"Invalid username or password" but works after repeated attempts

New install of Openfire 3.6.4 on Ubuntu 9. Using Active Directory for authentication. Client is Spark 2.5.8.

I’ll attempt to login and get login error message “Invalid username or password”. I just keep trying with the same user/pass (same as Windows login) and it will eventually work after a few attempts. Any ideas how to fix this? Overall, everything works fine. Just this one very annoying problem that you have to try to login several times before it will work. Sometimes it works first try. Just seems random.

Update: The web admin console exhibits the same behavior.

From debug log (altered personalized info):

2009.07.10 14:25:33 LdapManager: Trying to find a user’s DN based on their username. sAMAccountName: myUsername, Base DN: dc=“myDomain”,dc=“myDC”,dc=“com”…
2009.07.10 14:25:33 LdapManager: Creating a DirContext in LdapManager.getContext()…
2009.07.10 14:25:33 LdapManager: Created hashtable with context values, attempting to create context…
2009.07.10 14:25:33 LdapManager: … context created successfully, returning.
2009.07.10 14:25:33 LdapManager: Starting LDAP search…
2009.07.10 14:25:33 LdapManager: … search finished
2009.07.10 14:25:33 LdapManager: In LdapManager.checkAuthentication(userDN, password), userDN is: CN=“Lastname, Firstname”,OU=“ou1”,OU=“ou2”,OU=“ou3”,OU=“ou4”,OU=“ou5”…
2009.07.10 14:25:33 LdapManager: Created context values, attempting to create context…
2009.07.10 14:25:43 LdapManager: Caught a naming exception when creating InitialContext
javax.naming.CommunicationException: myDomain.myDC.com:389 [Root exception is java.net.SocketTimeoutException: connect timed out]
at com.sun.jndi.ldap.Connection.(Connection.java:197)

So it appears to just timeout sometimes. Make sense since it returns the “invalid username” message after a bit of a delay. When it works, it’s immediate. So what could be causing random timeouts?

Hello.

Is your Ldap contain more than 1000 users ?

By defaultMS ActiveDirectory limit to 1000 reponses… In order to limit the number of response, try to use group Filtering…

Can you browse your Ldap quickly with ldapBrowser ?

If results appears slowly, it’s maybe a perf problem…

Oliv’.