[jadmin] jabberd and openLdap

Kevin Blackwell akblackwel at gmail.com
Fri Feb 2 00:02:25 CST 2007 

Jeff,

I should have said that I have access to the ldap and I've changed the
password. I even switched between encrypting the password on the ldap
server.

And yes my ldap server does take plain to log in. At least when I do a
ldapsearch against the db, I have to turn off sasl in the query.

Kevin

On 2/1/07, Garner, Jeff (Jeffrey) <jeff.garner at sanmina-sci.com> wrote:
>
> "Thu Feb  1 15:51:32 2007 mech_plain.c:77 password doesn't match, auth
> failed "
>
> It's saying your password to query the LDAP is incorrect, or atleast that
> is why it failed this time...
>
> "sx (sasl.c:218) auth request from client (mechanism=PLAIN)"
>
> Does your LDAP(AD) use PLAIN authentication as a method to log in?
>
> Jeff
>
> ________________________________
>
> From: jadmin-bounces at jabber.org on behalf of Kevin Blackwell
> Sent: Thu 2/1/2007 3:56 PM
> To: Jabber server administration list
> Subject: Re: [jadmin] jabberd and openLdap
>
>
> Well,
>
> Here's some debug info from c2s
>
> sx (chain.c:119) calling nad read chain
> sx (sasl.c:218) auth request from client (mechanism=PLAIN)
> Thu Feb  1 15:51:32 2007 scod.c:123 creating new scod
> sx ( sasl.c:236) sasl context initialised for 6
> Thu Feb  1 15:51:32 2007 main.c:265 sx sasl callback: get realm: realm is
> 'somecompany.com'
> Thu Feb  1 15:51:32 2007 scod.c:255 server start
> Thu Feb  1 15:51:32 2007 scod.c:151 looking for mech 'PLAIN'
> Thu Feb  1 15:51:32 2007 mech_plain.c:47 PLAIN server start
> Thu Feb  1 15:51:32 2007 mech_plain.c:70 got authzid=
> someone at somecompany.com <mailto:someone at somecompany.com> ,
> authnid=someone, pass=password
> Thu Feb  1 15:51:32 2007 main.c:288 sx sasl callback: check pass
> (authnid=someuser, realm=somecompany.com)
> Thu Feb  1 15:51:32 2007 mech_plain.c:77 password doesn't match, auth
> failed
> sx (sasl.c:297) sasl handshake failed: (33)
> sx (chain.c:106) calling nad write chain
>
> For the life of me I can't fiqure why it's failing.
>
>
>
>
>
>
> On 2/1/07, Jeff Garner <jeff.garner at sanmina-sci.com> wrote:
>
>         To authenticate to my Wildfire server I use this as the search
> string
>         (we use a group attribute in eDir).  if no attribute, then the
> name
>         doesn't return.  You should be able to adapt this to your
> structure and
>         get the search you are looking for.
>
>
>
>         <searchFilter><![CDATA[(&(objectclass=user)(cn={0})(groupMembership=cn=GROUPATTRIB,ou=GROUP,o=COMPANY))]]></searchFilter>
>
>         On Thu, 2007-02-01 at 14:01 -0600, Kevin Blackwell wrote:
>         > Dear Community,
>         >
>         > I have configures jabbers. The server itself, seems to be
> running
>         > correctly. The problem I'm having is with ldap authentication.
>         >
>         > I will be more than happy to post any of the xml configuration
> files,
>         > but the problem I see right now is the communication with the
> ldap
>         > server.
>         >
>         > Its' definately search the ldap server, but I can't figure out
> why it
>         > won't return my username. The username does exists.
>         >
>         > If I run a search
>         >
>         > Search DN is dc=companya,dc=com
>         >
>         > filter (objectClass=*)
>         >
>         > Attributes = uid
>         >
>         > When I perform a search with those parameters it returns the
> whole
>         > ldap directory. Along with my uid.
>         >
>         > Here's the output for the logs. I can and will supply any
> additional
>         > information.
>         >
>         >
>         >
>         > Feb  1 13:56:42 ldap slapd[12574]: conn=9 op=8 SEARCH RESULT
> tag=101
>         > err=0 nentries=0 text=
>         > Feb  1 13:57:32 ldap jabberd/c2s[12966]: [6] [192.168.xxx.xxx,
>         > port=3172] connect
>         > Feb  1 13:57:32 ldap slapd[12574]: daemon: activity on 1
> descriptor
>         > Feb  1 13:57:32 ldap slapd[12574]: daemon: activity on:
>         > Feb  1 13:57:32 ldap slapd[12574]:  14r
>         > Feb  1 13:57:32 ldap slapd[12574]:
>         > Feb  1 13:57:32 ldap slapd[12574]: daemon: read active on 14
>         > Feb  1 13:57:32 ldap slapd[12574]: daemon: select: listen=7
>         > active_threads=0 tvp=zero
>         > Feb  1 13:57:32 ldap slapd[12574]: daemon: select: listen=8
>         > active_threads=0 tvp=zero
>         > Feb  1 13:57:32 ldap slapd[12574]: conn=10 op=2 BIND anonymous
>         > mech=implicit ssf=0
>         > Feb  1 13:57:32 ldap slapd[12574]: conn=10 op=2 BIND
>         > dn="cn=Manager,dc=companya,dc=com" method=128
>         > Feb  1 13:57:32 ldap slapd[12574]: conn=10 op=2 BIND
>         > dn="cn=Manager,dc=companya,dc=com" mech=SIMPLE ssf=0
