InvalidNameException occurs for rolesCtxDN using LdapExtLoginModule in EAP

Solution Unverified - Updated -


We have an application that uses role-based authorization. I have configured my login-config.xml file with the appropriate LDAP settings:-

        <login-module code="" flag="required">
            <module-option name="rolesCtxDN">CN=Domain Admins,CN=Users,DC=redhat,DC=com</module-option>
            <module-option name="throwValidateError">true</module-option>

But the application fails to let me login, and throws an exception:-

javax.naming.InvalidNameException: ,CN=Domain Admins,CN=Users,DC=domain1,DC=winlab,DC=fab,DC=redhat,DC=com: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001D1, problem 2006 (BAD_NAME), data 8350, best match of:
    ',CN=Domain Admins,CN=Users,DC=domain1,DC=winlab,DC=fab,DC=redhat,DC=com'
^@]; remaining name ',CN=Domain Admins,CN=Users,DC=domain1,DC=winlab,DC=fab,DC=redhat,DC=com'
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(
    at com.sun.jndi.ldap.LdapCtx.c_getAttributes(
    at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(
    at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(
    at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(


  • JBoss Enterprise Application Platform 5.x
  • JBoss Enterprise Application Platform 6.0.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content