Home

Possible solution to LDAP authentication problems in 0.9.1

Submitted by adam@csof.net on Wed, 2005-06-08 02:43

I upgraded from ejabberd 0.7.5 to ejabberd 0.9.1 and my LDAP authentication completely broke. After a lot of messing around I believe I've discovered that with the newer version you must specify the bind dn and password as "" if you want to use anonymous binds.

My old LDAP configuration which worked with 0.7.5 was:

{auth_method, ldap}.
{ldap_servers, ["ldap.domain.co.nz"]}.
{ldap_uidattr, "uid"}.
{ldap_base, "dc=domain,dc=co,dc=nz"}.

However in order to make it work with 0.9.1 I had to change it to this:

{auth_method, ldap}.
{ldap_servers, ["ldap.domain.co.nz"]}.
{ldap_uidattr, "uid"}.
{ldap_base, "dc=domain,dc=co,dc=nz"}.
{ldap_rootdn, ""}.
{ldap_password, ""}.

However the strange thing is that once it had started up successfully once I can comment out the ldap_rootdn and ldap_password configuration items and it it still works after a restart. I'm assuming that it's being cached somewhere but I've been unable to determine where.

I hope that this helps people out there.

Below are the logs that were generated when it didn't work (domain and server names have been sanitized). If you want more information from me please email me directly (by replacing the "csof" in my username with "shand").

# cat /var/log/ejabberd/sasl.log
=PROGRESS REPORT==== 8-Jun-2005::12:09:01 ===
supervisor: {local,sasl_safe_sup}
started: [{pid,<0.44.0>},
{name,alarm_handler},
{mfa,{alarm_handler,start_link,[]}},
{restart_type,permanent},
{shutdown,2000},
{child_type,worker}]

=PROGRESS REPORT==== 8-Jun-2005::12:09:01 ===
supervisor: {local,sasl_safe_sup}
started: [{pid,<0.45.0>},
{name,overload},
{mfa,{overload,start_link,[]}},
{restart_type,permanent},
{shutdown,2000},
{child_type,worker}]

=PROGRESS REPORT==== 8-Jun-2005::12:09:01 ===
supervisor: {local,sasl_sup}
started: [{pid,<0.43.0>},
{name,sasl_safe_sup},
{mfa,{supervisor,
start_link,
[{local,sasl_safe_sup},sasl,safe]}},
{restart_type,permanent},
{shutdown,infinity},
{child_type,supervisor}]

=PROGRESS REPORT==== 8-Jun-2005::12:09:01 ===
supervisor: {local,sasl_sup}
started: [{pid,<0.46.0>},
{name,release_handler},
{mfa,{release_handler,start_link,[]}},
{restart_type,permanent},
{shutdown,2000},
{child_type,worker}]

=PROGRESS REPORT==== 8-Jun-2005::12:09:01 ===
application: sasl
started_at: ejabberd@server01

=PROGRESS REPORT==== 8-Jun-2005::12:09:01 ===
supervisor: {local,kernel_safe_sup}
started: [{pid,<0.50.0>},
{name,dets_sup},
{mfa,{dets_sup,start_link,[]}},
{restart_type,permanent},
{shutdown,1000},
{child_type,supervisor}]

=PROGRESS REPORT==== 8-Jun-2005::12:09:01 ===
supervisor: {local,kernel_safe_sup}
started: [{pid,<0.51.0>},
{name,dets},
{mfa,{dets_server,start_link,[]}},
{restart_type,permanent},
{shutdown,2000},
{child_type,worker}]

=PROGRESS REPORT==== 8-Jun-2005::12:09:01 ===
supervisor: {local,mnesia_sup}
started: [{pid,<0.59.0>},
{name,mnesia_event},
{mfa,{mnesia_sup,start_event,[]}},
{restart_type,permanent},
{shutdown,30000},
{child_type,worker}]

=PROGRESS REPORT==== 8-Jun-2005::12:09:01 ===
supervisor: {local,mnesia_kernel_sup}
started: [{pid,<0.61.0>},
{name,mnesia_monitor},
{mfa,{mnesia_monitor,start,[]}},
{restart_type,permanent},
{shutdown,3000},
{child_type,worker}]

=PROGRESS REPORT==== 8-Jun-2005::12:09:01 ===
supervisor: {local,mnesia_kernel_sup}
started: [{pid,<0.62.0>},
{name,mnesia_subscr},
{mfa,{mnesia_subscr,start,[]}},
{restart_type,permanent},
{shutdown,3000},
{child_type,worker}]

=PROGRESS REPORT==== 8-Jun-2005::12:09:01 ===
supervisor: {local,mnesia_kernel_sup}
started: [{pid,<0.63.0>},
{name,mnesia_locker},
{mfa,{mnesia_locker,start,[]}},
{restart_type,permanent},
{shutdown,3000},
{child_type,worker}]

