[MGNLLDAP-8] Using LDAP module with MS Active Directory throws an error Created: 23/Apr/07  Updated: 27/Nov/13  Resolved: 03/May/07

Status: Closed
Project: LDAP Connector
Component/s: None
Affects Version/s: 1.0-rc2
Fix Version/s: 1.2

Type: Bug Priority: Blocker
Reporter: zam6ak Assignee: Sameer Charles
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled

 Description   

After configuring the LDAP module to work with MS Active Directory I am getting following error:

09:12:12,443 INFO  [STDOUT] SecurityFilter.java(authenticate:193) failed to authenticate amistric
javax.security.auth.login.LoginException: failed to authenticate amistric
        at info.magnolia.jaas.sp.ldap.LDAPAuthenticationModule.login(LDAPAuthenticationModule.java:122)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
        at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
        at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
        at info.magnolia.cms.security.Authenticator.authenticate(Authenticator.java:110)
        at info.magnolia.cms.security.SecurityFilter.authenticate(SecurityFilter.java:149)
        at info.magnolia.cms.security.SecurityFilter.isAllowed(SecurityFilter.java:123)
        at info.magnolia.cms.security.SecurityFilter.doFilter(SecurityFilter.java:99)
        at info.magnolia.cms.filters.MagnoliaManagedFilter$CustomFilterChain.doFilter(MagnoliaManagedFilter.java:92)
        at info.magnolia.cms.filters.MultipartRequestFilter.doFilter(MultipartRequestFilter.java:80)
        at info.magnolia.cms.filters.MagnoliaManagedFilter$CustomFilterChain.doFilter(MagnoliaManagedFilter.java:92)
        at info.magnolia.cms.filters.MgnlVirtualUriFilter.doFilter(MgnlVirtualUriFilter.java:83)
        at info.magnolia.cms.filters.MagnoliaManagedFilter$CustomFilterChain.doFilter(MagnoliaManagedFilter.java:92)
        at info.magnolia.cms.filters.ContentTypeFilter.doFilter(ContentTypeFilter.java:66)
        at info.magnolia.cms.filters.MagnoliaManagedFilter$CustomFilterChain.doFilter(MagnoliaManagedFilter.java:92)
        at info.magnolia.enterprise.registration.RegistrationFilter.doFilter(RegistrationFilter.java:77)
        at info.magnolia.cms.filters.MagnoliaManagedFilter$CustomFilterChain.doFilter(MagnoliaManagedFilter.java:92)
        at info.magnolia.cms.filters.MagnoliaManagedFilter.doFilter(MagnoliaManagedFilter.java:65)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
        at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
        at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:175)
        at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
        at org.jboss.web.tomcat.tc5.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:156)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
        at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
        at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
        at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
        at java.lang.Thread.run(Thread.java:619)
09:12:44,641 INFO  [STDOUT] LDAPAuthenticationModule.java(queryLDAP:144) Need to specify class name in environment or system property, or as an applet parameter, or in an application resource fil
e:  java.naming.factory.initial
javax.naming.NoInitialContextException: Need to specify class name in environment or system property, or as an applet parameter, or in an application resource file:  java.naming.factory.initial
        at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:645)
        at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
        at javax.naming.InitialContext.getURLOrDefaultInitCtx(InitialContext.java:325)
        at javax.naming.directory.InitialDirContext.getURLOrDefaultInitDirCtx(InitialDirContext.java:87)
        at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248)
        at info.magnolia.jaas.sp.ldap.LDAPAuthenticationModule.queryLDAP(LDAPAuthenticationModule.java:139)
        at info.magnolia.jaas.sp.ldap.LDAPAuthenticationModule.login(LDAPAuthenticationModule.java:111)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
        at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
        at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
        at info.magnolia.cms.security.Authenticator.authenticate(Authenticator.java:110)
        at info.magnolia.cms.security.SecurityFilter.authenticate(SecurityFilter.java:149)
        at info.magnolia.cms.security.SecurityFilter.isAllowed(SecurityFilter.java:123)
        at info.magnolia.cms.security.SecurityFilter.doFilter(SecurityFilter.java:99)
        at info.magnolia.cms.filters.MagnoliaManagedFilter$CustomFilterChain.doFilter(MagnoliaManagedFilter.java:92)
        at info.magnolia.cms.filters.MultipartRequestFilter.doFilter(MultipartRequestFilter.java:80)
        at info.magnolia.cms.filters.MagnoliaManagedFilter$CustomFilterChain.doFilter(MagnoliaManagedFilter.java:92)
        at info.magnolia.cms.filters.MgnlVirtualUriFilter.doFilter(MgnlVirtualUriFilter.java:83)
        at info.magnolia.cms.filters.MagnoliaManagedFilter$CustomFilterChain.doFilter(MagnoliaManagedFilter.java:92)
        at info.magnolia.cms.filters.ContentTypeFilter.doFilter(ContentTypeFilter.java:66)
        at info.magnolia.cms.filters.MagnoliaManagedFilter$CustomFilterChain.doFilter(MagnoliaManagedFilter.java:92)
        at info.magnolia.enterprise.registration.RegistrationFilter.doFilter(RegistrationFilter.java:77)
        at info.magnolia.cms.filters.MagnoliaManagedFilter$CustomFilterChain.doFilter(MagnoliaManagedFilter.java:92)
        at info.magnolia.cms.filters.MagnoliaManagedFilter.doFilter(MagnoliaManagedFilter.java:65)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
        at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
        at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:175)
        at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
        at org.jboss.web.tomcat.tc5.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:156)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
        at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
        at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
        at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
        at java.lang.Thread.run(Thread.java:619)

Also here is my map file (some sections generalized for security):

##########################################################################
#
# This code is licensed under the Magnolia Visible Source License (MVSL).
# Please make sure you understand the terms of the license, as you are
# legally bound to it when you make use of this code.
#
# The MVSL is part of the Magnolia Visible Source Software distribution.
# To obtain an additional copy of the license text, please contact
# Magnolia International - see www.magnolia.info for current contact details
#
# Copyright 2005, 2006 Magnolia International Ltd. All rights reserved.
#
##########################################################################

##########################################################################
# JNDI properties
# $Id: map 7623 2006-11-17 16:28:28Z scharles $
##########################################################################

#Initial factory class
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory

# LDAP url
java.naming.provider.url=ldap://ldapserver.mycompany.org:389/

# Security principle name, remove this line if server is not secured
java.naming.security.principal=CN=ldap_user,OU=Service Accounts,OU=Exception Users,DC=mycompany,DC=org

# Password, only if security principle is defined
java.naming.security.credentials=password

##########################################################################
# Name mapping between magnolia defined attributes and how attributes are named
# in custom directory
##########################################################################
initialSearchAttributes=OU=MYCOMPANY Users,DC=mycompany,DC=org
Organization=o
OrganizationUnit=ou
CommonName=cn
Surname=sn
GivenName=givenname
uid=sAMAccountName
dn=dn
mail=mail
GroupId=memberOf
Password=pass
Language=language

##########################################################################
# Password encryption handler class (implementing info.magnolia.sp.ldap.EncryptionHandler)
##########################################################################
encryptionHandler=info.magnolia.sp.ldap.PlainTextEncryptionHandler


##########################################################################
# Following is useful for groupId attribute used in LDAP Authorization
# attribute format :    ldapAttributeName_possibleSeparatorChar
#                       ldapAttributeName_filter
##########################################################################

# Possible multivalue separator char
memberOf_possibleSeparatorChar=,

# group name filter, this will be used while adding assigned group id's
memberOf_filter=CN=

Generated at Mon Feb 12 02:20:41 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.