Home > Default > Glassfish LDAP group search results in Exception

Glassfish LDAP group search results in Exception

November 30Hits:0
I'm trying to get my group search running but I keep getting the same exception
     at com.sun.enterprise.security.auth.realm.ldap.LDAPRealm.groupSearch(LDAPRealm.java:705)
     at com.sun.enterprise.security.auth.realm.ldap.LDAPRealm.findAndBind(LDAPRealm.java:497)
     at com.sun.enterprise.security.auth.login.LDAPLoginModule.authenticate(LDAPLoginModule.java:108)
     at com.sun.enterprise.security.auth.login.PasswordLoginModule.authenticateUser(PasswordLoginModule.java:117)
     at com.sun.appserv.security.AppservPasswordLoginModule.login(AppservPasswordLoginModule.java:148)
There's only on post on the web with the same problem and there is is not fixed.
This is the domain.xml
<auth-realm name="EpsLdapRealm" classname="com.sun.enterprise.security.auth.realm.ldap.LDAPRealm">
<property name="directory" value="ldap://myldap:389"></property>
<property name="base-dn" value="ou=Users,o=xxx"></property>
<property name="jaas-context" value="ldapRealm"></property>
<property name="search-bind-dn" value="cn=saepsman,ou=Users,ou=e-Directory,ou=Services,o=xxx"></property>
<property name="search-bind-password" value="xxxxx"></property>
<property name="search-filter" value="(&amp;(objectClass=user)(uid=%s))"></property>
<property description="null" name="assign-groups" value="USER"></property>
<property name="group-search-filter" value="(&amp;(objectClass=groupOfNames)(member=%d))"></property>
<property name="group-base-dn" value="ou=AccessControl,o=xxx"></property>
Authentication works fine, but group assignments do not work. When I remove the group-search-filter I get no error but then also no groups are assigned.
The group I am trying to map is
And I do the following mapping in glassfish-web.xml
I also have used
I also get the following log message indicating that the search-bin-dn and password are OK. I can also browse the LDAP tree with the credentials in Softerra LDAP Browser.
Error during LDAP search with filter [(&(objectClass=groupOfNames)(member=cn=cdamen,ou=Users,o=xxx))].|#]
When I look at the look at the LDAPRealm source code I see it is failing on the following statement
int sz = grpAttr.size();
This looks like to me that it means that some group was found but there are no group attributes. But there are when I query with Softerra, strange...
* Search for group membership using the given connection.
private List groupSearch(DirContext ctx, String baseDN,
String filter, String target)
List groupList = new ArrayList();
try {
String[] targets = new String[1];
targets[0] = target;
SearchControls ctls = new SearchControls();
NamingEnumeration e = ctx.search(baseDN,
filter.replaceAll(Matcher.quoteReplacement("\\"), Matcher.quoteReplacement("\\\\")), ctls);
while(e.hasMore()) {
SearchResult res = (SearchResult)e.next();
Attribute grpAttr = res.getAttributes().get(target);
int sz = grpAttr.size();
for (int i=0; i<sz; i++) {
String s = (String)grpAttr.get(i);
} catch (Exception e) {
_logger.log(Level.WARNING, "ldaprealm.searcherror", filter);
_logger.log(Level.WARNING, "security.exception", e);
return groupList;
Hope anyone knows the solution.


Hi Jeong
Can you explain exactly what you're tyring to achieve.

Read other 2 answers


Related Articles

  • Glassfish LDAP group search results in ExceptionNovember 30

    I'm trying to get my group search running but I keep getting the same exception java.lang.NullPointerException      at com.sun.enterprise.security.auth.realm.ldap.LDAPRealm.groupSearch(LDAPRealm.java:705)      at com.sun.enterprise.security.auth.real

  • Grouping Search Results by Parent FolderNovember 30

    Hello, I am sure someone has come across this before. I would like to display search results grouped by Parent Folder. So all documents in FolderA would be grouped together and all documents in FolderB would be until a FolderB heading..Hi Craig, >>

  • LDAP Log not showing external search resultsNovember 30

    Hi, I'm conducting LDAP searches with a filter into the LDAP directory of OD Master. Results are as expected and authentication is correct for an LDAP user. I can see the authentication in PasswordServer. My question is, why doesn't the LDAP search s

  • Sharepoint 2013 custom search results grouping display templateOctober 11

    Hi, I am trying to implement custom grouping for search result items. I would like to group them by a managed property, but without using result blocks (query rules). The idea is to sort the results by the property and then compare the current item (

  • Grouping refinement while grouping the search results in sku based indexingNovember 30

    Hi, We are doing sku based indexing and for a business requirement we had to group the results by product. We were able to achieve this by setting the sorting attribute in the search request. sorting=property sortProperty=string:$repositoryId:1 But i

  • Paged LDAP Search Results QuestionNovember 30

    Greetings, I have some code that does a dbms_ldap.search_s to create a view of all users. Everything was working fine until last week when got an error and I realized the results return exceeded the LDAPS MaxPageSizeLimit (was set to 2000, we now hav

  • How to get webui search result only a group data?November 30

    Dear Friends, In BP_HEAD we have enhanced with custom logic. we are registering group of customers under field bu_group in but000. component BP_HEAD_SEARCH we are getting all the data in BUT000. how to show only group data under field bu_group in sea

  • LDAP groups to pool assignation problemNovember 30

    Hi All, I have created two pools "Vista" and "Ubuntu" with two LDAP group associated ("Vista" and "Ubuntu"). I have a user "XX" which is in both LDAP groups (Vista and Ubuntu). When I display information a

  • Group Search- How?November 30

    Hello Gurus, Our UME is tied to Active Directory with read-only option. I am presently trying to clean up groups which involves identifying groups stored in Portal Database (not in AD) and then possibly deleting them. If I search for groups, the resu

  • Retrieve nested LDAP groups independent from the network env. (five different approaches)November 30

    Hi all, I want to retrieve a list of nested LDAP groups per user from the Active Directory. I have been searching google for half a day now, but I'm still not sure what approach to use. I have the following requirements: * The script/program must run

Copyright (C) 2019 wisumpire.com, All Rights Reserved. webmaster#wisumpire.com 14 q. 1.066 s.