[jira] Closed: (GERONIMO-4997) Can not connect to a ldap server in an anonymous way

Fri, 26 Feb 2010 01:27:01 -0800 

     [ 
https://issues.apache.org/jira/browse/GERONIMO-4997?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Lu Jiang closed GERONIMO-4997.
------------------------------

    Resolution: Fixed

    Oops,the userBase and roleBase I used in the security realm file are 
"userBase=ou=users,ou=system",
"roleBase=ou=groups,ou=system".
    but Apache DS has a few minimal built-in rules for protecting users and 
groups.
    Users  except the adminr user cannot access or search  the 
'ou=users,ou=system' and "ou=groups,ou=system"entry. They are  protected from 
access or alteration by anyone other than the admin user. So when try to access 
anonymously,authentication error will occur.
    In order to connect to Apache DS successfully,we should create a new 
directory instead of a default "ou=users,ou=system","ou=groups,ou=system"and 
put user info there.
    Thanks Ivan for reviewing this issue and pointing  this out.


> Can not connect to a ldap server in an anonymous way
> ----------------------------------------------------
>
>                 Key: GERONIMO-4997
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-4997
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: security
>    Affects Versions: 2.1.4, 2.2
>         Environment: OS:Windows XP SP2
> Server: Geronimo 2.2
> JDK:1.6
>            Reporter: Lu Jiang
>            Priority: Minor
>             Fix For: 2.1.5, 2.2.1, 3.0
>
>         Attachments: geronimo-security-2.1.4.jar
>
>
> I tried to deploy an web application which uses Apache Directory Server for 
> user authentication.
> So I created a realm file as follows and add a reference to this realm file 
> in deploy plan
> <module xmlns="http://geronimo.apache.org/xml/ns/deployment-1.2";>
>     <environment>
>         <moduleId>
>             <groupId>console.realm</groupId>
>             <artifactId>testLDAP</artifactId>
>             <version>1.0</version>
>             <type>car</type>
>         </moduleId>
>         <dependencies>
>             <dependency>
>                 <groupId>org.apache.geronimo.framework</groupId>
>                 <artifactId>j2ee-security</artifactId>
>                 <type>car</type>
>             </dependency>
>         </dependencies>
>     </environment>
>     <gbean name="testLDAP" 
> class="org.apache.geronimo.security.realm.GenericSecurityRealm" 
> xsi:type="dep:gbeanType" 
> xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2"; 
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";>
>         <attribute name="realmName">testLDAP</attribute>
>         <reference name="ServerInfo">
>             <name>ServerInfo</name>
>         </reference>
>         <xml-reference name="LoginModuleConfiguration">
>             <log:login-config 
> xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-2.0";>
>                 <log:login-module control-flag="REQUIRED" 
> wrap-principals="false">
>                     <log:login-domain-name>testLDAP</log:login-domain-name>
>                     
> <log:login-module-class>org.apache.geronimo.security.realm.providers.LDAPLoginModule</log:login-module-class>
>                     <log:option 
> name="connectionURL">ldap://pages.test.com:389</log:option>
>                     <log:option 
> name="roleBase">ou=members,ou=testgroups,o=test.com</log:option>
>                     <log:option 
> name="initialContextFactory">com.sun.jndi.ldap.LdapCtxFactory</log:option>
>                     <log:option name="roleName">cn</log:option>
>                     <log:option 
> name="roleSearchMatching">uniquemember={0}</log:option>
>                     <log:option name="roleSearchSubtree">false</log:option>
>                     <log:option 
> name="userRoleName">uniquemember={0}</log:option>
>                     <log:option name="authentication">simple</log:option>
>                     <log:option name="userSearchSubtree">true</log:option>
>                     <log:option 
> name="userBase">ou=users,o=test.com</log:option>
>                     <log:option 
> name="userSearchMatching">(mail={0})</log:option>
>                 </log:login-module>
>             </log:login-config>
>         </xml-reference>
>     </gbean>
> </module>
> It provides no connectionUsername and password ,because I intend to connect 
> the ldap server anonymously.
> Eache time,I login the web application ,it will try to connect the Apache 
> directory server to authenticate users.
> But a NullPointerException will always occur.
> Caused by: 
> java.lang.NullPointerException
>       at java.util.Hashtable.put(Hashtable.java:770)
>       at 
> org.apache.geronimo.security.realm.providers.LDAPLoginModule.open(LDAPLoginModule.java:455)
>       at 
> org.apache.geronimo.security.realm.providers.LDAPLoginModule.authenticate(LDAPLoginModule.java:267)
>       at 
> org.apache.geronimo.security.realm.providers.LDAPLoginModule.login(LDAPLoginModule.java:186)
>       ... 28 more

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to