Cannot find ANY Active Directory Users

Phobos182 · June 1, 2005, 2:56pm

I have LDAP Authentication working fine according to the debug log for Active Directory (It searches). The problem is Jive cannot find any users in my entire domain tree when I try to login. No matter what Base DN I specify, or if the user exists or not it will not find the user.

Configuration[/B]

Jeremy Carroll

en

192.168.1.67

389

ldap

ldap@####.com

OU=business_technology,OU=###,DC=####,DC=com

ldap@####.com

#########

true

Debug Log

2005.06.01 09:46:42 Created new LdapManager() instance, fields:

2005.06.01 09:46:42 host: 192.168.1.67

2005.06.01 09:46:42 port: 389

2005.06.01 09:46:42 usernamefield: ldap

2005.06.01 09:46:42 baseDN: OU=business_technology,OU=###,DC=####,DC=com

2005.06.01 09:46:42 alternateBaseDN: null

2005.06.01 09:46:42 nameField: ldap

2005.06.01 09:46:42 emailField: ldap@########.com

2005.06.01 09:46:42 adminDN: ldap@#########.com

2005.06.01 09:46:42 adminPassword: #########3

2005.06.01 09:46:42 searchFilter: (ldap=)
2005.06.01 09:46:42 ldapDebugEnabled: true
2005.06.01 09:46:42 sslEnabled: false
2005.06.01 09:46:42 initialContextFactory: com.sun.jndi.ldap.LdapCtxFactory
2005.06.01 09:46:42 connectionPoolEnabled: true
2005.06.01 09:46:42 autoFollowReferrals: false
2005.06.01 09:46:44 Loading plugin admin
2005.06.01 09:47:03 Created new LdapManager() instance, fields:
2005.06.01 09:47:03 host: 192.168.1.67
2005.06.01 09:47:03 port: 389
2005.06.01 09:47:03 usernamefield: ldap
2005.06.01 09:47:03 baseDN: OU=business_technology,OU=###,DC=####,DC=com
2005.06.01 09:47:03 alternateBaseDN: null
2005.06.01 09:47:03 nameField: ldap
2005.06.01 09:47:03 emailField: ldap@####.com
2005.06.01 09:47:03 adminDN: ldap@####.com
2005.06.01 09:47:03 adminPassword: ###########
2005.06.01 09:47:03 searchFilter: (ldap=)

2005.06.01 09:47:03 ldapDebugEnabled: true

2005.06.01 09:47:03 sslEnabled: false

2005.06.01 09:47:03 initialContextFactory: com.sun.jndi.ldap.LdapCtxFactory

2005.06.01 09:47:03 connectionPoolEnabled: true

2005.06.01 09:47:03 autoFollowReferrals: false

2005.06.01 09:47:05 Loading plugin admin

2005.06.01 09:47:20 Trying to find a user’'s DN based on their username. ldap: Jeremy Carroll, Base DN: OU=business_technology,OU=###,DC=####,DC=com…

2005.06.01 09:47:20 Creating a DirContext in LdapManager.getContext()…

2005.06.01 09:47:20 Created hashtable with context values, attempting to create context…

2005.06.01 09:47:20 … context created successfully, returning.

2005.06.01 09:47:20 Starting LDAP search…

2005.06.01 09:47:20 … search finished

2005.06.01 09:47:20 User DN based on username ‘‘Jeremy Carroll’’ not found.

2005.06.01 09:47:20 Exception thrown when searching for userDN based on username ‘‘Jeremy Carroll’’

org.jivesoftware.messenger.user.UserNotFoundException: Username Jeremy Carroll not found

at org.jivesoftware.messenger.ldap.LdapManager.findUserDN(LdapManager.java:417)

at org.jivesoftware.messenger.ldap.LdapManager.findUserDN(LdapManager.java:353)

at org.jivesoftware.messenger.ldap.LdapAuthProvider.authenticate(LdapAuthProvider. java:88)

at org.jivesoftware.messenger.auth.AuthFactory.authenticate(AuthFactory.java:97)

at org.jivesoftware.messenger.admin.login_jsp._jspService(login_jsp.java:136)

at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:688)

at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:427)

Cameron_Moore · June 1, 2005, 3:05pm

Can you try logging in with a username without a space in it? Can you logon to the Jive Messenger Admin Console? What kind of LDAP server are you using (if you don’'t mind sharing that)?

Also, are you sure that you have the usernameField, nameField, and emailField values set right? Those are supposed to be the attribute names on the LDAP user object.

Message was edited by:

hrothgar

Phobos182 · June 1, 2005, 3:50pm

It’'s Active Directory. I can set the Administrator allowed names as Jeremyc, or admin and it will not allow me in. I have also tried usernames with no spaces in it to no avail.

Using ADSI I verified that the fields are correct for the LDAP service account used to query active directory (ldap). It looks like it searches the tree, but just comes back with nothing.

The full LDAP location of the user object i’'m trying to allow into the Administrator console.

LDAP://192.168.1.67/CN=Jeremy Carroll,OU=business_technology,OU=###,DC=####,DC=com

Note

I believe I had a misconfiguration. I modified

ldap

ldap@####.com+

to

cn

mail

I still cannot find any users. One thing of note I have recognized is the SearchFilter by default is

searchFilter: (ldap=)

Is this correct?

Cameron_Moore · June 1, 2005, 4:38pm

Don’'t use a searchFilter until you get it working without one. The default filter is to compare the given username against the usernameField defined in your XML config.

Try using sAMAccountName as the usernameField – that may not be the behavior you want, but just try it to see if it work work. Use jeremyc as the username in that scenario.

Phobos182 · June 1, 2005, 9:51pm

The nameFild was suposed to be CN because that’‘s what it’'s looking for when it does it searches, not the DN of the service account. Same with the email field.

this is itself would not fix it. It would query by default only 1 account (The service account). Adding the search filter allowd it to search for people. I set it to search for members of a specific group

192.168.1.67

389

tasc_ldap

cn

mail

OU=tasc,DC=####,DC=com

CN=ldap,OU=service_accounts,OU=tasc,DC=####,DC=com

#####