Skip to main content

Glassfish LDAP JAAC Active Directory Error Code 10

No replies
pevets
Offline
Joined: 2009-06-26

I am trying to connect my glassfish app server to our companies active directory for authentication. i found a tutorial http://blog.gascoyne.de/archives/5 to set it up but i am getting an error that i cant find any information about on the web.

directory = ldap://ads.host.name:389
base-dn = DC=domain,DC=com
search-bind-dn = user
search-bind-password = password
search-filter = (&(objectClass=user)(sAMAccountName=%s))
group-search-filter = (&(objectClass=group)(member=%d))
jaas-context = ldapRealm

-Djava.naming.referral=follow
Added to the JVM Options

sun-web.xml
<?xml version="1.0" encoding="UTF-8"?>

/LDAPtest

userRole
DomainUsers

Keep a copy of the generated servlet class' java code.

web.xml
<?xml version="1.0" encoding="UTF-8"?>

30

index.jsp

BASIC
ads-realm

userRole

SecurityConstraint

SecuredFolder
/pages/*

userRole

NONE

SEC1106: Error during LDAP search with filter [(&(objectClass=user)(sAMAccountName=USERNAME))].
SEC1000: Caught exception.
javax.naming.PartialResultException: [LDAP: error code 10 - 0000202B: RefErr: DSID-0310063C, data 0, 1 access points
ref 1: 'idexxi.com'
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2850)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2767)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1821)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1744)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248)
at com.sun.enterprise.security.auth.realm.ldap.LDAPRealm.userSearch(LDAPRealm.java:484)
at com.sun.enterprise.security.auth.realm.ldap.LDAPRealm.findAndBind(LDAPRealm.java:403)
at com.sun.enterprise.security.auth.login.LDAPLoginModule.authenticate(LDAPLoginModule.java:111)
at com.sun.enterprise.security.auth.login.PasswordLoginModule.authenticateUser(PasswordLoginModule.java:90)
at com.sun.appserv.security.AppservPasswordLoginModule.login(AppservPasswordLoginModule.java:184)
at sun.reflect.GeneratedMethodAccessor309.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at com.sun.enterprise.security.auth.LoginContextDriver.doPasswordLogin(LoginContextDriver.java:319)
at com.sun.enterprise.security.auth.LoginContextDriver.login(LoginContextDriver.java:177)
at com.sun.enterprise.security.auth.LoginContextDriver.login(LoginContextDriver.java:130)
at com.sun.web.security.RealmAdapter.authenticate(RealmAdapter.java:522)
at com.sun.web.security.RealmAdapter.authenticate(RealmAdapter.java:462)
at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:177)
at com.sun.web.security.RealmAdapter.invokeAuthenticateDelegate(RealmAdapter.java:1216)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:643)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:625)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:593)
at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:94)
at com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:98)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:222)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:648)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:593)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:587)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1096)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:166)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:648)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:593)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:587)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1096)
at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:288)
at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.invokeAdapter(DefaultProcessorTask.java:647)
at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.doProcess(DefaultProcessorTask.java:579)
at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.process(DefaultProcessorTask.java:831)
at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.executeProcessorTask(DefaultReadTask.java:341)
at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:263)
at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:214)
at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:265)
at com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:106)
SEC5046: Audit: Authentication refused for [USERNAME].
Web login failed: Login failed: javax.security.auth.login.LoginException: javax.security.auth.login.LoginException: User USERNAME not found.