[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [jetty-users] Re: Problems configuring Jetty for LDAP authentication
|
I found out the problem by stepping through the code in the eclipse debugger.
On Jun 15, 2010, at 04:26 PM, Jesse McConnell wrote:
> i wonder about that setting from time to time...theory was that you
> could authn via the binding approach or a simple 'get pwd and verify
> against that'
>
> but I think the default use case for people seems to be binding approach
>
> glad you got it sorted out
>
> jesse
>
> --
> jesse mcconnell
> jesse.mcconnell@xxxxxxxxx
>
>
>
> On Tue, Jun 15, 2010 at 15:43, Loren Cahlander
> <loren.cahlander@xxxxxxxxx> wrote:
>> I found my problem. If I change forceBindingLogin to true in login.conf, then everything works.
>>
>> On Jun 14, 2010, at 10:25 AM, Loren Cahlander wrote:
>>
>>> Hello,
>>>
>>> I am trying to configure Jetty for LDAP authentication. Can someone tell me what is wrong in my login.conf?
>>>
>>> Here is an authentication that works under the Apache 2.2 configuration:
>>>
>>> Alias /doc/ "/usr/share/doc/"
>>> <Directory "/usr/share/doc/">
>>> Options Indexes MultiViews FollowSymLinks
>>> AllowOverride None
>>> Order allow,deny
>>> Allow from all
>>> AuthBasicProvider ldap
>>> AuthUserFile /dev/null
>>> AuthType Basic
>>> AuthName "Subversion Authentication"
>>> AuthBasicProvider ldap
>>> # The distinguished name to bind to the directory server
>>> AuthLDAPBindDN "cn=admin,dc=exist-db,dc=org"
>>>
>>> # The password for the user above
>>> AuthLDAPBindPassword "1234"
>>> AuthLDAPUrl "ldap://127.0.0.1:389/ou=Users,dc=exist-db,dc=org?uid?sub?(objectclass=posixAccount)"
>>> AuthLDAPGroupAttribute memberUid
>>> AuthLDAPGroupAttributeIsDN off
>>> AuthLDAPCompareDNOnServer off
>>> AuthzLDAPAuthoritative on
>>> Require ldap-group cn=dba,ou=Groups,dc=exist-db,dc=org
>>>
>>> </Directory>
>>>
>>> Here is the Authentication Login Service information in jetty.xml:
>>>
>>> <!-- =========================================================== -->
>>> <!-- Configure Authentication Login Service -->
>>> <!-- =========================================================== -->
>>> <Call class="java.lang.System" name="setProperty">
>>> <Arg>java.security.auth.login.config</Arg>
>>> <Arg><SystemProperty name="jetty.home" default="." />/etc/login.conf</Arg>
>>> </Call>
>>>
>>> <Call name="addBean">
>>> <Arg>
>>> <New class="org.eclipse.jetty.plus.jaas.JAASLoginService">
>>> <Set name="name">JAASLoginService</Set>
>>> <Set name="LoginModuleName">eXistDB</Set>
>>> </New>
>>> </Arg>
>>> </Call>
>>>
>>>
>>> My login.conf under Jetty is:
>>>
>>> eXistDB {
>>> org.eclipse.jetty.plus.jaas.spi.LdapLoginModule REQUIRED
>>> debug="true"
>>> useLdaps="false"
>>> contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
>>> hostname="127.0.0.1"
>>> port="389"
>>> bindDn="cn=admin,dc=exist-db,dc=org"
>>> bindPassword="1234"
>>> authenticationMethod="simple"
>>> forceBindingLogin="false"
>>> userBaseDn="ou=Users,dc=exist-db,dc=org"
>>> userRdnAttribute="uid"
>>> userIdAttribute="uid"
>>> userPasswordAttribute="userPassword"
>>> userObjectClass="posixAccount"
>>> roleBaseDn="ou=Groups,dc=exist-db,dc=org"
>>> roleNameAttribute="cn"
>>> roleMemberAttribute="memberUid"
>>> roleObjectClass="posixGroup";
>>> };
>>>
>>>
>>> And I am getting the following error:
>>>
>>>
>>> 14 Jun 2010 10:20:08,143 [qtp2133251039-20] INFO (Slf4jLog.java [info]:92) - Searching for users with filter: '(&(objectClass={0})({1}={2}))' from base dn: ou=Users,dc=exist-db,dc=org
>>> 14 Jun 2010 10:20:08,145 [qtp2133251039-20] INFO (Slf4jLog.java [info]:92) - Found user?: true
>>> 14 Jun 2010 10:20:08,152 [qtp2133251039-20] WARN (Slf4jLog.java [warn]:124) - EXCEPTION
>>> javax.security.auth.login.LoginException: Login Failure: all modules ignored
>>> at javax.security.auth.login.LoginContext.invoke(LoginContext.java:936)
>>> at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
>>> at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698)
>>> at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696)
>>> at java.security.AccessController.doPrivileged(Native Method)
>>> at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695)
>>> at javax.security.auth.login.LoginContext.login(LoginContext.java:594)
>>> at org.eclipse.jetty.plus.jaas.JAASLoginService.login(JAASLoginService.java:203)
>>> at org.eclipse.jetty.security.authentication.FormAuthenticator.validateRequest(FormAuthenticator.java:174)
>>> at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:417)
>>> at org.eclipse.jetty.server.session.SessionHandler.handle(SessionHandler.java:182)
>>> at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:933)
>>> at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:362)
>>> at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:867)
>>> at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)
>>> at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:126)
>>> at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:113)
>>> at org.eclipse.jetty.server.Server.handle(Server.java:334)
>>> at org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:559)
>>> at org.eclipse.jetty.server.HttpConnection$RequestHandler.content(HttpConnection.java:1007)
>>> at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:747)
>>> at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:209)
>>> at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:406)
>>> at org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:462)
>>> at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:436)
>>> at java.lang.Thread.run(Thread.java:636)
>>>
>>
>> _______________________________________________
>> jetty-users mailing list
>> jetty-users@xxxxxxxxxxx
>> https://dev.eclipse.org/mailman/listinfo/jetty-users
>>
> _______________________________________________
> jetty-users mailing list
> jetty-users@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/jetty-users