powered by Jive Software

Cannot get past step one

I have never worked with Openfire or Spark before.

I am an experienced Linux SysAdmin.

I have installed Openfire and can connect via the admin portal via Firefox.

I am using LDAP.

I am running Spark on a seperate computer and cannot connect using the same username and password that allows me to login to the admin panel. I get “Login Error: Invalid username or password.”

I do not know how to troubleshoot this issue and I am ready and willing to RTFM, but I cannot find the FM to R it.

Can somebody please help me help myself?

Thank you.

What if you create a user ‘test’ with a password ‘test’ locally in Openfire (not via LDAP) and try to login?

I cannot. The Openfire Control Panel reports that you can’t add/remove users/groups because it is read-only aginst LDAP.

“Not allowed: the user account system is read-only.”

Users/Groups are only added via an LDAP client.

Ah, i’m not strong with LDAP. Maybe Todd Getz will jump to this thread. He’s LDAP God here

Ah! I See.

/Chaim begins to do a LDAP dance and sacrifices several CNs, DNs, and OUs to the LDAP Gods.

Sacrifices received…

If you can authenticate to the admin page from the server, your LDAP is functioning. This is a firewall issue most likely. I would check the linux firewalls to make sure all required ports are open for the chat server: 5222, 5223, 7777, 9090, 9091, 5269, etc. More or less depending on your needs.

I don’t have any firewall restrictions on the NIC on my LAN side.

Am I correct in assuming the Spark client uses 7070 or 7443?

Using Firefox from the client that is running Spark, I can hit port 7070 and 7443.

HTTP ERROR: 404

NOT_FOUND

RequestURI=/

Powered by Jetty://

Server Ports

Interface
Port
Type
Description
All addresses
5223

Client to Server
The port used for clients to connect to the server using the old SSL method. The old SSL method is not an XMPP standard method and will be deprecated in the future. You can update the security settings for this port.
All addresses
9090

Admin Console
The port used for unsecured Admin Console access.
All addresses
9091

Admin Console
The port used for secured Admin Console access.
All addresses
7777

File Transfer Proxy
The port used for the proxy service that allows file transfers to occur between two entities on the XMPP network.
All addresses
7070

HTTP Binding
The port used for unsecured HTTP client connections.
All addresses
7443

HTTP Binding
The port used for secured HTTP client connections.
All addresses
3478 & 3479

STUN Service
The port used for the service that ensures connectivity between entities when behind a NAT.
All addresses
5229

Flash Cross Domain
Service that allows Flash clients connect to other hostnames and ports.

spark uses 5222 or 5223 to chat

the other possibility is a name mismatch for the server and your DNS. the name you gave your server must match the entry for the server in your DNS. i recommend that you use a FQDN for the openfire server name (chatserver.domain.com). this value should be for the server name, xmpp.domain, and the self-generated certificates.

based on the table I included above, it looks like Openfire isn’t using 5222. Where do I turn that on? Is that the “default”?

front page of the server control panel shows my FQDN.

Server Properties
Server Uptime:
6 days, 6 hours, 23 minutes – started Apr 3, 2009 7:56:01 AM
Version:
Openfire 3.6.3
Server Directory:
/usr/share/openfire
Server Name:
stalingrad.desknet.sims
Environment
Java Version:
1.6.0_07 Sun Microsystems Inc. – Java HotSpot™ 64-Bit Server VM
Appserver:
jetty-6.1.x
Host Name:
stalingrad.desknet.sims
OS / Hardware:
Linux / amd64
Locale / Timezone:
en / Central Standard Time (-6 GMT)
Java Memory

20.16 MB of 448.00 MB (4.5%) used

stalingrad.desknet.sims is in DNS and resolves correctly.

https://stalingrad.desknet.sims:5222/

returns…

<stream:error>Invalid XML</stream:error>

https://stalingrad.desknet.sims:5222/
returns...

Secure Connection Failed

An error occurred during a connection to stalingrad.desknet.sims:5222.

SSL received a record that exceeded the maximum permissible length.

(Error code: ssl_error_rx_record_too_long)

Going to port 5223 via http or http never returns.

update:

https://stalingrad.desknet.sims:5223/

eventually returns

</stream:stream>

Message was edited by: Chaim Krause

logs indicate connection made on 5222 and 5223 when login button is pushed on Spark.

logs also show LDAP querry.

Apr  9 15:48:42 stalingrad slapd[29828]: <= bdb_equality_candidates: (cn) not indexed
Apr  9 15:48:42 stalingrad slapd[29828]: <= bdb_equality_candidates: (ipProtocolNumber) not indexed

Time for me to clock out. I will return to this issue tomorrow morning. Thanks for all the help?

p.s. Is there an IRC channel that you folks frequent to discuss these issues?

Message was edited by: Chaim Krause

sixthring wrote:

the other possibility is a name mismatch for the server and your DNS

I thought so, but he gets not the “invalid name or server unreachable” error. So Spark sees the server, just can’t login. What about trying with some other jabber client (this separate machine is on linux? Pidgin maybe) to rule out all connectivity and firewall problems.

tinjaw wrote:

p.s. Is there an IRC channel that you folks frequent to discuss these issues?

Actually there is some openfire IRC channel, though it’s a bit funny that a jabber server community has IRC channel Well, almost like MSN would have a Yahoo support contact Anyway, i havent ever connected to that channel and can’t remember its address.

Also, there is a conference room open_chat@conference.igniterealtime.org where we usually gather every Wednesday at 10:00 AM PST (17:00 UTC/GMT) for one hour. Though you can probably find some online folks there at other times. To connect you will have to create an account on igniterealtime.org jabber server (say with the same Spark client) and then browse its conference service. I think till the next Wednesday forums are the best place, unless you will talk Todd to connect and chat about this issue

I’m not at work, so I can’t test right now. However, I was able to connect once using Pidgin. I think I used the options to use SSL/TLS and to force to the old port. But I cannot connect any more after trying several different configurations. I will try again in the morning.

Also, maybe you can try to login locally at the server, if it has a GUI, though probably there are some cmd jabber clients out there.

He is getting this error: Login Error: Invalid username or password.

This could be because of a flawed DNS or server name setting. The LDAP accounts are imported to openfire based on the server name. depending on how he is trying to login, it could through that error.

From the client:

chaim@chaim-hp:~$ nslookup stalingrad.desknet.sims
Server: 10.5.5.1
Address: 10.5.5.1#53

Name: stalingrad.desknet.sims
Address: 10.5.5.1

chaim@chaim-hp:~$ nslookup 10.5.5.1
Server: 10.5.5.1
Address: 10.5.5.1#53

1.5.5.10.in-addr.arpa name = stalingrad.desknet.sims.

chaim@chaim-hp:~$

From the server:

chaim@chaim-hp:~$ ssh stalingrad.desknet.sims
Last login: Thu Apr 9 08:17:39 2009 from 10.5.5.199
chaim@stalingrad:~$ hostname -f
stalingrad.desknet.sims
chaim@stalingrad:~$

I am able to connect using Pidgin this morning. Screenshot attached.

I am still unable to connect using Spark.

For grins I installed SparkWeb. I cannot connect via SparkWeb either. I just hangs at the login web page.

Please post screenshots of your openfire settings and what you are entering in the client to connect.