users@glassfish.java.net

Glassfish LDAP JAAC Active Directory Error Code 10

From: <glassfish_at_javadesktop.org>
Date: Fri, 26 Jun 2009 07:09:42 PDT

I am trying to connect my glassfish app server to our companies active directory for authentication. i found a tutorial http://blog.gascoyne.de/archives/5 to set it up but i am getting an error that i cant find any information about on the web.

directory = ldap://ads.host.name:389
base-dn = DC=domain,DC=com
search-bind-dn = user
search-bind-password = password
search-filter = (&(objectClass=user)(sAMAccountName=%s))
group-search-filter = (&(objectClass=group)(member=%d))
jaas-context = ldapRealm

-Djava.naming.referral=follow
Added to the JVM Options

sun-web.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 9.0 Servlet 2.5//EN" "http://www.sun.com/software/appserver/dtds/sun-web-app_2_5-0.dtd">
<sun-web-app error-url="/LDAPtest">
  <context-root>/LDAPtest</context-root>
  
  <security-role-mapping>
      <role-name>userRole</role-name>
      <group-name>DomainUsers</group-name>
  </security-role-mapping>
  
  <class-loader delegate="true"/>
  <jsp-config>
    <property name="keepgenerated" value="true">
      <description>Keep a copy of the generated servlet class' java code.</description>
    </property>
  </jsp-config>
 
</sun-web-app>


web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
    <session-config>
        <session-timeout>
            30
        </session-timeout>
    </session-config>
    <welcome-file-list>
        <welcome-file>index.jsp</welcome-file>
        </welcome-file-list>
    

<login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>ads-realm</realm-name>
</login-config>

<security-role>
  <role-name>userRole</role-name>
</security-role>

<security-constraint>
  <display-name>SecurityConstraint</display-name>
  <web-resource-collection>
    <web-resource-name>SecuredFolder</web-resource-name>
      <url-pattern>/pages/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>userRole</role-name>
    </auth-constraint>
  <user-data-constraint>
    <transport-guarantee>NONE</transport-guarantee>
  </user-data-constraint>
</security-constraint>

</web-app>





SEC1106: Error during LDAP search with filter [(&(objectClass=user)(sAMAccountName=USERNAME))].
SEC1000: Caught exception.
javax.naming.PartialResultException: [LDAP: error code 10 - 0000202B: RefErr: DSID-0310063C, data 0, 1 access points
        ref 1: 'idexxi.com'
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2850)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2767)
        at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1821)
        at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1744)
        at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
        at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
        at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321)
        at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248)
        at com.sun.enterprise.security.auth.realm.ldap.LDAPRealm.userSearch(LDAPRealm.java:484)
        at com.sun.enterprise.security.auth.realm.ldap.LDAPRealm.findAndBind(LDAPRealm.java:403)
        at com.sun.enterprise.security.auth.login.LDAPLoginModule.authenticate(LDAPLoginModule.java:111)
        at com.sun.enterprise.security.auth.login.PasswordLoginModule.authenticateUser(PasswordLoginModule.java:90)
        at com.sun.appserv.security.AppservPasswordLoginModule.login(AppservPasswordLoginModule.java:184)
        at sun.reflect.GeneratedMethodAccessor309.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
        at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
        at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
        at com.sun.enterprise.security.auth.LoginContextDriver.doPasswordLogin(LoginContextDriver.java:319)
        at com.sun.enterprise.security.auth.LoginContextDriver.login(LoginContextDriver.java:177)
        at com.sun.enterprise.security.auth.LoginContextDriver.login(LoginContextDriver.java:130)
        at com.sun.web.security.RealmAdapter.authenticate(RealmAdapter.java:522)
        at com.sun.web.security.RealmAdapter.authenticate(RealmAdapter.java:462)
        at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:177)
        at com.sun.web.security.RealmAdapter.invokeAuthenticateDelegate(RealmAdapter.java:1216)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:643)
        at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:625)
        at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:593)
        at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:94)
        at com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:98)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:222)
        at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:648)
        at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:593)
        at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:587)
        at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1096)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:166)
        at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:648)
        at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:593)
        at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:587)
        at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1096)
        at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:288)
        at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.invokeAdapter(DefaultProcessorTask.java:647)
        at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.doProcess(DefaultProcessorTask.java:579)
        at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.process(DefaultProcessorTask.java:831)
        at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.executeProcessorTask(DefaultReadTask.java:341)
        at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:263)
        at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:214)
        at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:265)
        at com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:106)
SEC5046: Audit: Authentication refused for [USERNAME].
Web login failed: Login failed: javax.security.auth.login.LoginException: javax.security.auth.login.LoginException: User USERNAME not found.
[Message sent by forum member 'pevets' (pevets)]

http://forums.java.net/jive/thread.jspa?messageID=353156
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.