[jadmin] jabberd and openLdap

Kevin Blackwell akblackwel at gmail.com
Thu Feb 1 15:56:25 CST 2007 

Well,

Here's some debug info from c2s

sx (chain.c:119) calling nad read chain
sx (sasl.c:218) auth request from client (mechanism=PLAIN)
Thu Feb  1 15:51:32 2007 scod.c:123 creating new scod
sx (sasl.c:236) sasl context initialised for 6
Thu Feb  1 15:51:32 2007 main.c:265 sx sasl callback: get realm: realm is '
somecompany.com'
Thu Feb  1 15:51:32 2007 scod.c:255 server start
Thu Feb  1 15:51:32 2007 scod.c:151 looking for mech 'PLAIN'
Thu Feb  1 15:51:32 2007 mech_plain.c:47 PLAIN server start
Thu Feb  1 15:51:32 2007 mech_plain.c:70 got authzid=someone at somecompany.com,
authnid=someone, pass=password
Thu Feb  1 15:51:32 2007 main.c:288 sx sasl callback: check pass
(authnid=someuser, realm=somecompany.com)
Thu Feb  1 15:51:32 2007 mech_plain.c:77 password doesn't match, auth failed
sx (sasl.c:297) sasl handshake failed: (33)
sx (chain.c:106) calling nad write chain

For the life of me I can't fiqure why it's failing.





