SSO login issue through admin console and Spark

I’m having a strange SSO problem. I am running Openfire 3.4.4 on RHEL4 with a mySQL database. It ties in with Microsoft Active Directory. SSO has been working fine for months and I even used it yesterday and was able to logon both through Spark and through the admin console. But today, neither works. The debug logs show this message:

2008.03.19 12:33:14 LdapManager: Exception thrown when searching for userDN based on username ‘myName’

javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308:

LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 775, vece^@]

I can post more of the log if needed, but this is the message that keeps occuring in the debug logs. What is the cause of this error?

Just an update to this weird issue. I tried to log in to the admin

console with the default Admin user and it wouldn’t let me do that

either.

I have never heard of the admin interface using SSO. It will accept usernames from LDAP but not auto authenticate. Check your openfire.xml file to see what admin usernames are configured.

mtstravel wrote:

I have never heard of the admin interface using SSO. It will accept usernames from LDAP but not auto authenticate. Check your openfire.xml file to see what admin usernames are configured.

I was actually thinking “man how did I miss this feature”

I dont think this issue is related to SSO at all, it looks like something may have changed, security-wise, with your ldap service. Basicly, it looks as though the username/password supplied for the ldap searches dosnt have permissions anymore.

Yeah, all of you are right. Not SSO, LDAP authentication. My brain was fried from troubleshooting that issue.

Odd thing is, I get in today and try it, and everything works. LDAP authentication to the admin console works, SSO with Spark works. It’s like nothing was every wrong. I can’t imagine what the problem was. We didn’t change anything on our DCs. They were all up and reachable. There were no recent reboots or patches on the DCs or the openfire server… It just stopped working and now it’s back. Very weird.