powered by Jive Software

LDAP Authentication

Running 2.1.5 on a Windows 2003 box in a Windows AD domain. LDAP authentication fails when OU has a “/” in it. In the admin console the users of this OU can be seen but when they try to login the authentication fails ( See debug log below ). I was able to rename the OU with a space instead of slash “/” and authentication works now. Will this be fixed in a later release?

2005.06.23 07:59:59 SSL Connect 38d460[SSL_NULL_WITH_NULL_NULL: Socket[addr=/x.x.x.57,port=1179,localport=5223]]

2005.06.23 08:00:00 Trying to find a user’'s DN based on their username. sAMAccountName: xtestuser, Base DN: OU= X Users,DC=ad,DC=domain,DC=com…

2005.06.23 08:00:00 Creating a DirContext in LdapManager.getContext()…

2005.06.23 08:00:00 Created hashtable with context values, attempting to create context…

2005.06.23 08:00:00 … context created successfully, returning.

2005.06.23 08:00:00 Starting LDAP search…

2005.06.23 08:00:00 … search finished

2005.06.23 08:00:00 In LdapManager.checkAuthentication(userDN, password), userDN is: “CN=XTestuser,OU=Contracters/Temps”…

2005.06.23 08:00:00 Created context values, attempting to create context…

2005.06.23 08:00:00 Caught a naming exception when creating InitialContext

javax.naming.AuthenticationException: LDAP: error code 49 - 80090308: LdapErr: DSID-0C09030F, comment: AcceptSecurityContext error, data 525, vece

at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)

at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)

at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)

at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)

at com.sun.jndi.ldap.LdapCtx.(Unknown Source)

at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)

at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)

at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)

at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)

at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)

at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)

at javax.naming.InitialContext.init(Unknown Source)

at javax.naming.InitialContext.(Unknown Source)

at javax.naming.directory.InitialDirContext.(Unknown Source)

at org.jivesoftware.messenger.ldap.LdapManager.checkAuthentication(LdapManager.jav a:281)

at org.jivesoftware.messenger.ldap.LdapAuthProvider.authenticate(LdapAuthProvider. java:91)

at org.jivesoftware.messenger.auth.AuthFactory.authenticate(AuthFactory.java:97)

at org.jivesoftware.messenger.handler.IQAuthHandler.login(IQAuthHandler.java:221)

at org.jivesoftware.messenger.handler.IQAuthHandler.handleIQ(IQAuthHandler.java:14 1)

at org.jivesoftware.messenger.handler.IQHandler.process(IQHandler.java:48)

at org.jivesoftware.messenger.IQRouter.handle(IQRouter.java:202)

at org.jivesoftware.messenger.IQRouter.route(IQRouter.java:73)

at org.jivesoftware.messenger.PacketRouter.route(PacketRouter.java:65)

at org.jivesoftware.messenger.net.SocketReadThread.readStream(SocketReadThread.jav a:285)

at org.jivesoftware.messenger.net.SocketReadThread.run(SocketReadThread.java:105)

2005.06.23 08:00:00 Logging off jive.domain.com/84903556 on org.jivesoftware.messenger.net.SocketConnection@feecca socket: 38d460[SSL_RSA_WITH_RC4_128_MD5: Socket[addr=/x.x.x.57,port=1179,localport=5223]] session: org.jivesoftware.messenger.ClientSession@6bd9e0 status: 1 address: jive.domain.com/84903556 id: 84903556 presence:

I think the / has special meaning in JNDI so you need to escape it with a \2f. See http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adsi/adsi/searc h_filter_syntax.asp for more details regarding special characters.

That was it. Thanks.