Skip navigation
Up to Discussions in Openfire Support
2850 Views 3 Replies Latest reply: Nov 20, 2008 3:45 PM by Grant RSS
Bronze
dominii
5 posts since
Feb 7, 2008
Currently Being Moderated

Feb 7, 2008 2:27 PM

Ldap Woes (Alias related?)

 

I've setup Openfire on a server at work for testing to replace our old jabberd server.  Lots of nice features, and I hope to make the switch.

 

 

 

 

 

At first I setup Openfire to use a testing area of our LDAP tree, 'ou=jabbers,dc=testing,dc=example,dc=com'.  I added a few accounts for testing, everything went well.

 

 

 

 

 

I got ambitious and set it to use our main LDAP tree for Jabber, 'dc=jabber,dc=example,dc=com'.  At this point, user accounts stopped being able to log in.  All of the accounts under 'dc=jabber,dc=example,dc=com' are actually aliases to our main list of accounts, 'dc=accounts,dc=example,dc=com'.  When I add an account under 'dc=jabber,dc=example,dc=com' that IS NOT an aliases, I can log into that account fine.

 

 

Here's the information I'm getting from the Debug Log:

 

 

 

 

 

2008.02.07 22:14:30 NIOConnection: startTLS: using c2s

2008.02.07 22:14:36 XMPPCallbackHandler: NameCallback: testuser1

2008.02.07 22:14:36 XMPPCallbackHandler: VerifyPasswordCallback

2008.02.07 22:14:36 LdapManager: Trying to find a user's DN based on their username. uid: testuser1, Base DN: dc=jabber,dc=example,dc=com...

2008.02.07 22:14:36 LdapManager: Creating a DirContext in LdapManager.getContext()...

2008.02.07 22:14:36 LdapManager: Created hashtable with context values, attempting to create context...

2008.02.07 22:14:36 LdapManager: ... context created successfully, returning.

2008.02.07 22:14:36 LdapManager: Starting LDAP search...

2008.02.07 22:14:36 LdapManager: ... search finished

2008.02.07 22:14:36 LdapManager: In LdapManager.checkAuthentication(userDN, password), userDN is: uid="testuser1",cn="accounts",dc="example",dc="com"...

2008.02.07 22:14:36 LdapManager: Created context values, attempting to create context...

2008.02.07 22:14:36 LdapManager: Caught a naming exception when creating InitialContext

javax.naming.AuthenticationException: Ldap Woes (Alias related?)

        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2985)

        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2931)

        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2732)

        at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2646)

        at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:283)

        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)

        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)

        at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)

        at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)

        at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)

        at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247)

        at javax.naming.InitialContext.init(InitialContext.java:223)

        at javax.naming.InitialContext.<init>(InitialContext.java:197)

        at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82 )

        at org.jivesoftware.openfire.ldap.LdapManager.checkAuthentication(LdapManager.java :463)

        at org.jivesoftware.openfire.ldap.LdapAuthProvider.authenticate(LdapAuthProvider.j ava:111)

        at org.jivesoftware.openfire.auth.AuthFactory.authenticate(AuthFactory.java:149)

        at org.jivesoftware.openfire.net.XMPPCallbackHandler.handle(XMPPCallbackHandler.ja va:86)

        at org.jivesoftware.openfire.sasl.SaslServerPlainImpl.evaluateResponse(SaslServerP lainImpl.java:112)

        at org.jivesoftware.openfire.net.SASLAuthentication.handle(SASLAuthentication.java :229)

        at org.jivesoftware.openfire.net.StanzaHandler.process(StanzaHandler.java:152)

        at org.jivesoftware.openfire.nio.ConnectionHandler.messageReceived(ConnectionHandl er.java:132)

        at org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived (AbstractIoFilterChain.java:570)

        at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(Ab stractIoFilterChain.java:299)

        at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilt erChain.java:53)

        at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceive d(AbstractIoFilterChain.java:648)

        at org.apache.mina.filter.codec.support.SimpleProtocolDecoderOutput.flush(SimplePr otocolDecoderOutput.java:58)

        at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecF ilter.java:173)

        at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(Ab stractIoFilterChain.java:299)

        at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilt erChain.java:53)

        at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceive d(AbstractIoFilterChain.java:648)

        at org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java :239)

        at org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(Execut orFilter.java:283)

        at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java: 650)

        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:675)

        at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:51)

        at java.lang.Thread.run(Thread.java:595)

 

 

 

 

 

 

Anyone have any guidance on what to look at?

 

 

 

 

 

Thanks.

 

 

  • Jonas Silver
    Jonas
    110 posts since
    Oct 19, 2006
    Currently Being Moderated
    Feb 8, 2008 5:37 AM (in response to dominii)
    Re: Ldap Woes (Alias related?)

    Have you set

     

    "Follow Referrals:      Automatically follow LDAP referrals when found"

    in

    "Step 1 of 3: Connection Settings"?

     

    Just a wild blind guess...I have no experience with linked users in AD.

    • Bronze
      dominii
      5 posts since
      Feb 7, 2008
      Currently Being Moderated
      Feb 8, 2008 11:22 AM (in response to Jonas)
      Re: Ldap Woes (Alias related?)

      Yes I have set Referrals.  However, my understanding is referrals are meant to refer you from Server A to Server B.  For example, our LDAP Cluster is one master server (which can handle writes) and 2 servers which only handle reads.  They are configured to send referrals to the master when they get a write request.

  • Grant Bronze
    Grant
    3 posts since
    Nov 20, 2008
    Currently Being Moderated
    Nov 20, 2008 3:45 PM (in response to dominii)
    Re: Ldap Woes (Alias related?)

    Hi dominii,

     

    I belive the answer you seek can be found in my post here: http://www.igniterealtime.org/community/thread/36093

     

    The problem lies in your Openfire sending the string with quotes:

     

    2008.02.07 22:14:36 LdapManager: In LdapManager.checkAuthentication(userDN, password), userDN is: uid="testuser1",cn="accounts",dc="example",dc="com"...

    You will need to turn off encloseDNs, and unfortunately, that isn't as easy as putting a line in the database, even though it should be (it didn't work for me except in an older version...)

     

    Grab the latest source, Make sure you have the correct java libraries and the ant tool installed (its a bit fiddly ) then modify the code as per the ticket above.

     

    You will feel a million times better once the 'test' button works

     

    Good luck

More Like This

  • Retrieving data ...

Bookmarked By (0)