我们目前在为已部署的VDB配置LDAP身份验证时遇到问题,我们希望在身份验证时输入活动目录用户名和密码。
我们已成功为管理控制台配置了LDAP身份验证,但是在服务器启动过程中遇到了错误。
我已经能够为主机名:9990的管理控制台成功配置身份验证。通过对Standalone.xml进行以下更改,我们可以提供活动目录用户/密码并登录到管理控制台。
下面定义了我们正在遇到的安全域。还有一个安全领域正在发挥作用。
这是我们收到的错误
ERROR [org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer] (MSC service thread 1-1) Exception during createSubject() for java:/refresh: PBOX000016: Access denied: authentication failed: java.lang.SecurityException: PBOX000016: Access denied: authentication failed
at org.jboss.security.plugins.JBossSecuritySubjectFactory.createSubject(JBossSecuritySubjectFactory.java:84)
at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1086)
at org.jboss.jca.deployers.common.AbstractDsDeployer$1.run(AbstractDsDeployer.java:1081)
at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.8.0_121]
at org.jboss.jca.deployers.common.AbstractDsDeployer.createSubject(AbstractDsDeployer.java:1080)
at org.jboss.jca.deployers.common.AbstractDsDeployer.deployDataSource(AbstractDsDeployer.java:600)
at org.jboss.jca.deployers.common.AbstractDsDeployer.createObjectsAndInjectValue(AbstractDsDeployer.java:282)
at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService$AS7DataSourceDeployer.deploy(AbstractDataSourceService.java:318)
at org.jboss.as.connector.subsystems.datasources.AbstractDataSourceService.start(AbstractDataSourceService.java:122)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1980)
at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1913)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [rt.jar:1.8.0_121]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [rt.jar:1.8.0_121]
at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_121]
这是在对管理面板进行身份验证时起作用的安全领域
<security-realm name="ldap-security-realm">
<authentication>
<ldap connection="ldap-connection" base-dn="dc=main">
<advanced-filter filter="(&(sAMAccountName={0}))"/>
</ldap>
</authentication>
</security-realm>
<outbound-connections>
<ldap name="ldap-connection" url="ldap://hostname:389" search dn="adminusername" search-credential="adminpassword"/>
</outbound-connections>
这是我们试图为已部署的VDB启用身份验证的安全域
<datasource jndi-name="java:/refresh" pool-name="refresh" enabled="true">
<connection-url>jdbc:teiid:refresh@mm://hostname:31000</connection-url>
<driver>teiid</driver>
<security>
<security-domain>test_ldap_security_domain</security-domain>
</security>
</datasource>
<security-domain name="test_ldap_security_domain">
<authentication>
<login-module code="LdapExtended" flag="sufficient">
<module-option name="java.naming.provider.url" value="ldap://hostname:389" />
<module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory" />
<module-option name="java.naming.security.authentication" value="simple" />
<module-option name="bindDN" value="adminusername" />
<module-option name="bindCredential" value="adminpassword" />
<module-option name="distinguishedNameAttribute" value="sAMAccountName" />
<module-option name="baseFilter" value="(sAMAccountName={0})" />
<module-option name="baseCtxDN" value="dc=main" />
</login-module>
</authentication>
</security-domain>
<transport name="odata">
<authentication security-domain="test_ldap_security_domain"/>
</transport>
<transport name="jdbc" socket-binding="teiid-jdbc" protocol="teiid">
<authentication security-domain="test_ldap_security_domain"/>
</transport>
<transport name="odbc" socket-binding="teiid-odbc" protocol="pg">
<authentication security-domain="test_ldap_security_domain"/>
<ssl mode="disabled"/>
</transport>
答案 0 :(得分:0)
在启动过程中,默认情况下,数据源配置会尝试创建最小数量的连接。由于数据源是基于用户凭据保护的,并且在启动过程中没有活动用户,因此它会失败。
更改数据源配置,以在启动期间不创建任何连接。
<pool>
<prefill>false</prefill>
</pool>