[jira] Resolved: (JS2-567) "Invalid password" when trying log in to jetspeed-2 portal using domino ldap authentication

Sun, 18 Feb 2007 17:38:26 -0800 

     [ 
https://issues.apache.org/jira/browse/JS2-567?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ate Douma resolved JS2-567.
---------------------------

    Resolution: Fixed

Given the fact that the ldap security patch from Davy has been applied quite 
some time ago, and Davy reports to have this working for Domino himself (I 
can't attest it myself),
I'm closing this one as fixed. 

> "Invalid password" when trying log in to jetspeed-2 portal using domino ldap 
> authentication
> -------------------------------------------------------------------------------------------
>
>                 Key: JS2-567
>                 URL: https://issues.apache.org/jira/browse/JS2-567
>             Project: Jetspeed 2
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 2.1-dev
>         Environment: Domino 6.5.5 Directory Server
>            Reporter: Vitaly Baranovsky
>
> I've configured jetspeed-2 to use Domino ldap directory for authentication.
> When I try to log in, jetspeed tells me "invalid password". But when I
> configure jetspeed-2 to use Apache Directory Server for authentication,
> jetspeed-2 logs in with no problem.
> My security-spi-ldap.xml for domino authentication:
> <beans>
>  <!-- ************** Ldap Configuration ************** -->
>  <bean id="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig"
>      class="org.apache.jetspeed.security.spi.impl.ldap.LdapBindingConfig">
>      <!-- The LDAP initial context factory. -->
>      <constructor-arg 
> index="0"><value>com.sun.jndi.ldap.LdapCtxFactory</value></constructor-arg>
>      <!-- The LDAP server name. -->
>      <constructor-arg 
> index="1"><value>ldapsrv.office.mycompany.net</value></constructor-arg>
>      <!-- The LDAP server port. -->
>      <constructor-arg index="2"><value>389</value></constructor-arg>
>      <!-- The LDAP server default dn suffix. -->
>      <constructor-arg index="3"><value></value></constructor-arg>
>      <!-- The LDAP server root context. -->
>      <constructor-arg index="4"><value>O=MyCompany</value></constructor-arg>
>      <!-- The LDAP server root dn. -->
>      <constructor-arg 
> index="5"><value>CN=wpsdev,OU=MyCompanyUsers,O=MyCompany</value></constructor-arg>
>      <!-- The LDAP server root password. -->
>      <constructor-arg index="6"><value>wpsdev</value></constructor-arg>
>      <!-- The users org unit. -->
>      <constructor-arg 
> index="7"><value>MyCompanyUsers</value></constructor-arg>
>      <!-- The groups org unit. -->
>      <constructor-arg index="8"><value>groups</value></constructor-arg>
>      <!-- The roles org unit. -->
>      <constructor-arg index="9"><value>roles</value></constructor-arg>
>   </bean>
> </beans>
> I have entry CN=wpsdevtest,OU=MyCompanyUsers,O=MyCompany with password 
> wpsdevtest at Domino Directory, and I can run ldapsearch correctly using this 
> entry as bind dn. This user have jetspeed-2-user object-class.
> When I try to enter login wpsdevtest and password wpsdevtest in jetspeed-2 
> login portlet, it says me: "invalid password". But when I enter login that 
> didn't exists in Domino directory, jetspeed-2 says me: "invalid user". So, 
> it's looks like ldap binding was ok.
> When I do same things using Apache Directory server, jetspeed-2 logs in 
> correctly.
> I can work successfully with Domino Directory using WebSphere Portal, 
> ldapsearch command line tool or Softerra LDAP Browser with my password 
> wpsdevtest without any additional programming.
> For example, this command line shows me info about wpsdevtest entry in Domino 
> LDAP:
> ldapsearch -h ldapsrv.office.mycompany.net -D 
> cn=wpsdevtest,ou=MyCompanyUsers,o=MyCompany -w wpsdevtest cn=wpsdevtest.
> So, as you can see, there is no need to encrypt my password when using 
> ldapsearch command.
> So, It is likely that existing users in domino have passwords hashed/encoded 
> differently than the algorithm employed by the J2 components 
> (org.apache.jetspeed.security.spi.CredentialPasswordEncoder). Domino 
> Directory Server uses LHA-1 algorithm for crypting passwords.
> I think, it have to be implemented in jetspeed-2.
> P.S.: Sorry for my bad English.
> P.P.S.: I have found next message at
> http://issues.apache.org/jira/browse/JS2-491?page=comments:
> The major problem that users will be facing today is that encrypted
> passwords are not supported in the jetspeed2.0 release. Given that this
> functionality has been committed to the codebase, how do you feel
> towards providing a downloadable JAR file to users that would act as a
> replacement for their current jetspeed-security-2.0.jar - doesn't have
> to be anything official, could be included as a link in the
> documentation)
> The user would have to
>          * replace his jetspeed-security-2.0.jar
>          * restart tomcat
> The user would have support for encrypted passwords and group/role
> membership via LDAP.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to