Skip to Content.
Sympa Menu

shibboleth-dev - [Shib-Dev] OSGi Bundle - AttributeResolver Cannot Connect to LDAP

Subject: Shibboleth Developers

List archive

[Shib-Dev] OSGi Bundle - AttributeResolver Cannot Connect to LDAP


Chronological Thread 
  • From: Jonathan Tellier <>
  • To:
  • Subject: [Shib-Dev] OSGi Bundle - AttributeResolver Cannot Connect to LDAP
  • Date: Wed, 24 Nov 2010 17:57:55 -0500
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=u7/H7PxnDzkZHfwWa1Wn8VROP7o8Ngoah6UtOwqsHuRObxTMQu6F8MyEw52+C+kHuG gmwV0TZKFpK3EwCszF4wNvtGUelb2fxkDezz62VScqKZ/wNkbKGl2SzTL5PIn+KdisYu fDe9H6NlcXLAiJm2JUnUDPJlRQ5McoRkZRA3o=

Hi,

I'm working on repackaging the IdP in an OSGI bundle (the code is
available here: http://gitorious.org/shibboleth-idp-osgi) and I'm
having problems making the attribute resolver connecting to my LDAP
directory.

I know that the problem is not with the LDAP itself, because my
implementation of basic authentication (I've had to re-implement basic
authn when I packaged everything in an OSGi bundle...) works
correctly. It connects to the LDAP, checks the user's password, the
groups he belongs to and authorizes the request. Furthermore, since
the non-bundled IdP (which has the same attribute-resolver.xml config
file) works fine, I reckon that something went wrong in the bundling.

Note that my basic authn implementation uses Novell's jldap library
instead of the javax.naming classes used by the attribute resolver.

This is that actual exception that I'm getting:

[...]
17:23:51.353 - DEBUG
[edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethAttributeResolver:325]
- Resolving data connector myLDAP for principal john
17:23:51.367 - DEBUG
[edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector:307]
- Search filter: (uid=john)
17:23:51.368 - DEBUG
[edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector:362]
- LDAP data connector myLDAP - Retrieving attributes from LDAP
17:23:51.378 - DEBUG
[edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.LdapDataConnector:369]
- LDAP data connector myLDAP - An error occured when attempting to
search the LDAP: {java.naming.provider.url=ldap://localhost:389,
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory}
javax.naming.NotContextException: Not an instance of LdapContext
at
javax.naming.ldap.InitialLdapContext.getDefaultLdapInitCtx(InitialLdapContext.java:169)
~[na:1.6.0_18]
at
javax.naming.ldap.InitialLdapContext.newInstance(InitialLdapContext.java:186)
~[na:1.6.0_18]
at
edu.vt.middleware.ldap.AbstractLdap.getContext(AbstractLdap.java:1062)
~[bundlefile:na]
at edu.vt.middleware.ldap.AbstractLdap.search(AbstractLdap.java:214)
~[bundlefile:na]
at edu.vt.middleware.ldap.Ldap.search(Ldap.java:431) ~[bundlefile:na]
at edu.vt.middleware.ldap.Ldap.search(Ldap.java:347) ~[bundlefile:na]
at edu.vt.middleware.ldap.Ldap.search(Ldap.java:248) ~[bundlefile:na]
[...]

I've went through the javax.naming.ldap.InitialLdapContext's code and
took a look at javax.naming.spi.NamingManager, which is called by
InitialLdapContext, and if my comprehension is right, all the needed
classes are found since I don't have any exceptions while loading the
factory. It's as if the LdapCtxFactory was not returning the correct
object...

I don't have a lot of experience in accessing an LDAP directory from
within Java, so I might be missing something obvious. Does someone
here have an idea of what the problem might be?

Thanks,
Jonathan


  • [Shib-Dev] OSGi Bundle - AttributeResolver Cannot Connect to LDAP, Jonathan Tellier, 11/24/2010

Archive powered by MHonArc 2.6.16.

Top of Page