geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lu Jiang (JIRA)" <j...@apache.org>
Subject [jira] Closed: (GERONIMO-4997) Can not connect to a ldap server in an anonymous way
Date Fri, 26 Feb 2010 09:26:28 GMT

     [ https://issues.apache.org/jira/browse/GERONIMO-4997?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Lu Jiang closed GERONIMO-4997.
------------------------------

    Resolution: Fixed

    Oops,the userBase and roleBase I used in the security realm file are "userBase=ou=users,ou=system",
"roleBase=ou=groups,ou=system".
    but Apache DS has a few minimal built-in rules for protecting users and groups.
    Users  except the adminr user cannot access or search  the 'ou=users,ou=system' and "ou=groups,ou=system"entry.
They are  protected from access or alteration by anyone other than the admin user. So when
try to access anonymously,authentication error will occur.
    In order to connect to Apache DS successfully,we should create a new directory instead
of a default "ou=users,ou=system","ou=groups,ou=system"and put user info there.
    Thanks Ivan for reviewing this issue and pointing  this out.


> Can not connect to a ldap server in an anonymous way
> ----------------------------------------------------
>
>                 Key: GERONIMO-4997
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-4997
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: security
>    Affects Versions: 2.1.4, 2.2
>         Environment: OS:Windows XP SP2
> Server: Geronimo 2.2
> JDK:1.6
>            Reporter: Lu Jiang
>            Priority: Minor
>             Fix For: 2.1.5, 2.2.1, 3.0
>
>         Attachments: geronimo-security-2.1.4.jar
>
>
> I tried to deploy an web application which uses Apache Directory Server for user authentication.
> So I created a realm file as follows and add a reference to this realm file in deploy
plan
> <module xmlns="http://geronimo.apache.org/xml/ns/deployment-1.2">
>     <environment>
>         <moduleId>
>             <groupId>console.realm</groupId>
>             <artifactId>testLDAP</artifactId>
>             <version>1.0</version>
>             <type>car</type>
>         </moduleId>
>         <dependencies>
>             <dependency>
>                 <groupId>org.apache.geronimo.framework</groupId>
>                 <artifactId>j2ee-security</artifactId>
>                 <type>car</type>
>             </dependency>
>         </dependencies>
>     </environment>
>     <gbean name="testLDAP" class="org.apache.geronimo.security.realm.GenericSecurityRealm"
xsi:type="dep:gbeanType" xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
>         <attribute name="realmName">testLDAP</attribute>
>         <reference name="ServerInfo">
>             <name>ServerInfo</name>
>         </reference>
>         <xml-reference name="LoginModuleConfiguration">
>             <log:login-config xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-2.0">
>                 <log:login-module control-flag="REQUIRED" wrap-principals="false">
>                     <log:login-domain-name>testLDAP</log:login-domain-name>
>                     <log:login-module-class>org.apache.geronimo.security.realm.providers.LDAPLoginModule</log:login-module-class>
>                     <log:option name="connectionURL">ldap://pages.test.com:389</log:option>
>                     <log:option name="roleBase">ou=members,ou=testgroups,o=test.com</log:option>
>                     <log:option name="initialContextFactory">com.sun.jndi.ldap.LdapCtxFactory</log:option>
>                     <log:option name="roleName">cn</log:option>
>                     <log:option name="roleSearchMatching">uniquemember={0}</log:option>
>                     <log:option name="roleSearchSubtree">false</log:option>
>                     <log:option name="userRoleName">uniquemember={0}</log:option>
>                     <log:option name="authentication">simple</log:option>
>                     <log:option name="userSearchSubtree">true</log:option>
>                     <log:option name="userBase">ou=users,o=test.com</log:option>
>                     <log:option name="userSearchMatching">(mail={0})</log:option>
>                 </log:login-module>
>             </log:login-config>
>         </xml-reference>
>     </gbean>
> </module>
> It provides no connectionUsername and password ,because I intend to connect the ldap
server anonymously.
> Eache time,I login the web application ,it will try to connect the Apache directory server
to authenticate users.
> But a NullPointerException will always occur.
> Caused by: 
> java.lang.NullPointerException
> 	at java.util.Hashtable.put(Hashtable.java:770)
> 	at org.apache.geronimo.security.realm.providers.LDAPLoginModule.open(LDAPLoginModule.java:455)
> 	at org.apache.geronimo.security.realm.providers.LDAPLoginModule.authenticate(LDAPLoginModule.java:267)
> 	at org.apache.geronimo.security.realm.providers.LDAPLoginModule.login(LDAPLoginModule.java:186)
> 	... 28 more

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message