powered by Jive Software

Unable to Access Openfire

I need some troubleshooting assistance. I am unable to logon to my OpenFire (ver 3.4.4) admin on the server and also cannot logon to Spark for one of my users. I just downloaded and installed the latest JRE, still no luck. I am running OpenFire on a Windows SBS2003 server and have had no problems until a couple of weeks ago. The error I am getting is:

2008.01.22 06:55:53 SaslException

javax.security.sasl.SaslException: PLAIN authentication failed Caused by javax.security.sasl.SaslException: PLAIN: user not authorized: conf\20rm

at org.jivesoftware.openfire.sasl.SaslServerPlainImpl.evaluateResponse(SaslServerP lainImpl.java:144)

at org.jivesoftware.openfire.net.SASLAuthentication.handle(SASLAuthentication.java :229)

at org.jivesoftware.openfire.net.StanzaHandler.process(StanzaHandler.java:152)

at org.jivesoftware.openfire.nio.ConnectionHandler.messageReceived(ConnectionHandl er.java:132)

at org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived (AbstractIoFilterChain.java:570)

at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(Ab stractIoFilterChain.java:299)

at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilt erChain.java:53)

at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceive d(AbstractIoFilterChain.java:648)

at org.apache.mina.filter.codec.support.SimpleProtocolDecoderOutput.flush(SimplePr otocolDecoderOutput.java:58)

at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecF ilter.java:173)

at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(Ab stractIoFilterChain.java:299)

at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilt erChain.java:53)

at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceive d(AbstractIoFilterChain.java:648)

at org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java :239)

at org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(Execut orFilter.java:283)

at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:51)

at java.lang.Thread.run(Unknown Source)

Caused by: javax.security.sasl.SaslException: PLAIN: user not authorized: conf\20rm

at org.jivesoftware.openfire.sasl.SaslServerPlainImpl.evaluateResponse(SaslServerP lainImpl.java:127)

… 18 more

Any ideas are appreciated.

Thx,

Bill

I am having the same problem. I tried to revert to 3.4.3, but the problem still occurs. Now I am not sure what to do…

It appears that if I set the config setting “<setup>false</setup>” I can reconfigure the server, and then my LDAP authentication will work temporarily. However, if I stop the server and restart it, then the LDAP authentication fails and will not work again until I do the setup=false thing again. I am running Windows Server 2003, and using an Active Directory server for authentication. Anyone have ideas?

I turned on debug logging and found this:

