GlassFish Security Realm, Active Directory and Referral

Posted by Allan Lykke Christensen on Stack Overflow See other posts from Stack Overflow or by Allan Lykke Christensen
Published on 2010-04-28T18:04:00Z Indexed on 2010/04/28 18:07 UTC
Read the original article Hit count: 516

Filed under:
|
|

I've setup up a Security Realm in Glassfish to authenticate against an Active Directory server. The configuration of the realm is as follows:

Class Name: com.sun.enterprise.security.auth.realm.ldap.LDAPRealm
JAAS context:  ldapRealm
Directory: ldap://172.16.76.10:389/
Base DN:  dc=smallbusiness,dc=local
search-filter: (&(objectClass=user)(sAMAccountName=%s))
group-search-filter: (&(objectClass=group)(member=%d))
search-bind-dn: cN=Administrator,CN=Users,dc=smallbusiness,dc=local
search-bind-password: abcd1234!

The realm is functional and I can log-in, but when ever I log in I get the following error in the log:

SEC1106: Error during LDAP search with filter [(&(objectClass=group)(member=CN=Administrator,CN=Users,dc=smallbusiness,dc=local))].
SEC1000: Caught exception.
    javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name 'dc=smallbusiness,dc=local'
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820)
        ....
        ....
ldaplm.searcherror

While searching for a solution I found that it was recommended to add java.naming.referral=follow to the properties of the realm. However, after I add this it takes 20 minutes for GlassFish to authenticate against Active Directory. I suspect it is a DNS problem on the Active Directory server. The Active Directory server is a vanilla Windows Server 2003 setup in a Virtual Machine.

Any help/recommendation is highly appreciated!

© Stack Overflow or respective owner

Related posts about glassfish

Related posts about java