[jboss-user] [EJB 3.0] New message: "Re: problem with LdapLoginModule"

Stefan Henz do-not-reply at jboss.com
Mon Mar 15 07:23:47 EDT 2010

User development,

A new message was posted in the thread "problem with LdapLoginModule":


Author  : Stefan Henz
Profile : http://community.jboss.org/people/shenz

Hi Jaikiran,
I  followed the given URL http://community.jboss.org/wiki/SecurityFAQ I looked for a file conf/log4j.xml. But at jboss-5.1.0.CA such file does not exist, but conf/jboss-config.xml. Therefore I made the according changes for enabling TRACE level in the file conf/jboss-log4j.xml of the according server instance.
But I don't know where, i.e in which file, the TRACE DEBUG information is written. It does not appear on the terminal console. Where does the tracing appears?
But, because I suppose there might be a problem a nother login module, in the file "conf/login-config.xml I commented out all application-policies besides the one of the LdapLoginModule being related to the security-domain "myWebApp" of my application.
Now the error message
:38:42,107 ERROR [UsersRolesLoginModule] Failed to load users/passwords/role  files
java.io.IOException: No properties file: users.properties or  defaults: defaultUsers.properties found
at  org.jboss.security.auth.spi.Util.loadProperties(Util.java:198)
does no longer occurs, but nevertheless one cannot login with the according ldap-username and ldap-password account.
I'm not sure, if the Ldap modules "LoginLdapModule" and "LoginExtLdapModule" are able to get the  right DN name, if the "principalDNSuffix" is empty following the (unfortunately only in German) given instructions on
"http://www.imixs.com/websites/imixs-com.nsf/chapter/0020.0100.0030.?OpenDocument" when using Domino. We don't use "Domino", but OpenLadp.
I'm not sure, if for OpenLdap it is allowed too, to led the "principalDNSuffix" empty, i.e.
<module-option  name="principalDNSufffix"></module-option>
I did this, because we have an Ldap hierachy like
uid=uid, ou=department, ou=users, dc=domainPart1,dc=domainPart2
where uid has the unique user account.
Therefore I can't use a common "prinicipalDNSuffix", because it differs from user to user in dependence on the department the user belongs to.
And therefore also the prinicpalDNPrefix is
<module-option  name="principalDNPrefix">uid=</module-option>
instead of
<module-option  name="principalDNPrefix">cn=</module-option>
But up to now the login via ldap is not working.
Does somebody has an idea and can me help to solve this problem?


To reply to this message visit the message page: http://community.jboss.org/message/531972#531972

More information about the jboss-user mailing list