AdvancedADLoginModule after SPNEGO is returning an incomplete primary group

Solution Verified - Updated -

Issue

  • We have configured the SPNEGO and the AdvancedADLoginModule to fetch the users groups from AD including the primary group of the user. Login is fine, but we see the group search fail with InvalidNameException and the search found primary group "CN=OurUsers,OU=Admins,null"

  • 10:12:19,820 TRACE [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-test/1.2.3.4:8080-1) Failed to query roleNameAttrName: javax.naming.InvalidNameException: CN=OurUsers,OU=Admins,null: [LDAP: error code 34 - 0000208F: NameErr: DSID-03100225, problem 2006 (BAD_NAME), data 8350, best match of:
    'CN=OurUsers,OU=Admins,null'

Environment

  • Red Hat JBoss Enterprise Application Platform (EAP)
    • 6.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.