[ejabberd] user authentication fails againts Windows ADS .

Agnello George agnello.dsouza at gmail.com
Mon Jun 1 12:48:47 MSD 2009


hi
i have a ejabberd server in set up on Cent OS 5.2 . i need to connect to an
exertnal Ads server for some users . My ejabberd.cfg file looks something
like this .
{hosts, ["excads.netstat.com"]}.
{host_config, "excads.netstat.com", [{auth_method,ldap},
{ldap_servers,["excads.netstat.com"]},
{ldap_uids, [{"sAMAccountName","%u"}]},
{ldap_base,"dc=excads,dc=netstat,dc=com"},
{ldap_rootdn,"cn=Administrator,cn=Users,dc=excads,dc=netstat,dc=com"},
{ldap_password,"qwerasdf"}]}.
whnei trto login i get  the following error ( i apologies for  posting  a
huge log file )
=INFO REPORT==== 2009-06-01 13:52:20 ===
I(<0.244.0>:ejabberd_listener:112) : (#Port<0.437>) Accepted connection
{{192,168,10,105},44865} -> {{192,168,50,137},5222}

=INFO REPORT==== 2009-06-01 13:52:20 ===
D(<0.499.0>:ejabberd_receiver:298) : Received XML on stream = "<?xml
version='1.0' ?><stream:stream to='excads.netstat.com' xmlns='jabber:client'
xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>"

=INFO REPORT==== 2009-06-01 13:52:20 ===
D(<0.500.0>:ejabberd_c2s:1362) : Send XML on stream = "<?xml
version='1.0'?><stream:stream xmlns='jabber:client' xmlns:stream='
http://etherx.jabber.org/streams' id='3974015530' from='excads.netstat.com'
version='1.0' xml:lang='en'>"

=INFO REPORT==== 2009-06-01 13:52:20 ===
D(<0.500.0>:ejabberd_c2s:1362) : Send XML on stream =
"<stream:features><mechanisms
xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>PLAIN</mechanism></mechanisms><register
xmlns='http://jabber.org/features/iq-register'/></stream:features>"

=INFO REPORT==== 2009-06-01 13:52:20 ===
D(<0.499.0>:ejabberd_receiver:298) : Received XML on stream = "<auth
xmlns='urn:ietf:params:xml:ns:xmpp-sasl'
mechanism='PLAIN'>AGFnbmVsbG8AMTJxd1FXUVc=</auth>"

=INFO REPORT==== 2009-06-01 13:52:20 ===
D(<0.499.0>:shaper:61) : State: {maxrate,1000,0,1243844540317068}, Size=96
M=48.0, I=4.794


=INFO REPORT==== 2009-06-01 13:52:20 ===
D(<0.251.0>:eldap:587) : {searchRequest,
  {'SearchRequest',"dc=excads,dc=netstat,dc=com",
  wholeSubtree,neverDerefAliases,0,0,false,
  {equalityMatch,
  {'AttributeValueAssertion',"sAMAccountName",
  "agnello"}},
  []}}


