JBoss AD Login Module configuration

When configuring the JBOSS Ldap login module one, of the parameters is the ldap url that Jboss will use to connect to the Active Directory.

Anyway, when doing an all products in a server install (Jboss + AD + DB on same machine), I blindly enter the following URL for the LDAP connection. ldap://localhost:389 …

This is big troubles, because, using this URL the LDAP login module was always unable to authenticate users with the following error:

ldapctx javax.naming.PartialResultException: Unprocessed Continuation

It took me a while to solve the issue, and it’s quite simple.

First make sure that the domain name is able to be resolved, namely by the command ping domain.com or nslookup domain.com. The domain name must be the Active Directory configured domain name that the LDAP login module is going to connect to make user validation. If the above commands fail, just add the domain name and the AD IP to the hosts file.

Then replace the url from ldap://localhost:389 or from ldap://invalidADname:port to ldap://domain.com:389 and a follow reference configuration line.

Things must look like these now:

<application-policy name=”MyApplicationDomain”>
<authentication>
<login-module code=”org.jboss.security.auth.spi.LdapExtLoginModule” flag=”required” >
<module-option name=”java.naming.provider.url”>ldap://domain.com:389</module-option>
<module-option name=”java.naming.referral”>follow</module-option>
<module-option name=”java.naming.security.authentication”>simple</module-option>


</authentication>

Issue solved…

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s