[ejabberd] ejabberd LDAP authentication woes

Jeff Schroeder jeffschroed at gmail.com
Wed Feb 25 02:20:04 MSK 2009


I've been trying to get ejabberd to authenticate against our existing
Active Directory infrastructure and am not having much luck.

================ ldap configuration in ejabberd.cfg ====================
{auth_method, ldap}.
{ldap_servers,
["<ACTIVE DIRECTORY SERVER 1>"]}.
{ldap_uidattr, "sAMAccountName"}.
{ldap_base,
"ou=Users,ou=EWT,dc=office,dc=bhtrader,dc=com"}.
{ldap_rootdn,
"cn=Jabber,ou=IT,ou=Users,ou=EWT,dc=office,dc=bhtrader,dc=com"}.
{ldap_filter,
"(memberOf=*)"}.
{ldap_password, "<JABBERACCOUNTPASSWORD>"}.


============================================================

Here is the relevant log when the loglevel is set to 5 in the config.

=================relevant snip from ejabberd.log =====================
=INFO REPORT==== 2009-02-24 14:36:20 ===
D(<0.2707.0>:ejabberd_c2s:1346) : Send XML on stream = "<?xml
version='1.0'?><stream:stream xmlns='jabber:client'
xmlns:stream='http://etherx.jabber.org/streams' id='3630388494'
from='office.bhtrader.com' version='1.0' xml:lang='en'>"

=INFO REPORT==== 2009-02-24 14:36:20 ===
D(<0.2707.0>:ejabberd_c2s:1346) : Send XML on stream =
"<stream:features><mechanisms
xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>PLAIN</mechanism></mechanisms><register
xmlns='http://jabber.org/features/iq-register'/></stream:features>"

=INFO REPORT==== 2009-02-24 14:36:20 ===
D(<0.2706.0>:ejabberd_receiver:306) : Received XML on stream = "<auth
xmlns=\"urn:ietf:params:xml:ns:xmpp-sasl\"
mechanism=\"PLAIN\">BIG-AUTHENTICATION-INFO-HASH</auth>"

=INFO REPORT==== 2009-02-24 14:36:20 ===
D(<0.2706.0>:shaper:61) : State: {maxrate,1000,0,1235514980164912}, Size=148
M=74.0, I=73.221


=INFO REPORT==== 2009-02-24 14:36:20 ===
D(<0.2458.0>:eldap:587) : {searchRequest,
                           {'SearchRequest',
                            "ou=Users,ou=EWT,dc=office,dc=bhtrader,dc=com",
                            wholeSubtree,neverDerefAliases,0,0,false,
                            {'and',
                             [{equalityMatch,
                               {'AttributeValueAssertion',"uid","jschroeder"}},
                              {present,"memberOf"}]},
                            []}}


=INFO REPORT==== 2009-02-24 14:36:20 ===
D(<0.2458.0>:eldap:648) : {searchResDone,
                              {'LDAPResult',success,[],[],asn1_NOVALUE}}

=INFO REPORT==== 2009-02-24 14:36:20 ===
I(<0.2707.0>:ejabberd_c2s:576) :
({socket_state,tls,{tlssock,#Port<0.2549>,#Port<0.2558>},<0.2706.0>})
Failed authentication for jschroeder at office.bhtrader.com

=INFO REPORT==== 2009-02-24 14:36:20 ===
D(<0.2707.0>:ejabberd_c2s:1346) : Send XML on stream = "<failure
xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><not-authorized/></failure>"

============================================================

Using the gajim jabber client from a Linux desktop, I'm not able to
authenticate. It seems to be doing a lookup and finding my username
(jschroeder) just fine. I've triplechecked the password is correct and
am not 100% sure what is wrong here. An ldapsearch with the same base,
rootdn, and password works just fine from the command line. Whats the
best way to continue troubleshooting this?

Thankyou

-- 
Jeff Schroeder

Don't drink and derive, alcohol and analysis don't mix.
http://www.digitalprognosis.com


More information about the ejabberd mailing list