Forum LAMS for Tech-Heads - General Forum: LAMS LDAP integration problem due to spaces in DN

Back to LAMS for Tech-Heads - General Forum
You may request notification for LAMS LDAP integration problem due to spaces in DN.	Search:

	1: LAMS LDAP integration problem due to spaces in DN By: Ivan Velikov		02/24/14 09:09 AM	[ Reply \| Forward ]
Hi all, I was experimenting with LAMS LDAP(MS) integration and had some trouble with the authentication. Here is the description of my problem: LAMS version: 2.4.201204131000 JAVA version: 1.7.0_51 ----- LDAP settings: Search Filter: sAMAccountName={0} The other LDAP settings Base DN, Bind User DN, etc. are correct - see the lams log below. Lams log: 2014-02-24 16:04:59,879 [http-0.0.0.0-8181-6:] INFO org.lamsfoundation.lams.security.UniversalLoginModule - initialize 2014-02-24 16:04:59,880 [http-0.0.0.0-8181-6:] INFO org.lamsfoundation.lams.security.UniversalLoginModule - login 2014-02-24 16:04:59,880 [http-0.0.0.0-8181-6:] DEBUG org.lamsfoundation.lams.security.UniversalLoginModule - ===> authenticating user: ivelikov 2014-02-24 16:04:59,897 [http-0.0.0.0-8181-6:] DEBUG org.lamsfoundation.lams.security.UniversalLoginModule - ===> authentication type: LDAP 2014-02-24 16:04:59,925 [http-0.0.0.0-8181-6:] DEBUG org.lamsfoundation.lams.security.LDAPAuthenticator - ===> found matching object... 2014-02-24 16:04:59,928 [http-0.0.0.0-8181-6:] DEBUG org.lamsfoundation.lams.security.LDAPAuthenticator - name: CN=Ivan Yyyy Velikov,OU=XXXX Section,OU=XXXXXX YYYYYYY Services Department,OU=XXXXXX DIVISION,OU=_INTEGRATED DIVISION 2014-02-24 16:04:59,929 [http-0.0.0.0-8181-6:] DEBUG org.lamsfoundation.lams.security.LDAPAuthenticator - namespace name: CN=Ivan Yyyy Velikov,OU=XXXX Section,OU=XXXXXX YYYYYYY Services Department,OU=XXXXXX DIVISION,OU=_INTEGRATED DIVISION,DC=xxx,DC=com 2014-02-24 16:04:59,933 [http-0.0.0.0-8181-6:] DEBUG org.lamsfoundation.lams.security.LDAPAuthenticator - ===> LDAP context created using DN: 2014-02-24 16:04:59,934 [http-0.0.0.0-8181-6:] ERROR org.lamsfoundation.lams.security.LDAPAuthenticator - ===> LDAP exception: java.lang.NullPointerException java.lang.NullPointerException at org.lamsfoundation.lams.security.LDAPAuthenticator.authentication(LDAPAuthenticator.java:174) at org.lamsfoundation.lams.security.LDAPAuthenticator.authenticate(LDAPAuthenticator.java:91) at org.lamsfoundation.lams.security.UniversalLoginModule.validatePassword(UniversalLoginModule.java:191) at org.lamsfoundation.lams.security.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:151) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:616) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:784) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695) at javax.security.auth.login.LoginContext.login(LoginContext.java:594) at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552) at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486) at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365) at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160) at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:384) at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:258) at org.lamsfoundation.lams.web.session.LoginFormAuthenticator.authenticate(LoginFormAuthenticator.java:51) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:417) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92) at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126) at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.lamsfoundation.lams.integration.security.SingleSignOn.invoke(SingleSignOn.java:118) at org.lamsfoundation.lams.integration.security.LoginRequestValve.invoke(LoginRequestValve.java:71) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:567) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) at java.lang.Thread.run(Thread.java:679) 2014-02-24 16:04:59,957 [http-0.0.0.0-8181-6:] INFO org.lamsfoundation.lams.security.UniversalLoginModule - User 'ivelikov' authenticated, loginOk=true 2014-02-24 16:04:59,957 [http-0.0.0.0-8181-6:] INFO org.lamsfoundation.lams.security.UniversalLoginModule - commit, loginOk=true 2014-02-24 16:04:59,959 [http-0.0.0.0-8181-6:] INFO org.lamsfoundation.lams.security.UniversalLoginModule - ===> Assign user to role AUTHOR 2014-02-24 16:04:59,963 [http-0.0.0.0-8181-6:] INFO org.lamsfoundation.lams.security.UniversalLoginModule - ===> Assign user to role GROUP ADMIN 2014-02-24 16:04:59,963 [http-0.0.0.0-8181-6:] INFO org.lamsfoundation.lams.security.UniversalLoginModule - ===> Assign user to role GROUP MANAGER 2014-02-24 16:04:59,964 [http-0.0.0.0-8181-6:] INFO org.lamsfoundation.lams.security.UniversalLoginModule - ===> Assign user to role LEARNER 2014-02-24 16:04:59,964 [http-0.0.0.0-8181-6:] INFO org.lamsfoundation.lams.security.UniversalLoginModule - ===> Assign user to role MONITOR Seems that the DN to use in LDAP context is empty, which is not normal. As a result the user 'ivelikov' authenticates with any password. I've tried to use other user with no spaces in DN and everything was fine. Is it possible spaces in the DN to be the root cause for this issue? I've integrated several application with the same AD and did not experience such issues. Regards, Ivan Velikov Posted by Ivan Velikov

Reply to first post on this page

Back to LAMS for Tech-Heads - General Forum