LDAP authentication doesn''t work if usernameField is "uid"

Matheus_Costa_Leite · September 1, 2006, 9:56pm

Hi, I am trying to integrante Wildfire 3.0.1 with OpenLDAP, and it is being a nightmare.

The problem is that I can’'t login to the admin console (“Login failed: make sure your username and password are correct…”) if the usernameField is set to the default value, “uid”. However, I can login in the admin console normally if the usernameField is set to “cn”, for example. I have verified that all LDAP users have both a “cn” and a “uid” properties. I have tried to enable other authorized users to login, with the same result.

Any help is greatly appreciated.

Matheus

Adam_Hammond · September 1, 2006, 10:15pm

I have it set up to use “uid” and it works fine. Question…do you have any strange characters in your uids? Wildfire only supports basic letters and numbers, no symbols…although I am hoping that this will change in 3.1.0 (out next week).

Matheus_Costa_Leite · September 1, 2006, 10:18pm

No, the uid values only have regular characters. In fact my nickname here, “matheus”, is an existing uid in my LDAP server

Adam_Hammond · September 1, 2006, 10:25pm

This works:

<ldap>     <host>ldap.example.com</host>      <port>636</port>      <usernameField>uid</usernameField>      <nameField>cn</nameField>      <emailField>mail</emailField>      <baseDN>ou=ldap,o=example.com</baseDN>      <adminDN></adminDN>      <adminPassword></adminPassword>      <searchFilter><![CDATA[(&(objectclass=person)(uid={0}))\]\]\></searchFilter>      <sslEnabled>true</sslEnabled>    </ldap>    <provider>     <user>       <className>org.jivesoftware.wildfire.ldap.LdapUserProvider</className>     </user>      <auth>       <className>org.jivesoftware.wildfire.ldap.LdapAuthProvider</className>     </auth>    </provider>

Not sure whether it’'s of any help to you

Matheus_Costa_Leite · September 1, 2006, 10:32pm

Please, what does the tag do?

Adam_Hammond · September 2, 2006, 6:57pm

It selects all records where the objectclass is “person” and the uid of that record is . is substituted by Wildfire as needed.

hans_moser1 · September 4, 2006, 9:35am

@ matheus:

If you still have problems, start slapd with loglevel 489 and post the relevant part here.

Matheus_Costa_Leite · September 4, 2006, 7:11pm

Hi Moser, I pasted below the log that you asked for. I can’'t understand most of it. This log was generated when I tried to login with the ‘‘matheus’’ account.

Here is the relevant part of my wildfire.xml:

<ldap>

<host>### EDITED ###</host>

<baseDN>dc=mindsatwork,dc=com,dc=br</baseDN>

</ldap>

<user>

<className>org.jivesoftware.wildfire.ldap.LdapUserProvider</className& gt;

</user>

<auth>

<className>org.jivesoftware.wildfire.ldap.LdapAuthProvider</className& gt;

</auth>

</provider>

Sep 4 15:47:01 selma slapd[9913]: daemon: activity on 1 descriptors

Sep 4 15:47:01 selma slapd[9913]: daemon: activity on:

Sep 4 15:47:01 selma slapd[9913]: 15r

Sep 4 15:47:01 selma slapd[9913]:

Sep 4 15:47:01 selma slapd[9913]: daemon: read activity on 15

Sep 4 15:47:01 selma slapd[9913]: connection_get(15): got connid=4

Sep 4 15:47:02 selma slapd[9913]: connection_read(15): checking for input on id=4

Sep 4 15:47:02 selma slapd[9913]: ber_get_next on fd 15 failed errno=11 (Resource temporarily unavailable)

Sep 4 15:47:02 selma slapd[9913]: daemon: select: listen=6 active_threads=0 tvp=NULL

Sep 4 15:47:02 selma slapd[9913]: daemon: select: listen=7 active_threads=0 tvp=NULL

Sep 4 15:47:02 selma slapd[9913]: do_search

Sep 4 15:47:02 selma slapd[9913]: >>> dnPrettyNormal: <dc=mindsatwork,dc=com,dc=br>

Sep 4 15:47:02 selma slapd[9913]: <<< dnPrettyNormal: <dc=mindsatwork,dc=com,dc=br>, <dc=mindsatwork,dc=com,dc=br>

