powered by Jive Software

Can not authenticate users from an openldap server

Hi All,

I have installed wildfire 2.5 and now I’m trying to connect to an open ldap server. Ldap configurations are as follows.

but when I’m trying to connect it gives me errors. Debug log shows following errors.

Trying to find a user’'s DN based on their username. uid: dummy1x, Base DN: ou=People,dc=xxx,dc=net…

Creating a DirContext in LdapManager.getContext()…

Created hashtable with context values, attempting to create context…

… context created successfully, returning.

Starting LDAP search…

… search finished

In LdapManager.checkAuthentication(userDN, password), userDN is: uid=dummy1x…

Created context values, attempting to create context…

Caught a naming exception when creating InitialContext

javax.naming.AuthenticationNotSupportedException: LDAP: error code 48 - Inappropriate Authentication

What sort of ldap server configuration do you have? Wildfire will try to do a bind to the ldap server with the user signing in, and the password supplied. It should be the rough equivalent to this command:

ldapwhoami -x -D “uid=dummy1x,ou=People,dc=xxx,dc=net” -W -h

If that command fails, you need to change your openldap configs a bit to make it work.

Thanks for the quick reply. Can you tell me what are the configurations should I look into because I’m new to LDAP and wildfire. I tried the command ldapwhoami -x -D “uid=dummy1x,ou=People,dc=xxx,dc=net” -W -h and it failed with the same error. ldap_bind: Inappropriate authentication (48)

What are the changes that I have to do in the openldap server. Will that effect to our existing samba domain.

First off, do you have anything else authenticating to LDAP? If you do, it would be best to take a look at that and use that configuration setup. LDAP has a vast array of configuration options, which makes generic instructions very hard.

Anyway, Im guessing that the ldap server is disallowing the login because either the password is not hashed in the usePassword field, or its configured to not allow a simple bind (wanting something like GSSAPI instead). How did you set the password for the user dummy1x? Most OpenLDAP setups will be able to use MD5 password hashes, or even better: SSHA.