Skip to main content

Unable to bind ldap context from custom ressource

1 reply [Last post]
rsoika
Offline
Joined: 2006-12-09
Points: 0

Hi,
I have a strage problem when I try to bind a custom ldap resource from Glassfish in an EJB.
I have configured a custom ldap resource and try to lookup it with the following code:

Context initCtx = new InitialContext();
ldapCtx = (LdapContext) initCtx.lookup("my.jndi.ldap-Custom-Resource");

I use the resource type 'javax.naming.directory.Directory' with the FactoryClass 'com.sun.jndi.ldap.LdapCtxFactory'.
Everything works fine. I can use the ldapCtx object to search through my ldap directory.

But when I try the same thing in a productive environment by my customer I need to authenticate the ldap connection because anonymous bind is not allowed here. So I added the credentials and prinicpal properties to my resource configuration on glassfish. The lookup seems to work. But when I try to search an object I got the following error:

javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece ]; remaining name 'DC=wolfwurst,DC=local'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3107)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1829)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1752)

I can not figure out how to solve this issue. I tried every setting in the custom properties and also tested it with different external LDAP directories. I have no success. It seems that environment properties like principal and credentials are totally ignored by a custom resource?

So my only workarround is to setup the ldap connection hard coded in my EJB code which works well:

Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, username);
env.put(Context.SECURITY_CREDENTIALS, password);
env.put(Context.PROVIDER_URL, server);
ldapCtx = new InitialLdapContext(env, null);

I am sure to work with the correct userid/password and I have tested it a lot of hours (with different property names and in GlassFish V2 and also GlassFish V3).
Can anybody confirm that a authenticated ldap binding via a custom resource is not possible with GlassFish?

Thanks for any hints.

=====
Ralph

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
rsoika
Offline
Joined: 2006-12-09
Points: 0

I found out that the reason was the configuration of a 'custom jndi resource' instead of an 'external jndi resource'.
After I changed the resource type now everything works well.
I posted the typical setup for an Microsoft Active Directory here:
http://www.imixs.org/roller/ralphsjavablog/entry/glassfish_active_directory

===
Ralph