Sep 4 15:47:02 selma slapd[9913]: begin get_filter

Sep 4 15:47:02 selma slapd[9913]: AND

Sep 4 15:47:02 selma slapd[9913]: begin get_filter_list

Sep 4 15:47:02 selma slapd[9913]: begin get_filter

Sep 4 15:47:02 selma slapd[9913]: EQUALITY

Sep 4 15:47:02 selma slapd[9913]: end get_filter 0

Sep 4 15:47:02 selma slapd[9913]: begin get_filter

Sep 4 15:47:02 selma slapd[9913]: EQUALITY

Sep 4 15:47:02 selma slapd[9913]: end get_filter 0

Sep 4 15:47:02 selma slapd[9913]: end get_filter_list

Sep 4 15:47:02 selma slapd[9913]: end get_filter 0

Sep 4 15:47:02 selma slapd[9913]: => get_ctrls

Sep 4 15:47:02 selma slapd[9913]: => get_ctrls: oid=“2.16.840.1.113730.3.4.2” (noncritical)

Sep 4 15:47:02 selma slapd[9913]: <= get_ctrls: n=1 rc=0 err=""

Sep 4 15:47:02 selma slapd[9913]: conn=4 op=3 SRCH base=“dc=mindsatwork,dc=com,dc=br” scope=2 deref=3 filter="(&(objectClass=person)(uid=matheus))"

Sep 4 15:47:02 selma slapd[9913]: conn=4 op=3 SRCH attr=uid

Sep 4 15:47:02 selma slapd[9913]: ==> limits_get: conn=4 op=3 dn="[anonymous]"

Sep 4 15:47:02 selma slapd[9913]: => bdb_search

Sep 4 15:47:02 selma slapd[9913]: bdb_dn2entry(“dc=mindsatwork,dc=com,dc=br”)

Sep 4 15:47:02 selma slapd[9913]: search_candidates: base=“dc=mindsatwork,dc=com,dc=br” (0x00000001) scope=2

Sep 4 15:47:02 selma slapd[9913]: => bdb_filter_candidates

Sep 4 15:47:02 selma slapd[9913]: ^IEQUALITY

Sep 4 15:47:02 selma slapd[9913]: => bdb_equality_candidates (objectClass)

Sep 4 15:47:02 selma slapd[9913]: => key_read

Sep 4 15:47:02 selma slapd[9913]: <= bdb_index_read: failed (-30990)

Sep 4 15:47:02 selma slapd[9913]: <= bdb_equality_candidates: id=0, first=0, last=0

Sep 4 15:47:02 selma slapd[9913]: <= bdb_filter_candidates: id=0 first=0 last=0

Sep 4 15:47:02 selma slapd[9913]: => bdb_dn2idl( “dc=mindsatwork,dc=com,dc=br” )

Sep 4 15:47:02 selma slapd[9913]: => bdb_filter_candidates

Sep 4 15:47:02 selma slapd[9913]: ^IAND

Sep 4 15:47:02 selma slapd[9913]: => bdb_list_candidates 0xa0

Sep 4 15:47:02 selma slapd[9913]: => bdb_filter_candidates

Sep 4 15:47:02 selma slapd[9913]: ^IAND

Sep 4 15:47:02 selma slapd[9913]: => bdb_list_candidates 0xa0

Sep 4 15:47:02 selma slapd[9913]: => bdb_filter_candidates

Sep 4 15:47:02 selma slapd[9913]: ^IEQUALITY

Sep 4 15:47:02 selma slapd[9913]: => bdb_equality_candidates (objectClass)

Sep 4 15:47:02 selma slapd[9913]: => key_read

Sep 4 15:47:02 selma slapd[9913]: <= bdb_index_read 10 candidates

Sep 4 15:47:02 selma slapd[9913]: <= bdb_equality_candidates: id=10, first=26, last=108

Sep 4 15:47:02 selma slapd[9913]: <= bdb_filter_candidates: id=10 first=26 last=108

Sep 4 15:47:02 selma slapd[9913]: => bdb_filter_candidates

Sep 4 15:47:02 selma slapd[9913]: ^IEQUALITY

Sep 4 15:47:02 selma slapd[9913]: => bdb_equality_candidates (uid)