>         > Feb  1 13:57:32 ldap slapd[12574]: conn=10 op=2 RESULT tag=97
> err=0
>         > text=
>         > Feb  1 13:57:32 ldap slapd[12574]: daemon: activity on 1
> descriptor
>         > Feb  1 13:57:32 ldap slapd[12574]: daemon: activity on:
>         > Feb  1 13:57:32 ldap slapd[12574]:  14r
>         > Feb  1 13:57:32 ldap slapd[12574]:
>         > Feb  1 13:57:32 ldap slapd[12574]: daemon: read active on 14
>         > Feb  1 13:57:32 ldap slapd[12574]: daemon: select: listen=7
>         > active_threads=0 tvp=zero
>         > Feb  1 13:57:32 ldap slapd[12574]: daemon: select: listen=8
>         > active_threads=0 tvp=zero
>         > Feb  1 13:57:32 ldap slapd[12574]: begin get_filter
>         > Feb  1 13:57:32 ldap slapd[12574]: EQUALITY
>         > Feb  1 13:57:32 ldap slapd[12574]: end get_filter 0
>         > Feb  1 13:57:32 ldap slapd[12574]: conn=10 op=3 SRCH
>         > base="dc=companya,dc=com" scope=2 deref=0
> filter="(uid=someusername)"
>         > Feb  1 13:57:32 ldap slapd[12574]: => bdb_filter_candidates
>         > Feb  1 13:57:32 ldap slapd[12574]:      AND
>         > Feb  1 13:57:32 ldap slapd[12574]: => bdb_list_candidates 0xa0
>         > Feb  1 13:57:32 ldap slapd[12574]: => bdb_filter_candidates
>         > Feb  1 13:57:32 ldap slapd[12574]:      OR
>         > Feb  1 13:57:32 ldap slapd[12574]: => bdb_list_candidates 0xa1
>         > Feb  1 13:57:32 ldap slapd[12574]: => bdb_filter_candidates
>         > Feb  1 13:57:32 ldap slapd[12574]:      EQUALITY
>         > Feb  1 13:57:32 ldap slapd[12574]: <= bdb_filter_candidates:
> id=0
>         > first=0 last=0
>         > Feb  1 13:57:32 ldap slapd[12574]: => bdb_filter_candidates
>         > Feb  1 13:57:32 ldap slapd[12574]:      EQUALITY
>         > Feb  1 13:57:32 ldap slapd[12574]: <= bdb_filter_candidates:
> id=0
>         > first=0 last=0
>         > Feb  1 13:57:32 ldap slapd[12574]: <= bdb_list_candidates: id=0
>         > first=0 last=0
>         > Feb  1 13:57:32 ldap slapd[12574]: <= bdb_filter_candidates:
> id=0
>         > first=0 last=0
>         > Feb  1 13:57:32 ldap slapd[12574]: <= bdb_list_candidates: id=0
>         > first=1 last=0
>         > Feb  1 13:57:32 ldap slapd[12574]: <= bdb_filter_candidates:
> id=0
>         > first=1 last=0
>         > Feb  1 13:57:32 ldap slapd[12574]: conn=10 op=3 SEARCH RESULT
> tag=101
>         > err=0 nentries=0 text=
>         > Feb  1 13:57:32 ldap jabberd/c2s[12966]: [6] [192.168.xxx.xxx,
>         > port=3172] disconnect
>         >
>         >
>         >
> _____________________________________________________________________________
>         >
> _____________________________________________________________________________
>         > _______________________________________________
>         > JAdmin mailing list
>         > JAdmin at jabber.org
>         > http://mail.jabber.org/mailman/listinfo/jadmin
>         > FAQ: http://www.jabber.org/about/jadminfaq.shtml
>         > _______________________________________________
>
>
>
>
>
> CONFIDENTIALITY
> This e-mail message and any attachments thereto, is intended only for use
> by the addressee(s) named herein and may contain legally privileged and/or
> confidential information. If you are not the intended recipient of this
> e-mail message, you are hereby notified that any dissemination, distribution
> or copying of this e-mail message, and any attachments thereto, is strictly
> prohibited.  If you have received this e-mail message in error, please
> immediately notify the sender and permanently delete the original and any
> copies of this email and any prints thereof.
> ABSENT AN EXPRESS STATEMENT TO THE CONTRARY HEREINABOVE, THIS E-MAIL IS
> NOT INTENDED AS A SUBSTITUTE FOR A WRITING.  Notwithstanding the Uniform
> Electronic Transactions Act or the applicability of any other law of similar
> substance and effect, absent an express statement to the contrary
> hereinabove, this e-mail message its contents, and any attachments hereto
> are not intended to represent an offer or acceptance to enter into a
> contract and are not otherwise intended to bind the sender, Sanmina-SCI
> Corporation (or any of its subsidiaries), or any other person or entity.
>
> _____________________________________________________________________________
> Scanned by Sanmina-SCI
> eShield  _____________________________________________________________________________
> _______________________________________________
> JAdmin mailing list
> JAdmin at jabber.org
> http://mail.jabber.org/mailman/listinfo/jadmin
> FAQ: http://www.jabber.org/about/jadminfaq.shtml
> _______________________________________________
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.jabber.org/pipermail/jadmin/attachments/20070202/5ebf36b9/attachment-0001.htm

More information about the JAdmin mailing list