AdvancedADLoginModule after SPNEGO is returning an incomplete primary group

Solution Verified - Updated -

Issue

  • We have configured the SPNEGO and the AdvancedADLoginModule to fetch the users groups from AD including the primary group of the user. Login is fine, but we see the group search fail with InvalidNameException and the search found primary group "CN=OurUsers,OU=Admins,null"

  • 10:12:19,820 TRACE [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-test/1.2.3.4:8080-1) Failed to query roleNameAttrName: javax.naming.InvalidNameException: CN=OurUsers,OU=Admins,null: [LDAP: error code 34 - 0000208F: NameErr: DSID-03100225, problem 2006 (BAD_NAME), data 8350, best match of:
    'CN=OurUsers,OU=Admins,null'

Environment

  • Red Hat JBoss Enterprise Application Platform (EAP)
    • 6.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content