Home » Forums » ejabberd & XMPP » ejabberd Administration

empty user list when using AD

Submitted by ASPLP on Tue, 2014-08-19 14:51

Hi,

we have ejabberd 14.07 setuped with AD support. Users could login normally as expected via xmpp client though web admin page shows empty list. Logged in users are shown in web admin page. Here is a sample of host_config part

host_config:
  "domain.com":
     auth_method: ldap
     ldap_servers:
       - "192.168.0.1"
     ldap_port: 389
     ldap_rootdn: "cn=********,ou=SE-ServiceAccount,dc=*******,dc=priv"
     ldap_password: "************"
     ldap_base: "dc=**********,dc=priv"
     ldap_uids:
       "sAMAccountName":
             - "%u"
     ldap_filter: "(&(userPrincipalName=%u@domain.com)(memberOf=CN=**************,OU=**********,OU=**********,DC=***********,DC=priv))"

Error.log message:

2014-08-19 10:45:55.256 [error] <0.14982.0> CRASH REPORT Process 'eldap_#Ref<0.0.3.57252>' with 2 neighbours exited with reason: no match of right hand value {error,{asn1,{function_clause,[{'ELDAPv3',enc_SubstringFilter_substrings_components,[{'SubstringFilter_substrings',[{final,<<"@domain.com">>}]},[],0],[{file,"src/ELDAPv3.erl"},{line,1768}]},{'ELDAPv3',enc_SubstringFilter_substrings,2,[{file,"src/ELDAPv3.erl"},{line,1765}]},{'ELDAPv3',enc_SubstringFilter,2,[{file,"src/ELDAPv3.erl"},{line,1753}]},{'ELDAPv3',enc_Filter,2,[{file,"src/ELDAPv3.erl"},{line,1604}]},{'ELDAPv3',enc_Filter_and_components,3,[{file,"src/ELDAPv3.erl"},{line,1636}]},...]}}} in eldap:send_command/3 line 831 in gen_fsm:terminate/7 line 622
2014-08-19 10:45:55.257 [error] <0.13524.0> Supervisor ejabberd_sup had child 'ejabberd_auth_ldap_domain.com' started with ejabberd_auth_ldap:start_link(<<"domain.com">>) at <0.14981.0> exit with reason no match of right hand value {error,{asn1,{function_clause,[{'ELDAPv3',enc_SubstringFilter_substrings_components,[{'SubstringFilter_substrings',[{final,<<"@domain.com">>}]},[],0],[{file,"src/ELDAPv3.erl"},{line,1768}]},{'ELDAPv3',enc_SubstringFilter_substrings,2,[{file,"src/ELDAPv3.erl"},{line,1765}]},{'ELDAPv3',enc_SubstringFilter,2,[{file,"src/ELDAPv3.erl"},{line,1753}]},{'ELDAPv3',enc_Filter,2,[{file,"src/ELDAPv3.erl"},{line,1604}]},{'ELDAPv3',enc_Filter_and_components,3,[{file,"src/ELDAPv3.erl"},{line,1636}]},...]}}} in eldap:send_command/3 line 831 in context child_terminated
‹ VCARD Telephone [Need Help] ejabberd 14.12 ejabberd.yml ldap Active Directory configuration ›

Fail to search in Active

Submitted by egoncalves on Wed, 2015-01-28 17:09.

Fail to search in Active Directory

I think I have the same problem here, if I type nothing in search's fields, it returns all my users from Active Directory, but if I type something in the fields and hit search button, I get this message in log:

