powered by Jive Software

Please help me get Wildfire talking to our active directory

Hi:

I have been trying for the past three days to get Wildfire talking to our company’‘s active directory. I’‘ve gotten a good wildfire.xml file created while I’‘ll paste below, and it was even working for a few hours yesterday, but stopped working for no good reason. I’'m very new to Wildfire and LDAP, so am probably missing how to do something.

The Wildfire server is running under CentOS 4.3 with most of the latest updates. I do not have access to the system console and can only log in through SSH. The version of Wildfire is 2.6.2. When I try to login through a Jabber client, I get the message that authentication was not successful. When I login to the admin console, I get a similar error and am returned to the login form. As I said, I finally got it working yesterday, and it just stopped this morning. I can’‘t think of what changed, I didn’‘t touch the wildfire.xml file. The DC I talk to for LDAP was rebooted late yesterday afternoon, and this morning I had to reboot the Wildfire server itself. I can varify that Wildfire is talking to the DC, and the admin account it is using is valid and does have the necessary permissions. I have also been able to make LDAP queries using this admin account from this Linux server using the OpenLDAP tools. Again, as I said this worked until a few hours ago. I have also tried setting up debugging, but quite frankly it looks to me that Wildfire’'s error logs are meaningless to someone with no Java experience.

Please help!

Here is the output from debug.log which shows me starting the server and trying to log into the admin console. Unfortunately at the point I need to get info from it it starts all becomming Greek.

2006.05.10 11:41:31 Created new LdapManager() instance, fields:

2006.05.10 11:41:31 host: earth.optiframe.com

2006.05.10 11:41:31 port: 389

2006.05.10 11:41:31 usernamefield: sAMAccountName

2006.05.10 11:41:31 baseDN: dc=optiframe,dc=com

2006.05.10 11:41:31 alternateBaseDN: null

2006.05.10 11:41:31 nameField: displayName

2006.05.10 11:41:31 emailField: mail

2006.05.10 11:41:31 adminDN: “CN=jabber admin,OU=application accounts,OU=optiframe users,DC=optiframe,DC=com”

2006.05.10 11:41:31 adminPassword: J@bberM@$ter

2006.05.10 11:41:31 searchFilter: (sAMAccountName=)
2006.05.10 11:41:31 ldapDebugEnabled: false
2006.05.10 11:41:31 sslEnabled: false
2006.05.10 11:41:31 initialContextFactory: com.sun.jndi.ldap.LdapCtxFactory
2006.05.10 11:41:31 connectionPoolEnabled: true
2006.05.10 11:41:31 autoFollowReferrals: false
2006.05.10 11:41:31 groupNameField: cn
2006.05.10 11:41:31 groupMemberField: member
2006.05.10 11:41:31 groupDescriptionField: description
2006.05.10 11:41:31 posixMode: false
2006.05.10 11:41:31 groupSearchFilter: (member=)

2006.05.10 11:41:34 Loading plugin admin

2006.05.10 11:41:39 Loading plugin search

2006.05.10 11:42:36 Trying to find a user’'s DN based on their username. sAMAccountName: rshugart, Base DN: dc=optiframe,dc=com…

2006.05.10 11:42:36 Creating a DirContext in LdapManager.getContext()…

2006.05.10 11:42:36 Created hashtable with context values, attempting to create context…

2006.05.10 11:42:36 Exception thrown when searching for userDN based on username ‘‘rshugart’’

javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece

Message was edited by: rshugart

The only thing that looks odd to me is your adminDN[/b]. I don’'t think you want to use quotes around it. One other note is that your LDAP debugging option is wrong – use this:

[/code]

That may help see what exactly is going wrong with your LDAP queries.