Details
-
Bug
-
Resolution: Won't Do
-
Major
-
None
-
7.0.0.CR1
-
None
Description
In case when part of DN is placed in LDAP URL instead of principalDNSuffix then authentication fails (see [1] for details about this URL) in LdapLoginModule. Authentication is provided by binding with user DN and password, but in this case user DN does not include DN part from LDAP URL which leads to fail.
Thrown exception:
javax.naming.AuthenticationException: LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user uid=jduke,ou=People com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3135) com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3081) com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2883) com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2797) com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319) com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192) com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210) com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153) com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83) org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:114) org.jboss.as.naming.InitialContext.init(InitialContext.java:99) javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) org.jboss.as.naming.InitialContext.<init>(InitialContext.java:89) org.jboss.as.naming.InitialContextFactory.getInitialContext(InitialContextFactory.java:43) javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313) javax.naming.InitialContext.init(InitialContext.java:244) javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) org.jboss.security.auth.spi.LdapLoginModule.createLdapInitContext(LdapLoginModule.java:362) org.jboss.security.auth.spi.LdapLoginModule.validatePassword(LdapLoginModule.java:289) org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:283) sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ...
Attachments
Issue Links
- is cloned by
-
WFLY-6535 LdapLoginModule authentication fails when some part of DN is part of LDAP URL
- Closed
- is related to
-
JBEAP-4248 LdapExtLoginModule authentication fails when some part of DN is part of LDAP URL
- Closed
-
JBEAP-4250 AdvancedLdapLoginModule authentication fails when some part of DN is part of LDAP URL
- Closed
- relates to
-
SECURITY-943 AdvancedLdapLoginModule authentication fails when some part of DN is part of LDAP URL
- Open