I am a beginner with LDAP and AD, so I hope these questions aren’'t to basic.
First, when I am installing wildfire and ldap on a win2k3 server will it require any reboots?
Second, our existing AD has alot of users that we do not want to allow access chat, what is the best method to allow or deny users authentication for chat.
Update: Keep reading because there is a solution at the end.
/b
Message was edited by: eangwin
Message was edited by: eangwin
WIth Windows, you can almost bet that a reboot will have to occur, especially with the java stuff needing to be loaded, etc.
The easiest way to restrict access to the server using AD authentication is to create a group (container) and have those people in it that will be using IM. Then setup your Wildfire config file to only point to that container as it’'s place to authenticate from.
Jeff
So I have created the group/container for the users I want to be able to authenticate. How do I write that into the xml file? Here is what I have come up with so far for my xml file (the names have been changed to protect my innocent network LOL)
Am I on the right track or am I completely bonkers?
No actually it looks like it should work. although some of the AD guys do an adminDN of adminname@theirdomain.com, however as a caution, because the password is in plain text in this file, all you need is an account strong enough to view the AD tree to use there. BTW, Wildfire HATES spaces in the xml file, so if yoru container contains spaces I would rename it. Other than that, looks good…
Jeff
Sorry it took me so long to reply, we had put Spark on the back burner for awhile but now it is a priority again. I have been racking my brain trying to get Spark to authenticate with AD and I am out of ideas. Now please note, I am far from being an expert on AD.
I am at the point where I can no longer login to the admin console with the default wildfire username/password but no domain logins work either.
Here is the complete text of my xml file. Being such a novice I don’'t know what I can and cannot have in the file.
/i
Using the ASDI editor here is how our AD structure is setup:
Domain NC magicwww.cu.net
–>DC=cu,DC=net
>>CN=Builtin
>>OU=Cafe Users
>>OU=Carlin Users
>>CN=Computers
>>OU=CU Users
>>–>OU’'s of various departments
>>OU=Domain Controllers
>>CN=ForeignSecurityPrincipals
>>CN=LostAndFound
>>CN=Microsoft Exchange System
>>CN=Program Data
>>OU=Shared Printers
>>CN=System
>>OU=Systems Shares
>>CN=Users[/i]
The users we need to authenticate are under the OU=CU Users in the various departments.
Any help anyone can provide would be greatly appreciated. I have been given the goal of completing this by the end of the week.
Thanks,
Eric
Ok, who do you have as admin to login to the admin console? looking at the wildfire/xml, I see noone defined. yes admin is inherently defined when you authenticate to the local server, but you are authenticating to AD(LDAP). you must have a AD username in the field:
comments off that line. start and stop the server process and whatever account you gave it should now beable to log in as “accountname” you do not need the @server.domain.com on the username. Personally I give admin rights to the server instance to the same people who can login the admin console, so you may want to add them there too.
Jeff
Message was edited by: jeff_garner
Here is my amended xml file. I am still unable to login to the admin console. I am using my domain credentials and I am an admin on all servers.
/i
in your debug.log file can you see it searching for your user name? It will be looking in the given path. As a question, is there a way to create a group without spaces and add yourself to it? I remember something from a couple of months back when some folks were having issues with %20%…
Jeff
Here is my latest attempt. I created a group called spark under the main tree (dc-cu,dc=net) and added myself as a member. Still no luck logging into the console. I also changed the admindn to me since I have admin right anyway. But is my username listed correctly for admindn? should it be an ou or a cn?
/i
Here is my latest debig log also.
2006.05.30 14:41:12 Created new LdapManager() instance, fields:
2006.05.30 14:41:12 host: magicwww.cu.net
2006.05.30 14:41:12 port: 389
2006.05.30 14:41:12 usernamefield: sAMAccountName
2006.05.30 14:41:12 baseDN: cn=Spark;dc=cu;dc=net
2006.05.30 14:41:12 alternateBaseDN: null
2006.05.30 14:41:12 nameField: displayName
2006.05.30 14:41:12 emailField: mail
2006.05.30 14:41:12 adminDN: eric;dc=cu;dc=net
2006.05.30 14:41:12 adminPassword: almostgaveitaway
2006.05.30 14:41:12 searchFilter: (sAMAccountName=)
2006.05.30 14:41:12 ldapDebugEnabled: false
2006.05.30 14:41:12 sslEnabled: false
2006.05.30 14:41:12 initialContextFactory: com.sun.jndi.ldap.LdapCtxFactory
2006.05.30 14:41:12 connectionPoolEnabled: true
2006.05.30 14:41:12 autoFollowReferrals: false
2006.05.30 14:41:12 groupNameField: cn
2006.05.30 14:41:12 groupMemberField: member
2006.05.30 14:41:12 groupDescriptionField: description
2006.05.30 14:41:12 posixMode: false
2006.05.30 14:41:12 groupSearchFilter: (member=)
2006.05.30 14:41:14 Loading plugin admin
2006.05.30 14:41:17 Loading plugin search[/i]
You need to use commas not semicolons in your DNs like this:
[/code]
I replaced the semicolons with commas but no change, cannot login to the console.
