Two bugs related to alternateBaseDN

Openfire Openfire Dev
1

I’'d be more than happy to try and help fix these issues if somebody could tell me where I need to look. So far I have been unable to find the source of either problem, although I have been mostly searching for the source of problem 2.

  1. Any users that exist under the alternateBaseDN do not show up on the list of users in the admin console they also cannot be added to groups.

  2. If a user logs in and is found under the alternateBaseDN search, the login succeeds however the username is changed to a random 8 char string. See debug log for an example.

2006.06.06 12:20:14 Connect Socket[addr=/127.0.0.1,port=4255,localport=5222]

2006.06.06 12:20:20 Trying to find a user’'s DN based on their username. sAMAccountName: test, Base DN: OU=Test1,DC=EXAMPLE1,DC=COM…

2006.06.06 12:20:20 Creating a DirContext in LdapManager.getContext()…

2006.06.06 12:20:20 Created hashtable with context values, attempting to create context…

2006.06.06 12:20:20 … context created successfully, returning.

2006.06.06 12:20:20 Starting LDAP search…

2006.06.06 12:20:20 … search finished

2006.06.06 12:20:20 User DN based on username ‘‘test’’ not found.

2006.06.06 12:20:20 Exception thrown when searching for userDN based on username ‘‘test’’

org.jivesoftware.wildfire.user.UserNotFoundException: Username test not found

at org.jivesoftware.wildfire.ldap.LdapManager.findUserDN(LdapManager.java:494)

at org.jivesoftware.wildfire.ldap.LdapManager.findUserDN(LdapManager.java:429)

at org.jivesoftware.wildfire.ldap.LdapAuthProvider.authenticate(LdapAuthProvider.j ava:87)

at org.jivesoftware.wildfire.auth.AuthFactory.authenticate(AuthFactory.java:114)

at org.jivesoftware.wildfire.net.SASLAuthentication.doPlainAuthentication(SASLAuth entication.java:333)

at org.jivesoftware.wildfire.net.SASLAuthentication.handle(SASLAuthentication.java :169)

at org.jivesoftware.wildfire.net.SocketReadingMode.authenticateClient(SocketReadin gMode.java:117)

at org.jivesoftware.wildfire.net.BlockingReadingMode.readStream(BlockingReadingMod e.java:136)

at org.jivesoftware.wildfire.net.BlockingReadingMode.run(BlockingReadingMode.java: 62)

at org.jivesoftware.wildfire.net.SocketReader.run(SocketReader.java:106)

at java.lang.Thread.run(Thread.java:595)

2006.06.06 12:20:20 Trying to find a user’'s DN based on their username. sAMAccountName: test, Base DN: OU=Test2,DC=EXAMPLE2,DC=ORG…

2006.06.06 12:20:20 Creating a DirContext in LdapManager.getContext()…

2006.06.06 12:20:20 Created hashtable with context values, attempting to create context…

2006.06.06 12:20:20 … context created successfully, returning.

2006.06.06 12:20:20 Starting LDAP search…

2006.06.06 12:20:20 … search finished

2006.06.06 12:20:20 In LdapManager.checkAuthentication(userDN, password), userDN is: CN=test,OU=Test2…

2006.06.06 12:20:20 Created context values, attempting to create context…

2006.06.06 12:20:20 Created context values, attempting to create context…

2006.06.06 12:20:20 Trying to find a user’'s DN based on their username. sAMAccountName: test, Base DN: OU=Test1,DC=EXAMPLE1,DC=COM…

2006.06.06 12:20:20 Creating a DirContext in LdapManager.getContext()…

2006.06.06 12:20:20 Created hashtable with context values, attempting to create context…

2006.06.06 12:20:20 … context created successfully, returning.

2006.06.06 12:20:20 Starting LDAP search…

2006.06.06 12:20:20 … search finished

2006.06.06 12:20:20 User DN based on username ‘‘test’’ not found.

2006.06.06 12:20:20 Exception thrown when searching for userDN based on username ‘‘test’’

org.jivesoftware.wildfire.user.UserNotFoundException: Username test not found

at org.jivesoftware.wildfire.ldap.LdapManager.findUserDN(LdapManager.java:494)

at org.jivesoftware.wildfire.ldap.LdapManager.findUserDN(LdapManager.java:429)

at org.jivesoftware.wildfire.ldap.LdapUserProvider.loadUser(LdapUserProvider.java: 69)

at org.jivesoftware.wildfire.user.UserManager.getUser(UserManager.java:171)

at org.jivesoftware.wildfire.user.UserManager.isRegisteredUser(UserManager.java:29 4)

at org.jivesoftware.wildfire.auth.AuthToken.isAnonymous(AuthToken.java:51)

at org.jivesoftware.wildfire.handler.IQBindHandler.handleIQ(IQBindHandler.java:89)

at org.jivesoftware.wildfire.handler.IQHandler.process(IQHandler.java:48)

at org.jivesoftware.wildfire.IQRouter.handle(IQRouter.java:265)

at org.jivesoftware.wildfire.IQRouter.route(IQRouter.java:96)

at org.jivesoftware.wildfire.PacketRouter.route(PacketRouter.java:65)

at org.jivesoftware.wildfire.net.SocketReader.processIQ(SocketReader.java:230)

at org.jivesoftware.wildfire.net.ClientSocketReader.processIQ(ClientSocketReader.j ava:50)

at org.jivesoftware.wildfire.net.SocketReader.process(SocketReader.java:196)

at org.jivesoftware.wildfire.net.BlockingReadingMode.readStream(BlockingReadingMod e.java:156)

at org.jivesoftware.wildfire.net.BlockingReadingMode.run(BlockingReadingMode.java: 62)

at org.jivesoftware.wildfire.net.SocketReader.run(SocketReader.java:106)

at java.lang.Thread.run(Thread.java:595)

2006.06.06 12:20:20 Trying to find a user’'s DN based on their username. sAMAccountName: test, Base DN: OU=Test2,DC=EXAMPLE2,DC=ORG…

2006.06.06 12:20:20 Creating a DirContext in LdapManager.getContext()…

2006.06.06 12:20:20 Created hashtable with context values, attempting to create context…

2006.06.06 12:20:20 … context created successfully, returning.

