In this release of JBoss EAP 6 the `LdapExtLoginModule` does not set the TCCL to the classloader of a (configurable) JBoss module. The JBoss module would contain a custom socket factory.
As a consequence the `LdapExtLoginModule` cannot use custom socket factories for creating connections to the ldap server. A `ClassNotFoundException` will be thrown when attempting to use a custom socket factory with the `LdapExtLoginModule`.
This issue will be resolved in a future release of the product.
Description of problem:
LdapExtLoginModule cannot find custom ldap socket factory.
Passing the "java.naming.ldap.factory.socket" property in as an
module-option:
<module-option name="java.naming.ldap.factory.socket" value="org.jboss.example.CustomSocketFactory"/>
results in a ClassNotFoundException:
Caused by: javax.naming.CommunicationException: 192.168.1.8:389 [Root exception is java.lang.ClassNotFoundException: org/jboss/example/CustomSocketFactory]
at com.sun.jndi.ldap.Connection.<init>(Connection.java:226) [rt.jar:1.7.0_45]
at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:136) [rt.jar:1.7.0_45]
at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1608) [rt.jar:1.7.0_45]
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2698) [rt.jar:1.7.0_45]
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:316) [rt.jar:1.7.0_45]
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193) [rt.jar:1.7.0_45]
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211) [rt.jar:1.7.0_45]
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154) [rt.jar:1.7.0_45]
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84) [rt.jar:1.7.0_45]
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) [rt.jar:1.7.0_45]
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307) [rt.jar:1.7.0_45]
at javax.naming.InitialContext.init(InitialContext.java:242) [rt.jar:1.7.0_45]
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:153) [rt.jar:1.7.0_45]
at org.jboss.security.auth.spi.LdapExtLoginModule.constructInitialLdapContext(LdapExtLoginModule.java:767) [picketbox-4.0.17.SP2-redhat-2.jar:4.0.17.SP2-redhat-2]
I tried making the custom socket factory into a jboss module and adding the module as a dependency to picketbox and
sun.jdk. Unfortunately, that did not work. I also added the socket
factory jar to the jre/lib/ext directory. That didn't work either.
Created attachment 922473[details]
custom-socket-factory.jar
Adding reproducer - JAR with a custom SocketFactory implementation.
Enable it for the LDAP login module(s) by adding module option:
<module-option name="java.naming.ldap.factory.socket" value="org.jboss.example.CustomSocketFactory"/>
It prints debug output when it's used. E.g.
>>> org.jboss.example.CustomSocketFactory.getDefault : 42
>>> org.jboss.example.CustomSocketFactory.<init> : 38
>>> org.jboss.example.CustomSocketFactory.createSocket : 48