Search plugin issue

Openfire Openfire Support
1

Gents,

I have configured JM with LDAP/AD authorization, installed and configured search plugin. All works fine if I trying to find contact by JID.

But, if I trying search with wildcard ( * ) Jabber client drop connection to JM.

Tried on Pandion, Exodus & Miranda.

Miranda log:

IqAdd id=14, proc=6, func=0x3250c13f

SEND:

( SSL ) Data sent

recvResult = 16

RECV:</stream:stream>

( SSL ) Data received

</stream:stream>

(009CAD00:4294967295) Connection closed

bytesParsed = 16

recvResult = -1

Exiting KeepAliveThread

Thread ended: type=0 server=’‘myserver.com’’

Exiting ServerThread

Any ideas?

Thanks in advance.

2

But, if I trying search with wildcard ( * ) Jabber client drop connection to JM.

I have the same problem and have told about it here, but the developers could not reproduce this issue and now I just don’'t use search plugin

3

At me the same problem. The request to developers all the same to understand with it!

4

The mistake “org.jivesoftware.messenger.plugin.SearchPlugin.replyDataFormResult” arises at use “Ldap.searchFilter”:

<! [CDATA (and (sAMAccountName = {0}) (objectClass=user) (]>

at switching-off “Ldap.searchFilter” all works. However only members of group “jabber” should be connected and be found in search. Help to solve a problem.

5

Hi Reddok,

What version of Messenger are you using?

Thanks,

Ryan

6

Hi Zenith,

But, if I trying search with wildcard ( * ) Jabber

client drop connection to JM.

I have the same problem and have told about it here,

but the developers could not reproduce this issue and

now I just don’'t use search plugin

I thought url=http://www.jivesoftware.org/forums/message.jspa?messageID=101290#101290the issue[/url] had gone away with Messenger 2.2, is that not the case?

Thanks,

Ryan

7

I thought the issue had gone away with Messenger 2.2, is that not the case?

The problem exists even in Messenger 2.2.1.

But I found something. The problem is in search filter. Here is my search filter:

And with this search filter all works fine, but searching fetches too many entries therefore I can''t use it:

Any ideas?

8

Hi Zenith,

But I found something. The problem is in search filter.

That’‘s what I’‘ve always suspected the problem to be. Despite it’‘s name, the search plugin doesn’‘t really do any searching, it’'s really more of an API that translates queries and results between the client and server.

Any ideas?

Are you seeing a NullPointerException coming from LdapUserProvider.findUsers() in the error logs?

Thanks,

Ryan

9

Are you seeing a NullPointerException coming from LdapUserProvider.findUsers() in the error logs?

No, I think :). Here is full traceback from debug.log:

2005.09.08 09:17:27 Creating a DirContext in LdapManager.getContext()…

2005.09.08 09:17:27 Created hashtable with context values, attempting to create context…

2005.09.08 09:17:27 … context created successfully, returning.

2005.09.08 09:17:27 Creating a DirContext in LdapManager.getContext()…

2005.09.08 09:17:27 Created hashtable with context values, attempting to create context…

2005.09.08 09:17:27 … context created successfully, returning.

2005.09.08 09:17:27 Trying to find a user’'s DN based on their username. uid: hev$, Base DN: dc=sbyt,dc=amur,dc=elektra,dc=ru…

2005.09.08 09:17:27 Creating a DirContext in LdapManager.getContext()…

2005.09.08 09:17:27 Created hashtable with context values, attempting to create context…

2005.09.08 09:17:27 … context created successfully, returning.

2005.09.08 09:17:27 Starting LDAP search…

2005.09.08 09:17:27 … search finished

2005.09.08 09:17:27 User DN based on username ‘‘hev$’’ not found.

