[jetty-users] Re: Problems configuring Jetty for LDAP authentication

[Loren Cahlander <loren.cahlander@xxxxxxxxx>]

I found my problem.  If I change forceBindingLogin to true in login.conf, then everything works.

On Jun 14, 2010, at 10:25 AM, Loren Cahlander wrote:

> Hello,
> 
> I am trying to configure Jetty for LDAP authentication.  Can someone tell me what is wrong in my login.conf?
> 
> Here is an authentication that works under the Apache 2.2 configuration:
> 
>    Alias /doc/ "/usr/share/doc/"
>    <Directory "/usr/share/doc/">
>        Options Indexes MultiViews FollowSymLinks
>        AllowOverride None
>                Order allow,deny
>                Allow from all
>           AuthBasicProvider ldap
>           AuthUserFile /dev/null
>           AuthType Basic
>           AuthName "Subversion Authentication"
>           AuthBasicProvider ldap
>           # The distinguished name to bind to the directory server
>           AuthLDAPBindDN "cn=admin,dc=exist-db,dc=org"
> 
>           # The password for the user above
>           AuthLDAPBindPassword "1234"
>           AuthLDAPUrl "ldap://127.0.0.1:389/ou=Users,dc=exist-db,dc=org?uid?sub?(objectclass=posixAccount)"
>           AuthLDAPGroupAttribute memberUid
>           AuthLDAPGroupAttributeIsDN off
>           AuthLDAPCompareDNOnServer off
>           AuthzLDAPAuthoritative on
>           Require ldap-group cn=dba,ou=Groups,dc=exist-db,dc=org
> 
>    </Directory>
> 
> Here is the Authentication Login Service information in jetty.xml:
> 
>    <!-- =========================================================== -->
>    <!-- Configure Authentication Login Service                      -->
>    <!-- =========================================================== -->
>    <Call class="java.lang.System" name="setProperty">
>      <Arg>java.security.auth.login.config</Arg>
>      <Arg><SystemProperty name="jetty.home" default="." />/etc/login.conf</Arg>
>    </Call>
> 
>    <Call name="addBean">
>      <Arg>
>        <New class="org.eclipse.jetty.plus.jaas.JAASLoginService">
>          <Set name="name">JAASLoginService</Set>
>          <Set name="LoginModuleName">eXistDB</Set>
>        </New>
>      </Arg>
>    </Call>
> 
> 
> My login.conf under Jetty is:
> 
> eXistDB {
> org.eclipse.jetty.plus.jaas.spi.LdapLoginModule REQUIRED
>    debug="true"
>    useLdaps="false"
>    contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
>    hostname="127.0.0.1"
>    port="389"
>    bindDn="cn=admin,dc=exist-db,dc=org"
>    bindPassword="1234"
>    authenticationMethod="simple"
>    forceBindingLogin="false"
>    userBaseDn="ou=Users,dc=exist-db,dc=org"
>    userRdnAttribute="uid"
>    userIdAttribute="uid"
>    userPasswordAttribute="userPassword"
>    userObjectClass="posixAccount"
>    roleBaseDn="ou=Groups,dc=exist-db,dc=org"
>    roleNameAttribute="cn"
>    roleMemberAttribute="memberUid"
>    roleObjectClass="posixGroup";
> };
> 
> 
> And I am getting the following error:
> 
> 
> 14 Jun 2010 10:20:08,143 [qtp2133251039-20] INFO  (Slf4jLog.java [info]:92) - Searching for users with filter: '(&(objectClass={0})({1}={2}))' from base dn: ou=Users,dc=exist-db,dc=org 
> 14 Jun 2010 10:20:08,145 [qtp2133251039-20] INFO  (Slf4jLog.java [info]:92) - Found user?: true 
> 14 Jun 2010 10:20:08,152 [qtp2133251039-20] WARN  (Slf4jLog.java [warn]:124) - EXCEPTION  
> javax.security.auth.login.LoginException: Login Failure: all modules ignored
> 	at javax.security.auth.login.LoginContext.invoke(LoginContext.java:936)
> 	at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
> 	at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698)
> 	at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696)
> 	at java.security.AccessController.doPrivileged(Native Method)
> 	at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695)
> 	at javax.security.auth.login.LoginContext.login(LoginContext.java:594)
> 	at org.eclipse.jetty.plus.jaas.JAASLoginService.login(JAASLoginService.java:203)
> 	at org.eclipse.jetty.security.authentication.FormAuthenticator.validateRequest(FormAuthenticator.java:174)
> 	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:417)
> 	at org.eclipse.jetty.server.session.SessionHandler.handle(SessionHandler.java:182)
> 	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:933)
> 	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:362)
> 	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:867)
> 	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)
> 	at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:126)
> 	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:113)
> 	at org.eclipse.jetty.server.Server.handle(Server.java:334)
> 	at org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:559)
> 	at org.eclipse.jetty.server.HttpConnection$RequestHandler.content(HttpConnection.java:1007)
> 	at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:747)
> 	at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:209)
> 	at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:406)
> 	at org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:462)
> 	at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:436)
> 	at java.lang.Thread.run(Thread.java:636)
>