Message was edited by: eangwin
Set ldapDebugEnabled[/b] to true[/b] inside the section and see how the logs look then.
I searche through the forums and this came into play as the cleanest (without verbage that is) example. withthe exception of baseDN , make yours look like this and run with it.
Message was edited by: jeff_garner
I copy and pasted the text into my xml file and changed the domain info but I am still unable to log into the console. Here is the file now (with the extra stuff edited out).
/i
Also, I did add the ldapdebugenabled true line and the log file did not change, showing it still false, but the other information does update. Here is the last log:
2006.05.30 16:03:14 Created new LdapManager() instance, fields:
2006.05.30 16:03:14 host: magicwww.cu.net
2006.05.30 16:03:14 port: 389
2006.05.30 16:03:14 usernamefield: sAMAccountName
2006.05.30 16:03:14 baseDN: cn=spark,dc=cu,dc=net
2006.05.30 16:03:14 alternateBaseDN: null
2006.05.30 16:03:14 nameField: displayName
2006.05.30 16:03:14 emailField: mail
2006.05.30 16:03:14 adminDN: cn=administrator,cn=users,dc=cu,dc=net
2006.05.30 16:03:14 adminPassword: shhhhh
2006.05.30 16:03:14 searchFilter: (sAMAccountName=)
2006.05.30 16:03:14 ldapDebugEnabled: false
2006.05.30 16:03:14 sslEnabled: false
2006.05.30 16:03:14 initialContextFactory: com.sun.jndi.ldap.LdapCtxFactory
2006.05.30 16:03:14 connectionPoolEnabled: true
2006.05.30 16:03:14 autoFollowReferrals: false
2006.05.30 16:03:14 groupNameField: cn
2006.05.30 16:03:14 groupMemberField: member
2006.05.30 16:03:14 groupDescriptionField: description
2006.05.30 16:03:14 posixMode: false
2006.05.30 16:03:14 groupSearchFilter: (member=)
2006.05.30 16:03:16 Loading plugin admin
2006.05.30 16:03:19 Loading plugin search
/i
I really appreciate everyones help, I am sure this can be very annoying from your perspective.
Hello i just setup wildfire with ldap and run into the same problem and get pass it, this is what you need to do:
Add this line in the admin seccion change username with a user in your ldap server, you can add more users separated by coma.
this way you will be able to login using this user and password if it exist in you ldap.
Message was edited by: aeperezt
I got so excited that we might have the solution, but I got kicked in the snarfles again. Still unable to login to the console.
I did get some new information in the debug log, but it only happened on one attempt. Subsequent attempts did not yield any similar errors. Here is the log:
2006.05.30 21:29:20 Created new LdapManager() instance, fields:
2006.05.30 21:29:20 host: magicwww.cu.net
2006.05.30 21:29:20 port: 389
2006.05.30 21:29:20 usernamefield: sAMAccountName
2006.05.30 21:29:20 baseDN: cn=spark,dc=cu,dc=net
2006.05.30 21:29:20 alternateBaseDN: null
2006.05.30 21:29:20 nameField: displayName
2006.05.30 21:29:20 emailField: mail
2006.05.30 21:29:20 adminDN: cn=administrator,cn=users,dc=cu,dc=net
2006.05.30 21:29:20 adminPassword: hahahaha
2006.05.30 21:29:20 searchFilter: (sAMAccountName=)
2006.05.30 21:29:20 ldapDebugEnabled: false
2006.05.30 21:29:20 sslEnabled: false
2006.05.30 21:29:20 initialContextFactory: com.sun.jndi.ldap.LdapCtxFactory
2006.05.30 21:29:20 connectionPoolEnabled: true
2006.05.30 21:29:20 autoFollowReferrals: false
2006.05.30 21:29:20 groupNameField: cn
2006.05.30 21:29:20 groupMemberField: member
2006.05.30 21:29:20 groupDescriptionField: description
2006.05.30 21:29:20 posixMode: false
2006.05.30 21:29:20 groupSearchFilter: (member=)
2006.05.30 21:29:21 Loading plugin admin
2006.05.30 21:29:25 Loading plugin search
2006.05.30 21:29:36 Trying to find a user’'s DN based on their username. sAMAccountName: eric, Base DN: cn=spark,dc=cu,dc=net…
2006.05.30 21:29:36 Creating a DirContext in LdapManager.getContext()…
2006.05.30 21:29:36 Created hashtable with context values, attempting to create context…
2006.05.30 21:29:36 … context created successfully, returning.
