Some followup. It definitely seems to be the comma. Several other generic system accounts are working, all of which do not have “Lastname, Firstname” for the distinguished Name. All my user accounts with the “Lastname, Firstname” DN’'s are failing to log in, even though they are found by the initial LDAP lookup.
Here’'s my “simple” user, which works:
2006.05.03 16:22:52 Connect Socket[addr=/10.48.128.138,port=2520,localport=5222]
2006.05.03 16:22:52 Trying to find a user’'s DN based on their username. sAMAccountName: ldapbrowser, Base DN: DC=org,DC=company,DC=parentcorp,DC=local…
2006.05.03 16:22:52 Creating a DirContext in LdapManager.getContext()…
2006.05.03 16:22:52 Created hashtable with context values, attempting to create context…
2006.05.03 16:22:52 … context created successfully, returning.
2006.05.03 16:22:52 Starting LDAP search…
2006.05.03 16:22:52 … search finished
2006.05.03 16:22:52 In LdapManager.checkAuthentication(userDN, password), userDN is: CN=ldapbrowser,OU=Org Users…
2006.05.03 16:22:52 Created context values, attempting to create context…
2006.05.03 16:22:52 … context created successfully, returning.
Notice there is no comma in the CN of userDN.
And here’'s a regular user, which fails:
2006.05.03 16:14:54 Connect Socket[addr=/10.48.128.138,port=2442,localport=5222]
2006.05.03 16:14:54 Trying to find a user’'s DN based on their username. sAMAccountName: joshua.parsell, Base DN: DC=org,DC=company,DC=parentcorp,DC=local…
2006.05.03 16:14:54 Creating a DirContext in LdapManager.getContext()…
2006.05.03 16:14:54 Created hashtable with context values, attempting to create context…
2006.05.03 16:14:54 … context created successfully, returning.
2006.05.03 16:14:54 Starting LDAP search…
2006.05.03 16:14:54 … search finished
2006.05.03 16:14:54 In LdapManager.checkAuthentication(userDN, password), userDN is: “CN=Parsell, Joshua (AJ-East Engineering/Technology),OU=Org Users”…
2006.05.03 16:14:54 Created context values, attempting to create context…
2006.05.03 16:14:54 Caught a naming exception when creating InitialContext
javax.naming.AuthenticationException: LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.(Unknown Source)
at org.jivesoftware.wildfire.ldap.LdapManager.checkAuthentication(LdapManager.java :335)
at org.jivesoftware.wildfire.ldap.LdapAuthProvider.authenticate(LdapAuthProvider.j ava:90)
at org.jivesoftware.wildfire.auth.AuthFactory.authenticate(AuthFactory.java:114)
at org.jivesoftware.wildfire.net.SASLAuthentication.doPlainAuthentication(SASLAuth entication.java:284)
at org.jivesoftware.wildfire.net.SASLAuthentication.doHandshake(SASLAuthentication .java:144)
at org.jivesoftware.wildfire.net.SocketReader.authenticateClient(SocketReader.java :317)
at org.jivesoftware.wildfire.net.SocketReader.readStream(SocketReader.java:278)
at org.jivesoftware.wildfire.net.SocketReader.run(SocketReader.java:119)
at java.lang.Thread.run(Unknown Source)
Notice there is a comma in the CN of the userDN, and the whole userDN is in double quotes, unlike the userDN for the “simple” user.
Also, I found this by Google:
http://www.codecomments.com/archive408-2005-5-499111.html
Quote: “Duh - some genius (Not I! I do unix) put a backslash in my DN ( CN=Burris, Celeste Suliin) I needed to double it to get the DN to LDAP correctly.”
Any help? Any suggestions? Can I fix this by changing my wildfire.xml or is this something that requires a software update?
I am running Wilfire Server 2.6.2 on RHEL 4. My LDAP is Active Directory 2003.