Skip to main content

Unable to bind ldap context from custom ressource

1 reply [Last post]
Joined: 2006-12-09

I have a strage problem when I try to bind a custom ldap resource from Glassfish in an EJB.
I have configured a custom ldap resource and try to lookup it with the following code:

Context initCtx = new InitialContext();
ldapCtx = (LdapContext) initCtx.lookup("my.jndi.ldap-Custom-Resource");

I use the resource type '' with the FactoryClass 'com.sun.jndi.ldap.LdapCtxFactory'.
Everything works fine. I can use the ldapCtx object to search through my ldap directory.

But when I try the same thing in a productive environment by my customer I need to authenticate the ldap connection because anonymous bind is not allowed here. So I added the credentials and prinicpal properties to my resource configuration on glassfish. The lookup seems to work. But when I try to search an object I got the following error:

javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece ]; remaining name 'DC=wolfwurst,DC=local'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(
at com.sun.jndi.ldap.LdapCtx.processReturnCode(
at com.sun.jndi.ldap.LdapCtx.processReturnCode(
at com.sun.jndi.ldap.LdapCtx.searchAux(
at com.sun.jndi.ldap.LdapCtx.c_search(

I can not figure out how to solve this issue. I tried every setting in the custom properties and also tested it with different external LDAP directories. I have no success. It seems that environment properties like principal and credentials are totally ignored by a custom resource?

So my only workarround is to setup the ldap connection hard coded in my EJB code which works well:

Hashtable env = new Hashtable();
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, username);
env.put(Context.SECURITY_CREDENTIALS, password);
env.put(Context.PROVIDER_URL, server);
ldapCtx = new InitialLdapContext(env, null);

I am sure to work with the correct userid/password and I have tested it a lot of hours (with different property names and in GlassFish V2 and also GlassFish V3).
Can anybody confirm that a authenticated ldap binding via a custom resource is not possible with GlassFish?

Thanks for any hints.


Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Joined: 2006-12-09

I found out that the reason was the configuration of a 'custom jndi resource' instead of an 'external jndi resource'.
After I changed the resource type now everything works well.
I posted the typical setup for an Microsoft Active Directory here: