My Oracle Support Banner

Oracle GlassFish Server "asadmin create-auth-realm" command Does Not Write The Password Alias Name In The domain.xml File (Doc ID 1413935.1)

Last updated on JULY 06, 2020

Applies to:

Oracle GlassFish Server - Version 3.0 to 3.1.1 [Release 3.0 to 3.1]
Information in this document applies to any platform.


When a password alias name is used with the "asadmin create-auth-realm" command it does not write the password alias name in the domain.xml file. Instead it writes the actual password. The problem is reproducible if you run the following command:

bash-3.00#./asadmin --port <port> create-auth-realm --classname --property directory=ldap\\://<host>\.<domainname>\.com\\:<ldapport>:jaas-context=ldapRealm:base-dn=dc\\=<domainname>\,dc\\=com:search-bind-password=\$\{ALIAS\\=ldapbind-password\} my-ldap-realm
Command create-auth-realm executed successfully.

From domain.xml:

<auth-realm name="my-ldap-realm" classname="">
<property name="directory" value="ldap://<host>.<>:<ldapport>"></property>
<property name="base-dn" value="dc=<dc>,dc=com"></property>
<property name="search-bind-password" value="<password>"></property>
<property name="jaas-context" value="ldapRealm"></property>

Please note the actual password displayed at:

<property name="search-bind-password" value="<password>"></property>

It should be:

<property name="search-bind-password" value="${ALIAS=ldapbind-password}"></property>


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.