users@glassfish.java.net

Re: LdapRealm exception (GF v3)

From: Nithya Subramanian <Nithya.Subramanian_at_Sun.COM>
Date: Mon, 28 Dec 2009 13:44:01 +0530

This error was just fixed :

https://glassfish.dev.java.net/issues/show_bug.cgi?id=11301

Please use the latest build of glassfish to get over this issue:

http://hudson.glassfish.org/job/gf-trunk-build-continuous/3578/

Thanks
Nithya

Dean Lane wrote:
> Happy Holidays everyone.
>
> I'm having a problem that I'm hoping someone can help with.
>
> I've got a web app setup to use the LdapRealm in Glassfish v3 for
> authentication. I've configured this on one system to use OpenDS
> (ldap protocol) with no issues at all. I'm trying to get it working
> against Fedora DS (ldaps protocol) and I keep getting the following
> exception when I try to authenticate to the web app:
>
> [#|2009-12-24T09:36:54.092-
> 0600|SEVERE|glassfishv3.0|javax.enterprise.system.core.security.com.sun.enterprise.security.auth.realm|_ThreadID=31;_ThreadName=Thread-1;|SEC1113:
> Exception in LdapRealm when trying to authenticate user.
> javax.security.auth.login.LoginException:
> javax.naming.CommunicationException: ldap.rice.edu:636
> <http://ldap.rice.edu:636/> [Root exception is
> java.lang.IllegalArgumentException: object is not an instance of
> declaring class]
> at
> com.sun.enterprise.security.auth.realm.ldap.LDAPRealm.findAndBind(LDAPRealm.java:450)
>
> Anyone seen something like this before? Any ideas what I may have
> done wrong?
>
> Java 1.6.0_16
> GlassFish v3 (build 74.2)
>
> The CA of the certificate returned from our LDAP server is trusted.
>
> From domains.xml (names changed to protect the innocent):
>
> <auth-realm name="testldap"
> classname="com.sun.enterprise.security.auth.realm.ldap.LDAPRealm">
> <property description="" name="search-bind-dn"
> value="cn=admin,ou=Service Accounts,dc=example,dc=com" />
> <property description="" name="search-bind-password"
> value="hidden" />
> <property description="" name="search-filter"
> value="(&amp;(objectClass=inetOrgPerson)(uid=%s))" />
> <property description="" name="group-search-filter"
> value="(&amp;(objectClass=groupOfUniqueNames)(uniqueMember=%d))" />
> <property description="" name="group-target"
> value="givenName" />
> <property description="" name="group-base-dn"
> value="ou=Groups,dc=example,dc=com" />
> <property name="jaas-context" value="ldapRealm" />
> <property name="base-dn" value="dc=example,dc=com" />
> <property name="directory" value="ldaps://ldap.example.com/
> <http://ldap.example.com/>" />
> </auth-realm>
>
> From the web.xml:
>
> <login-config>
> <auth-method>BASIC</auth-method>
> <realm-name>testldap</realm-name>
> </login-config>
>
> Full Stack Trace:
>
> [#|2009-12-24T10:38:59.016-0600|SEVERE|glassfishv3.0|javax.enterprise.system.core.security.com.sun.enterprise.security.auth.realm|_ThreadID=30;_ThreadName=Thread-1;|SEC1113:
> Exception in LdapRealm when trying to authenticate user.
> javax.security.auth.login.LoginException:
> javax.naming.CommunicationException: ldap.example.com:636
> <http://ldap.example.com:636/> [Root exception is
> java.lang.IllegalArgumentException: object is not an instance of
> declaring class]
> at
> com.sun.enterprise.security.auth.realm.ldap.LDAPRealm.findAndBind(LDAPRealm.java:450)
> at
> com.sun.enterprise.security.auth.login.LDAPLoginModule.authenticate(LDAPLoginModule.java:104)
> at
> com.sun.enterprise.security.auth.login.PasswordLoginModule.authenticateUser(PasswordLoginModule.java:90)
> at
> com.sun.appserv.security.AppservPasswordLoginModule.login(AppservPasswordLoginModule.java:141)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at
> javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
> at
> javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
> at
> javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
> at java.security.AccessController.doPrivileged(Native Method)
> at
> javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
> at
> javax.security.auth.login.LoginContext.login(LoginContext.java:579)
> at
> com.sun.enterprise.security.auth.login.LoginContextDriver.doPasswordLogin(LoginContextDriver.java:341)
> at
> com.sun.enterprise.security.auth.login.LoginContextDriver.login(LoginContextDriver.java:199)
> at
> com.sun.enterprise.security.auth.login.LoginContextDriver.login(LoginContextDriver.java:152)
> at
> com.sun.web.security.RealmAdapter.authenticate(RealmAdapter.java:478)
> at
> com.sun.web.security.RealmAdapter.authenticate(RealmAdapter.java:417)
> at
> org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:169)
> at
> com.sun.web.security.RealmAdapter.invokeAuthenticateDelegate(RealmAdapter.java:1126)
> at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:580)
> at
> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:615)
> at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:97)
> at
> com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:85)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:185)
> at
> org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:332)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:233)
> at
> com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:165)
> at
> com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:791)
> at
> com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:693)
> at
> com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:954)
> at
> com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:170)
> at
> com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:135)
> at
> com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:102)
> at
> com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:88)
> at
> com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:76)
> at
> com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:53)
> at
> com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:57)
> at com.sun.grizzly.ContextTask.run(ContextTask.java:69)
> at
> com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:330)
> at
> com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:309)
> at java.lang.Thread.run(Thread.java:619)
> Caused by: javax.naming.CommunicationException: ldap.example.com:636
> <http://ldap.example.com:636/> [Root exception is
> java.lang.IllegalArgumentException: object is not an instance of
> declaring class]
> at com.sun.jndi.ldap.Connection.<init>(Connection.java:207)
> at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:118)
> at
> com.sun.jndi.ldap.LdapClientFactory.createPooledConnection(LdapClientFactory.java:46)
> at com.sun.jndi.ldap.pool.Connections.<init>(Connections.java:97)
> at com.sun.jndi.ldap.pool.Pool.getPooledConnection(Pool.java:114)
> at
> com.sun.jndi.ldap.LdapPoolManager.getLdapClient(LdapPoolManager.java:310)
> at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1572)
> at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2652)
> at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293)
> at
> com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
> at
> com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
> at
> com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
> at
> com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
> at
> javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
> at
> javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
> at javax.naming.InitialContext.init(InitialContext.java:223)
> at javax.naming.InitialContext.<init>(InitialContext.java:197)
> at
> javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
> at
> com.sun.enterprise.security.auth.realm.ldap.LDAPRealm.findAndBind(LDAPRealm.java:422)
> ... 42 more
> Caused by: java.lang.IllegalArgumentException: object is not an
> instance of declaring class
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at com.sun.jndi.ldap.Connection.createSocket(Connection.java:314)
> at com.sun.jndi.ldap.Connection.<init>(Connection.java:184)
> ... 60 more
> |#]