2005.09.08 09:17:27 Exception thrown when searching for userDN based on username ‘‘hev$’’

org.jivesoftware.messenger.user.UserNotFoundException: Username hev$ not found

at org.jivesoftware.messenger.ldap.LdapManager.findUserDN(LdapManager.java:465)

at org.jivesoftware.messenger.ldap.LdapManager.findUserDN(LdapManager.java:400)

at org.jivesoftware.messenger.ldap.LdapUserProvider.loadUser(LdapUserProvider.java :69)

at org.jivesoftware.messenger.user.UserManager.getUser(UserManager.java:157)

at org.jivesoftware.messenger.user.UserCollection$UserIterator.getNextElement(User Collection.java:94)

at org.jivesoftware.messenger.user.UserCollection$UserIterator.hasNext(UserCollect ion.java:57)

at java.util.AbstractCollection.toArray(Unknown Source)

at java.util.ArrayList.addAll(Unknown Source)

at org.jivesoftware.messenger.plugin.SearchPlugin.processSetPacket(SearchPlugin.ja va:285)

at org.jivesoftware.messenger.plugin.SearchPlugin.handleIQ(SearchPlugin.java:242)

at org.jivesoftware.messenger.plugin.SearchPlugin.processPacket(SearchPlugin.java: 191)

at org.jivesoftware.messenger.component.InternalComponentManager$RoutableComponent .process(InternalComponentManager.java:342)

at org.jivesoftware.messenger.IQRouter.handle(IQRouter.java:151)

at org.jivesoftware.messenger.IQRouter.route(IQRouter.java:73)

at org.jivesoftware.messenger.PacketRouter.route(PacketRouter.java:65)

at org.jivesoftware.messenger.net.SocketReader.processIQ(SocketReader.java:258)

at org.jivesoftware.messenger.net.ClientSocketReader.processIQ(ClientSocketReader. java:43)

at org.jivesoftware.messenger.net.SocketReader.readStream(SocketReader.java:230)

at org.jivesoftware.messenger.net.SocketReader.run(SocketReader.java:111)

at java.lang.Thread.run(Unknown Source)

2005.09.08 09:17:27 Creating a DirContext in LdapManager.getContext()…

2005.09.08 09:17:27 Created hashtable with context values, attempting to create context…

2005.09.08 09:17:27 … context created successfully, returning.

2005.09.08 09:17:27 Trying to find a user’'s DN based on their username. uid: 93141, Base DN: dc=sbyt,dc=amur,dc=elektra,dc=ru…

2005.09.08 09:17:27 Creating a DirContext in LdapManager.getContext()…

2005.09.08 09:17:27 Created hashtable with context values, attempting to create context…

2005.09.08 09:17:27 … context created successfully, returning.

2005.09.08 09:17:27 Starting LDAP search…

2005.09.08 09:17:27 … search finished

2005.09.08 09:17:27 User DN based on username ‘‘93141’’ not found.

2005.09.08 09:17:27 Exception thrown when searching for userDN based on username ‘‘93141’’

org.jivesoftware.messenger.user.UserNotFoundException: Username 93141 not found

at org.jivesoftware.messenger.ldap.LdapManager.findUserDN(LdapManager.java:465)

at org.jivesoftware.messenger.ldap.LdapManager.findUserDN(LdapManager.java:400)

at org.jivesoftware.messenger.ldap.LdapUserProvider.loadUser(LdapUserProvider.java :69)

at org.jivesoftware.messenger.user.UserManager.getUser(UserManager.java:157)

at org.jivesoftware.messenger.user.UserCollection$UserIterator.getNextElement(User Collection.java:94)

at org.jivesoftware.messenger.user.UserCollection$UserIterator.hasNext(UserCollect ion.java:57)

at java.util.AbstractCollection.toArray(Unknown Source)

at java.util.ArrayList.addAll(Unknown Source)

at org.jivesoftware.messenger.plugin.SearchPlugin.processSetPacket(SearchPlugin.ja va:285)

at org.jivesoftware.messenger.plugin.SearchPlugin.handleIQ(SearchPlugin.java:242)

at org.jivesoftware.messenger.plugin.SearchPlugin.processPacket(SearchPlugin.java: 191)

at org.jivesoftware.messenger.component.InternalComponentManager$RoutableComponent .process(InternalComponentManager.java:342)

at org.jivesoftware.messenger.IQRouter.handle(IQRouter.java:151)

at org.jivesoftware.messenger.IQRouter.route(IQRouter.java:73)

at org.jivesoftware.messenger.PacketRouter.route(PacketRouter.java:65)

at org.jivesoftware.messenger.net.SocketReader.processIQ(SocketReader.java:258)

at org.jivesoftware.messenger.net.ClientSocketReader.processIQ(ClientSocketReader. java:43)

at org.jivesoftware.messenger.net.SocketReader.readStream(SocketReader.java:230)

at org.jivesoftware.messenger.net.SocketReader.run(SocketReader.java:111)

at java.lang.Thread.run(Unknown Source)

The searching word was “hev*”.

