powered by Jive Software

Login is not working, LDAP, active directory


#1

Hi everyone, faced with one problem.
I’ve just installed new OpenFire server to my Windows server 2012 R2, and I’ve got some strange problem. Openfire installed with ActiveDirectory and PostgreSQL(v=10.4). I always pressed Test button on each step and everything was ok. Here the logs:

2018.05.23 13:05:24 org.jivesoftware.openfire.ldap.LdapGroupProvider - : [LDAP: error code 34 - 0000208F: NameErr: DSID-03100225, problem 2006 (BAD_NAME), data 8350, best match of:
‘dc=’
]
javax.naming.InvalidNameException: : [LDAP: error code 34 - 0000208F: NameErr: DSID-03100225, problem 2006 (BAD_NAME), data 8350, best match of:
‘dc=’
]; remaining name ''
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
at javax.naming.directory.InitialDirContext.search(Unknown Source)
at org.jivesoftware.openfire.ldap.LdapManager.findGroupDN(LdapManager.java:1177)
at org.jivesoftware.openfire.ldap.LdapManager.findGroupDN(LdapManager.java:1114)
at org.jivesoftware.openfire.ldap.LdapGroupProvider.getGroup(LdapGroupProvider.java:79)
at org.jivesoftware.openfire.group.GroupManager.getGroup(GroupManager.java:353)
at org.jivesoftware.openfire.group.GroupManager.getGroup(GroupManager.java:330)
at org.jivesoftware.openfire.group.GroupCollection$GroupIterator.getNextElement(GroupCollection.java:113)
at org.jivesoftware.openfire.group.GroupCollection$GroupIterator.hasNext(GroupCollection.java:74)
at org.jivesoftware.openfire.roster.RosterManager.getSharedGroups(RosterManager.java:199)
at org.jivesoftware.openfire.roster.Roster.(Roster.java:102)
at org.jivesoftware.openfire.roster.RosterManager.getRoster(RosterManager.java:125)
at org.jivesoftware.openfire.handler.PresenceUpdateHandler.broadcastUpdate(PresenceUpdateHandler.java:304)
at org.jivesoftware.openfire.handler.PresenceUpdateHandler.process(PresenceUpdateHandler.java:146)
at org.jivesoftware.openfire.handler.PresenceUpdateHandler.process(PresenceUpdateHandler.java:134)
at org.jivesoftware.openfire.handler.PresenceUpdateHandler.process(PresenceUpdateHandler.java:198)
at org.jivesoftware.openfire.PresenceRouter.handle(PresenceRouter.java:140)
at org.jivesoftware.openfire.PresenceRouter.route(PresenceRouter.java:76)
at org.jivesoftware.openfire.spi.PacketRouterImpl.route(PacketRouterImpl.java:84)
at org.jivesoftware.openfire.net.StanzaHandler.processPresence(StanzaHandler.java:366)
at org.jivesoftware.openfire.net.ClientStanzaHandler.processPresence(ClientStanzaHandler.java:102)
at org.jivesoftware.openfire.net.StanzaHandler.process(StanzaHandler.java:283)
at org.jivesoftware.openfire.net.StanzaHandler.process(StanzaHandler.java:201)
at org.jivesoftware.openfire.nio.ConnectionHandler.messageReceived(ConnectionHandler.java:177)
at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:690)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765)
at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:109)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765)
at org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:407)
at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:236)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765)
at org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:74)
at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63)
at org.apache.mina.filter.executor.OrderedThreadPoolExecutor$Worker.runTask(OrderedThreadPoolExecutor.java:769)
at org.apache.mina.filter.executor.OrderedThreadPoolExecutor$Worker.runTasks(OrderedThreadPoolExecutor.java:761)
at org.apache.mina.filter.executor.OrderedThreadPoolExecutor$Worker.run(OrderedThreadPoolExecutor.java:703)
at java.lang.Thread.run(Unknown Source)
