn "cn=root,dc=jonischkat,dc=de"
| rootpw XXXmyPasswordXXX
I populated the server with these entries (remark: capsys-user is the authenticated security role):
The application policy in 'login-config.xml' looks like this:
| <application-policy name="testLDAP">
| <authentication>
| <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
| <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
| <module-option name="java.naming.provider.url">ldap://my.vserver.ip.address/</module-option>
| <module-option name="java.naming.security.authentication">simple</module-option>
| <!--<module-option name="principalDNPrefix">uid=</module-option>
| <module-option name="principalDNSuffix">,ou=People,dc=tjhome,dc=de</module-option>-->
| <module-option name="bindDN">cn=root,dc=jonischkat,dc=de</module-option>
| <module-option name="bindCredential">XXXmyPasswordXXX</module-option>
| <module-option name="baseCtxDN">ou=People,dc=jonischkat,dc=de</module-option>
| <module-option name="baseFilter">(uid={0})</module-option>
| <module-option name="rolesCtxDN">ou=Roles,dc=jonischkat,dc=de</module-option>
| <module-option name="roleFilter">(member={1})</module-option>
| <module-option name="roleAttributeID">cn</module-option>
| <module-option name="roleRecursion">-1</module-option>
| <!--<module-option name="uidAttributeID">member</module-option>
| <module-option name="matchOnUserDN">true</module-option>
| <module-option name="roleAttributeID">cn</module-option>
| <module-option name="roleAttributeIsDN">false</module-option>-->
| </login-module>
| </authentication>
| </application-policy>
|
When accessing the webapp, I typed the credentials username: 'tjonisch' and password: 'XXXpasswordOfTjonischInLdapEntryXXX', but the dialog popped up a second time.
The logfile of the LDAP server said:
Jun 5 14:46:53 uhweb25094 slapd[28244]: daemon: read active on 11
| Jun 5 14:46:53 uhweb25094 slapd[28244]: connection_get(11): got connid=1
| Jun 5 14:46:53 uhweb25094 slapd[28244]: connection_read(11): checking for input on id=1
| Jun 5 14:46:53 uhweb25094 slapd[28244]: daemon: epoll: listen=7 active_threads=0 tvp=NULL
| Jun 5 14:46:53 uhweb25094 slapd[28244]: do_bind
| Jun 5 14:46:53 uhweb25094 slapd[28244]: >>> dnPrettyNormal: <tjonisch>
| Jun 5 14:46:53 uhweb25094 slapd[28244]: bind: invalid dn (tjonisch)
| Jun 5 14:46:53 uhweb25094 slapd[28244]: send_ldap_result: conn=1 op=0 p=3
| Jun 5 14:46:53 uhweb25094 slapd[28244]: send_ldap_response: msgid=1 tag=97 err=34
| Jun 5 14:46:53 uhweb25094 slapd[28244]: conn=1 op=0 RESULT tag=97 err=34 text=invalid DN
| Jun 5 14:46:53 uhweb25094 slapd[28244]: daemon: activity on 1 descriptor
| Jun 5 14:46:53 uhweb25094 slapd[28244]: daemon: activity on:
| Jun 5 14:46:53 uhweb25094 slapd[28244]: 11r
So JBoss tried to bind with the credentials given by the user, not with 'bindDN' and 'bindCredential' from the config file.
It would be really cool if someone had an idea how to fix this problem.
Greetings from Germany
Tim J.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4053970#4053970
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4053970
More information about the jboss-user
mailing list