powered by Jive Software

Openfire 3.5, Problem getting users from AD

I have successfully created a group in our AD and made a user filter to only pick users from this group.

The problem is when i list users in “User Summary” in the Admin Interface, it say that “Total Users: 5” though only two of the users in the group show up in the list.

When i check error.log, i have the following error:

2008.04.08 15:18:33 org.jivesoftware.admin.LdapUserTester.getAttributes(LdapUserTester.java:182)

javax.naming.InvalidNameException: “CN=“Xxxxxxx Xxxxxx /XXX”,OU=“Administrators”,OU=@Users”: close quote appears before end of component

at javax.naming.NameImpl.extractComp(Unknown Source)

at javax.naming.NameImpl.<init>(Unknown Source)

at javax.naming.CompositeName.<init>(Unknown Source)

at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(Unknown Source)

at javax.naming.directory.InitialDirContext.getAttributes(Unknown Source)

at org.jivesoftware.admin.LdapUserTester.getAttributes(LdapUserTester.java:159)

at org.jivesoftware.openfire.admin.setup.setup_002dldap_002duser_005ftest_jsp._jsp Service(setup_002dldap_002duser_005ftest_jsp.java:97)

at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)

at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:487)

at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1093)

at com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:39)

at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)

at org.jivesoftware.util.LocaleFilter.doFilter(LocaleFilter.java:65)

at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)

at org.jivesoftware.util.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingF ilter.java:41)

at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)

at org.jivesoftware.admin.PluginFilter.doFilter(PluginFilter.java:69)

at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)

at org.jivesoftware.admin.AuthCheckFilter.doFilter(AuthCheckFilter.java:98)

at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)

at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:360)

at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)

at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181)

at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:726)

at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:405)

at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollect ion.java:206)

at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114)

at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:139)

at org.mortbay.jetty.Server.handle(Server.java:324)

at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:505)

at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.j ava:828)

at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:514)

at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:211)

at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:380)

at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:395)

at org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:450)

Anyone have any ideas?

whats your user filter? did you validate user lookup during install?

Was a bit hasty with my post, got help from a friend and we located the problem to be the “/” in the username.

So now the new question:

Is there any way around this or do we need to remove the “/” from all users in our AD?

where do you have a / in usernames? what attribute has that in? we use MS AD, whats your LDAP?

When i list the names of users in the AD it shows under “Name”, we have it as a note to which department you work under like:

Carl Barns /IT

the ldap attributes that AD has can be grouped together, perhaps NAME is an attribute that groups firstname, surname and department. If this is the case you can repoint ‘name’ to be just name, not including department and avoiding your problem.

I recommend softerra LDAP browser to dig into your user data and view attributes.