powered by Jive Software

Help with LDAP User searchFilter

Openfire 3.6.4

SBS 2003 Server

In an attempt to prevent the server from seeing disabled accounts, I’ve modified my searchFilter.

I’m using “(&(objectClass=organizationalPerson)(!userAccountControl=514))”. When I test this query using LDP or other LDAP query tool, I get the expected results. Openfire throws this [1] exception.

If I just use “(objectClass=organizationalPerson)” it works, but just “(!userAccountControl=514)” does not. This leads me to think that the exception isn’t telling the full story.

In an effort to see if perhaps it was a security issue (something others have mentioned causes weird behavior - see “memberOf” in the discussions), I’ve tried using the Administrator account, and that’s how I’ve currently got it setup. Still getting the same error.

Any help would be greatly appreciated.

  • rb

[1]

javax.naming.directory.InvalidSearchFilterException: Unbalanced parenthesis; remaining name '' at com.sun.jndi.ldap.Filter.findRightParen(Unknown Source) at com.sun.jndi.ldap.Filter.encodeFilterList(Unknown Source) at com.sun.jndi.ldap.Filter.encodeComplexFilter(Unknown Source) at com.sun.jndi.ldap.Filter.encodeFilter(Unknown Source) at com.sun.jndi.ldap.Filter.encodeFilterList(Unknown Source) at com.sun.jndi.ldap.Filter.encodeComplexFilter(Unknown Source) at com.sun.jndi.ldap.Filter.encodeFilter(Unknown Source) at com.sun.jndi.ldap.Filter.encodeFilterList(Unknown Source) at com.sun.jndi.ldap.Filter.encodeComplexFilter(Unknown Source) at com.sun.jndi.ldap.Filter.encodeFilter(Unknown Source) at com.sun.jndi.ldap.Filter.encodeFilterString(Unknown Source) at com.sun.jndi.ldap.LdapClient.search(Unknown Source) at com.sun.jndi.ldap.LdapCtx.doSearch(Unknown Source) at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source) at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source) at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source) at javax.naming.directory.InitialDirContext.search(Unknown Source) at org.jivesoftware.openfire.ldap.LdapManager.findUserDN(LdapManager.java:700) at org.jivesoftware.openfire.ldap.LdapManager.findUserDN(LdapManager.java:637) at org.jivesoftware.openfire.admin.setup.setup_002dadmin_002dsettings_jsp._jspService(setup_002dadmin_002dsettings_jsp.java:176) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97) at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:487) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1093) at com.opensymphony.module.sitemesh.filter.PageFilter.parsePage(PageFilter.java:118) at com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:52) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084) at org.jivesoftware.util.LocaleFilter.doFilter(LocaleFilter.java:66) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084) at org.jivesoftware.util.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:42) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084) at org.jivesoftware.admin.PluginFilter.doFilter(PluginFilter.java:70) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084) at org.jivesoftware.admin.AuthCheckFilter.doFilter(AuthCheckFilter.java:146) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084) at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:360) at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216) at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181) at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:726) at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:405) at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:206) at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114) at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152) at org.mortbay.jetty.Server.handle(Server.java:324) at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:505) at org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:843) at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:648) at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:211) at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:380) at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:395) at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:488)
Created new LdapManager() instance, fields:
  host: [host.domain.local]
  port: 389
  usernamefield: sAMAccountName
  usernameSuffix:   baseDN: OU="SBSUsers",OU="Users",OU="MyBusiness",DC="domain",DC="local"
  alternateBaseDN: null
  nameField: cn
  emailField: mail
  adminDN: Administrator@domain.local
  adminPassword: password
  searchFilter: (&(objectClass=organizationalPerson)(!userAccountControl=514))
  subTreeSearch:true
  ldapDebugEnabled: true
  sslEnabled: false
  initialContextFactory: com.sun.jndi.ldap.LdapCtxFactory
  connectionPoolEnabled: false
  autoFollowReferrals: false
  autoFollowAliasReferrals: true
  groupNameField: cn
  groupMemberField: member
  groupDescriptionField: description
  posixMode: false
  groupSearchFilter: null

I figure after several months patiently waiting for a reply, it’s acceptable to bump my own topic.

bump

  • rb