Need help with linux/fedora directory server with profile settings

Kristen_Moore · December 19, 2008, 9:29pm

Sorry but I’m a bit stuck on the Profile Settings on the gui setup for Openfire 3.6.1. This is the ldap setup:

c=us

|

o=company

|

ou=it

|

| |

ou=ldapgroup ou=account

|

cn=itstaff

For a Base DN I have ou=it,o=company,c=us

In Step 3 or 3 I have:

Group Field = cn

Member Field = uniquemember (yes this is correct according to our ldap expert)

Description Field = description

How do I change the settings so it shows the groups under ldapgroup? The only group we want is actually the itstaff group but I would be very happy for all the groups to show just so I could get off the setup screen! Far below is the error message I get when I save & continue from here.

I am using the gui to configure… is there a way to do the configuration via the command line? After I edit the openfire.xml I still go back to the setup gui.

Any help would be very appreciated!

~Kristen

HTTP ERROR: 500

INTERNAL_SERVER_ERROR

RequestURI=/setup/setup-admin-settings.jsp

Caused by:

java.lang.NullPointerException
 at org.jivesoftware.openfire.admin.setup.setup_002dadmin_002dsettings_jsp._jspService(setup_002dadmin_002dsettings_jsp.java:99)
 at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
 at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:487)
 at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1093)
 at com.opensymphony.module.sitemesh.filter.PageFilter.parsePage(PageFilter.java:118)
 at com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:52)
 at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084)
 at org.jivesoftware.util.LocaleFilter.doFilter(LocaleFilter.java:66)
 at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084)
 at org.jivesoftware.util.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:42)
 at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084)
 at org.jivesoftware.admin.PluginFilter.doFilter(PluginFilter.java:70)
 at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084)
 at org.jivesoftware.admin.AuthCheckFilter.doFilter(AuthCheckFilter.java:146)
 at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084)
 at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:360)
 at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
 at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181)
 at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:726)
 at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:405)
 at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:206)
 at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114)
 at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
 at org.mortbay.jetty.Server.handle(Server.java:324)
 at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:505)
 at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:829)
 at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:514)
 at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:211)
 at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:380)
 at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:395)
 at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:488)

Tiel_Hicks · December 19, 2008, 11:53pm

Your Base DN should be DC’s not the C=Country, O=Organization and OU=Organizational Unit.

The DC is your Domain Component, or Domain Name, like microsoft.com would be DC=microsoft,DC=com

In your case, since you want to limit the Openfire server to only see the ldapgroup containers, you would have your base DN as OU=ldapgroup,DC=domain,DC=com or whatever your domain is.

Kristen_Moore · December 20, 2008, 12:22am

Fedora directory server is more like openldap then Active Directory. Your syntax seems to be more Active Directory.

Tiel_Hicks · December 20, 2008, 12:40am

While I freely admit I am much more familiar with AD than *nix ldap flavors, the basics are the same.

Microsloth might call some things CN that Fedora might not, but the Base DN is a Base DN.

If the ldap setup truely has C,O,OU as the Base, then ldap isn’t working on that server…

Ldap is a tree with roots branches and leaves, if the roots are defined incorrectly, the branches and leaves are invisible.

Post the ldap.conf file and lets get the full details. (Feel free to substitute fake domain info)

Kristen_Moore · December 20, 2008, 12:44am

Okay it seems that the issue is with the database even though it went through that setup in the gui very easily. I just installed using a local db with my original ldap settings and it worked fine. We’ll keep working on it. Thanks!