Forum Home » Fuse Distributions » Fuse ESB

Thread: Help with JAAS LDAP authentication in Karaf

 
This question is answered.

Reply to this Thread Reply to this Thread Search Forum Search Forum Back to Thread List Back to Thread List

Permlink Replies: 2 - Last Post: Mar 25, 2011 2:46 PM Last Post By: dhoyt
dhoyt

Posts: 32
Registered: 03/03/11
Help with JAAS LDAP authentication in Karaf
Posted: Mar 24, 2011 9:35 PM
fuse , esb , servicemix , ldap , karaf , jaas
 
  Click to reply to this thread Reply
I tried to follow the tutorial to enable LDAP authentication, but I am getting errors when I try to connect. The user I am trying to access is valid (uid=dhoyt,ou=employees,dc=example,dc=com). I can see that if I have an invalid password or a non-existent user that I get the expected errors stating such. The problem is that when I try to login to the webconsole using the dhoyt user, I get an error back stating that it can't get the roles for the user (LDAP error code 80). Below is the ldap-module.xml I put in the deploy directory and the error from the servicemix.log file. I am using apache-servicemix-4.3.1-fuse-01-09 on Solaris 10 (JDK 1.6_20). I want to allow logins for anyone in the cn=smxAdmin,ou=roles,dc=example,dc=com role.

Any help with this would be greatly appreciated.

ldap-module.xml is:

<?xml version="1.0" encoding="UTF-8"?>
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0"
xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0">
<jaas:config name="karaf" rank="1">
<jaas:module className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule" flags="required">
initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
connection.username = cn=Directory Manager
connection.password = myPassword
connection.url = ldap://localhost:1389
user.base.dn = ou=employees,dc=example,dc=com
user.filter = (uid=%u)
user.search.subtree = true
role.base.dn = ou=roles,dc=example,dc=com
role.filter = (member:=uid=%u)
role.name.attribute = cn
role.search.subtree = true
authentication = simple
</jaas:module>
</jaas:config>
</blueprint>


Exception is:

javax.security.auth.login.LoginException: Can't get user dhoyt roles: LDAP: error code 80 - An unexpected error was encountered while processing a search in one of the Directory Server backends: NullPointerException(ConcurrentHashMap.java:768)
at org.apache.karaf.jaas.modules.ldap.LDAPLoginModule.doLogin(LDAPLoginModule.java:242)
at org.apache.karaf.jaas.modules.ldap.LDAPLoginModule.login(LDAPLoginModule.java:132)
at org.apache.karaf.jaas.boot.ProxyLoginModule.login(ProxyLoginModule.java:83)karaf-jaas-boot.jar:
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method):1.6.0_20
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39):1.6.0_20
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25):1.6.0_20
at java.lang.reflect.Method.invoke(Method.java:597):1.6.0_20
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769):1.6.0_20
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186):1.6.0_20
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683):1.6.0_20
at java.security.AccessController.doPrivileged(Native Method):1.6.0_20
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680):1.6.0_20
at javax.security.auth.login.LoginContext.login(LoginContext.java:579):1.6.0_20
at org.apache.karaf.webconsole.JaasSecurityProvider.authenticate(JaasSecurityProvider.java:66)198:org.apache.felix.webconsole:3.1.2
at org.apache.felix.webconsole.internal.servlet.OsgiManager$SecurityProvider.authenticate(OsgiManager.java:995)198:org.apache.felix.webconsole:3.1.2
at org.apache.felix.webconsole.internal.servlet.OsgiManagerHttpContext.handleSecurity(OsgiManagerHttpContext.java:123)[198:org.apache.felix.webcons
tmielke

Posts: 178
Registered: 12/04/07
Re: Help with JAAS LDAP authentication in Karaf
Posted: Mar 25, 2011 8:48 AM   in response to: dhoyt in response to: dhoyt
Correct
  Click to reply to this thread Reply
Hhhm, its failing to retrieve the roles of the user. So I presume the properties

connection.username = cn=Directory Manager
connection.password = myPassword
connection.url = ldap://localhost:1389
user.base.dn = ou=employees,dc=example,dc=com
user.filter = (uid=%u)
user.search.subtree = true

are correct. Its very likely something to do with these properties

role.base.dn = ou=roles,dc=example,dc=com
role.filter = (member:=uid=%u)
role.name.attribute = cn
role.search.subtree = true

I am not an LDAP expert but is the role.filter property syntactically correct?
dhoyt

Posts: 32
Registered: 03/03/11
Re: Help with JAAS LDAP authentication in Karaf
Posted: Mar 25, 2011 2:46 PM   in response to: tmielke in response to: tmielke 		 
  Click to reply to this thread Reply
Thanks for the help! It was the role.filter. It has to match the entry in my role exactly. In my case, the correct setting was:

role.filter = (Member of Group:=uid=%u)

Thanks for the help!

Point your RSS reader here for a feed of the latest messages in all forums
Go Back Back to Thread List



Contact Us | About This Site | Privacy Policy | Terms of Use | Site Index

FUSE Open Source Community is a community resource for open source service oriented architecture (SOA) and application integration products and technologies. FUSE offers products based on Apache ServiceMix, Apache ActiveMQ, Apache CXF and Apache Camel which are certified, productized and fully supported by the people who wrote the code. Learn about ActiveMQ with our training, support, and consulting on ActiveMQ performance. FUSE also offers integration software that allows developers to service-enable existing components or build new services with preconfigured enterprise integration patterns. FUSE ESB 4 for enterprise service bus is an open source integration platform for BPEL components that supports the latest emerging standards like OSGi and JBI 2.0. FUSE Services Framework allows Java developers to create reusable RESTful services using front-end programming APIs like JAX-WS. Our powerful message oriented middleware solution, FUSE Message Broker, offers a cost-effective and flexible open source messaging platform. FUSE also works to enhance your SOA using content based routing with FUSE Mediation Router.