Looking at the source code for LdapExtLoginModule (Line 331).
http://anoncvs.forge.jboss.com/viewrep/JBoss/jbosssx/src/main/org/jboss/security/auth/spi/LdapExtLoginModule.java?r=1.1.2.4
| // Get the admin context for searching
| 331 InitialLdapContext ctx =
constructInitialLdapContext(bindDN, bindCredential);
| 332 // Validate the user by binding against the userDN
| 333 String userDN = bindDNAuthentication(ctx, username,
credential, baseDN, baseFilter);
|
There is a first attempt to bind to the admin DN and then to the user DN. The
question I have is if the bind to the admin DN fails, is the user notified
about it? All I see is an Exception thrown by the surrounding method which is
caught as:
| try
| 226 {
| 227 // Validate the password by trying to create an
initial context
| 228 String username = getUsername();
| 229 isValid = createLdapInitContext(username,
inputPassword);
| 230 defaultRole();
| 231 isValid = true;
| 232 }
| 233 catch (Exception e)
| 234 {
| 235 log.debug("Failed to validate password", e);
| 236 }
|
If this is true, we need to handle this case properly and provide an
appropriate message to the user rather than: "Failed to validate password".
This is critical for debugging. :)
I have not tested this (will do it when I have time). Hence the question here
in the forum.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3924801#3924801
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3924801
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
JBoss-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jboss-user