“Trying to find a user’'s DN based on their username. uid: hev$” - may be this is a problem?

I have two entries in my LDAP directory:

uid=hev,ou=Users,dc=sbyt,dc=amur,dc=elektra,dc=ru

and

uid=hev$,ou=Computers,dc=sbyt,dc=amur,dc=elektra,dc=ru

DistName uid=hev$,ou=Computers,dc=sbyt,dc=amur,dc=elektra,dc=ru has no “shadowAccount” objectclass. Why does Jive Messenger search there?

10

I thought, I have to show you all my ldif’'s:

dn: uid=hev,ou=Users,dc=sbyt,dc=amur,dc=elektra,dc=ru

cn: hev

sn: hev

uid: hev

uidNumber: 1116

gidNumber: 513

gecos: System User

sambaLogoffTime: 2147483647

sambaKickoffTime: 2147483647

sambaPrimaryGroupSID: S-1-5-21-426593144-70024345-1648912389-513

sambaSID: S-1-5-21-426593144-70024345-1648912389-1490

sambaLogonTime: 1095251177

objectClass: top

objectClass: inetOrgPerson

objectClass: posixAccount

objectClass: shadowAccount

objectClass: sambaSamAccount

displayName:: 0KXRgNCw0LzRhtC0LIg0JXQstCz0LXQvdC40Lkg0JLQu9Cw0LTQuNC80LjRgNC

0LLQuNGH

description:: 0LjQvdC20LXQvdC10YAt0L/RgNC0LPRgNCw0LzQvNC40YHRgiAxLdC0Lkg0LrQ

sNGC0LXQs9C+0YDQuNC4

sambaLogonScript: logon.bat

sambaPwdCanChange: 2147483647

sambaAcctFlags:

sambaPwdLastSet: 1111561175

homeDirectory: /home/hev

loginShell: /bin/bash

sambaPwdMustChange: 2147412648

o: 1

dn: uid=HEV$,ou=Computers,dc=sbyt,dc=amur,dc=elektra,dc=ru

objectClass: top

objectClass: inetOrgPerson

objectClass: posixAccount

objectClass: sambaSamAccount

cn: HEV$

sn: HEV$

uid: HEV$

uidNumber: 1208

gidNumber: 515

homeDirectory: /dev/null

loginShell: /bin/false

description: Computer

sambaSID: S-1-5-21-426593144-70024345-1648912389-1491

sambaPrimaryGroupSID: S-1-5-21-426593144-70024345-1648912389-513

sambaPwdMustChange: 2147483647

sambaAcctFlags:

sambaPwdCanChange: 1119481991

sambaPwdLastSet: 1119481991

And yet another entry, which contains uid=93141 attribute:

dn:: cn=FullUserName_in_Russian,ou=AddressBook,dc=sbyt,dc=amur,dc=elektra,dc=ru

objectClass: top

objectClass: person

objectClass: organizationalPerson

objectClass: sbyt

objectClass: inetOrgPerson

sn:: 0KXRgNCw0LzRhtC+0LI=

cn:: 0KXRgNCw0LzRhtC0LIg0JXQstCz0LXQvdC40Lkg0JLQu9Cw0LTQuNC80LjRgNC0LLQuNGH

title:: 0JjQvdC20LXQvdC10YAt0L/RgNC+0LPRgNCw0LzQvNC40YHRgiAxINC60LDRgi4=

ou:: 0J7RgtC00LXQuyDQsNCy0YLQvtC80LDRgtC40LfQuNGA0L7QstCw0L3QvdGL0YUg0YHQuNGB0

YLQtdC8INGD0L/RgNCw0LLQu9C10L3QuNGP

departmentNumber:: 0J7RgtC00LXQuyDQsNCy0YLQvtC80LDRgtC40LfQuNGA0L7QstCw0L3QvdG

L0YUg0YHQuNGB0YLQtdC8INGD0L/RgNCw0LLQu9C10L3QuNGP

displayName:: 0KXRgNCw0LzRhtC0LIg0JXQstCz0LXQvdC40Lkg0JLQu9Cw0LTQuNC80LjRgNC

0LLQuNGH

givenName:: 0JXQstCz0LXQvdC40Lk=

uid: 93141

initials:: 0JLQu9Cw0LTQuNC80LjRgNC+0LLQuNGH

mail: hev@sbyt.amur.elektra.ru

birthDay: 1980-3-16

st:: 0JDQvNGD0YDRgdC60LDRjyDQvtCx0LvQsNGB0YLRjA==

o:: 0KTQkNCeINCQ0LzRg9GA0Y3QvdC10YDQs9C+0YHQsdGL0YI=

street:: 0YPQuy4gNTAg0LvQtdGCINCe0LrRgtGP0LHRgNGPLCA2NS8x

postOfficeBox:: 0YPQuy4gNTAg0LvQtdGCINCe0LrRgtGP0LHRgNGPLCA2NS8x

postalCode: 675000

l:: 0JHQu9Cw0LPQvtCy0LXRidC10L3RgdC6

telephoneNumber: (1)078, 398078

11

Hi Zenith,

You’'re talking way over my head here when it comes to LDAP.

DistName uid=hev$,ou=Computers,dc=sbyt,dc=amur,dc=elektra,dc=ru has no

“shadowAccount” objectclass. Why does Jive Messenger search there?

Sorry, I don’‘t know what a “shadowAccount” means. Messenger should just be searching in the uid field. Below, I’'ve pasted the comments from the LdapManager.findUserDN() method that explains what Messenger is doing, maybe it will help?

Let me know,

Ryan

/**

  • Finds a user’'s dn using their username in the specified baseDN. Normally, this search

  • will be performed using the field “uid”, but this can be changed by setting

  • the usernameField property.

  • Searches are performed over all subtrees relative to the baseDN.

  • For example, if the baseDN is “o=jivesoftware, o=com” and we

  • do a search for “mtucker”, then we might find a userDN of

  • “uid=mtucker,ou=People”. This kind of searching is a good thing since

  • it doesn’'t make the assumption that all user records are stored in a flat

  • structure. However, it does add the requirement that “uid” field (or the

  • other field specified) must be unique over the entire subtree from the

  • baseDN. For example, it’‘s entirely possible to create two dn’'s

  • in your LDAP directory with the same uid: “uid=mtucker,ou=People” and

  • “uid=mtucker,ou=Administrators”. In such a case, it’'s not possible to

  • uniquely identify a user, so this method will throw an error.

  • The dn that’'s returned is relative to the baseDN.

  • @param username the username to lookup the dn for.

  • @param baseDN the base DN to use for this search.

  • @return the dn associated with username.

  • @throws Exception if the search for the dn fails.

  • @see #findUserDN(String) to search using the default baseDN and alternateBaseDN.

*/

/code

12

Well, this comment doesn’‘t give me too much, because I don’'t know the full sequence of steps in algorithm of search I guess, in my case it looks this way:

  1. I submit x:data form with vars: search=’‘hev*’’, Username=’‘1’’, Name=’‘1’’ and Email=’‘1’’.

  2. Messenger tries to find some DN’‘s in my LDAP directory. According to my config file, it uses filter ‘’(|(uid=hev**)(mail=hev**)(displayName=hev*))’’ for doing this.

  3. It finds three DNs:

uid=hev,ou=Users,dc=sbyt,dc=amur,dc=elektra,dc=ru, because it contains uid=hev

uid=hev$,ou=Computers,dc=sbyt,dc=amur,dc=elektra,dc=ru, because it contains uid=hev$

and

cn=FullUserName,ou=AddressBook,dc=sbyt,dc=amur,dc=elektra,dc=ru, because it contains mail=hev@sbyt.amur.elektra.ru.

