Communications Express using incorrect LDAP SRCH Base
Hello,
I have JES 2005Q4 Messaging, Calendar and Communications Express Installed. With Directory Server 5.2.
Directory Server, Web Mail and Calendar work OK.
I have configured Messaging SSO for Communications Express OK, if i login to the Webmail first then go to the Communications Express login page i get logged in without asking for username+password which i assume it right and i get both mail and calendar tabs (yey)
However if i want to login using the Communications express login page i get :
Authentication Failed
Reenter your username and password.
I know my username and password are right as i can login to webmail and calendar OK.
I looked through the LDAP server access logs to see what query it was doing and it seems to be using the wrong search base.
Our base is dc=sunderland,dc=ac,dc=uk.
However the Communications Express seems to be using:
SRCH base="dc=sunderland,dc=ac,dc=uk,dc=sunderland,dc=ac,dc=uk"
Its has our base in twice, so its obviosuly not going to work.
Why is it duplicating the base in the Search base?
My uwcauth.properties file has:
ldapusersession.dcroot = dc=sunderland,dc=ac,dc=uk
If i uncomment this it makes no difference.
This is the full query from the LDAP access log:
[29/Jun/2006:12:17:17 +0100] conn=1751 op=-1 msgId=-1 - fd=214 slot=214 LDAP connection from 157.xx.xx.xx to 157.xx.xx.xx
[29/Jun/2006:12:17:17 +0100] conn=1751 op=0 msgId=77 - BIND dn="cn=Directory Manager" method=128 version=2
[29/Jun/2006:12:17:17 +0100] conn=1751 op=0 msgId=77 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[29/Jun/2006:12:17:17 +0100] conn=1751 op=1 msgId=78 - SRCH base="dc=sunderland,dc=ac,dc=uk,dc=sunderland,dc=ac,dc=uk" scope=0 filter="(|(objectClass=inetDomain)(objectClass=inetDomainAlias))" attrs="inetDomainBaseDN inetDomainStatus inetDomainSearchFilter domainUidSeparator preferredLanguage aliasedObjectName"
[29/Jun/2006:12:17:17 +0100] conn=1751 op=1 msgId=78 - RESULT err=0 tag=101 nentries=0 etime=0
[29/Jun/2006:12:17:17 +0100] conn=1751 op=2 msgId=79 - SRCH base="dc=sunderland,dc=ac,dc=uk,dc=sunderland,dc=ac,dc=uk" scope=0 filter="(|(objectClass=inetDomain)(objectClass=inetDomainAlias))" attrs="inetDomainBaseDN inetDomainStatus inetDomainSearchFilter domainUidSeparator preferredLanguage aliasedObjectName"
[29/Jun/2006:12:17:17 +0100] conn=1751 op=2 msgId=79 - RESULT err=0 tag=101 nentries=0 etime=0
[29/Jun/2006:12:17:17 +0100] conn=1751 op=3 msgId=80 - UNBIND
[29/Jun/2006:12:17:17 +0100] conn=1751 op=3 msgId=-1 - closing - U1
[29/Jun/2006:12:17:17 +0100] conn=1751 op=-1 msgId=-1 - closed.
Any help would be much appreciated.
Kind Regards
Daniel Wilson
# 1
Start out looking at your CE config files and configutil output. Make sure that the wrong search root isn't there.....
# 2
I have checked:
./configutil | grep -i dc=sunderland,dc=uk
local.enduseradmindn = "uid=msg-admin-learner.sunderland.ac.uk-20060628113707Z, ou=People, dc=sunderland,dc=ac,dc=uk"
local.service.pab.ldapbinddn = "uid=msg-admin-learner.sunderland.ac.uk-20060628113707Z, ou=People, dc=sunderland,dc=ac,dc=uk"
local.ugldapbasedn = "dc=sunderland,dc=ac,dc=uk"
local.ugldapbinddn = "uid=msg-admin-learner.sunderland.ac.uk-20060628113707Z, ou=People, dc=sunderland,dc=ac,dc=uk"
local.ugldapdeforgdn = "dc=sunderland,dc=ac,dc=uk"
service.dcroot = "dc=sunderland,dc=ac,dc=uk"
store.serviceadmingroupdn = "cn=Service Administrators,ou=Groups, dc=sunderland,dc=ac,dc=uk"
Whats the CE config files?
