InvalidNameException occurs for rolesCtxDN using LdapExtLoginModule in EAP
Issue
We have an application that uses role-based authorization. I have configured my login-config.xml
file with the appropriate LDAP settings:-
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">
...(snip)...
<module-option name="rolesCtxDN">CN=Domain Admins,CN=Users,DC=redhat,DC=com</module-option>
<module-option name="throwValidateError">true</module-option>
</login-module>
</authentication>
But the application fails to let me login, and throws an exception:-
javax.naming.InvalidNameException: ,CN=Domain Admins,CN=Users,DC=domain1,DC=winlab,DC=fab,DC=redhat,DC=com: [LDAP: error code 34 - 0000208F: NameErr: DSID-031001D1, problem 2006 (BAD_NAME), data 8350, best match of:
',CN=Domain Admins,CN=Users,DC=domain1,DC=winlab,DC=fab,DC=redhat,DC=com'
^@]; remaining name ',CN=Domain Admins,CN=Users,DC=domain1,DC=winlab,DC=fab,DC=redhat,DC=com'
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3005)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820)
at com.sun.jndi.ldap.LdapCtx.c_getAttributes(LdapCtx.java:1312)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(ComponentDirContext.java:213)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:121)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:109)
at javax.naming.directory.InitialDirContext.getAttributes(InitialDirContext.java:123)
at org.jboss.security.auth.spi.LdapExtLoginModule.rolesSearch(LdapExtLoginModule.java:553)
Environment
- JBoss Enterprise Application Platform 5.x
- JBoss Enterprise Application Platform 6.0.x
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.