LDAP issue

I’‘ve got a question, trying to integrate Jive with our Active Directory system. So far so good (thanks to the excellent threads here on this message board), Jive can query the AD at will, and all is well. The problem, however, is that all our user names in AD, contain spaces (ie Bill Roland is my user name in AD). Jive does not seem to be able to cope with this. Indeed, even when I search the AD, no names that contain spaces appear. This seems to be a major limitation, as I know several others who do the same thing regarding user names. Is this a bug or just a limitation of the software? I have searched extensively on this forum but I can’'t see where anybody else has complained about it. Any help would be appreciated, its a great product and I certainly want to be able to leverage the AD with it. Thanks in advance for your help.

Bill,

This is a limitation of the XMPP specification. An address (JID) is:

node@domain/resource

such as sally@example.com/Home

The node portion is what we’'re interested in for this case. Nodes must obey the “nodeprep” stringprep profile. Basically, that just limits what characters are valid in a node. Spaces are one of the characters that are not allowed. There are a few things you could do to work around this:

  1. Use a different attribute in AD for usernames. I’'m not sure if this exists in your system. The name might be “Sally Smith” but the username could be “ssmith”.

  2. Modify the code slightly to remove spaces in usernames. So, “Sally Smith” would become “SallySmith”. Handling this is a bit tricky. When getting a list of names, it’'s easy to remove spaces. However, when given a name, it could be hard to figure out when to add back spaces for lookup purposes. Maybe there are some rules in your system that could be applied.

Let me know which case makes more sense for your situation and we’'d be happy to help you try to figure out a solution.

Regards,

Matt

Hmm, this is a bit disappointing (not your fault for the specs though). I really know absolutely nothing about programming and what not, so I doubt I’'ll be able to do anything to change this. The only thing I can think of, is each user has an Microsoft Exchange alias of user.name instead of User Name. Could we somehow authenticate against their Exchange Alias?

Bill,

Have you tried using the sAMAccountName attribute as the “uid” in Jive Messenger? It works great for me here. Users log in as "jdoe@mydomain.com."

If you want to see what’‘s really in AD, go grab the free version of the Softerra LDAP Browser (it’'s great) and take a look at all the attributes that are defined for your users.

Message was edited by:

hrothgar (fixed a typo)

That was the only way I could make it work, actually, was by changing uid to sAMAccountName. But the problem is they all have the space that apparently the protocol doesn’‘t support. I didn’'t realize it was a bigger problem than just LDAP authentication at the time I posted. Is it possible to use other attributes instead of the sAMAccountName to logon with?

Bill,

You can use any attiribute you’'d like as long as:

  • It’'s unique for the user

  • It doesn’'t have spaces.

  • You can perform lookups using that attribute.

-Matt

Thanks for the replies folks. I DID get it working! I used the Exchange alias attribute of user.name, works like a charm. I do get strange errors when adding users to my contact lists, (routing presence packets seems to go haywire), but after the initial add it seems to work fine. Thanks for the help guys!