Hi, Thanks a lot for the quick response.
I have created a Security Group in AD with name "AuthUserRole" and assigned few users, whom I want to authenticate. anonymous wrote : | distinguishedName = CN=AuthUserRole,OU=Security Groups,OU=DPI,OU=IC - Applications and Computers,DC=company,DC=com | Yes, I'm using LdapExtLoginModule. The Configuration for the same is as given below: | login-config.xml | ---------------- | <?xml version='1.0'?> | <!DOCTYPE policy PUBLIC | "-//JBoss//DTD JBOSS Security Config 3.0//EN" | "http://www.jboss.org/j2ee/dtd/security_config.dtd"> | <policy> | | <application-policy name="HMActiveDirecotry"> | <authentication> | <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" > | <module-option name="java.naming.provider.url">ldap://company.com:389/</module-option> | <module-option name="java.naming.security.authentication">simple</module-option> | <module-option name="bindDN">cn=user,cn=Users,DC=company,DC=com</module-option> | <module-option name="bindCredential">password</module-option> | <module-option name="baseCtxDN">cn=Users,DC=company,DC=com</module-option> | <module-option name="baseFilter">(userPrincipalName={0})</module-option> | <module-option name="rolesCtxDN">cn=Users,DC=company,DC=com</module-option> | <module-option name="roleFilter">(member={1})</module-option> | <module-option name="roleAttributeID">memberOf</module-option> | <module-option name="roleAttributeIsDN">true</module-option> | <module-option name="roleNameAttributeID">name</module-option> | <module-option name="roleRecursion">0</module-option> | <module-option name="defaultRole">AuthUserRole</module-option> | </login-module> | </authentication> | </application-policy> | </policy> | The error I have received: anonymous wrote : | Error on Console of JBoss from DEBUG level on Security Manager using log4j.xml: | ------------------------------------------------------------------------------ | | 11:13:56,999 DEBUG [AuthenticatorBase] Security checking request POST /ldaptest/j_security_check | 11:13:56,999 DEBUG [FormAuthenticator] Authenticating username 'xxxxxx' | 11:13:57,046 DEBUG [LdapExtLoginModule] Bad password for username=App.eapp | javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09030F, comme | nt: AcceptSecurityContext error, data 525, vece ] | at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2985) | at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2931) | at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2732) | at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2646) | at com.sun.jndi.ldap.LdapCtx.(LdapCtx.java:283) | at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175) | at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193) | at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136) | at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66) | at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667) | at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247) | at javax.naming.InitialContext.init(InitialContext.java:223) | at javax.naming.ldap.InitialLdapContext.(InitialLdapContext.java:134) | at org.jboss.security.auth.spi.LdapExtLoginModule.constructInitialLdapContext(LdapExtLoginMo | dule.java:524) | at org.jboss.security.auth.spi.LdapExtLoginModule.createLdapInitContext(LdapExtLoginModule.j | ava:334) | at org.jboss.security.auth.spi.LdapExtLoginModule.validatePassword(LdapExtLoginModule.java:2 | 29) | at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule | .java:210) | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) | at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) | at java.lang.reflect.Method.invoke(Method.java:585) | at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) | at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) | at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) | at java.security.AccessController.doPrivileged(Native Method) | at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) | at javax.security.auth.login.LoginContext.login(LoginContext.java:579) | at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:601) | | at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:535) | | at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344) | at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.ja | va:491) | at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:2 | 57) | at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:416) | at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74) | at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126) | at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) | at org.jboss.web.tomcat.tc5.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:156) | | at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107) | at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148) | at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869) | at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Htt | p11BaseProtocol.java:664) | at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527) | at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112) | at java.lang.Thread.run(Thread.java:595) | 11:13:57,452 DEBUG [ApplicationDispatcher] servletPath=/login_error.jsp, pathInfo=null, queryString= | null, name=null | 11:13:57,468 DEBUG [ApplicationDispatcher] Path Based Forward | 11:13:57,468 DEBUG [ApplicationDispatcher] Disabling the response for futher output | 11:13:57,468 DEBUG [AuthenticatorBase] Failed authenticate() test ??/ldaptest/j_security_check | I'm really not sure, why the LdapExtLoginModule is reporting it as "Bad password for username=App.eapp". But When I use some LDAP Utility to validate the AuthUserGroup and the user name, it is working fine. The result given by LDAP Search Utility is as follows: anonymous wrote : | LDAP Utility Inputs Parameters: | | Host : company.com | Port : 389 | Base DN : CN=AuthUserRole,OU=Security Groups,OU=DPI,OU=IC - Applications and Computers,DC=company,DC=com | Filter :(&(objectClass=*)(CN=*)) | Scope : Subtree | Result displayed by the LDAP Search utility: anonymous wrote : | Enumerating attributes for DN : CN=AuthUserRole,OU=Security Groups,OU=DPI,OU=IC - Applications and Computers,DC=company,DC=com | objectClass = top | objectClass = group | cn = AuthUserRole | member = CN=App.eapp,OU=IC - Applications and Computers,DC=company,DC=com | member = CN=xxxxxxxxxx,OU=IC - Applications and Computers,DC=company,DC=com | member = CN=xxxxxxxxxxxxx,OU=Users,OU=Application Solutions Team,OU=IC - Users,DC=company,DC=com | member = CN=xxxxxxxx,OU=Users,OU=Application Solutions Team,OU=IC - Users,DC=company,DC=com | member = CN=xxxxxxxxxx,OU=Users,OU=Application Solutions Team,OU=IC - Users,DC=company,DC=com | distinguishedName = CN=AuthUserRole,OU=Security Groups,OU=DPI,OU=IC - Applications and Computers,DC=company,DC=com | instanceType = 4 | whenCreated = xxxxxxx | whenChanged = xxxxxxxx | uSNCreated = xxxxxxxx | uSNChanged = xxxxxxx | name = AuthUserRole | objectGUID = xxxxxxxx | objectSid = xxxxxxxx | sAMAccountName = AuthUserRole | sAMAccountType = xxxxxxxxx | groupType = xxxxxxxxx | objectCategory = CN=Group,CN=Schema,CN=Configuration,DC=company,DC=com | | LDAP search completed | Please go thru the configuration and other details I have mentioned and suggest me, where I have gone wrong. I'm fairly new to LDAP and Active Directory. Please reply me ASAP. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4026349#4026349 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4026349 _______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user