powered by Jive Software

A problem with cyrillic passwords with AD LDAP

I’ve running OpenFire 3.6.4, with configured and working AD LDAP connection. (on Windows Server 2003 R2)

Openfire running on

blaster:~# cat /etc/issue

Debian GNU/Linux 5.0 \n \l

blaster:~# uname -a

Linux blaster 2.6.26-1-686 #1 SMP Sat Jan 10 18:29:31 UTC 2009 i686 GNU/Linux

One my client was not able to login with spark, I’ve tryed to login with qip and have no success.

I’ve noticed that user have a fully cyrillic password, and after changing it to exclude cyrillic letter - user was able to login.

Debug log about this user contains:

2010.05.27 09:44:29 LdapManager: Trying to find a user’s DN based on their username. sAMAccountName: omarovam, Base DN: dc=“domain”,DC=“local”…

2010.05.27 09:44:29 LdapManager: Creating a DirContext in LdapManager.getContext()…

2010.05.27 09:44:29 LdapManager: Created hashtable with context values, attempting to create context…

2010.05.27 09:44:29 LdapManager: … context created successfully, returning.

2010.05.27 09:44:29 LdapManager: Starting LDAP search…

2010.05.27 09:44:29 LdapManager: … search finished

2010.05.27 09:44:29 LdapManager: In LdapManager.checkAuthentication(userDN, password), userDN is: CN=“FullUserName”,CN=“Users”…

2010.05.27 09:44:29 LdapManager: Created context values, attempting to create context…

2010.05.27 09:44:29 LdapManager: Caught a naming exception when creating InitialContext

javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece^@]

at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3041)

at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987)

at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2789)

at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2703)

at com.sun.jndi.ldap.LdapCtx.(LdapCtx.java:293)

at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)

at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)

at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)

at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)

at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)

at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)

at javax.naming.InitialContext.init(InitialContext.java:223)

at javax.naming.InitialContext.(InitialContext.java:197)

at javax.naming.directory.InitialDirContext.(InitialDirContext.java:82)

at org.jivesoftware.openfire.ldap.LdapManager.checkAuthentication(LdapManager.java :536)

at org.jivesoftware.openfire.ldap.LdapAuthProvider.authenticate(LdapAuthProvider.j ava:115)

at org.jivesoftware.openfire.auth.AuthFactory.authenticate(AuthFactory.java:158)

at org.jivesoftware.openfire.net.XMPPCallbackHandler.handle(XMPPCallbackHandler.ja va:87)

at org.jivesoftware.openfire.sasl.SaslServerPlainImpl.evaluateResponse(SaslServerP lainImpl.java:112)

at org.jivesoftware.openfire.net.SASLAuthentication.handle(SASLAuthentication.java :245)

at org.jivesoftware.openfire.net.StanzaHandler.process(StanzaHandler.java:161)

at org.jivesoftware.openfire.nio.ConnectionHandler.messageReceived(ConnectionHandl er.java:133)

at org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived (AbstractIoFilterChain.java:570)

at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(Ab stractIoFilterChain.java:299)

at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilt erChain.java:53)

at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceive d(AbstractIoFilterChain.java:648)

at org.apache.mina.common.IoFilterAdapter.messageReceived(IoFilterAdapter.java:80)

at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(Ab stractIoFilterChain.java:299)

at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilt erChain.java:53)

at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceive d(AbstractIoFilterChain.java:648)

at org.apache.mina.filter.codec.support.SimpleProtocolDecoderOutput.flush(SimplePr otocolDecoderOutput.java:58)

at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecF ilter.java:185)

at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(Ab stractIoFilterChain.java:299)

at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilt erChain.java:53)

at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceive d(AbstractIoFilterChain.java:648)

at org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java :239)

at org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(Execut orFilter.java:283)

at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java: 886)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)

at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:51)

at java.lang.Thread.run(Thread.java:619)

Java version:

blaster:~# java -version

java version “1.6.0_20”

Java™ SE Runtime Environment (build 1.6.0_20-b02)

Java HotSpot™ Server VM (build 16.3-b01, mixed mode)

Database located in mysql on same host.

blaster:~# mysql -V

mysql Ver 14.14 Distrib 5.1.37, for debian-linux-gnu (i486) using EditLine wrapper

If you need any additional info - feel free to ask.

any suggestions?