[jboss-user] [Security & JAAS/JBoss] - Issue with LdapExtLoginModule

Fri, 25 Apr 2008 07:50:26 -0700 

Hi All,

I am using LdapExtLoginModule for authentication.
I have configured the login-module in the following way:


  |     <application-policy name="JAAS_LDAP">
  |       <authentication>
  |     <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" 
flag="required" >
  |         <module-option 
name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
  |         <module-option 
name="java.naming.provider.url">ldap://companyserver:389</module-option>
  |         <module-option 
name="java.naming.security.authentication">simple</module-option>
  |         <module-option 
name="bindDN">cn=user,ou=xxx,dc=company,dc=com</module-option>
  |         <module-option name="bindCredential">password</module-option>
  |         <module-option 
name="baseCtxDN">ou=xxx,dc=company,dc=com</module-option>                    
  |         <module-option name="baseFilter">(cn={0})</module-option>           
         
  |         <module-option 
name="rolesCtxDN">ou=xxx,dc=company,dc=com</module-option>
  |         <module-option name="roleFilter">(cn={0})</module-option>
  |         <module-option name="roleAttributeID">memberOf</module-option>
  |         <module-option name="roleRecursion">-1</module-option>
  |         <module-option name="roleNameAttributeID">cn</module-option>
  |         <module-option name="roleAttributeIsDN">true</module-option>
  |         <module-option name="searchTimeLimit">5000</module-option>
  |         <module-option name="searchScope">SUBTREE_SCOPE</module-option>
  |         <module-option name="allowEmptyPasswords">false</module-option>
  |     </login-module>
  |       </authentication>
  |      </application-policy>
  | 

I am getting this exception:

  | ERROR [STDERR] Caused by: javax.naming.AuthenticationException: [LD
  | AP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: 
AcceptSecurityCon
  | text error, data 525, vece ]
  | 

I am not sure where the configuration is incorrect. 

I created a simple InitialDirContext through which tried to authenticate 
against LDAP server which works fine.
The Context.SECURITY_PRINCIPAL I used was in this format:
 CN=Jim Wood,OU=xxx,DC=company,DC=com 

Can you please suggest me where the configuration is wrong?

Thanks


View the original post : 
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4146834#4146834

Reply to the post : 
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4146834
_______________________________________________
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

Reply via email to