LDAP: Unable to login to admin console

I’‘ve just set up wildfire (2.4.0) and switched over to LDAP support. It seems to be working ok, with users able to login using their details stored on the LDAP server so I assume the LDAP settings are all ok. I’'ve also set up the section with my own login, plus some others from LDAP. I still cannot login though. I enabled debugging output, but the data it creates is not very useful - no mention of why auth is failing.

Luckily I set up the server before enabling LDAP so it’‘s working ok at the moment, except it’'s impossible to admin. Is there an option to force a user to be able to login (specify a username and password in the XML file), even if the LDAP auth is failing?

can you login to spark using your authorizedUsername?

The authorizedUsername is the same as your spark login

I’‘m not using Spark as the Client, but other clients we’'ve used, including PSI, iChat and Exodus can all connect fine. The only problem is the admin console, which is impossible to log into. Even the LDAP admin user cannot login.

I’'ve managed to get around the problem by writing some PHP pages to make changes to the MySQL database (to create new groups etc), however this is not ideal as I have to keep restarting the Wildfire server to make the changes live. Is there a way to force Wildfire to reload from the database and XML files without a restart?

I can confirm that I have the exact same problem. Chat clients work fine, but I am unable to login to the admin console. I’'ve checked by giving a few users admin rights in the .xml file but to no avail.

Regards,

Maron Kristofersson

Hey guys,

Can you post the section in wildfire.xml where you are defining the list of administrators? I may also need the server name in case you are using bare JIDs (i.e. includes an @). Also remember to post any error present in admin-console.log or error.log that might be related to this problem.

Thanks,

– Gato

I have the same probleme.

I can log with spark client but the admin console dont work.

With LDAP - Active Directory.

Anyone have solution

thx!

Hi Gato.

from wildfire.xml

IGNORED

java.net.SocketTimeoutException: Accept timed out

at java.net.PlainSocketImpl.socketAccept(Native Method)

at java.net.PlainSocketImpl.accept(Unknown Source)

at java.net.ServerSocket.implAccept(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(Unknown Source)

at org.mortbay.util.ThreadedServer.acceptSocket(ThreadedServer.java:423)

at org.mortbay.util.ThreadedServer$Acceptor.run(ThreadedServer.java:608)

In admin-console.log but nothing that seams to indicate any major problems regarding LDAP or login.

I’'m using the rpm on redhat 9.

Best regards,

Maron

Message was edited by:

maron

Hi!

Works fine for me.

You probably have to remove the spaces in the user list. The username is everything between the commata including spaces.

Try:

hth

Chris

Thanks heaps, that fixed it. Note though that earlier versions were fine with the spaces…

Best regards,

Maron

Its my wildfire.xml

IGNORED

java.net.SocketTimeoutException: Accept timed out

at java.net.PlainSocketImpl.socketAccept(Native Method)

at java.net.PlainSocketImpl.accept(Unknown Source)

at java.net.ServerSocket.implAccept(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(Unknown Source)

at org.mortbay.util.ThreadedServer.acceptSocket(ThreadedServer.java:423)

at org.mortbay.util.ThreadedServer$Acceptor.run(ThreadedServer.java:608)

debug.log

2006.01.05 15:29:14 Created new LdapManager() instance, fields:

2006.01.05 15:29:14 host: server2

2006.01.05 15:29:14 port: 389

2006.01.05 15:29:14 usernamefield: sAMAccountName

2006.01.05 15:29:14 baseDN: DC=compagny;DC=local

2006.01.05 15:29:14 alternateBaseDN: null

2006.01.05 15:29:14 nameField: displayName

2006.01.05 15:29:14 emailField: mail

2006.01.05 15:29:14 adminDN: CN=Administrator;CN=Users;DC=compagny;DC=local

2006.01.05 15:29:14 adminPassword: My_Password

2006.01.05 15:29:14 searchFilter: (sAMAccountName=)
2006.01.05 15:29:14 ldapDebugEnabled: false
2006.01.05 15:29:14 sslEnabled: false
2006.01.05 15:29:14 initialContextFactory: com.sun.jndi.ldap.LdapCtxFactory
2006.01.05 15:29:14 connectionPoolEnabled: true
2006.01.05 15:29:14 autoFollowReferrals: false
2006.01.05 15:29:14 groupNameField: cn
2006.01.05 15:29:14 groupMemberField: member
2006.01.05 15:29:14 groupDescriptionField: description
2006.01.05 15:29:14 posixMode: false
2006.01.05 15:29:14 groupSearchFilter: (member=)

2006.01.05 15:29:16 Loading plugin admin

2006.01.05 15:29:18 Loading plugin search

2006.01.05 15:29:56 Connect Socket[addr=/192.168.0.3,port=2430,localport=5222]

2006.01.05 15:29:57 Trying to find a user’'s DN based on their username. sAMAccountName: bmartinp, Base DN: DC=compagny;DC=local…

2006.01.05 15:29:57 Creating a DirContext in LdapManager.getContext()…

2006.01.05 15:29:57 Created hashtable with context values, attempting to create context…

2006.01.05 15:29:57 … context created successfully, returning.