On 2/1/07, Jeff Garner <jeff.garner at sanmina-sci.com> wrote:
>
> To authenticate to my Wildfire server I use this as the search string
> (we use a group attribute in eDir).  if no attribute, then the name
> doesn't return.  You should be able to adapt this to your structure and
> get the search you are looking for.
>
>
>
> <searchFilter><![CDATA[(&(objectclass=user)(cn={0})(groupMembership=cn=GROUPATTRIB,ou=GROUP,o=COMPANY))]]></searchFilter>
>
> On Thu, 2007-02-01 at 14:01 -0600, Kevin Blackwell wrote:
> > Dear Community,
> >
> > I have configures jabbers. The server itself, seems to be running
> > correctly. The problem I'm having is with ldap authentication.
> >
> > I will be more than happy to post any of the xml configuration files,
> > but the problem I see right now is the communication with the ldap
> > server.
> >
> > Its' definately search the ldap server, but I can't figure out why it
> > won't return my username. The username does exists.
> >
> > If I run a search
> >
> > Search DN is dc=companya,dc=com
> >
> > filter (objectClass=*)
> >
> > Attributes = uid
> >
> > When I perform a search with those parameters it returns the whole
> > ldap directory. Along with my uid.
> >
> > Here's the output for the logs. I can and will supply any additional
> > information.
> >
> >
> >
> > Feb  1 13:56:42 ldap slapd[12574]: conn=9 op=8 SEARCH RESULT tag=101
> > err=0 nentries=0 text=
> > Feb  1 13:57:32 ldap jabberd/c2s[12966]: [6] [192.168.xxx.xxx,
> > port=3172] connect
> > Feb  1 13:57:32 ldap slapd[12574]: daemon: activity on 1 descriptor
> > Feb  1 13:57:32 ldap slapd[12574]: daemon: activity on:
> > Feb  1 13:57:32 ldap slapd[12574]:  14r
> > Feb  1 13:57:32 ldap slapd[12574]:
> > Feb  1 13:57:32 ldap slapd[12574]: daemon: read active on 14
> > Feb  1 13:57:32 ldap slapd[12574]: daemon: select: listen=7
> > active_threads=0 tvp=zero
> > Feb  1 13:57:32 ldap slapd[12574]: daemon: select: listen=8
> > active_threads=0 tvp=zero
> > Feb  1 13:57:32 ldap slapd[12574]: conn=10 op=2 BIND anonymous
> > mech=implicit ssf=0
> > Feb  1 13:57:32 ldap slapd[12574]: conn=10 op=2 BIND
> > dn="cn=Manager,dc=companya,dc=com" method=128
> > Feb  1 13:57:32 ldap slapd[12574]: conn=10 op=2 BIND
> > dn="cn=Manager,dc=companya,dc=com" mech=SIMPLE ssf=0
> > Feb  1 13:57:32 ldap slapd[12574]: conn=10 op=2 RESULT tag=97 err=0
> > text=
> > Feb  1 13:57:32 ldap slapd[12574]: daemon: activity on 1 descriptor
> > Feb  1 13:57:32 ldap slapd[12574]: daemon: activity on:
> > Feb  1 13:57:32 ldap slapd[12574]:  14r
> > Feb  1 13:57:32 ldap slapd[12574]:
> > Feb  1 13:57:32 ldap slapd[12574]: daemon: read active on 14
> > Feb  1 13:57:32 ldap slapd[12574]: daemon: select: listen=7
> > active_threads=0 tvp=zero
> > Feb  1 13:57:32 ldap slapd[12574]: daemon: select: listen=8
> > active_threads=0 tvp=zero
> > Feb  1 13:57:32 ldap slapd[12574]: begin get_filter
> > Feb  1 13:57:32 ldap slapd[12574]: EQUALITY
> > Feb  1 13:57:32 ldap slapd[12574]: end get_filter 0
> > Feb  1 13:57:32 ldap slapd[12574]: conn=10 op=3 SRCH
> > base="dc=companya,dc=com" scope=2 deref=0 filter="(uid=someusername)"
> > Feb  1 13:57:32 ldap slapd[12574]: => bdb_filter_candidates
> > Feb  1 13:57:32 ldap slapd[12574]:      AND
> > Feb  1 13:57:32 ldap slapd[12574]: => bdb_list_candidates 0xa0
> > Feb  1 13:57:32 ldap slapd[12574]: => bdb_filter_candidates
> > Feb  1 13:57:32 ldap slapd[12574]:      OR
> > Feb  1 13:57:32 ldap slapd[12574]: => bdb_list_candidates 0xa1
> > Feb  1 13:57:32 ldap slapd[12574]: => bdb_filter_candidates
> > Feb  1 13:57:32 ldap slapd[12574]:      EQUALITY
> > Feb  1 13:57:32 ldap slapd[12574]: <= bdb_filter_candidates: id=0
> > first=0 last=0
> > Feb  1 13:57:32 ldap slapd[12574]: => bdb_filter_candidates
> > Feb  1 13:57:32 ldap slapd[12574]:      EQUALITY
> > Feb  1 13:57:32 ldap slapd[12574]: <= bdb_filter_candidates: id=0
> > first=0 last=0
> > Feb  1 13:57:32 ldap slapd[12574]: <= bdb_list_candidates: id=0
> > first=0 last=0
> > Feb  1 13:57:32 ldap slapd[12574]: <= bdb_filter_candidates: id=0
> > first=0 last=0
> > Feb  1 13:57:32 ldap slapd[12574]: <= bdb_list_candidates: id=0
> > first=1 last=0
> > Feb  1 13:57:32 ldap slapd[12574]: <= bdb_filter_candidates: id=0
> > first=1 last=0
> > Feb  1 13:57:32 ldap slapd[12574]: conn=10 op=3 SEARCH RESULT tag=101
> > err=0 nentries=0 text=
> > Feb  1 13:57:32 ldap jabberd/c2s[12966]: [6] [192.168.xxx.xxx,
> > port=3172] disconnect
> >
> >
> >
> _____________________________________________________________________________
> >
> _____________________________________________________________________________
> > _______________________________________________
> > JAdmin mailing list
> > JAdmin at jabber.org
> > http://mail.jabber.org/mailman/listinfo/jadmin
> > FAQ: http://www.jabber.org/about/jadminfaq.shtml
> > _______________________________________________
>
>
> CONFIDENTIALITY
> This e-mail message and any attachments thereto, is intended only for use
> by the addressee(s) named herein and may contain legally privileged and/or
> confidential information. If you are not the intended recipient of this
> e-mail message, you are hereby notified that any dissemination, distribution
> or copying of this e-mail message, and any attachments thereto, is strictly
> prohibited.  If you have received this e-mail message in error, please
> immediately notify the sender and permanently delete the original and any
> copies of this email and any prints thereof.
> ABSENT AN EXPRESS STATEMENT TO THE CONTRARY HEREINABOVE, THIS E-MAIL IS
> NOT INTENDED AS A SUBSTITUTE FOR A WRITING.  Notwithstanding the Uniform
> Electronic Transactions Act or the applicability of any other law of similar
> substance and effect, absent an express statement to the contrary
> hereinabove, this e-mail message its contents, and any attachments hereto
> are not intended to represent an offer or acceptance to enter into a
> contract and are not otherwise intended to bind the sender, Sanmina-SCI
> Corporation (or any of its subsidiaries), or any other person or entity.
>
> _____________________________________________________________________________
> Scanned by Sanmina-SCI
> eShield  _____________________________________________________________________________
> _______________________________________________
> JAdmin mailing list
> JAdmin at jabber.org
> http://mail.jabber.org/mailman/listinfo/jadmin
> FAQ: http://www.jabber.org/about/jadminfaq.shtml
> _______________________________________________
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.jabber.org/pipermail/jadmin/attachments/20070201/77cd3ee2/attachment-0001.htm

More information about the JAdmin mailing list