Problem whith ldap authentication

jmpatagonia · October 27, 2021, 3:33pm

Hello, I have this message on …/openfire/logs/stdoutt.log a lot of this, since when a user login on pidgin (client):

12:07:08.784 [socket_c2s-thread-3] WARN org.jivesoftware.openfire.ldap.LdapManager - Using unencrypted connection to LDAP service!
12:07:08.784 [socket_c2s-thread-3] WARN org.jivesoftware.openfire.ldap.LdapManager - Using unencrypted connection to LDAP service!
12:07:08.785 [socket_c2s-thread-3] WARN org.jivesoftware.openfire.ldap.LdapManager - Using unencrypted connection to LDAP service!
12:07:08.785 [socket_c2s-thread-3] WARN org.jivesoftware.openfire.ldap.LdapManager - Using unencrypted connection to LDAP service!
12:07:08.787 [socket_c2s-thread-3] WARN org.jivesoftware.openfire.ldap.LdapManager - Using unencrypted connection to LDAP service!
12:07:08.787 [socket_c2s-thread-3] WARN org.jivesoftware.openfire.ldap.LdapManager - Using unencrypted connection to LDAP service!
12:07:08.788 [socket_c2s-thread-3] WARN org.jivesoftware.openfire.ldap.LdapManager - Using unencrypted connection to LDAP service!
12:07:08.789 [socket_c2s-thread-3] WARN org.jivesoftware.openfire.ldap.LdapManager - Using unencrypted connection to LDAP service!
12:07:08.790 [socket_c2s-thread-3] WARN org.jivesoftware.openfire.ldap.LdapManager - Using unencrypted connection to LDAP service!
12:07:08.825 [socket_c2s-thread-3] WARN org.jivesoftware.openfire.ldap.LdapManager - Using unencrypted connection to LDAP service!
12:07:08.826 [socket_c2s-thread-3] WARN org.jivesoftware.openfire.ldap.LdapManager - Using unencrypted connection to LDAP service!
12:07:08.843 [socket_c2s-thread-3] WARN org.jivesoftware.openfire.ldap.LdapManager - Using unencrypted connection to LDAP service!
12:07:08.851 [socket_c2s-thread-3] WARN org.jivesoftware.openfire.ldap.LdapManager - Using unencrypted connection to LDAP service!
12:07:08.923 [socket_c2s-thread-3] WARN org.jivesoftware.openfire.ldap.LdapManager - Using unencrypted connection to LDAP service!
12:07:08.925 [socket_c2s-thread-3] WARN org.jivesoftware.openfire.ldap.LdapManager - Using unencrypted connection to LDAP service!

When this happens, the cpu is very high, how can I remove this message from the log or do openfire do not check or verification the LDAP unencrypted connection.

My ldap is very old, work fine, but not have ldaps protocol, just ldap 386.

Openfire: Openfire 4.6.4, build 2bc37e6
Ubuntu: 20.04 LTS

Regards.

totzkotz · October 29, 2021, 7:24am

For removing it, you have to clone the OF repo and recompile it after deleting the warning or modify it to debug message:
You can find the warnings here:

github.com

igniterealtime/Openfire/blob/0e84be7d1b86b8b2acff6da2b0215f6f2352b591/xmppserver/src/main/java/org/jivesoftware/openfire/ldap/LdapManager.java#L632

    
      
           * lookups and searches using the specified base DN. The context uses the
           * admin login that is defined by {@code adminDN} and {@code adminPassword}.
           *
           * @param baseDN the base DN to use for the context.
           * @return a connection to the LDAP server.
           * @throws NamingException if there is an error making the LDAP connection.
           */
          public LdapContext getContext(LdapName baseDN) throws NamingException {
              Log.debug("Creating a DirContext in LdapManager.getContext() for baseDN '{}'...", baseDN);
              if (!sslEnabled && !startTlsEnabled) {
                  Log.warn("Using unencrypted connection to LDAP service!");
              }
          
          
    // Set up the environment for creating the initial context
              Hashtable<String, Object> env = new Hashtable<>();
              env.put(Context.INITIAL_CONTEXT_FACTORY, initialContextFactory);
              env.put(Context.PROVIDER_URL, getProviderURL(baseDN));
          
          
    // SSL
              if (sslEnabled) {
                  env.put("java.naming.ldap.factory.socket", "org.jivesoftware.util.SimpleSSLSocketFactory");

and here:

github.com

igniterealtime/Openfire/blob/0e84be7d1b86b8b2acff6da2b0215f6f2352b591/xmppserver/src/main/java/org/jivesoftware/openfire/ldap/LdapManager.java#L760

    
      
           * the LDAP server. The "simple" authentication protocol is used.
           *
           * @param userRDN the user's rdn to authenticate (relative to {@code baseDN}).
           * @param password the user's password.
           * @return true if the user successfully authenticates.
           */
          public boolean checkAuthentication(Rdn[] userRDN, String password) {
              Log.debug("In LdapManager.checkAuthentication(userDN, password), userRDN is: " + Arrays.toString(userRDN) + "...");
          
          
    if (!sslEnabled && !startTlsEnabled) {
                  Log.warn("Using unencrypted connection to LDAP service!");
              }
          
          
    JiveInitialLdapContext ctx = null;
              try {
                  // See if the user authenticates.
                  Hashtable<String, Object> env = new Hashtable<>();
                  env.put(Context.INITIAL_CONTEXT_FACTORY, initialContextFactory);
                  env.put(Context.PROVIDER_URL, getProviderURL(baseDN));
                  if (sslEnabled) {
                      env.put("java.naming.ldap.factory.socket", "org.jivesoftware.util.SimpleSSLSocketFactory");

Otherwhise upgrade to use LDAPS.

jmpatagonia · November 2, 2021, 3:43pm

totzkotz thanks for the answer, I try to download git code and compile it whit

./mvnw verify -pl distribution -am

Exception in thread “main” java.net.UnknownHostException: repo.maven.apache.org
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:184)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:607)
at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:288)
at sun.security.ssl.BaseSSLSocketImpl.connect(BaseSSLSocketImpl.java:173)
at sun.net.NetworkClient.doConnect(NetworkClient.java:180)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:463)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:558)
at sun.net.www.protocol.https.HttpsClient.(HttpsClient.java:264)
at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:367)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:203)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1162)
at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1056)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:189)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1570)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1498)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:268)
at org.apache.maven.wrapper.DefaultDownloader.downloadInternal(DefaultDownloader.java:90)
at org.apache.maven.wrapper.DefaultDownloader.download(DefaultDownloader.java:76)
at org.apache.maven.wrapper.Installer.createDist(Installer.java:72)
at org.apache.maven.wrapper.WrapperExecutor.execute(WrapperExecutor.java:121)
at org.apache.maven.wrapper.MavenWrapperMain.main(MavenWrapperMain.java:61)

but I have this error !!! can you help me ?

totzkotz · November 3, 2021, 7:48am

using
mvn verify
should be enough

your exception comes from maven because it can not find the repo…

jmpatagonia · November 9, 2021, 11:05am

thanks totzkotz, this is enough mvn verify, I change the dns and resolv it. regards