2006.01.05 15:29:57 Starting LDAP search…

2006.01.05 15:29:57 … search finished

2006.01.05 15:29:57 In LdapManager.checkAuthentication(userDN, password), userDN is: CN=Benoit Martin,CN=Users…

2006.01.05 15:29:57 Created context values, attempting to create context…

2006.01.05 15:29:57 … context created successfully, returning.

2006.01.05 15:29:57 Trying to find a user’'s DN based on their username. sAMAccountName: bmartinp, Base DN: DC=compagny;DC=local…

2006.01.05 15:29:57 Creating a DirContext in LdapManager.getContext()…

2006.01.05 15:29:57 Created hashtable with context values, attempting to create context…

2006.01.05 15:29:57 … context created successfully, returning.

2006.01.05 15:29:57 Starting LDAP search…

2006.01.05 15:29:57 … search finished

2006.01.05 15:29:57 Creating a DirContext in LdapManager.getContext()…

2006.01.05 15:29:57 Created hashtable with context values, attempting to create context…

2006.01.05 15:29:57 … context created successfully, returning.

Its working with the Administrator account but the admin console dont work.

Help

I have the exact same problem, I cannot login to the admin console with any account from AD/LDAP. I’'ve already tried removing the spaces from the admin names list in my config file. My config works fine for Jive 2.3.1.

Has anybody resolved this yet??

Here’‘s a sample of the minimal config I’'m trying:

With this, I cannot login to the admin console of Wildfire with any of the authorizedUsernames, nor the specified adminDN. Like I said above, my JIve 2.3.1 install works fine.

Any thoughts?

me too my config work in 2.3.1 i have a production server on this version and its ok.

Hey guys,

authorizedUsernames should only include lower case letters with no white spaces. I will make a modification to the server that will automatically transform all upper case letters into lower cases letters.

Let me know how it goes.

– Gato

I’'m able to log into the admin console without any problems, but I do see this a lot in my admin-console.log:

06:50:26.543 TRACE [Acceptor ServerSocket[addr=0.0.0.0/0.0.0.0,port=0,localport=9090]] org.mortbay.util.LogSupport.ignore(LogSupport.java:36) >03> IGNORED

java.net.SocketTimeoutException: Accept timed out

at java.net.PlainSocketImpl.socketAccept(Native Method)

at java.net.PlainSocketImpl.accept(Unknown Source)

at java.net.ServerSocket.implAccept(Unknown Source)

at java.net.ServerSocket.accept(Unknown Source)

at org.mortbay.util.ThreadedServer.acceptSocket(ThreadedServer.java:423)

at org.mortbay.util.ThreadedServer$Acceptor.run(ThreadedServer.java:608)

06:50:32.309 TRACE [Acceptor [SSL: ServerSocket[addr=0.0.0.0/0.0.0.0,port=0,localport=9091]]] org.mortbay.util.LogSupport.ignore(LogSupport.java:36) >03> IGNORED

java.net.SocketTimeoutException: Accept timed out

at java.net.PlainSocketImpl.socketAccept(Native Method)

at java.net.PlainSocketImpl.accept(Unknown Source)

at java.net.ServerSocket.implAccept(Unknown Source)

at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(Unknown Source)

at org.mortbay.util.ThreadedServer.acceptSocket(ThreadedServer.java:423)

at org.mortbay.util.ThreadedServer$Acceptor.run(ThreadedServer.java:608)

This keeps getting repeatedly attached to the log file by the second. Any thoughts?

I had the same problem, what i did is set the baseDN to what ever ou i was wanting to use (if your using a very simple scheme then where ever your users are held will be fine. Then for the admin DN i used an account that had access to the domain to read ldap information, use this format:

Hope that helps (i fiddled with this for several hrs before I narrowed it all down)

No matter what I put in ‘‘authorizedUsernames’’ the admin console seems to only try ‘‘admin’’. I have (less comments):

On admin login screen, enter ‘‘jkell’’ and my password, debug gives:

2006.02.14 16:39:58 Trying to find a user’'s DN based on their username. utcFUN: admin, Base DN: ou=employees,ou=users,o=utc…

2006.02.14 16:39:58 Creating a DirContext in LdapManager.getContext()…

2006.02.14 16:39:58 Created hashtable with context values, attempting to create context…

2006.02.14 16:39:58 … context created successfully, returning.

2006.02.14 16:39:58 Starting LDAP search…

2006.02.14 16:39:59 … search finished

2006.02.14 16:39:59 User DN based on username ‘‘admin’’ not found.

2006.02.14 16:39:59 Exception thrown when searching for userDN based on username ‘‘admin’’

org.jivesoftware.wildfire.user.UserNotFoundException: Username admin not found

Jeff

Remove comments and try again, i.e. instead:

<!/b jkell,tparsley >[/b]

try this:

Remove comments and try again,

Doh!

Aaaarrgh! Thank you, thank you.

Jeff

I can’‘t log in to the admin console, either. I tried changing the authorizedJIDs to "admin@example.com" which allowed me to log in to the admin console, but then broke the email SMTP settings. I’‘m using Wildfire 2.4.4 on Mac OS X 10.4.4, connecting to a non-customized OpenDirectory. Any ideas on how to handle this? Here’'s my Wildfire config file:

Thanks for any help you can provide.