I'm having similar issues trying to connect to Active Directory using LDAP with
JBoss.
The username is valid in AD I can login to a windows box that authenticates
against the AD server.
jboss-web.xml
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain
flushOnSessionInvalidation="false">java:/jaas/MyApp-ldap</security-domain>
<context-root>/MyApp</context-root>
</jboss-web>
web.xml
<security-constraint>
<display-name>Restrict SEAM pages</display-name>
<web-resource-collection>
<web-resource-name>SEAM</web-resource-name>
<url-pattern>*.seam</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>system</role-name>
<role-name>purch-buyer</role-name>
<role-name>purch-iss</role-name>
<role-name>purch-dataentry</role-name>
<role-name>purch-tech</role-name>
<role-name>accounting</role-name>
<role-name>asd</role-name>
<role-name>ccc_ops</role-name>
<role-name>warehouse</role-name>
<role-name>liquidation</role-name>
</auth-constraint>
</security-constraint><?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain
flushOnSessionInvalidation="false">java:/jaas/MyApp-ldap</security-domain>
<context-root>/MyApp</context-root>
</jboss-web>
<security-role>
<role-name>system</role-name>
</security-role>
<security-role>
<role-name>purch-buyer</role-name>
</security-role>
<security-role>
<role-name>purch-iss</role-name>
</security-role>
<security-role>
<role-name>purch-dataentry</role-name>
</security-role>
<security-role>
<role-name>purch-tech</role-name>
</security-role>
<security-role>
<role-name>accounting</role-name>
</security-role>
<security-role>
<role-name>asd</role-name>
</security-role>
<security-role>
<role-name>ccc_ops</role-name>
</security-role>
<security-role>
<role-name>warehouse</role-name>
</security-role>
<security-role>
<role-name>liquidation</role-name>
</security-role>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>MyApp-ldap</realm-name>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/loginError.html</form-error-page>
</form-login-config>
</login-config>
login-config.xml
<application-policy name="MyApp-ldap">
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule"
flag="required" >
<!--
Some AD configurations may require searching against
the Global Catalog on port 3268 instead of the usual
port 389. This is most likely when the AD forest
includes multiple domains.
-->
<module-option
name="java.naming.provider.url">ldap://server:389</module-option>
<module-option name="bindDN">administrator</module-option>
<module-option name="bindCredential">[PASSWORD]</module-option>
<module-option
name="baseCtxDN">cn=users,dc=domain1.domain2,dc=local</module-option>
<module-option
name="baseFilter">(sAMAccountName={0})</module-option>
<module-option
name="rolesCtxDN">cn=users,dc=domain1.domain2,dc=local</module-option>
<module-option
name="roleFilter">(sAMAccountName={0})</module-option>
<module-option name="roleAttributeID">memberOf</module-option>
<module-option name="roleAttributeIsDN">true</module-option>
<module-option name="roleNameAttributeID">cn</module-option>
<module-option name="roleRecursion">-1</module-option>
<module-option name="searchScope">ONELEVEL_SCOPE</module-option>
</login-module>
</application-policy>
ERROR when Logging in:
2006-09-07 08:41:15,051 DEBUG
[org.jboss.security.plugins.JaasSecurityManager.MyApp-ldap] CallbackHandler:
[EMAIL PROTECTED]
2006-09-07 08:41:15,051 DEBUG
[org.jboss.security.plugins.JaasSecurityManagerService] Created [EMAIL
PROTECTED]
2006-09-07 08:41:15,052 DEBUG
[org.jboss.security.plugins.JaasSecurityManager.MyApp-ldap] CachePolicy set to:
[EMAIL PROTECTED]
2006-09-07 08:41:15,052 DEBUG
[org.jboss.security.plugins.JaasSecurityManagerService] setCachePolicy, [EMAIL
PROTECTED]
2006-09-07 08:41:15,052 DEBUG
[org.jboss.security.plugins.JaasSecurityManagerService] Added MyApp-ldap,
[EMAIL PROTECTED] to map
2006-09-07 08:41:15,136 DEBUG [org.jboss.security.auth.spi.LdapExtLoginModule]
Bad password for username=johndoe
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr:
DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2985)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2931)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2732)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2646)
at com.sun.jndi.ldap.LdapCtx.(LdapCtx.java:283)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at
com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at
com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at
com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at
javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at
javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.ldap.InitialLdapContext.(InitialLdapContext.java:134)
at
org.jboss.security.auth.spi.LdapExtLoginModule.constructInitialLdapContext(LdapExtLoginModule.java:487)
at
org.jboss.security.auth.spi.LdapExtLoginModule.createLdapInitContext(LdapExtLoginModule.java:331)
at
org.jboss.security.auth.spi.LdapExtLoginModule.validatePassword(LdapExtLoginModule.java:229)
at
org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:210)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at
javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at
javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at
org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:601)
at
org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:535)
at
org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
at
org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:491)
at
org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:257)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:416)
at
org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
at
org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
at
org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
at java.lang.Thread.run(Thread.java:595)
Anyone have any ideas or run into this error? If so how did you fix it?
Thanks,
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3970147#3970147
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3970147
_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user
