Even more LDAP AD probs

Dear All, I’'ve been trying without success to integrate jive messenger to our Active Directory using ldap.

Basically after enabling ldap in conf\jive-messenger.xml I cannot login to the console…

I have tried different accts in different active dir containers all with no joy

I am trying to run the server(Jive Messenger 2.12) on my pc (WinXP SP2, Sun JRE 1.5–b64) which connects to a (win2003 server- in a mixed win2000 AD)

The only possible things I can think of are:

  1. our domain name ends in .local Is the inclusion of mac-rendevous/multicast dnsin recent builds the prob

  2. Some of our AD containers (LDAP OUs) have a space in their name.

below is an extract from debug.log followed by my jive-messenger.xml file

If anyone could help I would greatly appreciate it

Thanks

Gersh

2005.03.15 11:37:42 Created new LdapManager() instance, fields:

2005.03.15 11:37:42 host: mfeg-ex2k3.mfeg.local

2005.03.15 11:37:42 port: 389

2005.03.15 11:37:42 usernamefield: sAMAccountName

2005.03.15 11:37:42 baseDN: CN=Users,DC=MFEG,DC=local

2005.03.15 11:37:42 alternateBaseDN: null

2005.03.15 11:37:42 nameField: cn

2005.03.15 11:37:42 emailField: mail

2005.03.15 11:37:42 adminDN: CN=admin,CN=Users,DC=MFEG,DC=local

2005.03.15 11:37:42 adminPassword: oiduts

2005.03.15 11:37:42 searchFilter: (sAMAccountName=)

2005.03.15 11:37:42 ldapDebugEnabled: true

2005.03.15 11:37:42 sslEnabled: false

2005.03.15 11:37:42 initialContextFactory: com.sun.jndi.ldap.LdapCtxFactory

2005.03.15 11:37:42 connectionPoolEnabled: true

2005.03.15 11:37:42 autoFollowReferrals: false

2005.03.15 11:37:43 Loading plugin admin

2005.03.15 11:37:58 Trying to find a user’'s DN based on their username. sAMAccountName: admin, Base DN: CN=Users,DC=MFEG,DC=local…

2005.03.15 11:37:58 Creating a DirContext in LdapManager.getContext()…

2005.03.15 11:37:58 Created hashtable with context values, attempting to create context…

2005.03.15 11:37:59 … context created successfully, returning.

2005.03.15 11:37:59 Starting LDAP search…

<?xml version="1.0" encoding="UTF-8"?>

9090

9091

admin,JiveMsgr,Jive Msgr

en

mfeg-ex2k3.mfeg.local

389

sAMAccountName

cn

mail

CN=Users,DC=MFEG,DC=local

CN=admin,CN=Users,DC=MFEG,DC=local

*******

true

org.jivesoftware.messenger.ldap.LdapUserProvider

org.jivesoftware.messenger.ldap.LdapAuthProvider

org.jivesoftware.database.EmbeddedConnectionProvider

true

true

I think this might help you. It’'s from the FAQ in ldap-install.htm in the documentation folder in Jive

"I switched to LDAP and now cannot login to the admin console. What happened?

If you can no longer login to the admin console after switching, one of two things most likely happened:

By default, only the username “admin” is allowed to login to the admin console. Your directory may not contain a user with a username of “admin”. In that case, you should modify the list of usernames authorized to login to the admin console (see above).

You may have set the baseDN to an incorrect value. The LDAP module recursively searches for users under the node in the directory specified by the baseDN. When the baseDN is incorrect, no users will be found."

So try adding authorized users that exist in AD

Hi Hav

Thanks for the reply,

I tried other accounts first and only created the admin account in desparation…

there is another account listed in the authorized users section of my config file for which I have listed the cn name and the samaccountname. I couldn’'t login with that either…

I know the admin account works coz I’‘ve tested it using softerra’'s ldap browser…it log in fine using that…

Any other ideas??

I’‘d recommend downloading Softerra’'s free LDAP Browser from http://www.ldapbrowser.com/ and figure out how to log into AD with it. Once you can log in that way, replicate your settings in Jive and see what happens.

Cameron

I’‘ve already used softerra’‘s ldap browser, (sorry if my last post wasn’'t v. clear),

I can log in fine and get all a listing of all the Active Dir objects, but still have the problem with jive messanger, even when I cut and paste the credentials into jive from softerra.

I finally found the cause of my problem…

There is a conflict with the multicast DNS feature added recently, If your domain name ends in .local and you specify a .local host name in the config.xml file it fails. If you specify an IP address it works.

As .local is still used by several organisations (keeps traffic from being routed to the internet) Is it possible to have the multicast dns feature optional (eg a check box in the console once the server has been installed…)

Despite the ldap fun and games I’'m still very impressed with the software…and the fact that its being actively developed in conjuction with users is great…Keep up the good work

Gersh

Gersh,

Could you post some more details about what goes wrong when using a .local domain name? We can certainly allow people to turn off the multicast feature, but it would be even better to just find some fix for the issue.

Regards,

Matt

Gersh,

Could you post some more details about what goes

wrong when using a .local domain name? We can

certainly allow people to turn off the multicast

feature, but it would be even better to just find

some fix for the issue.

Regards,

Matt

Hi Matt, As soon as you setup ldap in the config.xml it won’‘t let you login to the admin console at all. It’'s as If you have got the base.dn wrong or you have not added the user to the Authorized user section of config.xml

The end result is the browser ends up just waiting for a response, wating for the page to load/refresh.

Hope this helps

Gersh