LDAP error / anonymous bind?

Openfire Openfire Support
1

Hello, I’‘m trying to run Wildfire on MacOS X 10.4.6 and integrate with OpenLDAP 2.2.28. I’‘ve followed all the documentation and I’‘m seemingly stuck. It looks like an LDAP error, but I’‘m beginning to think it’‘s not because I added “allow bind_anon_cred” to my slapd.conf which should permit anonymous binds, but I’‘m seeing the same results from Wildfire’'s debug.log even with that option turned on. Has anybody run up against this before?

I’'m trying to authenticate a new user called “test.user” with DN “uid=test.user,ou=people,dc=mydomain,dc=com”. The IM client is iChat AV configured to use SSL. I get the following error:

2006.05.30 05:53:26 SSL Connect b310f2[SSL_NULL_WITH_NULL_NULL: Socket[addr=/127.0.0.1,port=50374,localport=5223]]

2006.05.30 05:53:30 Trying to find a user’'s DN based on their username. uid: test.user, Base DN: ou=people,dc=triplextech,dc=com…

2006.05.30 05:53:30 Creating a DirContext in LdapManager.getContext()…

2006.05.30 05:53:30 Created hashtable with context values, attempting to create context…

2006.05.30 05:53:30 Exception thrown when searching for userDN based on username ‘‘andrew.mcconnell’’

javax.naming.OperationNotSupportedException: LDAP: error code 53 - unauthenticated bind (DN with no password) disallowed

at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3058)

at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2931)

at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2732)

at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2646)

at com.sun.jndi.ldap.LdapCtx.

2

Sorry, I was trying to protect my anonymity by manually changing the log entries to remove my username and domain. Looks like I mucked it instead. The real user is uid=andrew.mcconnell,ou=people,dc=triplextech,dc=com, the real JID is andrew.mcconnell@triplextech.com and the server is triplextech.com (which is my localhost).

The actual log messages are below.

2006.05.30 05:53:26 SSL Connect b310f2[SSL_NULL_WITH_NULL_NULL: Socket[addr=/127.0.0.1,port=50374,localport=5223]]

2006.05.30 05:53:30 Trying to find a user’'s DN based on their username. uid: andrew.mcconnell, Base DN: ou=people,dc=triplextech,dc=com…

2006.05.30 05:53:30 Creating a DirContext in LdapManager.getContext()…

2006.05.30 05:53:30 Created hashtable with context values, attempting to create context…

2006.05.30 05:53:30 Exception thrown when searching for userDN based on username ‘‘andrew.mcconnell’’

javax.naming.OperationNotSupportedException: LDAP: error code 53 - unauthenticated bind (DN with no password) disallowed

at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3058)

at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2931)

at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2732)

at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2646)

at com.sun.jndi.ldap.LdapCtx.

3

Why are you attempting to create an un-authenticated bind? why not create an account that can browse the LDAP, and use it to authenticate to. The error javax.naming.OperationNotSupportedException: LDAP: error code 53 - unauthenticated bind (DN with no password) disallowed

sort of tells the tale here.

Create a Jabber_User account or some such and allow it access to see and browse the LDAP. This will fix your problem, and makes it a little more secure in that you are not having to use a ‘‘real’’ account and you are using authentication instead of anonymous.

Jeff