LDAP problems

Paul3 · January 20, 2006, 11:56pm

Hello all:

Having a rough time getting LDAP authentication to work. I know a bare minimum about LDAP, which is part of the problem. Anyway, the ldap section of my xml file is:

(cn=)

Debug output is:

2006.01.20 15:34:24 Trying to find a user’'s DN based on their username. cn: paul, Base DN: ou=People,dc=[domain],dc=com…

2006.01.20 15:34:24 Creating a DirContext in LdapManager.getContext()…

2006.01.20 15:34:24 Created hashtable with context values, attempting to create context…

2006.01.20 15:34:24 Exception thrown when searching for userDN based on username ‘‘paul’’

javax.naming.CommunicationException: simple bind failed: :389 Root exception is javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake

at com.sun.jndi.ldap.LdapClient.authenticate(Unknown Source)

at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)

at com.sun.jndi.ldap.LdapCtx.(Unknown Source)

at org.jivesoftware.wildfire.ldap.LdapManager.getContext(LdapManager.java:271)

at org.jivesoftware.wildfire.ldap.LdapManager.findUserDN(LdapManager.java:445)

at org.jivesoftware.wildfire.ldap.LdapManager.findUserDN(LdapManager.java:400)

at org.jivesoftware.wildfire.ldap.LdapAuthProvider.authenticate(LdapAuthProvider.j ava:88)

at org.jivesoftware.wildfire.auth.AuthFactory.authenticate(AuthFactory.java:114)

at org.jivesoftware.wildfire.admin.login_jsp._jspService(login_jsp.java:134)

at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:688)

…

Couple of notes:

-command line ldapsearch works as expected

-tls is used, but over port 389

Any ideas what’'s going wrong? Thanks!

-Paul

Paul3 · January 23, 2006, 7:25pm

Anyone, anyone? Bueller? I’'m using v2.4.3, BTW. Works great when manually adding users, but we need to get this working with LDAP…

Bobby58 · January 23, 2006, 8:19pm

This works for us, LDAP from Microsoft AD, users authenicate against AD, but we have to create shared groups manually until those bugs are resolved. We’‘re using 2.4.3. Note I’'ve noticed that when I copy and paste into the forum extra whitespaces seem to show up in the config.

Paul3 · January 24, 2006, 9:44pm

Hmmmm…still not working. The connection to the LDAP server seems to just fail immediately. Looking at the server’'s log, it looks like:

Jan 24 13:01:55 ldapserver slapd[29765]: conn=60523 fd=9 ACCEPT from IP=10.x.x.x:49124 (IP=0.0.0.0:389)

Jan 24 13:01:55 ldapserver slapd[29765]: conn=60523 fd=9 closed

Jan 24 13:01:59 ldapserver slapd[29765]: conn=60453 fd=143 closed

Jan 24 13:01:59 ldapserver slapd[29765]: conn=60456 fd=148 closed

Jan 24 13:01:59 ldapserver slapd[29765]: conn=60458 fd=150 closed

Jan 24 13:01:59 ldapserver slapd[29765]: conn=60414 fd=135 closed

Jan 24 13:01:59 ldapserver slapd[29765]: conn=60450 fd=75 closed

whereas normally, it would look like:

Jan 24 13:02:33 ldapserver slapd[29765]: conn=60524 fd=9 ACCEPT from IP=10.x.x.x:49877 (IP=0.0.0.0:389)

Jan 24 13:02:33 ldapserver slapd[29765]: conn=60524 op=1 BIND dn="" method=128

Jan 24 13:02:33 ldapserver slapd[29765]: conn=60524 op=1 RESULT tag=97 err=0 text=

Jan 24 13:02:33 ldapserver slapd[29765]: conn=60524 op=2 SRCH base="dc=company,dc=com… etc…

So, as the original error message states, it appears that the BIND is failing immediately. The LDAP server is openldap running on a Linux machine. Hope that sheds a little more light…?

It was also suggested that Wildfire may not support TLS, but possibly an older version of SSL. Might that be the case?

Thanks again…