Can't configure LDAP on Management Console on EAP 7.3.x and JDK 16
Issue
I am getting the following error when enabling LDAP on Management Console, with JDK 16 and EAP 7.3 with Elytron configuration:
TRACE [org.jboss.remoting.remote.server] (management task-1) Server sending authentication rejected: javax.security.sasl.SaslException: ELY05012: Authentication mechanism server-side authentication failed [Caused by org.wildfly.security.auth.server.RealmUnavailableException: ELY01125: Ldap-backed realm failed to obtain context]
at org.wildfly.security.elytron-private@1.10.13.Final-redhat-00001//org.wildfly.security.sasl.plain.PlainSaslServer.evaluateResponse(PlainSaslServer.java:121)
at org.wildfly.security.elytron-private@1.10.13.Final-redhat-00001//org.wildfly.security.sasl.util.AuthenticationCompleteCallbackSaslServerFactory$1.evaluateResponse(AuthenticationCompleteCallbackSaslServerFactory.java:58)
at org.wildfly.security.elytron-private@1.10.13.Final-redhat-00001//org.wildfly.security.sasl.util.AuthenticationTimeoutSaslServerFactory$DelegatingTimeoutSaslServer.evaluateResponse(AuthenticationTimeoutSaslServerFactory.java:110)
at org.wildfly.security.elytron-private@1.10.13.Final-redhat-00001//org.wildfly.security.sasl.util.SecurityIdentitySaslServerFactory$1.evaluateResponse(SecurityIdentitySaslServerFactory.java:59)
at org.jboss.xnio@3.7.12.Final-redhat-00001//org.xnio.sasl.SaslUtils.evaluateResponse(SaslUtils.java:245)
at org.jboss.xnio@3.7.12.Final-redhat-00001//org.xnio.sasl.SaslUtils.evaluateResponse(SaslUtils.java:217)
at org.jboss.remoting@5.0.23.Final-redhat-00001//org.jboss.remoting3.remote.ServerConnectionOpenListener$AuthStepRunnable.run(ServerConnectionOpenListener.java:484)
at org.jboss.remoting@5.0.23.Final-redhat-00001//org.jboss.remoting3.EndpointImpl$TrackingExecutor.lambda$execute$0(EndpointImpl.java:991)
...
Caused by: org.wildfly.security.auth.server.RealmUnavailableException: ELY01125: Ldap-backed realm failed to obtain context
at org.wildfly.security.elytron-private@1.10.13.Final-redhat-00001//org.wildfly.security.auth.realm.ldap.LdapSecurityRealm.obtainContext(LdapSecurityRealm.java:214)
at org.wildfly.security.elytron-private@1.10.13.Final-redhat-00001//org.wildfly.security.auth.realm.ldap.LdapSecurityRealm.access$600(LdapSecurityRealm.java:101)
at org.wildfly.security.elytron-private@1.10.13.Final-redhat-00001//org.wildfly.security.auth.realm.ldap.LdapSecurityRealm$LdapRealmIdentity.verifyEvidence(LdapSecurityRealm.java:590)
at org.wildfly.security.elytron-private@1.10.13.Final-redhat-00001//org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.verifyEvidence(ServerAuthenticationContext.java:2004)
at org.wildfly.security.elytron-private@1.10.13.Final-redhat-00001//org.wildfly.security.auth.server.ServerAuthenticationContext.verifyEvidence(ServerAuthenticationContext.java:761)
at org.wildfly.security.elytron-private@1.10.13.Final-redhat-00001//org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:1005)
at org.wildfly.security.elytron-private@1.10.13.Final-redhat-00001//org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:915)
at org.wildfly.security.elytron-private@1.10.13.Final-redhat-00001//org.wildfly.security.auth.server.ServerAuthenticationContext$1.handle(ServerAuthenticationContext.java:852)
...
Caused by: javax.naming.NamingException: WFLYNAM0027: Failed instantiate InitialContextFactory com.sun.jndi.ldap.LdapCtxFactory from classloader ModuleClassLoader for Module "org.wildfly.security.elytron-private" version 1.10.13.Final-redhat-00001 from local module loader @4241e0f4 (finder: local module finder @4ebff610 (roots: /home/pesilva/opt/redhat/eap/jboss-eap-7.3/modules,/home/pesilva/opt/redhat/eap/jboss-eap-7.3/modules/system/layers/base/.overlays/layer-base-jboss-eap-7.3.8.CP,/home/pesilva/opt/redhat/eap/jboss-eap-7.3/modules/system/layers/base)) [Root exception is java.lang.IllegalAccessException: class org.jboss.as.naming.InitialContext cannot access class com.sun.jndi.ldap.LdapCtxFactory (in module java.naming) because module java.naming does not export com.sun.jndi.ldap to unnamed module @7d371212]
at org.jboss.as.naming@7.3.8.GA-redhat-00001//org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:120)
at org.jboss.as.naming@7.3.8.GA-redhat-00001//org.jboss.as.naming.InitialContext.init(InitialContext.java:101)
at java.naming/javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
at org.jboss.as.naming@7.3.8.GA-redhat-00001//org.jboss.as.naming.InitialContext.<init>(InitialContext.java:91)
at org.jboss.as.naming@7.3.8.GA-redhat-00001//org.jboss.as.naming.InitialContextFactory.getInitialContext(InitialContextFactory.java:43)
at java.naming/javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:730)
...
Caused by: java.lang.IllegalAccessException: class org.jboss.as.naming.InitialContext cannot access class com.sun.jndi.ldap.LdapCtxFactory (in module java.naming) because module java.naming does not export com.sun.jndi.ldap to unnamed module @7d371212
at java.base/jdk.internal.reflect.Reflection.newIllegalAccessException(Reflection.java:385)
at java.base/java.lang.reflect.AccessibleObject.checkAccess(AccessibleObject.java:687)
at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:489)
at java.base/java.lang.reflect.ReflectAccess.newInstance(ReflectAccess.java:128)
at java.base/jdk.internal.reflect.ReflectionFactory.newInstance(ReflectionFactory.java:350)
at java.base/java.lang.Class.newInstance(Class.java:642)
at org.jboss.as.naming@7.3.8.GA-redhat-00001//org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:116)
... 36 more
Environment
- Red Hat JBoss Enterprise Application Platform (JBoss EAP)
- 7.3 and later
- Elytron
- LDAP
- JDK 16
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
