https://bz.apache.org/bugzilla/show_bug.cgi?id=64011
Bug ID: 64011
Summary: JNDIRealm no longer authenticates to LDAP
Product: Tomcat 8
Version: 8.5.50
Hardware: PC
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ----
This works in 8.5.49 and stops working in 8.5.50
jaas.conf:
ORDS {
com.sun.security.auth.module.Krb5LoginModule required
doNotPrompt=true
principal="HTTP/[email protected]"
useKeyTab=true
keyTab="krb5.keytab"
storeKey=true;
};
ords.xml:
<?xml version="1.0" encoding="UTF-8"?>
<Context>
<Valve className="org.apache.catalina.authenticator.SpnegoAuthenticator"
loginConfigName="ORDS"
/>
<Realm className="org.apache.catalina.realm.JNDIRealm"
connectionURL="ldap://ldap1:3268";
alternateURL="ldap://ldap2:3268";
userSearch="(sAMAccountName={0})"
userBase="DC=realm,DC=com"
userSubtree="true"
roleSearch="(member={0})"
roleBase="DC=realm,DC=com"
roleName="CN"
roleSubtree="true"
allRolesMode="authOnly"
spnegoDelegationQop="auth"
stripRealmForGss="true"
authentication="none"
referrals="ignore"
useDelegatedCredential="true"
/>
</Context>
This now gives the following error:
17-Dec-2019 13:16:30.754 SEVERE [https-jsse-nio-10843-exec-3]
org.apache.catalina.realm.JNDIRealm.getPrincipal Exception performing
authentication
javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr:
DSID-0C090A4C, comment: In order to perform this operation a successful bind
must be completed on the connection., data 0, v3839 ]; remaining name
'DC=realm,DC=com'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3194)
at
com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3100)
at
com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2891)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1846)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
at
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341)
at
javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
at
org.apache.catalina.realm.JNDIRealm.getUserBySearch(JNDIRealm.java:1693)
at
org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1528)
at
org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1456)
at
org.apache.catalina.realm.JNDIRealm.getPrincipal(JNDIRealm.java:2354)
at
org.apache.catalina.realm.JNDIRealm.getPrincipal(JNDIRealm.java:2280)
at
org.apache.catalina.realm.JNDIRealm.getPrincipal(JNDIRealm.java:2260)
at
org.apache.catalina.realm.RealmBase.getPrincipal(RealmBase.java:1283)
at
org.apache.catalina.realm.RealmBase.authenticate(RealmBase.java:501)
at
org.apache.catalina.authenticator.SpnegoAuthenticator$AuthenticateAction.run(SpnegoAuthenticator.java:344)
at
org.apache.catalina.authenticator.SpnegoAuthenticator$AuthenticateAction.run(SpnegoAuthenticator.java:329)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:360)
at
org.apache.catalina.authenticator.SpnegoAuthenticator.doAuthenticate(SpnegoAuthenticator.java:243)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:633)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
at
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:678)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:609)
at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:810)
at
org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1623)
at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
