I tried adding onto another thread that seemed to have the same problem. But the guy in that thread ‘‘jaggu’’ never got any replies and eventually claimed he solved the problem without saying what he did to solve it. The thread is marked “Answered” so I fear no one is reading it. So here it is again:
I’‘ve got LDAP authenticating to Active Directory and it works for “generic” accounts. It doesn’'t work for any regular user accounts, (the ones that I actually need it to work for).
It appears to be related to the comma that appears in the Distinguished Name. The generic system accounts which are working do not have “Lastname, Firstname” for the distinguished Name. All my user accounts with the “Lastname, Firstname” DN’'s are failing to log in, even though they are found by the initial LDAP search.
Here’'s my “simple” user, which works:
2006.05.03 16:22:52 Connect Socket[addr=/10.48.128.138,port=2520,localport=5222]
2006.05.03 16:22:52 Trying to find a user’'s DN based on their username. sAMAccountName: ldapbrowser, Base DN: DC=org,DC=company,DC=parentcorp,DC=local…
2006.05.03 16:22:52 Creating a DirContext in LdapManager.getContext()…
2006.05.03 16:22:52 Created hashtable with context values, attempting to create context…
2006.05.03 16:22:52 … context created successfully, returning.
2006.05.03 16:22:52 Starting LDAP search…
2006.05.03 16:22:52 … search finished
2006.05.03 16:22:52 In LdapManager.checkAuthentication(userDN, password), userDN is: CN=ldapbrowser,OU=Org Users…
2006.05.03 16:22:52 Created context values, attempting to create context…
2006.05.03 16:22:52 … context created successfully, returning.
Notice there is no comma in the CN of userDN.
And here’'s a regular user, which fails:
2006.05.03 16:14:54 Connect Socket[addr=/10.48.128.138,port=2442,localport=5222]
2006.05.03 16:14:54 Trying to find a user’'s DN based on their username. sAMAccountName: joshua.parsell, Base DN: DC=org,DC=company,DC=parentcorp,DC=local…
2006.05.03 16:14:54 Creating a DirContext in LdapManager.getContext()…
2006.05.03 16:14:54 Created hashtable with context values, attempting to create context…
2006.05.03 16:14:54 … context created successfully, returning.
2006.05.03 16:14:54 Starting LDAP search…
2006.05.03 16:14:54 … search finished
2006.05.03 16:14:54 In LdapManager.checkAuthentication(userDN, password), userDN is: “CN=Parsell, Joshua (AJ-East Engineering/Technology),OU=Org Users”…
2006.05.03 16:14:54 Created context values, attempting to create context…
2006.05.03 16:14:54 Caught a naming exception when creating InitialContext
javax.naming.AuthenticationException: LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.(Unknown Source)
at org.jivesoftware.wildfire.ldap.LdapManager.checkAuthentication(LdapManager.java :335)
at org.jivesoftware.wildfire.ldap.LdapAuthProvider.authenticate(LdapAuthProvider.j ava:9 0)
at org.jivesoftware.wildfire.auth.AuthFactory.authenticate(AuthFactory.java:114)
at org.jivesoftware.wildfire.net.SASLAuthentication.doPlainAuthentication(SASLAuth entic ation.java:284)
at org.jivesoftware.wildfire.net.SASLAuthentication.doHandshake(SASLAuthentication .java :144)
at org.jivesoftware.wildfire.net.SocketReader.authenticateClient(SocketReader.java :317)
at org.jivesoftware.wildfire.net.SocketReader.readStream(SocketReader.java:278)
at org.jivesoftware.wildfire.net.SocketReader.run(SocketReader.java:119)
at java.lang.Thread.run(Unknown Source)
Notice there is a comma in the CN of the userDN, and the whole userDN is in double quotes, unlike the userDN for the “simple” user.
Also, I found this by Google:
http://www.codecomments.com/archive408-2005-5-499111.html
Quote: “Duh - some genius (Not I! I do unix) put a backslash in my DN ( CN=Burris, Celeste Suliin) I needed to double it to get the DN to LDAP correctly.”
Any help? Any suggestions? Can I fix this by changing my wildfire.xml or is this something that requires a software update?
I am running Wilfire Server 2.6.2 on RHEL 4. My LDAP server is Active Directory 2003.
Message was edited by: parseljc