Thanks
Daniel
# 3
Ah I guess CE is communications express..?
I have greped throught all the /opt/SUNWuwc/WEB-INF/config/* files and theres no douplicates.
grep -i "dc=sunderland,dc=ac,dc=uk,dc=sunderland,dc=ac,dc=uk" /opt/SUNWuwc/WEB-INF/config/*
Thanks
Daniel
# 4
I suggest looking for "dc=sunderland", rather than the whole string.....
# 5
I have also tried that too.grep -i "dc=sunderland" ./*No Luck!RegardsDaniel
# 6
You might try re-configuring CE, and being very careful of what you enter.
# 7
Try to grep for "dc=sunderland" in /var/opt/SUNWuwc/WEB-INF/config .Also for those users present in dc=sunderland,dc=ac,dc=uk,dc=sunderland,dc=ac,dc=uk,change the basedn to dc=sunderland,dc=ac,dc=uk in the ldap and try logging in to UWC.ThanksRamya
# 8
bash-3.00# grep -i "dc=sunderland" ./var/opt/SUNWuwc/WEB-INF/config/*
./var/opt/SUNWuwc/WEB-INF/config/uwcauth.properties:!ldapauth.dcroot = dc=sunderland,dc=ac,dc=uk
./var/opt/SUNWuwc/WEB-INF/config/uwcauth.properties:ldapusersession.dcroot = dc=sunderland,dc=ac,dc=uk
So....still nothing.
I have also reconfigured UWC and messenger!
# 9
Actually, i dont even think UWC seems to be even trying to login a user.
Its not attempting to bind as a user like id expect to verify the password is correct. This is the LDAP query in the access logs when i try to login as a normal user via CE:
[03/Jul/2006:17:06:32 +0100] conn=3795 op=-1 msgId=-1 - fd=214 slot=214 LDAP connection from 157.228.65.234 to 157.228.65.234
[03/Jul/2006:17:06:32 +0100] conn=3795 op=0 msgId=93 - BIND dn="cn=Directory Manager" method=128 version=2
[03/Jul/2006:17:06:32 +0100] conn=3795 op=0 msgId=93 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[03/Jul/2006:17:06:32 +0100] conn=3795 op=1 msgId=94 - SRCH base="dc=sunderland,dc=ac,dc=uk,dc=sunderland,dc=ac,dc=uk" scope=0 filter="(|(objectClass=inetDomain)(objectClass=inetDomainAlias))" attrs="inetDomainBaseDN inetDomainStatus inetDomainSearchFilter domainUidSeparator preferredLanguage aliasedObjectName"
[03/Jul/2006:17:06:32 +0100] conn=3795 op=1 msgId=94 - RESULT err=0 tag=101 nentries=0 etime=0
[03/Jul/2006:17:06:32 +0100] conn=3795 op=2 msgId=95 - SRCH base="dc=sunderland,dc=ac,dc=uk,dc=sunderland,dc=ac,dc=uk" scope=0 filter="(|(objectClass=inetDomain)(objectClass=inetDomainAlias))" attrs="inetDomainBaseDN inetDomainStatus inetDomainSearchFilter domainUidSeparator preferredLanguage aliasedObjectName"
[03/Jul/2006:17:06:32 +0100] conn=3795 op=2 msgId=95 - RESULT err=0 tag=101 nentries=0 etime=0
[03/Jul/2006:17:06:32 +0100] conn=3795 op=3 msgId=96 - UNBIND
[03/Jul/2006:17:06:32 +0100] conn=3795 op=3 msgId=-1 - closing - U1
[03/Jul/2006:17:06:32 +0100] conn=3795 op=-1 msgId=-1 - closed.