  1. Messenger tries to apply LdapManager.findUserDN() method to obtained uids (hev, hev$ and 93141 because the third DN also contains uid attribute which value is ‘‘93141’’). I’‘m not sure, but I think that Messenger uses filter ‘’(&(uid=)(objectClass=shadowAccount))’’ (this is the value of ‘‘searchFilter’’ option in my config file) in findUserDN() method. But the second and the third DNs doesn’'t contain “shadowAccount” objectclass and this somehow causes NullPointer exception.

Am I right?

PS. I’‘m sorry, I’‘m not able to look directly in the source code, because I don’'t know Java very much

13

Are you seeing a NullPointerException coming from

LdapUserProvider.findUsers() in the error logs?

I am experiencing this when searching for terms that are short (such as “dan” or “a”). The user gets booted and I get an error. “dan” would return about 15 entries.

Here is the trace if that helps any:

2005.12.01 15:41:58 [org.jivesoftware.messenger.ldap.LdapUserProvider.findUsers(LdapUserProvider.ja va:359)

]

java.lang.NullPointerException

2005.12.01 15:41:58 [org.jivesoftware.messenger.ldap.LdapUserProvider.findUsers(LdapUserProvider.ja va:359)

]

java.lang.NullPointerException

2005.12.01 15:41:58 [org.jivesoftware.messenger.IQRouter.handle(IQRouter.java:301)

] Could not route packet

java.lang.NullPointerException

at org.jivesoftware.messenger.plugin.SearchPlugin.replyDataFormResult(SearchPlugin .java:386)

at org.jivesoftware.messenger.plugin.SearchPlugin.processSetPacket(SearchPlugin.ja va:302)

at org.jivesoftware.messenger.plugin.SearchPlugin.handleIQ(SearchPlugin.java:242)

at org.jivesoftware.messenger.plugin.SearchPlugin.processPacket(SearchPlugin.java: 191)

at org.jivesoftware.messenger.component.InternalComponentManager$RoutableComponent .process(InternalComponentManager.java:349)

at org.jivesoftware.messenger.IQRouter.handle(IQRouter.java:183)

at org.jivesoftware.messenger.IQRouter.route(IQRouter.java:78)

at org.jivesoftware.messenger.PacketRouter.route(PacketRouter.java:65)

at org.jivesoftware.messenger.net.SocketReader.processIQ(SocketReader.java:321)

at org.jivesoftware.messenger.net.ClientSocketReader.processIQ(ClientSocketReader. java:51)

at org.jivesoftware.messenger.net.SocketReader.readStream(SocketReader.java:251)

at org.jivesoftware.messenger.net.SocketReader.run(SocketReader.java:115)

at java.lang.Thread.run(Unknown Source)

14

I have the same problem, but only if I have a searchfilter in place.

15

Hi Derek,

I’‘ve checked a change into subversion the fixes the problem but I’'m waiting to hear back from a couple of testers before I ask Matt to post the new version of the plugin to the download page.

If you’'d like a copy of the latest version I can send it to you via email. Let me know.

Thanks,

Ryan

16

I would be interested in testing to see if this solves my problem.

Hi Derek,

I’'ve checked a change into subversion the fixes the

problem but I’'m waiting to hear back from a couple of

testers before I ask Matt to post the new version of

the plugin to the download page.

If you’'d like a copy of the latest version I can send

it to you via email. Let me know.

Thanks,

Ryan

17

Yes Ryan, Id like to give it a try!

wattsin AT yahoo DOT com

Thanks again,

Derek

18

Hey there Ryan, just hoping you don’'t forget to send that along…

19

Hi All,

A new version (1.1.3) of the search plugin is url=http://www.jivesoftware.org/messenger/plugins.jspnow available[/url] that fixes the LDAP searchFilter issue.

Enjoy!

-Ryan

20

Ryan! thanks, works great! thanks so much…