[jboss-user] [Security & JAAS/JBoss] - Configuration of Apacheds V1.0 with JBoss 4.2.2

philiparad do-not-reply at jboss.com
Sun May 18 10:39:25 EDT 2008


Hi

I have tried to configure Apacheds to work with JBoss.
First I have created my ldif file as follow:
-----------------------------------------------------------------
dn: ou=nowusers,o=nowserver
objectclass: organizationalUnit
objectclass: top
description: Contains entries which describe NOW users
userpassword: secret
ou: users

dn: cn=nowdemo,ou=nowusers,o=nowserver
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
objectclass: top
cn: nowdemo
description: nowdemo
givenname: nowdemo
sn: nowdemo
uid: nowdemo
userpassword: secret
-----------------------------------------------------------------
Then I have configure the login-config.xml:
-----------------------------------------------------------------

 <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">
   <module-option name="java.naming.provider.url">ldap://localhost:389/o=nowserver</module-option>
   <module-option name="java.naming.security.authentication">simple</module-option>
   <module-option name="bindDN">cn=nowdemo,ou=nowusers,o=nowserver</module-option> 
   <module-option name="bindCredential">secret</module-option>
   <module-option name="baseCtxDN">ou=nowusers</module-option>
   <module-option name="baseFilter">(cn={0})</module-option>
   <module-option name="rolesCtxDN">ou=nowusers</module-option>
   <module-option name="roleFilter">(cn={0})</module-option>
   <module-option name="roleAttributeID">memberOf</module-option>
   <module-option name="roleNameAttributeID">cn</module-option>
   <module-option name="roleAttributeIsDN">true</module-option>
   <module-option name="defaultRole">Everyone</module-option>
   <module-option name="roleRecursion">-1</module-option>
   <module-option name="allowEmptyPasswords">false</module-option>
   <module-option name="unauthenticatedIdentity">system</module-option>
   </login-module>
     
</application-policy>
-----------------------------------------------------------------

This is the error I get (I have put some printing in the original code):
-----------------------------------------------------------------
createLdapInitContext: 1
createLdapInitContext: bindDN: cn=nowdemo,ou=nowusers,o=nowserver
createLdapInitContext: bindCredential: secret
createLdapInitContext: securityDomain: null
createLdapInitContext: bindCredential: secret
createLdapInitContext: baseDN: ou=nowusers
createLdapInitContext: baseFilter: (cn={0})
createLdapInitContext: roleFilter: (cn={0})
createLdapInitContext: roleAttributeID: memberOf
PP1
constructInitialLdapContext: 1
constructInitialLdapContext: factoryName: null
constructInitialLdapContext: authType: simple
constructInitialLdapContext: protocol: null
constructInitialLdapContext: providerURL: ldap://localhost:389/o=nowserver
constructInitialLdapContext: dn: cn=nowdemo,ou=nowusers,o=nowserver
constructInitialLdapContext: credential: secret
bindDNAuthentication: user: nowdemo
bindDNAuthentication: credential: secret
bindDNAuthentication: baseDN: ou=nowusers
bindDNAuthentication: filter: (cn={0})
bindDNAuthentication: name: cn=nowdemo
bindDNAuthentication: userDN: cn=nowdemo,ou=nowusers
PP2
constructInitialLdapContext: 1
constructInitialLdapContext: factoryName: null
constructInitialLdapContext: authType: simple
constructInitialLdapContext: protocol: null
constructInitialLdapContext: providerURL: ldap://localhost:389/o=nowserver
constructInitialLdapContext: dn: cn=nowdemo,ou=nowusers
constructInitialLdapContext: credential: secret
17:32:49,223 DEBUG [LdapExtLoginModule] Bad password for username=nowdemo
javax.naming.AuthenticationException: [LDAP: error code 49 - Bind failed: null]
        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3005)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2951)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2753)
        at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2667)
        at com.sun.jndi.ldap.LdapCtx.(LdapCtx.java:287)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
        at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
        at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
        at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
        at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
        at javax.naming.InitialContext.init(InitialContext.java:223)
        at javax.naming.ldap.InitialLdapContext.(InitialLdapContext.java:134)
        at org.jboss.security.auth.spi.LdapExtLoginModule.constructInitialLdapContext(LdapExtLoginModule.java:568)
        at org.jboss.security.auth.spi.LdapExtLoginModule.bindDNAuthentication(LdapExtLoginModule.java:418)
        at org.jboss.security.auth.spi.LdapExtLoginModule.createLdapInitContext(LdapExtLoginModule.java:353)
        at org.jboss.security.auth.spi.LdapExtLoginModule.validatePassword(LdapExtLoginModule.java:232)
        at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:210)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
        at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
        at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
        at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:603)
        at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:537)
        at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
        at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:491)
        at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:257)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:416)
        at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
        at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
        at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
        at java.lang.Thread.run(Thread.java:619)
-----------------------------------------------------------------
As you can see, it succeed to connect for the first time to the ldap server with the String "dn: cn=nowdemo,ou=nowusers,o=nowserver"
But the it try to connect again with the string "dn: cn=nowdemo,ou=nowusers" and fails

Can someone help me about this matter?
Is my configuration is correct?

Regards
Philip

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4151628#4151628

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4151628



More information about the jboss-user mailing list