2006.06.06 12:20:20 Starting LDAP search…

2006.06.06 12:20:20 … search finished

2006.06.06 12:20:20 Creating a DirContext in LdapManager.getContext()…

2006.06.06 12:20:20 Created hashtable with context values, attempting to create context…

2006.06.06 12:20:20 … context created successfully, returning.

2006.06.06 12:20:20 Trying to find a user’'s DN based on their username. sAMAccountName: 3eae7ec9, Base DN: OU=Test1,DC=EXAMPLE1,DC=COM…

2006.06.06 12:20:20 Creating a DirContext in LdapManager.getContext()…

2006.06.06 12:20:20 Created hashtable with context values, attempting to create context…

2006.06.06 12:20:20 … context created successfully, returning.

2006.06.06 12:20:20 Starting LDAP search…

2006.06.06 12:20:20 … search finished

2006.06.06 12:20:20 User DN based on username ‘‘3eae7ec9’’ not found.

2006.06.06 12:20:20 Exception thrown when searching for userDN based on username ‘‘3eae7ec9’’

org.jivesoftware.wildfire.user.UserNotFoundException: Username 3eae7ec9 not found

at org.jivesoftware.wildfire.ldap.LdapManager.findUserDN(LdapManager.java:494)

at org.jivesoftware.wildfire.ldap.LdapManager.findUserDN(LdapManager.java:429)

at org.jivesoftware.wildfire.ldap.LdapUserProvider.loadUser(LdapUserProvider.java: 69)

at org.jivesoftware.wildfire.user.UserManager.getUser(UserManager.java:171)

at org.jivesoftware.wildfire.user.UserManager.isRegisteredUser(UserManager.java:29 4)

at org.jivesoftware.wildfire.SessionManager.getSession(SessionManager.java:953)

at org.jivesoftware.wildfire.SessionManager.getSession(SessionManager.java:916)

at org.jivesoftware.wildfire.IQRouter.route(IQRouter.java:76)

at org.jivesoftware.wildfire.PacketRouter.route(PacketRouter.java:65)

at org.jivesoftware.wildfire.net.SocketReader.processIQ(SocketReader.java:230)

at org.jivesoftware.wildfire.net.ClientSocketReader.processIQ(ClientSocketReader.j ava:50)

at org.jivesoftware.wildfire.net.SocketReader.process(SocketReader.java:196)

at org.jivesoftware.wildfire.net.BlockingReadingMode.readStream(BlockingReadingMod e.java:156)

at org.jivesoftware.wildfire.net.BlockingReadingMode.run(BlockingReadingMode.java: 62)

at org.jivesoftware.wildfire.net.SocketReader.run(SocketReader.java:106)

at java.lang.Thread.run(Thread.java:595)

2006.06.06 12:20:20 Trying to find a user’'s DN based on their username. sAMAccountName: 3eae7ec9, Base DN: OU=Test2,DC=EXAMPLE2,DC=ORG…

2006.06.06 12:20:20 Creating a DirContext in LdapManager.getContext()…

2006.06.06 12:20:20 Created hashtable with context values, attempting to create context…

2006.06.06 12:20:20 … context created successfully, returning.

2006.06.06 12:20:20 Starting LDAP search…

2006.06.06 12:20:20 … search finished

2006.06.06 12:20:20 User DN based on username ‘‘3eae7ec9’’ not found.

2

A note on the second: when using LdapAuthProvider without LdapUserProvider, as I described in http://www.jivesoftware.org/community/message.jspa?messageID=122160#122160 a little while ago, that can also happen, even if you’'re not using an alternateBaseDN.

Timothy Collett

3

Any ideas on how to track this down yet?

4

It looks like alternateBaseDN is implemented for authentication but not for loading user data. Basically, we’‘d need to add in additional check to LdapUserProvider whenever an alternate base DN is configured. I filed this issue as JM-722. Please vote for it if you’'d like to see it fixed!

Regards,

Matt

5

I submitted a patch to fix JM-722 to you via e-mail. As I said in my e-mail there are a few notes in relation to it though. I will include them here as well.

  1. Ldap Groups still do not respect alternateBaseDN. I don’'t use them and had no way to test any changes so I left it alone.

  2. If alternateBaseDN is used, I’‘m pretty sure Client Side sorting will fail. Again I don’‘t use it so I couldn’'t prove this theory.

  3. If a username exists in baseDN and alternateBaseDN

  4. It will be listed twice

  5. Both occurences are actually the same and come from baseDN

  6. I’'m reasonable sure but did not verify that it will only attempt to auth against the baseDN version.

  7. It appears that a VCard lookup must suceed or a user is considered anonymous

  8. When a user logs in to a client an IncompatibleClassChangeError exception is being thrown in PubSubModule.java at line 165. If that exception is not caught the user is immediately logged off the client.

Thanks for your help.