powered by Jive Software

Can add LDAP Administrator but Authentication Always Fails?

I have a fresh install of 3.7.1 and have been able to get through the install without any major issues. The ldapbind account binds successfully and I can even does a successful lookup when adding LDAP Administrator accounts from the setup wizard, but when I click to test the password it always fails. I’m running wireshark and I see the request go out

17 0.604541000

10.1.6.114 10.1.2.11

LDAP 216

bindRequest(1)"“CN=“Jordan V”,OU=“Infrastructure Department/ Help Desk”,OU=“Users General”,OU=”_Ncs Chicago HQ _DZNew"",DC=“ncsbn”,DC=“org”" simple

And the response comes back in

18 0.604950000

10.1.2.11 10.1.6.114

LDAP 163

bindResponse(1)invalidCredentials (80090308: LdapErr: DSID-0C090334, comment:AcceptSecurityContext error, data 525, vece)

I’ve tried using different accounts with more simplistic passwords and I get the same invalidCredentials error every time.

I’ve attempted what this user here -> http://community.igniterealtime.org/thread/45967 has suggested and the authentication (this time at the actual login page) still fails. I add the two lines mentioned in the thread and each time I relaunch the service it actually removes false but leaves false.

So strange. Any suggestions or help?

Are you sure that your administrator account is listed in the BaseDN?

Also did you add your administrator account in the list of openfire admin (at the end of the setup)?

The BaseDN is wide (read entire domain). Like, DC=company,DC=org. Running Wireshark I can clearly see OpenFire query AD and find the account which is also listed as an administrative account at the end of setup, which it will only allow me to add real accounts, another sign that looking up is correct, but regardless of the account or the account location the password always returns as incorrect.

I… might be on to something… thanks to our amazing active directory team, we have a lot of OUs that have special characters in them. That seems to be gumming up the works. Created an account and placed it in an OU that had no special characters in it and wham, working like a charm.