Hi all,
I was experimenting with LAMS LDAP(MS) integration and had some trouble with the authentication.
Here is the description of my problem:
LAMS version: 2.4.201204131000
JAVA version: 1.7.0_51
-----
LDAP settings:
Search Filter: sAMAccountName={0}
The other LDAP settings Base DN, Bind User DN, etc. are correct - see the lams log below.
Lams log:
2014-02-24 16:04:59,879 [http-0.0.0.0-8181-6:] INFO org.lamsfoundation.lams.security.UniversalLoginModule - initialize
2014-02-24 16:04:59,880 [http-0.0.0.0-8181-6:] INFO org.lamsfoundation.lams.security.UniversalLoginModule - login
2014-02-24 16:04:59,880 [http-0.0.0.0-8181-6:] DEBUG org.lamsfoundation.lams.security.UniversalLoginModule - ===> authenticating user: ivelikov
2014-02-24 16:04:59,897 [http-0.0.0.0-8181-6:] DEBUG org.lamsfoundation.lams.security.UniversalLoginModule - ===> authentication type: LDAP
2014-02-24 16:04:59,925 [http-0.0.0.0-8181-6:] DEBUG org.lamsfoundation.lams.security.LDAPAuthenticator - ===> found matching object...
2014-02-24 16:04:59,928 [http-0.0.0.0-8181-6:] DEBUG org.lamsfoundation.lams.security.LDAPAuthenticator - name: CN=Ivan Yyyy Velikov,OU=XXXX Section,OU=XXXXXX YYYYYYY Services Department,OU=XXXXXX DIVISION,OU=_INTEGRATED DIVISION
2014-02-24 16:04:59,929 [http-0.0.0.0-8181-6:] DEBUG org.lamsfoundation.lams.security.LDAPAuthenticator - namespace name: CN=Ivan Yyyy Velikov,OU=XXXX Section,OU=XXXXXX YYYYYYY Services Department,OU=XXXXXX DIVISION,OU=_INTEGRATED DIVISION,DC=xxx,DC=com
2014-02-24 16:04:59,933 [http-0.0.0.0-8181-6:] DEBUG org.lamsfoundation.lams.security.LDAPAuthenticator - ===> LDAP context created using DN:
2014-02-24 16:04:59,934 [http-0.0.0.0-8181-6:] ERROR org.lamsfoundation.lams.security.LDAPAuthenticator - ===> LDAP exception: java.lang.NullPointerException
java.lang.NullPointerException
at org.lamsfoundation.lams.security.LDAPAuthenticator.authentication(LDAPAuthenticator.java:174)
at org.lamsfoundation.lams.security.LDAPAuthenticator.authenticate(LDAPAuthenticator.java:91)
at org.lamsfoundation.lams.security.UniversalLoginModule.validatePassword(UniversalLoginModule.java:191)
at org.lamsfoundation.lams.security.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:151)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:784)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695)
at javax.security.auth.login.LoginContext.login(LoginContext.java:594)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:384)
at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:258)
at org.lamsfoundation.lams.web.session.LoginFormAuthenticator.authenticate(LoginFormAuthenticator.java:51)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:417)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.lamsfoundation.lams.integration.security.SingleSignOn.invoke(SingleSignOn.java:118)
at org.lamsfoundation.lams.integration.security.LoginRequestValve.invoke(LoginRequestValve.java:71)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:567)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:679)
2014-02-24 16:04:59,957 [http-0.0.0.0-8181-6:] INFO org.lamsfoundation.lams.security.UniversalLoginModule - User 'ivelikov' authenticated, loginOk=true
2014-02-24 16:04:59,957 [http-0.0.0.0-8181-6:] INFO org.lamsfoundation.lams.security.UniversalLoginModule - commit, loginOk=true
2014-02-24 16:04:59,959 [http-0.0.0.0-8181-6:] INFO org.lamsfoundation.lams.security.UniversalLoginModule - ===> Assign user to role AUTHOR
2014-02-24 16:04:59,963 [http-0.0.0.0-8181-6:] INFO org.lamsfoundation.lams.security.UniversalLoginModule - ===> Assign user to role GROUP ADMIN
2014-02-24 16:04:59,963 [http-0.0.0.0-8181-6:] INFO org.lamsfoundation.lams.security.UniversalLoginModule - ===> Assign user to role GROUP MANAGER
2014-02-24 16:04:59,964 [http-0.0.0.0-8181-6:] INFO org.lamsfoundation.lams.security.UniversalLoginModule - ===> Assign user to role LEARNER
2014-02-24 16:04:59,964 [http-0.0.0.0-8181-6:] INFO org.lamsfoundation.lams.security.UniversalLoginModule - ===> Assign user to role MONITOR
Seems that the DN to use in LDAP context is empty, which is not normal.
As a result the user 'ivelikov' authenticates with any password.
I've tried to use other user with no spaces in DN and everything was fine.
Is it possible spaces in the DN to be the root cause for this issue?
I've integrated several application with the same AD and did not experience such issues.
Regards,
Ivan Velikov
Posted by Ivan Velikov