Sometimes BRM does not allow to log-in with correct credentials while using LdapExtLoginModule for authentication through LDAP

Solution Unverified - Updated -

Issue

  • Sometimes, BRM (i.e. Guvnor) does not allow users to log-in, even with correct credentials. BRM is configured to use LdapExtLoginModule for authenticating users through LDAP . Looking at the server.log it throws the following exception during the time it attempts to authenticate the user. Is there a way to find out where the problem lies?
WARN  [org.jboss.security.auth.spi.LdapExtLoginModule] (http-10.10.10.10-8080-3) javax.naming.CommunicationException: xx.yy:100 [Root exception is java.net.ConnectException: Connection timed out]
DEBUG [org.jboss.security.auth.spi.LdapExtLoginModule] (http-10.10.10.10-8080-3) Bad password for username=Test
javax.naming.CommunicationException: xx.yy:100 [Root exception is java.net.ConnectException: Connection timed out]
    at com.sun.jndi.ldap.Connection.<init>(Connection.java:209)
    at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:116)
    at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1582)
    at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2678)
    ...
    at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
    at org.jboss.security.auth.spi.LdapExtLoginModule.constructInitialLdapContext(LdapExtLoginModule.java:675)
    at org.jboss.security.auth.spi.LdapExtLoginModule.createLdapInitContext(LdapExtLoginModule.java:448)
    at org.jboss.security.auth.spi.LdapExtLoginModule.validatePassword(LdapExtLoginModule.java:332)
    at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:271)
    ...
Caused by: java.net.ConnectException: Connection timed out
    at java.net.PlainSocketImpl.socketConnect(Native Method)
    at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:351)
    at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:213)
    ...
    at com.sun.jndi.ldap.Connection.createSocket(Connection.java:351)
    at com.sun.jndi.ldap.Connection.<init>(Connection.java:186)
    ...
TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] (http-10.10.10.10-8080-3) abort
ERROR [org.drools.guvnor.server.security.SecurityServiceImpl] (http-10.10.10.10-8080-3) Unable to login.
javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
    at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:274)
    ...
Caused by: javax.naming.CommunicationException: xx.yy:100 [Root exception is java.net.ConnectException: Connection timed out]
    at com.sun.jndi.ldap.Connection.<init>(Connection.java:209)
    ...
    at org.jboss.security.auth.spi.LdapExtLoginModule.validatePassword(LdapExtLoginModule.java:332)
    at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:271)
    ... 51 more
Caused by: java.net.ConnectException: Connection timed out
    at java.net.PlainSocketImpl.socketConnect(Native Method)
    ...
    at com.sun.jndi.ldap.Connection.createSocket(Connection.java:351)
    at com.sun.jndi.ldap.Connection.<init>(Connection.java:186)
    ...

Environment

  • Red Hat JBoss BRMS (BRMS)
    • 5.3.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In