2008.01.28 09:27:14 LdapManager: Trying to find a user’s DN
based on their username. sAMAccountName: (MY USERNAME), Base DN: DC=(MY
DOMAIN),DC=com…
2008.01.28 09:27:14 LdapManager: Creating a DirContext in LdapManager.getContext()…
2008.01.28 09:27:14 LdapManager: Created hashtable with context values, attempting to create context…
2008.01.28 09:27:14 LdapManager: … context created successfully, returning.
2008.01.28 09:27:14 LdapManager: Starting LDAP search…
2008.01.28 09:27:14 LdapManager: Exception thrown when searching for userDN based on username '(MY USERNAME)'
javax.naming.directory.InvalidSearchFilterException: Unbalanced parenthesis; remaining name ''
at com.sun.jndi.ldap.Filter.findRightParen(Unknown Source)
at com.sun.jndi.ldap.Filter.encodeFilterList(Unknown Source)
at com.sun.jndi.ldap.Filter.encodeComplexFilter(Unknown Source)
at com.sun.jndi.ldap.Filter.encodeFilter(Unknown Source)
at com.sun.jndi.ldap.Filter.encodeFilterList(Unknown Source)
at com.sun.jndi.ldap.Filter.encodeComplexFilter(Unknown Source)
at com.sun.jndi.ldap.Filter.encodeFilter(Unknown Source)
at com.sun.jndi.ldap.Filter.encodeFilterString(Unknown Source)
at com.sun.jndi.ldap.LdapClient.search(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.doSearch(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
at javax.naming.directory.InitialDirContext.search(Unknown Source)
at org.jivesoftware.openfire.ldap.LdapManager.findUserDN(LdapManager.java:624)
at org.jivesoftware.openfire.ldap.LdapManager.findUserDN(LdapManager.java:561)
at org.jivesoftware.openfire.ldap.LdapAuthProvider.authenticate(LdapAuthProvider.j ava:108)
at org.jivesoftware.openfire.auth.AuthFactory.authenticate(AuthFactory.java:149)
at org.jivesoftware.openfire.admin.login_jsp._jspService(login_jsp.java:150)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:487)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1093)
at com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:39)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)
at org.jivesoftware.util.LocaleFilter.doFilter(LocaleFilter.java:65)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)
at org.jivesoftware.util.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingF ilter.java:41)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)
at org.jivesoftware.admin.PluginFilter.doFilter(PluginFilter.java:69)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)
at org.jivesoftware.admin.AuthCheckFilter.doFilter(AuthCheckFilter.java:98)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:360)
at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:726)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:405)
at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollect ion.java:206)
at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114)
at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:139)
at org.mortbay.jetty.Server.handle(Server.java:324)
at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:505)
at org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:842 )
at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:648)
at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:211)
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:380)
at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:395)
at org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:450)
2008.01.28 09:27:14
org.jivesoftware.openfire.auth.UnauthorizedException:
javax.naming.directory.InvalidSearchFilterException: Unbalanced
parenthesis; remaining name ''
at org.jivesoftware.openfire.ldap.LdapAuthProvider.authenticate(LdapAuthProvider.j ava:122)
at org.jivesoftware.openfire.auth.AuthFactory.authenticate(AuthFactory.java:149)
at org.jivesoftware.openfire.admin.login_jsp._jspService(login_jsp.java:150)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:487)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1093)
at com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:39)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)
at org.jivesoftware.util.LocaleFilter.doFilter(LocaleFilter.java:65)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)
at org.jivesoftware.util.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingF ilter.java:41)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)
at org.jivesoftware.admin.PluginFilter.doFilter(PluginFilter.java:69)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)
at org.jivesoftware.admin.AuthCheckFilter.doFilter(AuthCheckFilter.java:98)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.ja va:1084)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:360)
at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:726)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:405)
at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollect ion.java:206)
at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114)
at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:139)
at org.mortbay.jetty.Server.handle(Server.java:324)
at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:505)
at org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:842 )
at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:648)
at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:211)
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:380)
at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:395)
at org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:450)
Caused by: javax.naming.directory.InvalidSearchFilterException: Unbalanced parenthesis; remaining name ''
at com.sun.jndi.ldap.Filter.findRightParen(Unknown Source)
at com.sun.jndi.ldap.Filter.encodeFilterList(Unknown Source)
at com.sun.jndi.ldap.Filter.encodeComplexFilter(Unknown Source)
at com.sun.jndi.ldap.Filter.encodeFilter(Unknown Source)
at com.sun.jndi.ldap.Filter.encodeFilterList(Unknown Source)
at com.sun.jndi.ldap.Filter.encodeComplexFilter(Unknown Source)
at com.sun.jndi.ldap.Filter.encodeFilter(Unknown Source)
at com.sun.jndi.ldap.Filter.encodeFilterString(Unknown Source)
at com.sun.jndi.ldap.LdapClient.search(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.doSearch(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.searchAux(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.c_search(Unknown Source)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(Unknown Source)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(Unknown Source)
at javax.naming.directory.InitialDirContext.search(Unknown Source)
at org.jivesoftware.openfire.ldap.LdapManager.findUserDN(LdapManager.java:624)
at org.jivesoftware.openfire.ldap.LdapManager.findUserDN(LdapManager.java:561)
at org.jivesoftware.openfire.ldap.LdapAuthProvider.authenticate(LdapAuthProvider.j ava:108)
… 32 more

So it appears that the LDAP search is poorly formed. However, like I

have said, it works after I reset of the “setup” config setting. It

appears that there is a problem with how the “searchFilter” config

setting is written out when the server stops. Here is what Openfire is

writting:

<searchFilter>(&(objectClass=organizationalPerson)(objectclass=user)(sn=*) )</searchFilter>

However, that is not correct. This appears to be correct:

<searchFilter>(&(objectClass=organizationalPerson)(objectclass=user)(sn=*) )</searchFilter>

Note that “amp;” is only present once. If I set it to that, it will

work fine as long as I keep the server running. However, when I stop

the server, it writes the config file out again, and that writes out

the incorrect version with the “amp;amp;”. I can keep changing the

setting back since it won’t need to be restarted frequently, but it

appears that there is a bug in how config setting strings are escaped.

Message was edited by: dthulson

I screwed this up somehow, I hope I got the message back to how it was.