LDAP Setup Question

I’‘ve read through some of the other questions and threads on here and they’‘ve helped me get a general understanding of how to setup Wildfire with LDAP, but haven’'t been able to get it working quite yet.

The principal AD domain that I use is a child of the primary (child.domain.com) and has a few AD domain controllers in the two main subnets (192.168.1.x and 192.168.3.x). My Wildfire server sits in the DMZ (192.168.50.x) - this was done to provide access to users externally. There is no AD domain controller in the DMZ. I put the IP of my primary domain controller in the host field thinking that it will use that to look back to the domain.

Below is my config from wildfire.xml, have I set this correctly? Am I losing my mind?

Any help with this will be greatly appreciated. Even a slight push in the right direction.

I’'ve read through some of the other questions and

threads on here and they’'ve helped me get a general

understanding of how to setup Wildfire with LDAP, but

haven’'t been able to get it working quite yet.

The principal AD domain that I use is a child of the

primary (child.domain.com) and has a few AD domain

controllers in the two main subnets (192.168.1.x and

192.168.3.x). My Wildfire server sits in the DMZ

(192.168.50.x) - this was done to provide access to

users externally. There is no AD domain controller in

the DMZ. I put the IP of my primary domain controller

in the host field thinking that it will use that to

look back to the domain.

Below is my config from wildfire.xml, have I set this

correctly? Am I losing my mind?

192.168.1.229

389

sAMAccountName

displayName

mail

DC=child,DC=domain,DC=com

CN=Administrator,CN=Users,DC=child,DC=domain,

DC=com

adminpassword

Any help with this will be greatly appreciated. Even

a slight push in the right direction.

That is a start… But you will have to allow your DMZ server to access the internal LAN AD Controller… Just open port 389, to your AD box…

dhackd

I’‘ve made sure that my firewall is allowing traffic on port 389, but I’‘m unable to connect to the server. I’‘m using Spark 1.0.2 as the client. Do I need to do anything special with the login? I’‘ve tried putting the domain in the username like “child\joe.smith”, but it’'s still not coming back. Thoughts?

-AG

I’‘m now getting the following errors in the Wildfire log when I try to connect. I’‘m using Exodus to connect as it seems that Spark isn’'t creating any error logs.

2006.01.27 16:16:01 SaslException

javax.security.sasl.SaslException: DIGEST-MD5: IO error acquiring password Caused by java.io.IOException: org.jivesoftware.wildfire.user.UserNotFoundException: andrew.greene

at com.sun.security.sasl.digest.DigestMD5Server.validateClientResponse(Unknown Source)

at com.sun.security.sasl.digest.DigestMD5Server.evaluateResponse(Unknown Source)

at org.jivesoftware.wildfire.net.SASLAuthentication.doHandshake(SASLAuthentication .java:192)

at org.jivesoftware.wildfire.net.SocketReader.authenticateClient(SocketReader.java :316)

at org.jivesoftware.wildfire.net.SocketReader.readStream(SocketReader.java:277)

at org.jivesoftware.wildfire.net.SocketReader.run(SocketReader.java:119)

at java.lang.Thread.run(Unknown Source)

Caused by: java.io.IOException: org.jivesoftware.wildfire.user.UserNotFoundException: andrew.greene

at org.jivesoftware.wildfire.net.XMPPCallbackHandler.handle(XMPPCallbackHandler.ja va:69)

… 7 more

Any thoughts?

Ok…

This is starting to come together more and more. After tweaking the wildfire.xml (ok, so all I really had to do was to uncomment the config ) I am now able to authenticate. I’‘m now working on getting groups to show up. Using dhackd’'s filters

<![CDATA[
(&
(objectClass=group)
(memberOf=cn=JabberIT,ou=Distribution Groups,dc=child,dc=domain,dc=com)
(member=)

)

]]>

I’‘m setting up several groups for different departments/divisions (i.e. JabberIT for IT staff, JabberQuality for Quality staff , JabberAccounting, etc.) and then have the groups as members of Jabber users in order to make outage/patch communication easier. Anythoughts on why this wouldn’‘t be working? I’‘m not seeing any of the members of JabberIT in the roster - in fact, I’'m not seeing anyone. Thoughts?

shared LDAP groups from AD do not work. There’'s been several threads on the bug. Best thing to do for now is to use LDAP for authentication and manually add the shared groups. Before creating the groups, I create a list of usernames to copy and paste in.

Doh! Well, problem solved then, at least until if/when that functionality becomes available. I know that my primary concern was with the authentication portion of the equation and could really “deal” with the shared groups. Well, I thank you all for all of your help.

I’‘m now getting the following errors in the Wildfire log when I try to connect. I’‘m using Exodus to connect as it seems that Spark isn’'t creating any error logs.

2006.02.05 12:49:18 [org.jivesoftware.messenger.handler.IQAuthHandler.handleIQ(IQAuthHandler.java:9 0)

] Error during authentication. Session not found in messengerhyd.nipunaservices.com/e7ef5844 for key messengerhyd.nipunaservices.com/e7ef5844

2006.02.05 12:49:18 [org.jivesoftware.messenger.net.SocketReader.run(SocketReader.java:145)

] Connection closed before session established

Socket[addr=/172.18.31.199,port=4794,localport=5269]

2006.02.05 12:49:19 [org.jivesoftware.messenger.server.ServerDialback.createOutgoingSession(ServerD ialback.java:194)

] Error creating outgoing session to remote server: nipunaservices.com(DNS lookup: nipunaservices.com)

java.net.ConnectException: Connection refused: connect

at java.net.PlainSocketImpl.socketConnect(Native Method)

at java.net.PlainSocketImpl.doConnect(Unknown Source)

at java.net.PlainSocketImpl.connectToAddress(Unknown Source)

at java.net.PlainSocketImpl.connect(Unknown Source)

at java.net.SocksSocketImpl.connect(Unknown Source)

at java.net.Socket.connect(Unknown Source)

at java.net.Socket.connect(Unknown Source)

at java.net.Socket.(Unknown Source)

at javax.net.DefaultSocketFactory.createSocket(Unknown Source)

at org.jivesoftware.messenger.server.ServerDialback.createOutgoingSession(ServerDi alback.java:130)

at org.jivesoftware.messenger.server.OutgoingServerSession.authenticateDomain(Outg oingServerSession.java:157)

at org.jivesoftware.messenger.spi.RoutingTableImpl.getRoute(RoutingTableImpl.java: 92)

at org.jivesoftware.messenger.net.SocketPacketWriteHandler.process(SocketPacketWri teHandler.java:52)

at org.jivesoftware.messenger.spi.PacketDelivererImpl.deliver(PacketDelivererImpl. java:48)

at org.jivesoftware.messenger.handler.IQHandler.process(IQHandler.java:50)

at org.jivesoftware.messenger.IQRouter.handle(IQRouter.java:213)

at org.jivesoftware.messenger.IQRouter.route(IQRouter.java:73)

at org.jivesoftware.messenger.PacketRouter.route(PacketRouter.java:65)

at org.jivesoftware.messenger.net.SocketReader.processIQ(SocketReader.java:258)

at org.jivesoftware.messenger.net.ClientSocketReader.processIQ(ClientSocketReader. java:43)

at org.jivesoftware.messenger.net.SocketReader.readStream(SocketReader.java:230)

at org.jivesoftware.messenger.net.SocketReader.run(SocketReader.java:111)

Hi Vinayak,

you did post this two times, my answer can be found here:

http://www.jivesoftware.org/community/message.jspa?messageID=112313#112313

[/nobr]

LG