=INFO REPORT==== 2009-06-01 13:52:20 ===
D(<0.251.0>:eldap:648) : {searchResEntry,
  {'SearchResultEntry',
  "CN=agnello,CN=Users,DC=excads,DC=netstat,DC=com",
  [{'PartialAttributeList_SEQOF',
  "objectClass",
  ["top","person","organizationalPerson",
  "user"]},
  {'PartialAttributeList_SEQOF',"cn",
  ["agnello"]},
  {'PartialAttributeList_SEQOF',"givenName",
  ["agnello"]},
  {'PartialAttributeList_SEQOF',
  "distinguishedName",
  ["CN=agnello,CN=Users,DC=excads,DC=netstat,DC=com"]},
  {'PartialAttributeList_SEQOF',
  "instanceType",
  ["4"]},
  {'PartialAttributeList_SEQOF',
  "whenCreated",
  ["20090529134023.0Z"]},
  {'PartialAttributeList_SEQOF',
  "whenChanged",
  ["20090529134023.0Z"]},
  {'PartialAttributeList_SEQOF',
  "displayName",
  ["agnello"]},
  {'PartialAttributeList_SEQOF',"uSNCreated",
  ["69678"]},
  {'PartialAttributeList_SEQOF',"uSNChanged",
  ["69684"]},
  {'PartialAttributeList_SEQOF',"name",
  ["agnello"]},
  {'PartialAttributeList_SEQOF',"objectGUID",
  [[140,74,186,186,206,216,118,72,159,124,
  136,45,152,67,18,199]]},
  {'PartialAttributeList_SEQOF',
  "userAccountControl",
  ["512"]},
  {'PartialAttributeList_SEQOF',
  "badPwdCount",
  ["0"]},
  {'PartialAttributeList_SEQOF',"codePage",
  ["0"]},
  {'PartialAttributeList_SEQOF',
  "countryCode",
  ["0"]},
  {'PartialAttributeList_SEQOF',
  "badPasswordTime",
  ["0"]},
  {'PartialAttributeList_SEQOF',"lastLogoff",
  ["0"]},
  {'PartialAttributeList_SEQOF',"lastLogon",
  ["0"]},
  {'PartialAttributeList_SEQOF',"pwdLastSet",
  ["0"]},
  {'PartialAttributeList_SEQOF',
  "primaryGroupID",
  ["513"]},
  {'PartialAttributeList_SEQOF',"objectSid",
  [[1,5,0,0,0,0,0,5,21,0,0,0,49,14,213,
  216,110,128,202,165,151,137,68,35,104,
  4,0,0]]},
  {'PartialAttributeList_SEQOF',
  "accountExpires",
  ["9223372036854775807"]},
  {'PartialAttributeList_SEQOF',"logonCount",
  ["0"]},
  {'PartialAttributeList_SEQOF',
  "sAMAccountName",
  ["agnello"]},
  {'PartialAttributeList_SEQOF',
  "sAMAccountType",
  ["805306368"]},
  {'PartialAttributeList_SEQOF',
  "userPrincipalName",
  ["agnello at excads.netstat.com"]},
  {'PartialAttributeList_SEQOF',
  "objectCategory",
  ["CN=Person,CN=Schema,CN=Configuration,DC=excads,DC=netstat,DC=com"]}]}}

=INFO REPORT==== 2009-06-01 13:52:20 ===
D(<0.251.0>:eldap:648) : {searchResRef,
  ["ldap://
ForestDnsZones.excads.netstat.com/DC=ForestDnsZones,DC=excads,DC=netstat,DC=com
"]}

=INFO REPORT==== 2009-06-01 13:52:20 ===
D(<0.251.0>:eldap:648) : {searchResRef,
  ["ldap://
DomainDnsZones.excads.netstat.com/DC=DomainDnsZones,DC=excads,DC=netstat,DC=com
"]}

=INFO REPORT==== 2009-06-01 13:52:20 ===
D(<0.251.0>:eldap:648) : {searchResRef,
  ["ldap://excads.netstat.com/CN=Configuration,DC=excads,DC=netstat,DC=com
"]}

=INFO REPORT==== 2009-06-01 13:52:20 ===
D(<0.251.0>:eldap:648) : {searchResDone,
  {'LDAPResult',success,[],[],asn1_NOVALUE}}

=INFO REPORT==== 2009-06-01 13:52:20 ===
D(<0.254.0>:eldap:587) : {bindRequest,
  {'BindRequest',3,
  "CN=agnello,CN=Users,DC=excads,DC=netstat,DC=com",
  {simple,"12qwQWQW"}}}


=INFO REPORT==== 2009-06-01 13:52:20 ===
D(<0.254.0>:eldap:648) : {bindResponse,
  {'BindResponse',invalidCredentials,[],
  [56,48,48,57,48,51,48,56,58,32,76,100,97,112,
  69,114,114,58,32,68,83,73,68,45,48,67,48,57,
  48,51,51,52,44,32,99,111,109,109,101,110,
  116,58,32,65,99,99,101,112,116,83,101,99,
  117,114,105,116,121,67,111,110,116,101,120,
  116,32,101,114,114,111,114,44,32,100,97,116,
  97,32,55,55,51,44,32,118,101,99,101,0],
  asn1_NOVALUE,asn1_NOVALUE}}

=INFO REPORT==== 2009-06-01 13:52:20 ===
I(<0.500.0>:ejabberd_c2s:577) :
({socket_state,gen_tcp,#Port<0.437>,<0.499.0>}) Failed authentication for
agnello at excads.netstat.com

=INFO REPORT==== 2009-06-01 13:52:20 ===
D(<0.500.0>:ejabberd_c2s:1362) : Send XML on stream = "<failure
xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><not-authorized/></failure>"

I cant see the issue here , my cfg file looks proper ... and i am able to
query the external windows ads server.
Can some one help me in guiding me where exactly i am going wrong .
Thanks

-- 
Regards
Agnello D'souza
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.jabber.ru/pipermail/ejabberd/attachments/20090601/485bb1e3/attachment.htm>


More information about the ejabberd mailing list