powered by Jive Software

AuthenticationException: LDAP

I’'m trying to create Jive Messenger 2.1.2 authenticate users to Active Directory and have some problems with authentication

Part of my jive-messenger.xml file (some paths below are represented in Russian (codepage win-1251)):

domainsrv.arsenal.plm

389

sAMAccountName

displayName

mail

DC=arsenal,DC=plm

CN=Jabber,CN=Users,DC=arsenal,DC=plm

JabberPassword

For user login “Jabber” – no problem:

….

2005.03.11 12:35:54 Logging off it-011/54bbf831 on org.jivesoftware.messenger.net.SocketConnection@1a1399

2005.03.11 12:38:34 Connect Socket[addr=/127.0.0.1,port=2755,localport=5222]

2005.03.11 12:38:34 Trying to find a user’'s DN based on their username. sAMAccountName: jabber, Base DN: DC=arsenal,DC=plm…

2005.03.11 12:38:34 Creating a DirContext in LdapManager.getContext()…

2005.03.11 12:38:34 Created hashtable with context values, attempting to create context…

2005.03.11 12:38:34 … context created successfully, returning.

2005.03.11 12:38:34 Starting LDAP search…

2005.03.11 12:38:34 … search finished

2005.03.11 12:38:34 In LdapManager.checkAuthentication(userDN, password), userDN is: CN=Jabber,CN=Users…

2005.03.11 12:38:34 Created context values, attempting to create context…

2005.03.11 12:38:34 … context created successfully, returning.

But I have a problem for user “srm47027” (Full LDAP Path: “CN=Øàéìàðäàíîâ Ðåíàò Ìàðêîâè÷,OU=Users,OU=147/02 Ãðóïïà ðàçðàáîòêè è âíåäðåíèÿ PLM-ðåøåíèé,OU=147 Îòäåë èíôîðìàöèîííûõ òåõíîëîãèé,OU=115 Óïðàâëåíèå èíôîðìàöèîííûõ ñèñòåì,OU=Domain Units, DC=arsenal,DC=plm ”) (debug.log):

2005.03.11 12:39:21 Connect Socket[addr=/192.168.0.29,port=2757,localport=5222]

2005.03.11 12:39:21 Trying to find a user’'s DN based on their username. sAMAccountName: srm47027, Base DN: DC=arsenal,DC=plm…

2005.03.11 12:39:21 Creating a DirContext in LdapManager.getContext()…

2005.03.11 12:39:21 Created hashtable with context values, attempting to create context…

2005.03.11 12:39:21 … context created successfully, returning.

2005.03.11 12:39:21 Starting LDAP search…

2005.03.11 12:39:21 … search finished

2005.03.11 12:39:21 In LdapManager.checkAuthentication(userDN, password), userDN is: “CN=Øàéìàðäàíîâ Ðåíàò Ìàðêîâè÷,OU=Users,OU=147/02 Ãðóïïà ðàçðàáîòêè è âíåäðåíèÿ PLM-ðåøåíèé,OU=147 Îòäåë èíôîðìàöèîííûõ òåõíîëîãèé,OU=115 Óïðàâëåíèå èíôîðìàöèîííûõ ñèñòåì,OU=Domain Units”…

2005.03.11 12:39:21 Created context values, attempting to create context…

2005.03.11 12:39:21 Caught a naming exception when creating InitialContext

javax.naming.AuthenticationException: LDAP: error code 49 - 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 525, v893

at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)

at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)

at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)

at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)

at com.sun.jndi.ldap.LdapCtx.(Unknown Source)

at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)

etc

….

Tell me please what is the reason of the bug – I suppose some problems with codepage or the length of the path LDAP

PS. Sorry for my English

Thanks in advance

Best regards,

Renat

Renat,

A few others have reported similar problems when trying to use the LDAP module where the DN contains characters in a different character encoding. Unfortunately, I’'m not quite sure how to fix the problem. Has anyone had experience using LDAP from Java with different character encodings?

Thanks,

Matt

Hello everybody! I have already fixed the problem!!!

The situation was due to the incorrect processing of the password, see below

Users are able to login without password (AD & LDAP)

  1. Log in with AD user and correct password -> Error message about wrong password

  2. Log in with AD user and no password (empty) -> success !?

  3. Log in with AD user and wrong password -> Error message about wrong password

I know this problem is solved in CVS for LDAP, I hope for AD as modification of LDAP too

May somebody tell me for sure if it is solved for AD in CVS?

Renat,

I think the code is both for LDAP & ADS so it should be fixed for both directories.

You can try it if you download the sources and apply the changes that were made in CVS.

Regards,

Frank

Thanks.

Best regards,

Renat

Hi

I have Jive 2.1.2 and same problem.

How to solve this problem?