More AD/LDAP problems

Joe_Sherman · October 4, 2005, 12:24pm

Hello I’‘ve finally got ldap working to login to the admin console but it was with basic settings (no search filter)… But that obviously returned everything, plus I was not able to figure out the settings to use in a client… So Now I am playing with the search filter… I started by taking one posted on here that was supposed to only pull users belonging to a certain group… I modified it to point to the dn of my group and now I can’'t login to the admin console… Please help… conf and log to follow:

<debugEnabled>true</debugEnabled>   </ldap>    <provider>     <user>       <className>org.jivesoftware.messenger.ldap.LdapUserProvider</className>     </user>      <auth>       <className>org.jivesoftware.messenger.ldap.LdapAuthProvider</className>     </auth>      <group>       <className>org.jivesoftware.messenger.ldap.LdapGroupProvider</className>     </group>   </provider>    <!-- End example LDAP settings -->    <connectionProvider>     <className>org.jivesoftware.database.EmbeddedConnectionProvider</className>   </connectionProvider>    <setup>true</setup>

true 2005.10.04 08:27:40 Created new LdapManager() instance, fields: 2005.10.04 08:27:40 host: 192.168.200.2 2005.10.04 08:27:40 port: 389 2005.10.04 08:27:40 usernamefield: sAMAccountName 2005.10.04 08:27:40 baseDN: dc=methodsmachine,dc=int 2005.10.04 08:27:40 alternateBaseDN: null 2005.10.04 08:27:40 nameField: displayName 2005.10.04 08:27:40 emailField: mail 2005.10.04 08:27:40 adminDN: jsherman@methodsmachine.int 2005.10.04 08:27:40 adminPassword: 0502 2005.10.04 08:27:40 searchFilter: (&(sAMAccountName=)(&(userAccountControl= 66048)(memberOf=CN=IMUsers,OU=Groups,OU=Massachussetts,DC=methodsmachine,DC=int )))

2005.10.04 08:27:40 ldapDebugEnabled: true

2005.10.04 08:27:40 sslEnabled: false

2005.10.04 08:27:40 initialContextFactory: com.sun.jndi.ldap.LdapCtxFactory

2005.10.04 08:27:40 connectionPoolEnabled: true

2005.10.04 08:27:40 autoFollowReferrals: false

2005.10.04 08:27:40 groupNameField: cn

2005.10.04 08:27:40 groupMemberField: member

2005.10.04 08:27:40 groupDescriptionField: description

2005.10.04 08:27:40 posixMode: false

2005.10.04 08:27:40 groupSearchFilter: (member=)

2005.10.04 08:27:42 Loading plugin admin

2005.10.04 08:27:46 Loading plugin broadcast

2005.10.04 08:27:46 Loading plugin presence

2005.10.04 08:27:46 Loading plugin registration

2005.10.04 08:27:46 Loading plugin search

2005.10.04 08:27:47 Loading plugin userimportexport

2005.10.04 08:28:56 Trying to find a user’'s DN based on their username. sAMAccountName: jsherman, Base DN: dc=methodsmachine,dc=int…

2005.10.04 08:28:56 Creating a DirContext in LdapManager.getContext()…

2005.10.04 08:28:56 Created hashtable with context values, attempting to create context…

2005.10.04 08:28:56 … context created successfully, returning.

2005.10.04 08:28:56 Starting LDAP search…

2005.10.04 08:28:56 … search finished

2005.10.04 08:28:56 User DN based on username ‘‘jsherman’’ not found.

2005.10.04 08:28:56 Exception thrown when searching for userDN based on username ‘‘jsherman’’

org.jivesoftware.messenger.user.UserNotFoundException: Username jsherman not found

at org.jivesoftware.messenger.ldap.LdapManager.findUserDN(LdapManager.java:465)

at org.jivesoftware.messenger.ldap.LdapManager.findUserDN(LdapManager.java:400)

at org.jivesoftware.messenger.ldap.LdapAuthProvider.authenticate(LdapAuthProvider. java:88)

at org.jivesoftware.messenger.auth.AuthFactory.authenticate(AuthFactory.java:114)

at org.jivesoftware.messenger.admin.login_jsp._jspService(login_jsp.java:136)

at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:688)

at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:427)

at org.mortbay.jetty.servlet.WebApplicationHandler$CachedChain.doFilter(WebApplica tionHandler.java:822)

at org.jivesoftware.util.LocaleFilter.doFilter(LocaleFilter.java:43)

at org.mortbay.jetty.servlet.WebApplicationHandler$CachedChain.doFilter(WebApplica tionHandler.java:813)

at org.jivesoftware.util.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingF ilter.java:41)

at org.mortbay.jetty.servlet.WebApplicationHandler$CachedChain.doFilter(WebApplica tionHandler.java:813)

at org.jivesoftware.admin.AuthCheckFilter.doFilter(AuthCheckFilter.java:98)

at org.mortbay.jetty.servlet.WebApplicationHandler$CachedChain.doFilter(WebApplica tionHandler.java:813)

at org.mortbay.jetty.servlet.WebApplicationHandler.dispatch(WebApplicationHandler. java:494)

at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:569)

at org.mortbay.http.HttpContext.handle(HttpContext.java:1482)

at org.mortbay.jetty.servlet.WebApplicationContext.handle(WebApplicationContext.ja va:624)

at org.mortbay.http.HttpContext.handle(HttpContext.java:1434)

at org.mortbay.http.HttpServer.service(HttpServer.java:896)

at org.mortbay.http.HttpConnection.service(HttpConnection.java:814)

at org.mortbay.http.HttpConnection.handleNext(HttpConnection.java:981)

at org.mortbay.http.HttpConnection.handle(HttpConnection.java:831)

at org.mortbay.http.SocketListener.handleConnection(SocketListener.java:244)

at org.mortbay.util.ThreadedServer.handle(ThreadedServer.java:366)

at org.mortbay.util.ThreadPool$PoolThread.run(ThreadPool.java:534)

Joe_Sherman · October 4, 2005, 12:55pm

Ok so let me say I fixed one problem… I got the search filter to work although I lost one part that I would like back… Apparently it didn’'t like “(userAccountControl= 66048)” so I took that out and I could log into the admin console…

I still can not get a client to connect… I am using PSI… Please help…

John_Doe · October 4, 2005, 5:04pm

Sounds very similar to a search filter problem i had. I was able to simply my query with some help from the members on the board. Here is my search query:

I’'m having the same problem with PSi connecting to a LDAP Jive Server.

The error i get from PSi is:

‘‘There was an error communicating with the Jabber Server. Details: Authentication error: No appropriate mechanism available for given security settings’’

Is this the same error you’'re getting?. All other clients work fine (trillian, pandion)

Joe_Sherman · October 11, 2005, 9:12pm

Yeah that was… I found out you need the “Use Plain Text login” option checked… Many other clients either use plain text by default or fall back upon failure of other methods… PSI you need to specify…