[jadmin] jabberd and openLdap

Garner, Jeff (Jeffrey) jeff.garner at sanmina-sci.com
Thu Feb 1 23:57:36 CST 2007 

"Thu Feb  1 15:51:32 2007 mech_plain.c:77 password doesn't match, auth failed "
 
It's saying your password to query the LDAP is incorrect, or atleast that is why it failed this time...
 
"sx (sasl.c:218) auth request from client (mechanism=PLAIN)"
 
Does your LDAP(AD) use PLAIN authentication as a method to log in?
 
Jeff

________________________________

From: jadmin-bounces at jabber.org on behalf of Kevin Blackwell
Sent: Thu 2/1/2007 3:56 PM
To: Jabber server administration list
Subject: Re: [jadmin] jabberd and openLdap


Well, 

Here's some debug info from c2s

sx (chain.c:119) calling nad read chain
sx (sasl.c:218) auth request from client (mechanism=PLAIN)
Thu Feb  1 15:51:32 2007 scod.c:123 creating new scod
sx ( sasl.c:236) sasl context initialised for 6
Thu Feb  1 15:51:32 2007 main.c:265 sx sasl callback: get realm: realm is 'somecompany.com'
Thu Feb  1 15:51:32 2007 scod.c:255 server start 
Thu Feb  1 15:51:32 2007 scod.c:151 looking for mech 'PLAIN'
Thu Feb  1 15:51:32 2007 mech_plain.c:47 PLAIN server start
Thu Feb  1 15:51:32 2007 mech_plain.c:70 got authzid= someone at somecompany.com <mailto:someone at somecompany.com> , authnid=someone, pass=password
Thu Feb  1 15:51:32 2007 main.c:288 sx sasl callback: check pass (authnid=someuser, realm=somecompany.com)
Thu Feb  1 15:51:32 2007 mech_plain.c:77 password doesn't match, auth failed 
sx (sasl.c:297) sasl handshake failed: (33)
sx (chain.c:106) calling nad write chain

For the life of me I can't fiqure why it's failing.






On 2/1/07, Jeff Garner <jeff.garner at sanmina-sci.com> wrote: 

	To authenticate to my Wildfire server I use this as the search string
	(we use a group attribute in eDir).  if no attribute, then the name
	doesn't return.  You should be able to adapt this to your structure and
	get the search you are looking for.
	
	
	<searchFilter><![CDATA[(&(objectclass=user)(cn={0})(groupMembership=cn=GROUPATTRIB,ou=GROUP,o=COMPANY))]]></searchFilter>
	