Sep 4 15:47:02 selma slapd[9913]: => key_read

Sep 4 15:47:02 selma slapd[9913]: <= bdb_index_read 1 candidates

Sep 4 15:47:02 selma slapd[9913]: <= bdb_equality_candidates: id=1, first=108, last=108

Sep 4 15:47:02 selma slapd[9913]: <= bdb_filter_candidates: id=1 first=108 last=108

Sep 4 15:47:02 selma slapd[9913]: <= bdb_list_candidates: id=1 first=108 last=108

Sep 4 15:47:02 selma slapd[9913]: <= bdb_filter_candidates: id=1 first=108 last=108

Sep 4 15:47:02 selma slapd[9913]: <= bdb_list_candidates: id=1 first=108 last=108

Sep 4 15:47:02 selma slapd[9913]: <= bdb_filter_candidates: id=1 first=108 last=108

Sep 4 15:47:02 selma slapd[9913]: bdb_search_candidates: id=1 first=108 last=108

Sep 4 15:47:02 selma slapd[9913]: => test_filter

Sep 4 15:47:02 selma slapd[9913]: AND

Sep 4 15:47:02 selma slapd[9913]: => test_filter_and

Sep 4 15:47:02 selma slapd[9913]: => test_filter

Sep 4 15:47:02 selma slapd[9913]: EQUALITY

Sep 4 15:47:02 selma slapd[9913]: => access_allowed: search access to “uid=matheus,dc=mindsatwork,dc=com,dc=br” “objectClass” requested

Sep 4 15:47:02 selma slapd[9913]: => dn:

Sep 4 15:47:02 selma slapd[9913]: => acl_get: attr objectClass

Sep 4 15:47:02 selma slapd[9913]: => acl_mask: access to entry “uid=matheus,dc=mindsatwork,dc=com,dc=br”, attr “objectClass” requested

Sep 4 15:47:02 selma slapd[9913]: => acl_mask: to value by “”, (=n)

Sep 4 15:47:02 selma slapd[9913]: <= check a_dn_pat: cn=admin,dc=mindsatwork,dc=com,dc=br

Sep 4 15:47:02 selma slapd[9913]: <= check a_dn_pat: *

Sep 4 15:47:02 selma slapd[9913]: <= acl_mask: applying read(=rscx) (stop)

Sep 4 15:47:02 selma slapd[9913]: <= acl_mask: mask: read(=rscx)

Sep 4 15:47:02 selma slapd[9913]: => access_allowed: search access granted by read(=rscx)

Sep 4 15:47:02 selma slapd[9913]: <= test_filter 6

Sep 4 15:47:02 selma slapd[9913]: => test_filter

Sep 4 15:47:02 selma slapd[9913]: EQUALITY

Sep 4 15:47:02 selma slapd[9913]: => access_allowed: search access to “uid=matheus,dc=mindsatwork,dc=com,dc=br” “uid” requested

Sep 4 15:47:02 selma slapd[9913]: => dn:

Sep 4 15:47:02 selma slapd[9913]: => acl_get: attr uid

Sep 4 15:47:02 selma slapd[9913]: => acl_mask: access to entry “uid=matheus,dc=mindsatwork,dc=com,dc=br”, attr “uid” requested

Sep 4 15:47:02 selma slapd[9913]: => acl_mask: to value by “”, (=n)

Sep 4 15:47:02 selma slapd[9913]: <= check a_dn_pat: cn=admin,dc=mindsatwork,dc=com,dc=br

Sep 4 15:47:02 selma slapd[9913]: <= check a_dn_pat: *

Sep 4 15:47:02 selma slapd[9913]: <= acl_mask: applying read(=rscx) (stop)

Sep 4 15:47:02 selma slapd[9913]: <= acl_mask: mask: read(=rscx)

Sep 4 15:47:02 selma slapd[9913]: => access_allowed: search access granted by read(=rscx)

Sep 4 15:47:02 selma slapd[9913]: <= test_filter 6

Sep 4 15:47:02 selma slapd[9913]: <= test_filter_and 6

Sep 4 15:47:02 selma slapd[9913]: <= test_filter 6

Sep 4 15:47:02 selma slapd[9913]: => send_search_entry: dn=“uid=matheus,dc=mindsatwork,dc=com,dc=br”

Sep 4 15:47:02 selma slapd[9913]: => access_allowed: read access to “uid=matheus,dc=mindsatwork,dc=com,dc=br” “entry” requested

