LDAP/Windows 2003 Auth Issues

Installed 2.4 on Fedora, everything worked fine, was able to get logged into the admin tool as well as Spark. Connecting to a Windows 2003 server for Active Directory information.

Turned on LDAP. It dies.

My wildfire.xml conf file:

========================

Latest start/attemp of login from debug.log

=============================

2005.12.29 14:42:41 Created new LdapManager() instance, fields:

2005.12.29 14:42:41 host: servername

2005.12.29 14:42:41 port: 389

2005.12.29 14:42:41 usernamefield: uid

2005.12.29 14:42:41 baseDN: ou=Accounts;dc=intranexus;dc=com

2005.12.29 14:42:41 alternateBaseDN: null

2005.12.29 14:42:41 nameField: cn

2005.12.29 14:42:41 emailField: email

2005.12.29 14:42:41 adminDN: cn=Administrator

2005.12.29 14:42:41 adminPassword: xxxxxxxxx

2005.12.29 14:42:41 searchFilter: (uid=)
2005.12.29 14:42:41 ldapDebugEnabled: false
2005.12.29 14:42:41 sslEnabled: false
2005.12.29 14:42:41 initialContextFactory: com.sun.jndi.ldap.LdapCtxFactory2005.12.29 14:42:41 connectionPoolEnabled: true
2005.12.29 14:42:41 autoFollowReferrals: false
2005.12.29 14:42:41 groupNameField: cn
2005.12.29 14:42:41 groupMemberField: member
2005.12.29 14:42:41 groupDescriptionField: description
2005.12.29 14:42:41 posixMode: false
2005.12.29 14:42:41 groupSearchFilter: (member=)

2005.12.29 14:42:47 Loading plugin admin

2005.12.29 14:42:59 Loading plugin search

2005.12.29 14:51:08 Trying to find a user’'s DN based on their username. uid: sphillips, Base DN: ou=Accounts;dc=intranexus;dc=com…

2005.12.29 14:51:08 Creating a DirContext in LdapManager.getContext()…

2005.12.29 14:51:08 Created hashtable with context values, attempting to create

context…

2005.12.29 14:51:08 Exception thrown when searching for userDN based on username ‘‘sphillips’’

javax.naming.CommunicationException: servername:389 Root exception is java.net.ConnectException: Connection refused

at com.sun.jndi.ldap.Connection.(Unknown Source)

at com.sun.jndi.ldap.Connection.createSocket(Unknown Source)

… 47 more

Hi,

I may assume that you replaced “servername” with the servername of your AD server. Maybe there is a firewall around, the error message “java.net.ConnectException: Connection refused” indicates some network problems.

Can you connect to AD using telnet on your linux server, “$ telnet servername 389”?

Do other command line tools like ldapquery or ldapmodify work?

LG

Yes. I just edited out the password and server name options.

I can telnet to the ports, yes.

Don’'t have the LDAP tools installed on the Linux box where Wildfire is installed.

OK, I’‘ve gotten further – this is what I’'m getting now. This is from the debug.log file.

Our accounts are broken out into several OUs and I’'ve tried changing the XML file to reflect these OUs to no luck … all accounts are coming up as not being found.

==================

2005.12.29 17:40:22 Connect Socket[addr=/10.1.34.100,port=1267,localport=5222]

2005.12.29 17:40:26 Trying to find a user’'s DN based on their username. uid: sphillips, Base DN: dc=intranexus,dc=com…

2005.12.29 17:40:26 Creating a DirContext in LdapManager.getContext()…

2005.12.29 17:40:26 Created hashtable with context values, attempting to create context…

2005.12.29 17:40:26 … context created successfully, returning.

2005.12.29 17:40:26 Starting LDAP search…

2005.12.29 17:40:26 … search finished

2005.12.29 17:40:26 User DN based on username ‘‘sphillips’’ not found.

2005.12.29 17:40:26 Exception thrown when searching for userDN based on username ‘‘sphillips’’

The default LDAP port for Active Directory is 3268. That would be the reason for the bind failures. I think[/b] the SSL port is 3269, but I’'m not sure.

edit[/i]:

Upon a bit further investigation and reading of your config, there are a few more potential issues.

You need the fully qualified name of the Administrator. We also use sAMAccountName[/b] instead of uid[/b]. In our (working) config, it looks like this:

/code