2018.05.23 13:05:24 org.jivesoftware.openfire.ldap.LdapGroupProvider - : [LDAP: error code 34 - 0000208F: NameErr: DSID-03100225, problem 2006 (BAD_NAME), data 8350, best match of:
‘dc=’
]
javax.naming.InvalidNameException: : [LDAP: error code 34 - 0000208F: NameErr: DSID-03100225, problem 2006 (BAD_NAME), data 8350, best match of:
‘dc=’
]; remaining name ''
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
at javax.naming.directory.InitialDirContext.search(Unknown Source)
at org.jivesoftware.openfire.ldap.LdapManager.findGroupDN(LdapManager.java:1177)
at org.jivesoftware.openfire.ldap.LdapManager.findGroupDN(LdapManager.java:1114)
at org.jivesoftware.openfire.ldap.LdapGroupProvider.getGroup(LdapGroupProvider.java:79)
at org.jivesoftware.openfire.group.GroupManager.getGroup(GroupManager.java:353)
at org.jivesoftware.openfire.group.GroupManager.getGroup(GroupManager.java:330)
at org.jivesoftware.openfire.group.GroupCollection$GroupIterator.getNextElement(GroupCollection.java:113)
at org.jivesoftware.openfire.group.GroupCollection$GroupIterator.hasNext(GroupCollection.java:74)
at org.jivesoftware.openfire.roster.RosterManager.getSharedGroups(RosterManager.java:199)
at org.jivesoftware.openfire.roster.Roster.(Roster.java:102)
at org.jivesoftware.openfire.roster.RosterManager.getRoster(RosterManager.java:125)
at org.jivesoftware.openfire.handler.PresenceUpdateHandler.broadcastUpdate(PresenceUpdateHandler.java:304)
at org.jivesoftware.openfire.handler.PresenceUpdateHandler.process(PresenceUpdateHandler.java:146)
at org.jivesoftware.openfire.handler.PresenceUpdateHandler.process(PresenceUpdateHandler.java:134)
at org.jivesoftware.openfire.handler.PresenceUpdateHandler.process(PresenceUpdateHandler.java:198)
at org.jivesoftware.openfire.PresenceRouter.handle(PresenceRouter.java:140)
at org.jivesoftware.openfire.PresenceRouter.route(PresenceRouter.java:76)
at org.jivesoftware.openfire.spi.PacketRouterImpl.route(PacketRouterImpl.java:84)
at org.jivesoftware.openfire.net.StanzaHandler.processPresence(StanzaHandler.java:366)
at org.jivesoftware.openfire.net.ClientStanzaHandler.processPresence(ClientStanzaHandler.java:102)
at org.jivesoftware.openfire.net.StanzaHandler.process(StanzaHandler.java:283)
at org.jivesoftware.openfire.net.StanzaHandler.process(StanzaHandler.java:201)
at org.jivesoftware.openfire.nio.ConnectionHandler.messageReceived(ConnectionHandler.java:177)
at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:690)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765)
at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:109)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765)
at org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:407)
at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:236)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765)
at org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:74)
at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63)
at org.apache.mina.filter.executor.OrderedThreadPoolExecutor$Worker.runTask(OrderedThreadPoolExecutor.java:769)
at org.apache.mina.filter.executor.OrderedThreadPoolExecutor$Worker.runTasks(OrderedThreadPoolExecutor.java:761)
at org.apache.mina.filter.executor.OrderedThreadPoolExecutor$Worker.run(OrderedThreadPoolExecutor.java:703)
at java.lang.Thread.run(Unknown Source)


#3

ldap works well. I’ve been using it for years. Usually the common mistakes tend to be the administrator username and password are incorrect or have changed. Also, this account should really be labeled as the a “look up account”. The account shouldn’t be an admin level account, and only have read only rights to ldap.
Another mistake is that the search filters or base dn is set up to be too restrictive or not set correctly.