	On Thu, 2007-02-01 at 14:01 -0600, Kevin Blackwell wrote: 
	> Dear Community,
	>
	> I have configures jabbers. The server itself, seems to be running
	> correctly. The problem I'm having is with ldap authentication.
	>
	> I will be more than happy to post any of the xml configuration files, 
	> but the problem I see right now is the communication with the ldap
	> server.
	>
	> Its' definately search the ldap server, but I can't figure out why it
	> won't return my username. The username does exists. 
	>
	> If I run a search
	>
	> Search DN is dc=companya,dc=com
	>
	> filter (objectClass=*)
	>
	> Attributes = uid
	>
	> When I perform a search with those parameters it returns the whole 
	> ldap directory. Along with my uid.
	>
	> Here's the output for the logs. I can and will supply any additional
	> information.
	>
	>
	>
	> Feb  1 13:56:42 ldap slapd[12574]: conn=9 op=8 SEARCH RESULT tag=101 
	> err=0 nentries=0 text=
	> Feb  1 13:57:32 ldap jabberd/c2s[12966]: [6] [192.168.xxx.xxx,
	> port=3172] connect
	> Feb  1 13:57:32 ldap slapd[12574]: daemon: activity on 1 descriptor
	> Feb  1 13:57:32 ldap slapd[12574]: daemon: activity on: 
	> Feb  1 13:57:32 ldap slapd[12574]:  14r
	> Feb  1 13:57:32 ldap slapd[12574]:
	> Feb  1 13:57:32 ldap slapd[12574]: daemon: read active on 14
	> Feb  1 13:57:32 ldap slapd[12574]: daemon: select: listen=7 
	> active_threads=0 tvp=zero
	> Feb  1 13:57:32 ldap slapd[12574]: daemon: select: listen=8
	> active_threads=0 tvp=zero
	> Feb  1 13:57:32 ldap slapd[12574]: conn=10 op=2 BIND anonymous
	> mech=implicit ssf=0 
	> Feb  1 13:57:32 ldap slapd[12574]: conn=10 op=2 BIND
	> dn="cn=Manager,dc=companya,dc=com" method=128
	> Feb  1 13:57:32 ldap slapd[12574]: conn=10 op=2 BIND
	> dn="cn=Manager,dc=companya,dc=com" mech=SIMPLE ssf=0 
	> Feb  1 13:57:32 ldap slapd[12574]: conn=10 op=2 RESULT tag=97 err=0
	> text=
	> Feb  1 13:57:32 ldap slapd[12574]: daemon: activity on 1 descriptor
	> Feb  1 13:57:32 ldap slapd[12574]: daemon: activity on: 
	> Feb  1 13:57:32 ldap slapd[12574]:  14r
	> Feb  1 13:57:32 ldap slapd[12574]:
	> Feb  1 13:57:32 ldap slapd[12574]: daemon: read active on 14
	> Feb  1 13:57:32 ldap slapd[12574]: daemon: select: listen=7 
	> active_threads=0 tvp=zero
	> Feb  1 13:57:32 ldap slapd[12574]: daemon: select: listen=8
	> active_threads=0 tvp=zero
	> Feb  1 13:57:32 ldap slapd[12574]: begin get_filter
	> Feb  1 13:57:32 ldap slapd[12574]: EQUALITY 
	> Feb  1 13:57:32 ldap slapd[12574]: end get_filter 0
	> Feb  1 13:57:32 ldap slapd[12574]: conn=10 op=3 SRCH
	> base="dc=companya,dc=com" scope=2 deref=0 filter="(uid=someusername)"
	> Feb  1 13:57:32 ldap slapd[12574]: => bdb_filter_candidates
	> Feb  1 13:57:32 ldap slapd[12574]:      AND
	> Feb  1 13:57:32 ldap slapd[12574]: => bdb_list_candidates 0xa0
	> Feb  1 13:57:32 ldap slapd[12574]: => bdb_filter_candidates 
	> Feb  1 13:57:32 ldap slapd[12574]:      OR
	> Feb  1 13:57:32 ldap slapd[12574]: => bdb_list_candidates 0xa1
	> Feb  1 13:57:32 ldap slapd[12574]: => bdb_filter_candidates
	> Feb  1 13:57:32 ldap slapd[12574]:      EQUALITY 
	> Feb  1 13:57:32 ldap slapd[12574]: <= bdb_filter_candidates: id=0
	> first=0 last=0
	> Feb  1 13:57:32 ldap slapd[12574]: => bdb_filter_candidates
	> Feb  1 13:57:32 ldap slapd[12574]:      EQUALITY 
	> Feb  1 13:57:32 ldap slapd[12574]: <= bdb_filter_candidates: id=0
	> first=0 last=0
	> Feb  1 13:57:32 ldap slapd[12574]: <= bdb_list_candidates: id=0
	> first=0 last=0
	> Feb  1 13:57:32 ldap slapd[12574]: <= bdb_filter_candidates: id=0 
	> first=0 last=0
	> Feb  1 13:57:32 ldap slapd[12574]: <= bdb_list_candidates: id=0
	> first=1 last=0
	> Feb  1 13:57:32 ldap slapd[12574]: <= bdb_filter_candidates: id=0
	> first=1 last=0 
	> Feb  1 13:57:32 ldap slapd[12574]: conn=10 op=3 SEARCH RESULT tag=101
	> err=0 nentries=0 text=
	> Feb  1 13:57:32 ldap jabberd/c2s[12966]: [6] [192.168.xxx.xxx,
	> port=3172] disconnect
	>
	>
	> _____________________________________________________________________________
	> _____________________________________________________________________________
	> _______________________________________________ 
	> JAdmin mailing list
	> JAdmin at jabber.org
	> http://mail.jabber.org/mailman/listinfo/jadmin
	> FAQ: http://www.jabber.org/about/jadminfaq.shtml
	> _______________________________________________
	
	
	


CONFIDENTIALITY
This e-mail message and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail message, you are hereby notified that any dissemination, distribution or copying of this e-mail message, and any attachments thereto, is strictly prohibited.  If you have received this e-mail message in error, please immediately notify the sender and permanently delete the original and any copies of this email and any prints thereof.
ABSENT AN EXPRESS STATEMENT TO THE CONTRARY HEREINABOVE, THIS E-MAIL IS NOT INTENDED AS A SUBSTITUTE FOR A WRITING.  Notwithstanding the Uniform Electronic Transactions Act or the applicability of any other law of similar substance and effect, absent an express statement to the contrary hereinabove, this e-mail message its contents, and any attachments hereto are not intended to represent an offer or acceptance to enter into a contract and are not otherwise intended to bind the sender, Sanmina-SCI Corporation (or any of its subsidiaries), or any other person or entity.
_____________________________________________________________________________
Scanned by Sanmina-SCI eShield  _____________________________________________________________________________
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/ms-tnef
Size: 9342 bytes
Desc: not available
Url : http://mail.jabber.org/pipermail/jadmin/attachments/20070201/73f28cde/attachment.bin

More information about the JAdmin mailing list