Set up Ldap configuration on DashBuilder

[Camelia B]

Hi,

I want to set up an ldap configuration with an existing server that I already have. 

I tried it with wildfly but I didn't succeed and I don't find anything in Google :)

I put this configuration into the "other" security domain in the standalone.xml :

 <security-domain name="other" cache-type="default">

                    <authentication>

                        <login-module code="LdapExtended" flag="required">

                            <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>

                            <module-option name="java.naming.provider.url" value="ldaps://directory.xxxxxxx.aaa:636"/>

                            <module-option name="java.naming.security.authentication" value="simple"/>

                            <module-option name="bindDN" value="uid=manageruid,ou=Specials,dc=xxxxxxxx,dc=aaa"/>

                            <module-option name="bindCredential" value="secret"/>

                            <module-option name="baseCtxDN" value="ou=People,dc=xxxxxxxx,dc=aaa"/>

                            <module-option name="baseFilter" value="(uid={0})"/>

                            <module-option name="rolesCtxDN" value="ou=Roles,dc=xxxxxxxx,dc=aaa"/>

                            <module-option name="roleFilter" value="(member={1})"/>

                            <module-option name="roleAttributeID" value="cn"/>

                            <module-option name="searchScope" value="SUBTREE_SCOPE"/>

                            <module-option name="allowEmptyPasswords" value="true"/>

                        </login-module>

                    </authentication>

                </security-domain>

When I tried to login I always have Login Failed. Please try again.

Any ideas how to setup the ldap configuration please ?

Best,

Camelia

[Camélia BENCHEQROUN]

Can anyone help me please ?

--
You received this message because you are subscribed to the Google Groups "Dashbuilder Setup" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dashbuilder-se...@googlegroups.com.
To post to this group, send email to dashbuil...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/dashbuilder-setup/64f7482d-3979-4a2d-8660-b765d9085528%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[william....@gmail.com]

Hello Camelia,

As we talked before: "

For wildfly dashbuilder will use the "other" security domain, which means that you can configure this security domain to use LDAP or you can modify jboss-web.xml to use a custom security domain. This is a documentation for EAP [1] but it should also apply for wildfly, do the security domain configuration according to your LDAP configuration.

Thanks!

[1] https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/6.4/html/how_to_configure_identity_management/configuring_a_security_domain_to_use_ldap

"

If you make this configuration and it still don't work please:

* Clean current server.log;

* Modify standalone.xml and add a logger for org.jboss.security and set the level as TRACE;

* start the server and reproduce the issue - it will show us all values related to the user that is trying to log in;

* send me server.log

Thanks!

[Camélia BENCHEQROUN]

Hi William,

Thank you for your response.

Please find attached the log file.

I'm sure of the configuration because it works with a classic Java class I already try it. In the log file I always have Bad password for username  but I'm sure 100% that is the correct password.

Any ideas ?

Thanks again for your help!

Best,

Camelia

--

You received this message because you are subscribed to the Google Groups "Dashbuilder Setup" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dashbuilder-se...@googlegroups.com.
To post to this group, send email to dashbuil...@googlegroups.com.

To view this discussion on the web, visit https://groups.google.com/d/msgid/dashbuilder-setup/36c13d38-d95e-414d-a3c5-af265bd4759d%40googlegroups.com.

[William Antônio Siqueira]

Hello Camélia,

Looks like the password is invalid (probably no passing on authentication). Would it be possible to make a test with a simple password without special characters with a new user? Make sure the new user has the role admin.

Thanks.

2018-10-15 14:51:57,046 TRACE [org.jboss.security] (default task-6) PBOX00220: Logging into LDAP server with env {java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, searchScope=SUBTREE_SCOPE, java.naming.security.principal=uid=adminuser,ou=Specials,dc=serverLDAP,dc=com, baseCtxDN=ou=People,dc=serverLDAP,dc=com, roleAttributeID=cn, roleFilter=(member={1}), allowEmptyPasswords=true, rolesCtxDN=ou=Roles,dc=serverLDAP,dc=com, baseFilter=(uid={0}), jboss.security.security_domain=other, java.naming.provider.url=ldaps://directory.serverLDAP.com:636, bindDN=uid=adminuser,ou=Specials,dc=serverLDAP,dc=com, java.naming.security.authentication=simple, bindCredential=******, java.naming.security.credentials=******}

2018-10-15 14:51:57,192 TRACE [org.jboss.security] (default task-6) PBOX00220: Logging into LDAP server with env {java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, searchScope=SUBTREE_SCOPE, java.naming.security.principal=uid=user1,ou=People,dc=serverLDAP,dc=com, baseCtxDN=ou=People,dc=serverLDAP,dc=com, roleAttributeID=cn, roleFilter=(member={1}), allowEmptyPasswords=true, rolesCtxDN=ou=Roles,dc=serverLDAP,dc=com, baseFilter=(uid={0}), jboss.security.security_domain=other, java.naming.provider.url=ldaps://directory.serverLDAP.com:636, bindDN=uid=adminuser,ou=Specials,dc=serverLDAP,dc=com, java.naming.security.authentication=simple, bindCredential=******, java.naming.security.credentials=******}

2018-10-15 14:51:57,299 DEBUG [org.jboss.security] (default task-6) PBOX00283: Bad password for username user1

2018-10-15 14:51:57,299 TRACE [org.jboss.security] (default task-6) PBOX00244: Begin abort method, overall result: false

2018-10-15 14:51:57,299 DEBUG [org.jboss.security] (default task-6) PBOX00206: Login failure: javax.security.auth.login.FailedLoginException: PBOX00070: Password invalid/Password required

at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:286)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:498)

at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)

at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)

at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)

at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)

at java.security.AccessController.doPrivileged(Native Method)

at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)

at javax.security.auth.login.LoginContext.login(LoginContext.java:587)

at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:406)

at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:345)

at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:333)

at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:146)

at org.wildfly.extension.undertow.security.JAASIdentityManagerImpl.verifyCredential(JAASIdentityManagerImpl.java:123)

at org.wildfly.extension.undertow.security.JAASIdentityManagerImpl.verify(JAASIdentityManagerImpl.java:94)

at io.undertow.security.impl.FormAuthenticationMechanism.runFormAuth(FormAuthenticationMechanism.java:124)

at io.undertow.security.impl.FormAuthenticationMechanism.authenticate(FormAuthenticationMechanism.java:96)

at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:245)

at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:263)

at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:231)

at io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:125)

at io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:99)

at io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:92)

at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55)

at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)

at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)

at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)

at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)

at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)

at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)

at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)

at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)

at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)

at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)

at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)

at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)

at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)

at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)

at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)

at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)

at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)

at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)

at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)

at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)

at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)

at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)

at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)

at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)

at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)

at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:805)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)

at java.lang.Thread.run(Thread.java:748)

--
William Antônio Siqueira

Java Software Engineer

http://fxapps.blogspot.com

http://www.williamantonio.wordpress.com

[Camélia BENCHEQROUN]

Hi William,

I'm sure the password is valid. I tried with a user with admin role and the problem is the same I always get Bad password.

Any ideas please ?

Camelia

[Camélia BENCHEQROUN]

Hi,

When I'm trying to log in with the ldap authentication I'm able to see that I'm using the right one, but in Dashbuilder I'm still getting login failed with bad password in the server log.

Any ideas please ?

Best,

Camelia