Realm configuration for active directory

2
votes

I want to authenticate a user who want access specific resource by Active Directory. I use JSF 2.1 and Glassfish 3.1.2. I try this, this, this but it dont work for me. User cant sign in. Always redirect me to error page.

domain.xml snippet:

<auth-realm name="ADREALM" classname="com.sun.enterprise.security.auth.realm.ldap.LDAPRealm">
      <property name="directory" value="LDAP://WIN-AK5HJBX4R4G.my.com/"></property>
      <property name="search-filter" value="(&amp;(objectClass=user)(sAMAccountName=%s))"></property>
      <property name="base-dn" value="DC=my,DC=com"></property>
      <property name="group-search-filter" value="(&amp;(objectClass=group)(member=%d))"></property>
      <property name="jaas-context" value="ldapRealm"></property>
      <property name="assign-groups" value="Domain Users"></property>
      <property name="search-bind-dn" value="WIN-AK5HJBX4R4G.my.com\Administrator"></property>
      <property name="search-bind-password" value="Qwerty123"></property>
</auth-realm>

WIN-AK5HJBX4R4G - it is default name of my virtual server (it can be 192.168.56.101 or just localhost. because webapp is deployed on this server it doesn't mean how it is named, AD also is on this server).

I try some forms of search-bind-dn such as:

WIN-AK5HJBX4R4G.my.com\Administrator <- it works for asp.net so I think it is good form , maybe I'm wrong?
[email protected]
CN=Administrator,CN=Users,DC=my,DC=com

nothing work. User still cant login.

web.xml snippet:

<login-config>
    <auth-method>FORM</auth-method>
    <realm-name>ADREALM</realm-name>
    <form-login-config>
      <form-login-page>/login.xhtml</form-login-page>
      <form-error-page>/loginError.xhtml</form-error-page>
    </form-login-config>
</login-config> 

<security-constraint>
    <display-name>Example Security Constraint</display-name>
    <web-resource-collection>
      <web-resource-name>Protected Pages</web-resource-name>
      <url-pattern>/faces/*</url-pattern>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
    </web-resource-collection>
    <auth-constraint>
      <role-name>user</role-name>
    </auth-constraint>
</security-constraint>

<security-role>
  <description>A Funky User</description>
  <role-name>user</role-name>
</security-role>

glassfish-web.xml snippet:

<security-role-mapping>
    <role-name>user</role-name>
    <group-name>Domain Users</group-name>
</security-role-mapping>

I also added -Djava.naming.referral=follow to JVM Options.

  1. If it possible, where can I check any exceptions or errors etc. "connect to server failed" or "bad password or login"? Are there log files any? or something else?
  2. Did I miss something in my config files?
1
active-directoryglassfishforms-authenticationrealm

1 Answers

1
votes

Resolved.

Add property java.naming.referral=follow to domain.xml.