Sep 4 15:47:02 selma slapd[9913]: => dn:

Sep 4 15:47:02 selma slapd[9913]: => acl_get: attr entry

Sep 4 15:47:02 selma slapd[9913]: => acl_mask: access to entry “uid=matheus,dc=mindsatwork,dc=com,dc=br”, attr “entry” requested

Sep 4 15:47:02 selma slapd[9913]: => acl_mask: to all values by “”, (=n)

Sep 4 15:47:02 selma slapd[9913]: <= check a_dn_pat: cn=admin,dc=mindsatwork,dc=com,dc=br

Sep 4 15:47:02 selma slapd[9913]: <= check a_dn_pat: *

Sep 4 15:47:02 selma slapd[9913]: <= acl_mask: applying read(=rscx) (stop)

Sep 4 15:47:02 selma slapd[9913]: <= acl_mask: mask: read(=rscx)

Sep 4 15:47:02 selma slapd[9913]: => access_allowed: read access granted by read(=rscx)

Sep 4 15:47:02 selma slapd[9913]: => access_allowed: read access to “uid=matheus,dc=mindsatwork,dc=com,dc=br” “uid” requested

Sep 4 15:47:02 selma slapd[9913]: => dn:

Sep 4 15:47:02 selma slapd[9913]: => acl_get: attr uid

Sep 4 15:47:02 selma slapd[9913]: access_allowed: no res from state (uid)

Sep 4 15:47:02 selma slapd[9913]: => acl_mask: access to entry “uid=matheus,dc=mindsatwork,dc=com,dc=br”, attr “uid” requested

Sep 4 15:47:02 selma slapd[9913]: => acl_mask: to value by “”, (=n)

Sep 4 15:47:02 selma slapd[9913]: <= check a_dn_pat: cn=admin,dc=mindsatwork,dc=com,dc=br

Sep 4 15:47:02 selma slapd[9913]: <= check a_dn_pat: *

Sep 4 15:47:02 selma slapd[9913]: <= acl_mask: applying read(=rscx) (stop)

Sep 4 15:47:02 selma slapd[9913]: <= acl_mask: mask: read(=rscx)

Sep 4 15:47:02 selma slapd[9913]: => access_allowed: read access granted by read(=rscx)

Sep 4 15:47:02 selma slapd[9913]: <= send_search_entry

Sep 4 15:47:02 selma slapd[9913]: send_ldap_result: conn=4 op=3 p=3

Sep 4 15:47:02 selma slapd[9913]: send_ldap_response: msgid=4 tag=101 err=0

Sep 4 15:47:02 selma slapd[9913]: conn=4 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text=

Sep 4 15:47:02 selma slapd[9913]: daemon: activity on 1 descriptors

Sep 4 15:47:02 selma slapd[9913]: daemon: new connection on 18

Sep 4 15:47:02 selma slapd[9913]: conn=11 fd=18 ACCEPT from IP=### EDITED ###:25441 (IP=0.0.0.0:389)

Sep 4 15:47:02 selma slapd[9913]: daemon: added 18r

Sep 4 15:47:02 selma slapd[9913]: daemon: activity on:

Sep 4 15:47:02 selma slapd[9913]:

Sep 4 15:47:02 selma slapd[9913]: daemon: select: listen=6 active_threads=0 tvp=NULL

Sep 4 15:47:02 selma slapd[9913]: daemon: select: listen=7 active_threads=0 tvp=NULL

Sep 4 15:47:02 selma slapd[9913]: daemon: activity on 1 descriptors

Sep 4 15:47:02 selma slapd[9913]: daemon: activity on:

Sep 4 15:47:02 selma slapd[9913]: 18r

Sep 4 15:47:02 selma slapd[9913]:

Sep 4 15:47:02 selma slapd[9913]: daemon: read activity on 18

Sep 4 15:47:02 selma slapd[9913]: connection_get(18): got connid=11

Sep 4 15:47:02 selma slapd[9913]: connection_read(18): checking for input on id=11

Sep 4 15:47:02 selma slapd[9913]: ber_get_next on fd 18 failed errno=11 (Resource temporarily unavailable)

Sep 4 15:47:02 selma slapd[9913]: daemon: select: listen=6 active_threads=0 tvp=NULL