The results of this query is:
version: 1
dn: dc=learner,dc=sunderland,dc=ac,dc=uk,dc=sunderland,dc=ac,dc=uk
inetDomainBaseDN: dc=sunderland,dc=ac,dc=uk
inetDomainStatus: active
This is the LDAP query when logging into the messenger webmail which works:
[03/Jul/2006:17:09:25 +0100] conn=3782 op=6 msgId=7 - SRCH base="dc=sunderland,dc=ac,dc=uk" scope=2 filter="(&(uid=bob)(objectClass=inetmailuser))" attrs="uid inetUserStatus mailUserStatus mailAllowedServiceAccess inetsubscriberstatus inetauthorizedservices nsmsgDisallowAccess mailAccessDomain mailHost mailMessageStore preferredLanguage mail mailQuota mailMsgQuota aclGroupAddr pabURI maxPabEntries preferredLocale"
[03/Jul/2006:17:09:25 +0100] conn=3782 op=6 msgId=7 - RESULT err=0 tag=101 nentries=1 etime=0
[03/Jul/2006:17:09:25 +0100] conn=3783 op=1 msgId=2 - BIND dn="uid=bob,ou=People,dc=sunderland,dc=ac,dc=uk" method=128 version=3
[03/Jul/2006:17:09:25 +0100] conn=3783 op=1 msgId=2 - RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=bob,ou=people,dc=sunderland,dc=ac,dc=uk"
[03/Jul/2006:17:09:25 +0100] conn=3782 op=7 msgId=8 - SRCH base="uid=bob,ou=people,dc=sunderland,dc=ac,dc=uk" scope=0 filter="(objectClass=*)" attrs="cn cn;lang-en givenName givenName;lang-en mail mailAlternateAddress mailAutoReplyMode mailAutoReplySubject mailAutoReplySubject;lang-en mailAutoReplyText mailAutoReplyText;lang-en mailAutoReplyTextInternal mailAutoReplyTextInternal;lang-en mailAutoReplyTimeout mailDeliveryOption mailForwardingAddress mailQuota mailMsgQuota preferredLanguage sn sn;lang-en uid vacationEndDate vacationStartDate mailHost mailSieveRuleSource sunUCDateFormat sunUCDateDelimiter sunUCTimeFormat nswmExtendedUserPrefs"
[03/Jul/2006:17:09:25 +0100] conn=3782 op=7 msgId=8 - RESULT err=0 tag=101 nentries=1 etime=0
[03/Jul/2006:17:09:26 +0100] conn=3784 op=4 msgId=5 - SRCH base="ou=bob,ou=people,dc=sunderland,dc=ac,dc=uk,o=pab" scope=2 filter="(|(cn=*)(ou=*))" attrs=ALL
[03/Jul/2006:17:09:26 +0100] conn=3784 op=4 msgId=5 - RESULT err=0 tag=101 nentries=2 etime=0
[03/Jul/2006:17:09:26 +0100] conn=3784 op=5 msgId=6 - SRCH base="ou=bob,ou=people,dc=sunderland,dc=ac,dc=uk,o=pab" scope=2 filter="(|(objectClass=pab)(objectClass=pabgroup))" attrs=ALL
[03/Jul/2006:17:09:26 +0100] conn=3784 op=5 msgId=6 - RESULT err=0 tag=101 nentries=1 etime=0
[03/Jul/2006:17:09:26 +0100] conn=3784 op=6 msgId=7 - SRCH base="ou=bob,ou=people,dc=sunderland,dc=ac,dc=uk,o=pab" scope=2 filter="(memberOfPAB=AddressBookc34fab3)" attrs="un cn sn givenName mail description telephoneNumber homePhone memberOfPAB memberOfPABGroup objectClass"
[03/Jul/2006:17:09:26 +0100] conn=3784 op=6 msgId=7 - RESULT err=0 tag=101 nentries=0 etime=0
Why isnt CE (UWC) even doing a correct LDAP bind?
any ideas?
Cheers
