powered by Jive Software

LDAP auth with both user and group membership

Hi,

I’'m probably missing something in the documentation - but am not seeing how to accomplish authentication

how we want. First, I’'m running Wildfire 3.2.3 authenticating to an OpenLDAP directory. I have basic user

authentication working so I’‘m most of the way there. Here’'s what I want to do:

Uid authenticating to something like ou=people,ou=chatserver,ou=host,o=ldapsvc,dc=bar,dc=foo

and from the “people” branch my users can authenticate as we stand. However, now I want to allow only

users in a group in an LDAP branch looking like

memberUid found in cn=staff,ou=PosixGroup,ou=chatserver,ou=host,o=ldapsvc,dc=bar,dc=foo

As I said, my users in the Uid branch are getting on fine, but how do I also test for group membership

(memberUid) in my group branch as stated above? My baseDN is set to

ou=chatserver,ou=host,o=ldapsvc,dc=bar,dc=foo

with the “Search Field” set to ou=people.

How/where do I configure the group requirement?

Thanks very much,

Ray

if you want to restrict access to only those in a certain LDAP group, you can edit the openfire.xml file under conf to have something like this:

Hopefully that is what you are after.

Thank you for the response. I’‘m not sure if this filter is exactly what will work. It isn’'t working, btw. The second

“part” of it looks good - I’'m wondering about the “objectClass=organizationalPerson” part. Is “organizationalPerson”

an Active Directory -specific value? Since everything to the right of this bit looks right, I’'m wondering if I need

to change “organizationalPerson” to something else?

Thanks again for the help, it seems like this should work, I can only wonder about the exact syntax here.

Hi I tried the following:

[/code]

When i set this as search filter in the adminpanel all seems fine, i can see exactly the users of this group. But after shuting down openfire and start it up again i cannot login with my admin user, after removing the searchfilter from the XML File it works again.

The Error:

2007.08.17 19:54:44

org.jivesoftware.openfire.auth.UnauthorizedException: org.jivesoftware.openfire.user.UserNotFoundException: Username dschwan not found

at org.jivesoftware.openfire.ldap.LdapAuthProvider.authenticate(LdapAuthProvider.j ava:109)

at org.jivesoftware.openfire.auth.AuthFactory.authenticate(AuthFactory.java:149)

at org.jivesoftware.openfire.admin.login_jsp._jspService(login_jsp.java:135)

at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)

at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:491)

at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1074)

at com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:39)

at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1065)

at org.jivesoftware.util.LocaleFilter.doFilter(LocaleFilter.java:65)

at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1065)

at org.jivesoftware.util.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingF ilter.java:41)

at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1065)

at org.jivesoftware.admin.PluginFilter.doFilter(PluginFilter.java:69)

at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1065)

at org.jivesoftware.admin.AuthCheckFilter.doFilter(AuthCheckFilter.java:98)

at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1065)

at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:365)

at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:185)

at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181)

at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:689)

at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:391)

at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollect ion.java:146)

at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114)

at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:139)

at org.mortbay.jetty.Server.handle(Server.java:285)

at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:457)

at org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:765 )

at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:627)

at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:209)

at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:357)

at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:329)

at org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:475)

Caused by: org.jivesoftware.openfire.user.UserNotFoundException: Username dschwan not found

at org.jivesoftware.openfire.ldap.LdapManager.findUserDN(LdapManager.java:626)

at org.jivesoftware.openfire.ldap.LdapManager.findUserDN(LdapManager.java:554)

at org.jivesoftware.openfire.ldap.LdapAuthProvider.authenticate(LdapAuthProvider.j ava:95)

… 32 more

/quote