Urgent !; Authentication error between Wildfire and OpenLDAP

Jorge_Figueroa · January 12, 2007, 5:10pm

I need your help to solve my LDAP problem. I’‘ve been testing Wildfire since 3.0.1 and now I’'m working with 3.1.1.

When I’‘m finishing LDAP wizard configuration I can’'t log in with the users that I write down to be administrators, I get an Authentication Error. When I checked the debug file indicates the next:

2007.01.12 11:55:04 Starting LDAP search…

2007.01.12 11:55:04 … search finished

2007.01.12 11:55:04 In LdapManager.checkAuthentication(userDN, password), userDN is: uid=“jfigueroa”…

2007.01.12 11:55:04 Created context values, attempting to create context…

2007.01.12 11:55:04 Caught a naming exception when creating InitialContext

javax.naming.AuthenticationException: LDAP: error code 49 - Invalid Credentials

at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)

And these is my wildfire.xml file:

(uid=)

I tested my Base DN and works fine, I don’'t know what to do please help me, thanks in advance.

Gaston_Dombiak · January 12, 2007, 6:50pm

Hola Jorge,

When updating from 3.0.* to 3.1 the LDAP mapping configuration was changed. From what I can see you now have a mix of versions. Options:

In remove the uid field since Wildfire will be adding it automatically. You may want to add something like the objectClass field to ensure that you are filtering out invalid elements.
Back up the configuration file and run the setup process again by setting the element to false.

Regards,

– Gato

jeff_garner · January 12, 2007, 6:54pm

Turn your . Is there anything else in the logs, as it looks like the error you are getting isn;t finding the username.

Also, just as a test, have you attempted to log in with the wildfire admin account to see what you get in the logs?

Jeff

Jorge_Figueroa · January 12, 2007, 8:16pm

Gaston,

Gracias por tu respuesta. Bueno just for the record la versión 3.1.1 que tengo instalada no es un upgrade que hice, mas bien esta instalada en un nuevo servidor linux que tengo de prueba. Ejecute el cambio que me propusiste borrando el uid de la etiqueta de que esta con uid, sin embargo cuando ejecuto el testeo no me da error pero según el test me debería jalar un usuario al azar y no me jala nada.

En el paso 3 de 3, “Mapeo de Grupos” no modifique nada esta con “cn”, “member” y “description”, en el test el cn me jala los nombres de mis usuarios y también su descripción.

En la siguiente pantalla Cuenta del Administrador alimento mi cuenta y la propia del administrador pero cuando pruebo el test e introduzco las claves respectivas me sale Autenticación ha fallado.

He habilitado el debug para ver el error y es el que adjunte antes.

Por favor si puedes darme mas pautas para verificar te agradecere mucho.

salu2

Jorge_Figueroa · January 12, 2007, 9:13pm

Thanks for your time,

I Turned the uid=“Administrator”,…

I don’'t know if these can be the problem but the double quotes seems to be a kind of different.

0E…`@…3uid=

“Administrator”,

ou=Users,dc=ffpf

ie,dc=com,dc=bo.

.123456

Second, in the debug.log:

I verified the same message that I show you before

2007.01.12 16:57:24 In LdapManager.checkAuthentication(userDN, password), userDN is: uid=“Administrator”…

2007.01.12 16:57:24 Created context values, attempting to create context…

2007.01.12 16:57:24 Caught a naming exception when creating InitialContext

javax.naming.AuthenticationException: LDAP: error code 49 - Invalid Credentials

But now I can note that there is another message

2007.01.12 16:57:24

org.jivesoftware.wildfire.auth.UnauthorizedException: org.jivesoftware.wildfire.auth.UnauthorizedException: Username and password don’'t match

I also tried with the administrator account with the same results.

Please keep in touch I need your help.

jeff_garner · January 14, 2007, 6:37am

i am certain that you are using the proper user names , however it does look like you are having username and password issues…

the invalid credentials point me to that direction of thought.

Jeff

lumwaiph · April 9, 2007, 9:53am

Hi there,

I encountered the same problem using the latest 3.2.4 version.

Apparently the culprit is at LdapManager.java.

if (encloseUserDN) {

// Enclose userDN values between "

// eg. cn=John, Doe,ou=People --> cn=“John, Doe”,ou=“People”

Matcher matcher = userDNPattern.matcher(userDN);

userDN = matcher.replaceAll("$1"$2",");

if (userDN.endsWith(",")) {

userDN = userDN.substring(0, userDN.length() - 1);

}

With the above codes,

cn=user,o=domain translated to cn=“user”,o=domain

Apparently, our openldap failed to work when cn is enclosed with quotes.

After further reading the source code, i discovered that encloseUserDN is a configurable variable.

In your wildfire.xml

simply add this in your

and all should work well.

Cheers!

Wai Phang