2006.05.30 21:29:36 Starting LDAP search…
2006.05.30 21:29:36 … search finished
2006.05.30 21:29:36 User DN based on username ‘‘eric’’ not found.
2006.05.30 21:29:36 Exception thrown when searching for userDN based on username ‘‘eric’’
org.jivesoftware.wildfire.user.UserNotFoundException: Username eric not found
at org.jivesoftware.wildfire.ldap.LdapManager.findUserDN(LdapManager.java:493)
at org.jivesoftware.wildfire.ldap.LdapManager.findUserDN(LdapManager.java:428)
at org.jivesoftware.wildfire.ldap.LdapAuthProvider.authenticate(LdapAuthProvider.j ava:87)
at org.jivesoftware.wildfire.auth.AuthFactory.authenticate(AuthFactory.java:114)
at org.jivesoftware.wildfire.admin.login_jsp._jspService(login_jsp.java:134)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:428)
at org.mortbay.jetty.servlet.WebApplicationHandler$CachedChain.doFilter(WebApplica tionHandler.java:830)
at com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:39)
at org.mortbay.jetty.servlet.WebApplicationHandler$CachedChain.doFilter(WebApplica tionHandler.java:821)
at org.jivesoftware.util.LocaleFilter.doFilter(LocaleFilter.java:43)
at org.mortbay.jetty.servlet.WebApplicationHandler$CachedChain.doFilter(WebApplica tionHandler.java:821)
at org.jivesoftware.util.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingF ilter.java:41)
at org.mortbay.jetty.servlet.WebApplicationHandler$CachedChain.doFilter(WebApplica tionHandler.java:821)
at org.jivesoftware.admin.AuthCheckFilter.doFilter(AuthCheckFilter.java:98)
at org.mortbay.jetty.servlet.WebApplicationHandler$CachedChain.doFilter(WebApplica tionHandler.java:821)
at org.mortbay.jetty.servlet.WebApplicationHandler.dispatch(WebApplicationHandler. java:471)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:568)
at org.mortbay.http.HttpContext.handle(HttpContext.java:1530)
at org.mortbay.jetty.servlet.WebApplicationContext.handle(WebApplicationContext.ja va:633)
at org.mortbay.http.HttpContext.handle(HttpContext.java:1482)
at org.mortbay.http.HttpServer.service(HttpServer.java:909)
at org.mortbay.http.HttpConnection.service(HttpConnection.java:816)
at org.mortbay.http.HttpConnection.handleNext(HttpConnection.java:982)
at org.mortbay.http.HttpConnection.handle(HttpConnection.java:833)
at org.mortbay.http.SocketListener.handleConnection(SocketListener.java:244)
at org.mortbay.util.ThreadedServer.handle(ThreadedServer.java:357)
at org.mortbay.util.ThreadPool$PoolThread.run(ThreadPool.java:534)[/i]
I did find an entry in the error.log file. Maybe this will help narrow down the problem, but I am not sure what it means.
2006.05.31 09:23:51 [org.jivesoftware.database.ConnectionPool.(ConnectionPool.java:108)
] Failed to create new connections on startup. Attempt 0 of 3
java.sql.SQLException: The database is already in use by another process: org.hsqldb.persist.NIOLockFile@c798e4a6[file =C:\Program Files\Wildfire\embedded-db\wildfire.lck, exists=true, locked=false, valid=false, fl =null]: java.lang.Exception: checkHeartbeat(): lock file is presumably locked by another process.
at org.hsqldb.jdbc.Util.sqlException(Unknown Source)
at org.hsqldb.jdbc.jdbcConnection.(XMPPServer.java:142)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at java.lang.Class.newInstance0(Unknown Source)
at java.lang.Class.newInstance(Unknown Source)
at org.jivesoftware.wildfire.starter.ServerStarter.start(ServerStarter.java:88)
at org.jivesoftware.wildfire.starter.ServerStarter.main(ServerStarter.java:49)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at com.exe4j.runtime.LauncherEngine.launch(Unknown Source)
at com.exe4j.runtime.WinLauncher.main(Unknown Source)[/i]
Please restart you system it look like there some wildfire service up allready, this also happend to me so that is the advice.
Would you have any suggestions of what process or service might be stuck? I am hoping I can just stop a process or restart a service to fix this. I am configuring Wildfire on a working Live Communications server, a reboot is not something I can just do on the fly, it has to be scheduled and notifcations sent out and blah blah blah… lol
first, check this JID :
that should be the proper JID I believe. is LS using the same SQL db? make sure your configure file for SQL allows enough connections. you might get by with just stopping and starting wildfire (killing any tasks associated with it besides SQL)
Jeff