Bug 1052644 - [GSS] (6.4.z) LdapExtLoginModule cannot find custom ldap socket factory
Summary: [GSS] (6.4.z) LdapExtLoginModule cannot find custom ldap socket factory
Alias: None
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Security
Version: 6.2.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: CR1
: EAP 6.4.5
Assignee: Peter Skopek
QA Contact: Josef Cacek
Russell Dickenson
: 1068665 (view as bug list)
Depends On:
Blocks: 1068665 1235745 1255390
TreeView+ depends on / blocked
Reported: 2014-01-13 21:50 UTC by Derek Horton
Modified: 2020-01-29 14:41 UTC (History)
12 users (show)

Fixed In Version:
Doc Type: Known Issue
Doc Text:
In this release of JBoss EAP 6 the `LdapExtLoginModule` does not set the TCCL to the classloader of a (configurable) JBoss module. The JBoss module would contain a custom socket factory. As a consequence the `LdapExtLoginModule` cannot use custom socket factories for creating connections to the ldap server. A `ClassNotFoundException` will be thrown when attempting to use a custom socket factory with the `LdapExtLoginModule`. This issue will be resolved in a future release of the product.
Clone Of:
: 1068665 (view as bug list)
Last Closed:
Type: Bug

Attachments (Terms of Use)
custom-socket-factory.jar (4.89 KB, application/x-java-archive)
2014-07-30 09:29 UTC, Josef Cacek
no flags Details

System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker SECURITY-784 0 Major Closed LdapExtLoginModule cannot find custom ldap socket factory 2020-01-29 14:40:59 UTC

Description Derek Horton 2014-01-13 21:50:08 UTC
Description of problem:

LdapExtLoginModule cannot find custom ldap socket factory.
Passing the "java.naming.ldap.factory.socket" property in as an
<module-option name="java.naming.ldap.factory.socket" value="org.jboss.example.CustomSocketFactory"/>
results in a ClassNotFoundException:
Caused by: javax.naming.CommunicationException: [Root exception is java.lang.ClassNotFoundException: org/jboss/example/CustomSocketFactory]
at com.sun.jndi.ldap.Connection.<init>(Connection.java:226) [rt.jar:1.7.0_45]
at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:136) [rt.jar:1.7.0_45]
at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1608) [rt.jar:1.7.0_45]
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2698) [rt.jar:1.7.0_45]
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:316) [rt.jar:1.7.0_45]
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193) [rt.jar:1.7.0_45]
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211) [rt.jar:1.7.0_45]
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154) [rt.jar:1.7.0_45]
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84) [rt.jar:1.7.0_45]
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) [rt.jar:1.7.0_45]
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307) [rt.jar:1.7.0_45]
at javax.naming.InitialContext.init(InitialContext.java:242) [rt.jar:1.7.0_45]
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:153) [rt.jar:1.7.0_45]
at org.jboss.security.auth.spi.LdapExtLoginModule.constructInitialLdapContext(LdapExtLoginModule.java:767) [picketbox-4.0.17.SP2-redhat-2.jar:4.0.17.SP2-redhat-2]

I tried making the custom socket factory into a jboss module and adding the module as a dependency to picketbox and
sun.jdk. Unfortunately, that did not work. I also added the socket
factory jar to the jre/lib/ext directory. That didn't work either.

Comment 2 Nichola Moore 2014-05-02 03:50:02 UTC
Please provide Doc Text. Thank you.

Comment 3 sgilda 2014-05-13 14:23:24 UTC
Change release note from Bug Fix to Known Issue, per bug 1097167.

Comment 4 Scott Mumford 2014-05-15 04:31:49 UTC
Reformatted Doc Text to prose form.

Comment 6 Josef Cacek 2014-07-30 09:29:52 UTC
Created attachment 922473 [details]

Adding reproducer - JAR with a custom SocketFactory implementation.

Enable it for the LDAP login module(s) by adding module option:

<module-option name="java.naming.ldap.factory.socket" value="org.jboss.example.CustomSocketFactory"/>

It prints debug output when it's used. E.g.
>>> org.jboss.example.CustomSocketFactory.getDefault : 42
>>> org.jboss.example.CustomSocketFactory.<init> : 38
>>> org.jboss.example.CustomSocketFactory.createSocket : 48

Comment 7 Josef Cacek 2014-07-30 10:31:12 UTC
*** Bug 1068665 has been marked as a duplicate of this bug. ***

Comment 9 JBoss JIRA Server 2015-08-21 15:26:59 UTC
Stefan Guilhen <sguilhen@redhat.com> updated the status of jira SECURITY-784 to Resolved

Comment 10 JBoss JIRA Server 2015-08-21 15:27:30 UTC
Stefan Guilhen <sguilhen@redhat.com> updated the status of jira SECURITY-784 to Closed

Comment 14 Ondrej Lukas 2015-11-03 11:10:39 UTC
Verified in EAP 6.4.5.CP.CR1.

Comment 15 Petr Penicka 2017-01-17 11:43:21 UTC
Retroactively bulk-closing issues from released EAP 6.4 cumulative patches.

Comment 16 Petr Penicka 2017-01-17 11:43:27 UTC
Retroactively bulk-closing issues from released EAP 6.4 cumulative patches.

Note You need to log in before you can comment on or make changes to this bug.