13:41:12.950 [error] gen_fsm 'eldap_#Ref<0.0.0.11157>' in state active terminated with reason: no match of right hand value {error,{asn1,{function_clause,[{'ELDAPv3',enc_SubstringFilter_substrings_components,[{'SubstringFilter_substrings',[{any,<<"eduardo*">>}]},[],0],[{file,"src/ELDAPv3.erl"},{line,1768}]},{'ELDAPv3',enc_SubstringFilter_substrings,2,[{file,"src/ELDAPv3.erl"},{line,1765}]},{'ELDAPv3',enc_SubstringFilter,2,[{file,"src/ELDAPv3.erl"},{line,1753}]},{'ELDAPv3',enc_Filter,2,[{file,"src/ELDAPv3.erl"},{line,1604}]},{'ELDAPv3',enc_Filter_and_components,3,[{file,"src/ELDAPv3.erl"},{line,1636}]},{'ELDAPv3',...},...]}}} in eldap:send_command/3 line 831
13:41:12.950 [error] CRASH REPORT Process 'eldap_#Ref<0.0.0.11157>' with 1 neighbours exited with reason: no match of right hand value {error,{asn1,{function_clause,[{'ELDAPv3',enc_SubstringFilter_substrings_components,[{'SubstringFilter_substrings',[{any,<<"eduardo*">>}]},[],0],[{file,"src/ELDAPv3.erl"},{line,1768}]},{'ELDAPv3',enc_SubstringFilter_substrings,2,[{file,"src/ELDAPv3.erl"},{line,1765}]},{'ELDAPv3',enc_SubstringFilter,2,[{file,"src/ELDAPv3.erl"},{line,1753}]},{'ELDAPv3',enc_Filter,2,[{file,"src/ELDAPv3.erl"},{line,1604}]},{'ELDAPv3',enc_Filter_and_components,3,[{file,"src/ELDAPv3.erl"},{line,1636}]},{'ELDAPv3',...},...]}}} in eldap:send_command/3 line 831 in gen_fsm:terminate/7 line 622                                 
13:41:12.951 [error] LDAP request failed: eldap:search([[{base,<<"OU=mydomain,DC=nova,DC=local">>},{filter,{and,[{and,[{present,<<"sAMAccountName">>},{equalityMatch,{'AttributeValueAssertion',<<"memberOf">>,<<"CN=chat,OU=mydomain,DC=nova,DC=local">>}}]},{substrings,{'SubstringFilter',<<"displayName">>,{'SubstringFilter_substrings',[{any,<<"eduardo*">>}]}}}]}},{limit,0},{deref_aliases,never},{attributes,[<<"displayName">>,<<"mail">>,<<"sAMAccountName">>]}]])Reason: {{{badmatch,{error,{asn1,{function_clause,[{'ELDAPv3',enc_SubstringFilter_substrings_components,[{'SubstringFilter_substrings',[{any,<<"eduardo*">>}]},[],0],[{file,"src/ELDAPv3.erl"},{line,1768}]},{'ELDAPv3',enc_SubstringFilter_substrings,2,[{file,"src/ELDAPv3.erl"},{line,1765}]},{'ELDAPv3',enc_SubstringFilter,2,[{file,"src/ELDAPv3.erl"},{line,1753}]},{'ELDAPv3',enc_Filter,2,[{file,"src/ELDAPv3.erl"},{line,1604}]},{'ELDAPv3',enc_Filter_and_components,3,[{file,"src/ELDAPv3.erl"},{line,1636}]},{'ELDAPv3',enc_Filter_and,2,[{file,"src/ELDAPv3.erl"},{line,1629}]},{'ELDAPv3',enc_Filter,2,[{file,"src/ELDAPv3.erl"},{line,1596}]},{'ELDAPv3',enc_SearchRequest,2,[{file,"src/ELDAPv3.erl"},{line,1511}]}]}}}},[{eldap,send_command,3,[{file,"src/eldap.erl"},{line,831}]},{eldap,process_command,3,[{file,"src/eldap.erl"},{line,813}]},{gen_fsm,handle_msg,7,[{file,"gen_fsm.erl"},{line,505}]},{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,239}]}]},{gen_fsm,sync_send_event,[<0.430.0>,{search,{eldap_search,wholeSubtree,<<"OU=mydomain,DC=nova,DC=local">>,{and,[{and,[{present,<<"sAMAccountName">>},{equalityMatch,{'AttributeValueAssertion',<<"memberOf">>,<<"CN=chat,OU=mydomain,DC=nova,DC=local">>}}]},{substrings,{'SubstringFilter',<<"displayName">>,{'SubstringFilter_substrings',[{any,<<"eduardo*">>}]}}}]},0,[<<"displayName">>,<<"mail">>,<<"sAMAccountName">>],false,neverDerefAliases,0}},110500]}}
13:41:12.951 [error] Supervisor ejabberd_sup had child 'ejabberd_mod_vcard_ldap_chat.mydomain.com.br' started with mod_vcard_ldap:start_link(<<"chat.mydomain.com.br">>, [{matches,infinity},{ldap_vcard_map,[{<<"NICKNAME">>,[{<<"%u">>,[]}]},{<<"FN">>,[{<<"%s">>,[<<"d...">>]}]},...]},...]) at <0.427.0> exit with reason no match of right hand value {error,{asn1,{function_clause,[{'ELDAPv3',enc_SubstringFilter_substrings_components,[{'SubstringFilter_substrings',[{any,<<"eduardo*">>}]},[],0],[{file,"src/ELDAPv3.erl"},{line,1768}]},{'ELDAPv3',enc_SubstringFilter_substrings,2,[{file,"src/ELDAPv3.erl"},{line,1765}]},{'ELDAPv3',enc_SubstringFilter,2,[{file,"src/ELDAPv3.erl"},{line,1753}]},{'ELDAPv3',enc_Filter,2,[{file,"src/ELDAPv3.erl"},{line,1604}]},{'ELDAPv3',enc_Filter_and_components,3,[{file,"src/ELDAPv3.erl"},{line,1636}]},{'ELDAPv3',...},...]}}} in eldap:send_command/3 line 831 in context child_terminated
13:41:12.952 [info] LDAP connection on ad.mydomain.com.br:389

This is a part of my ejabberd.yml config file:

mod_vcard_ldap:
    matches: infinity
    ldap_vcard_map:
        "NICKNAME": {"%u": []}
        "FN": {"%s": ["displayName"]}
        "EMAIL": {"%s": ["mail"]}
    ldap_search_fields:
        "User": "%u"
        "Full Name":  "displayName"
        "Email": "mail"
    ldap_search_reported:
        "Full Name": "FN"
        "Nickname": "NICKNAME"
        "Email": "EMAIL"
»
Syndicate content

User login