Sep 4 15:47:03 selma slapd[9913]: daemon: select: listen=7 active_threads=0 tvp=NULL

Sep 4 15:47:03 selma slapd[9913]: do_bind

Sep 4 15:47:03 selma slapd[9913]: >>> dnPrettyNormal: <uid=“matheus”,dc=mindsatwork,dc=com,dc=br>

Sep 4 15:47:03 selma slapd[9913]: <<< dnPrettyNormal: <uid=matheus,dc=mindsatwork,dc=com,dc=br>, <uid=matheus,dc=mindsatwork,dc=com,dc=br>

Sep 4 15:47:03 selma slapd[9913]: do_bind: version=3 dn=“uid=matheus,dc=mindsatwork,dc=com,dc=br” method=128

Sep 4 15:47:03 selma slapd[9913]: conn=11 op=0 BIND dn=“uid=matheus,dc=mindsatwork,dc=com,dc=br” method=128

Sep 4 15:47:03 selma slapd[9913]: bdb_dn2entry(“uid=matheus,dc=mindsatwork,dc=com,dc=br”)

Sep 4 15:47:03 selma slapd[9913]: => access_allowed: auth access to “uid=matheus,dc=mindsatwork,dc=com,dc=br” “userPassword” requested

Sep 4 15:47:03 selma slapd[9913]: => acl_get: attr userPassword

Sep 4 15:47:03 selma slapd[9913]: => acl_mask: access to entry “uid=matheus,dc=mindsatwork,dc=com,dc=br”, attr “userPassword” requested

Sep 4 15:47:03 selma slapd[9913]: => acl_mask: to all values by “”, (=n)

Sep 4 15:47:03 selma slapd[9913]: <= check a_dn_pat: cn=admin,dc=mindsatwork,dc=com,dc=br

Sep 4 15:47:03 selma slapd[9913]: <= check a_dn_pat: anonymous

Sep 4 15:47:03 selma slapd[9913]: <= acl_mask: applying auth(=x) (stop)

Sep 4 15:47:03 selma slapd[9913]: <= acl_mask: mask: auth(=x)

Sep 4 15:47:03 selma slapd[9913]: => access_allowed: auth access granted by auth(=x)

Sep 4 15:47:03 selma slapd[9913]: send_ldap_result: conn=11 op=0 p=3

Sep 4 15:47:03 selma slapd[9913]: send_ldap_response: msgid=1 tag=97 err=49

Sep 4 15:47:03 selma slapd[9913]: conn=11 op=0 RESULT tag=97 err=49 text=

Sep 4 15:47:03 selma slapd[9913]: daemon: activity on 1 descriptors

Sep 4 15:47:03 selma slapd[9913]: daemon: activity on:

Sep 4 15:47:03 selma slapd[9913]: 18r

Sep 4 15:47:03 selma slapd[9913]:

Sep 4 15:47:03 selma slapd[9913]: daemon: read activity on 18

Sep 4 15:47:03 selma slapd[9913]: connection_get(18): got connid=11

Sep 4 15:47:03 selma slapd[9913]: connection_read(18): checking for input on id=11

Sep 4 15:47:03 selma slapd[9913]: ber_get_next on fd 18 failed errno=0 (Success)

Sep 4 15:47:03 selma slapd[9913]: connection_read(18): input error=-2 id=11, closing.

Sep 4 15:47:03 selma slapd[9913]: connection_closing: readying conn=11 sd=18 for close

Sep 4 15:47:03 selma slapd[9913]: connection_close: conn=11 sd=18

Sep 4 15:47:03 selma slapd[9913]: daemon: removing 18

Sep 4 15:47:03 selma slapd[9913]: conn=11 fd=18 closed

Sep 4 15:47:03 selma slapd[9913]: daemon: select: listen=6 active_threads=0 tvp=NULL

Sep 4 15:47:03 selma slapd[9913]: daemon: select: listen=7 active_threads=0 tvp=NULL

Sep 4 15:47:03 selma slapd[9913]: daemon: activity on 1 descriptors

Sep 4 15:47:03 selma slapd[9913]: daemon: select: listen=6 active_threads=0 tvp=NULL

Sep 4 15:47:03 selma slapd[9913]: daemon: select: listen=7 active_threads=0 tvp=NULL

Stephan · September 5, 2006, 9:57am

I use for searchFilter: