[jboss-user] [jBPM] - Problem with ldap authentication

Mon Oct 8 12:56:33 EDT 2012

Jose Miguel Loor [https://community.jboss.org/people/jmiguel77] created the discussion

"Problem with ldap authentication"

To view the discussion, visit: https://community.jboss.org/message/763751#763751

--------------------------------------------------------------
I have an installation of brms-standalone-5.3.0 server, connected to my office ldap this way:

In the login-config

<!--
          BRMS Platform Security Domain
-->
   <application-policy name="brms">
      <authentication>
<!--
         <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">
            <module-option name="usersProperties">props/brms-users.properties</module-option>
            <module-option name="rolesProperties">props/brms-roles.properties</module-option>
         </login-module>
-->
          <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
                    <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
                    <module-option name="java.naming.provider.url">ldap://192.168.0.5:389</module-option>
                    <module-option name="bindDN">cn=admin,dc=ndeveloper,dc=com</module-option>
                    <module-option name="bindCredential">ndeveloper</module-option>
                    <module-option name="baseCtxDN">ou=People,dc=ndeveloper,dc=com</module-option>
                    <module-option name="baseFilter">(cn={0})</module-option>
                    <module-option name="rolesCtxDN">ou=Group,dc=ndeveloper,dc=com</module-option>
                    <module-option name="roleFilter">(member={1})</module-option>
                    <module-option name="roleAttributeID">gidNumber</module-option>
                    <module-option name="roleAttributeIsDN">false</module-option>
                    <module-option name="roleNameAttributeID">cn</module-option>
                    <module-option name="roleRecursion">-1</module-option>
                    <module-option name="searchScope">ONELEVEL_SCOPE</module-option>
          </login-module>
      </authentication>
   </application-policy>

and in the components.xml

<security:identity authenticate-method="#{authenticator.authenticate}" jaas-config-name="brms"/>

I can login to th jboss-brms console, register a Guvnor repository in jboss dev studio, and add a new package with a diagram But when i log in to the brms console, search for my package and open the process file, i get this error:

2012-10-08 11:41:40,675 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] (http-127.0.0.1-8080-7) initialize
2012-10-08 11:41:40,675 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] (http-127.0.0.1-8080-7) Security domain: brms
2012-10-08 11:41:40,675 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] (http-127.0.0.1-8080-7) login
2012-10-08 11:41:40,675 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] (http-127.0.0.1-8080-7) Logging into LDAP server, env={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, roleNameAttributeID=cn, searchScope=ONELEVEL_SCOPE, java.naming.security.principal=cn=admin,dc=ndeveloper,dc=com, roleRecursion=-1, baseCtxDN=ou=People,dc=ndeveloper,dc=com, roleAttributeID=gidNumber, roleFilter=(member={1}), rolesCtxDN=ou=Group,dc=ndeveloper,dc=com, baseFilter=(cn={0}), jboss.security.security_domain=brms, java.naming.provider.url=ldap://192.168.0.5:389, roleAttributeIsDN=false, bindDN=cn=admin,dc=ndeveloper,dc=com, bindCredential=*****, java.naming.security.authentication=simple, java.naming.security.credentials=***}
2012-10-08 11:41:40,680 DEBUG [org.jboss.security.auth.spi.LdapExtLoginModule] (http-127.0.0.1-8080-7) Bad password for username=admin
2012-10-08 11:41:40,680 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] (http-127.0.0.1-8080-7) abort
2012-10-08 11:41:40,683 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/jboss-brms].[OryxEditorServlet]] (http-127.0.0.1-8080-7) Servlet.service() for servlet OryxEditorServlet threw exception
java.lang.IllegalArgumentException: Unable to authenticate user.
          at org.drools.guvnor.server.files.OryxEditorServlet.service(OryxEditorServlet.java:53)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
          at org.jboss.seam.web.ContextFilter$1.process(ContextFilter.java:42)
          at org.jboss.seam.servlet.ContextualHttpServletRequest.run(ContextualHttpServletRequest.java:65)
          at org.jboss.seam.web.ContextFilter.doFilter(ContextFilter.java:37)
          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
          at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
          at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
          at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
          at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:183)
          at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:95)
          at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
          at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
          at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
          at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
          at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
          at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
          at org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.internalProcess(ActiveRequestResponseCacheValve.java:74)
          at org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.invoke(ActiveRequestResponseCacheValve.java:47)
          at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
          at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
          at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:599)
          at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:451)
          at java.lang.Thread.run(Thread.java:662)
--------------------------------------------------------------

Reply to this message by going to Community
[https://community.jboss.org/message/763751#763751]

Start a new discussion in jBPM at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2034]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20121008/64cf4d0b/attachment-0001.html 