=PROGRESS REPORT==== 8-Jun-2005::12:09:01 ===
supervisor: {local,mnesia_kernel_sup}
started: [{pid,<0.64.0>},
{name,mnesia_recover},
{mfa,{mnesia_recover,start,[]}},
{restart_type,permanent},
{shutdown,180000},
{child_type,worker}]

=PROGRESS REPORT==== 8-Jun-2005::12:09:01 ===
supervisor: {local,kernel_safe_sup}
started: [{pid,<0.69.0>},
{name,disk_log_sup},
{mfa,{disk_log_sup,start_link,[]}},
{restart_type,permanent},
{shutdown,1000},
{child_type,supervisor}]

=PROGRESS REPORT==== 8-Jun-2005::12:09:01 ===
supervisor: {local,kernel_safe_sup}
started: [{pid,<0.70.0>},
{name,disk_log_server},
{mfa,{disk_log_server,start_link,[]}},
{restart_type,permanent},
{shutdown,2000},
{child_type,worker}]

=PROGRESS REPORT==== 8-Jun-2005::12:09:01 ===
supervisor: {local,kernel_safe_sup}
started: [{pid,<0.71.0>},
{name,pg2},
{mfa,{pg2,start_link,[]}},
{restart_type,permanent},
{shutdown,1000},
{child_type,worker}]

=PROGRESS REPORT==== 8-Jun-2005::12:09:01 ===
supervisor: {local,kernel_safe_sup}
started: [{pid,<0.88.0>},
{name,timer_server},
{mfa,{timer,start_link,[]}},
{restart_type,permanent},
{shutdown,1000},
{child_type,worker}]

=PROGRESS REPORT==== 8-Jun-2005::12:09:01 ===
supervisor: {local,mnesia_kernel_sup}
started: [{pid,<0.65.0>},
{name,mnesia_tm},
{mfa,{mnesia_tm,start,[]}},
{restart_type,permanent},
{shutdown,30000},
{child_type,worker}]

=PROGRESS REPORT==== 8-Jun-2005::12:09:01 ===
supervisor: {local,mnesia_kernel_sup}
started: [{pid,<0.89.0>},
{name,mnesia_checkpoint_sup},
{mfa,{mnesia_checkpoint_sup,start,[]}},
{restart_type,permanent},
{shutdown,infinity},
{child_type,supervisor}]

=PROGRESS REPORT==== 8-Jun-2005::12:09:01 ===
supervisor: {local,mnesia_kernel_sup}
started: [{pid,<0.90.0>},
{name,mnesia_snmp_sup},
{mfa,{mnesia_snmp_sup,start,[]}},
{restart_type,permanent},
{shutdown,infinity},
{child_type,supervisor}]

=PROGRESS REPORT==== 8-Jun-2005::12:09:01 ===
supervisor: {local,mnesia_kernel_sup}
started: [{pid,<0.91.0>},
{name,mnesia_controller},
{mfa,{mnesia_controller,start,[]}},
{restart_type,permanent},
{shutdown,3000},
{child_type,worker}]

=PROGRESS REPORT==== 8-Jun-2005::12:09:01 ===
supervisor: {local,mnesia_kernel_sup}
started: [{pid,<0.92.0>},
{name,mnesia_late_loader},
{mfa,{mnesia_late_loader,start,[]}},
{restart_type,permanent},
{shutdown,3000},
{child_type,worker}]

=PROGRESS REPORT==== 8-Jun-2005::12:09:01 ===
supervisor: {local,mnesia_sup}
started: [{pid,<0.60.0>},
{name,mnesia_kernel_sup},
{mfa,{mnesia_kernel_sup,start,[]}},
{restart_type,permanent},
{shutdown,infinity},
{child_type,supervisor}]

=PROGRESS REPORT==== 8-Jun-2005::12:09:01 ===
application: mnesia
started_at: ejabberd@server01

=PROGRESS REPORT==== 8-Jun-2005::12:09:01 ===
supervisor: {local,crypto_sup}
started: [{pid,<0.175.0>},
{name,crypto_server},
{mfa,{crypto_server,start_link,[]}},
{restart_type,permanent},
{shutdown,2000},
{child_type,worker}]

=PROGRESS REPORT==== 8-Jun-2005::12:09:01 ===
application: crypto
started_at: ejabberd@server01

=PROGRESS REPORT==== 8-Jun-2005::12:09:01 ===
supervisor: {local,ssl_sup}
started: [{pid,<0.182.0>},
{name,ssl_server},
{mfa,{ssl_server,start_link,[]}},
{restart_type,permanent},
{shutdown,2000},
{child_type,worker}]

=PROGRESS REPORT==== 8-Jun-2005::12:09:01 ===
supervisor: {local,ssl_sup}
started: [{pid,<0.183.0>},
{name,ssl_broker_sup},
{mfa,{ssl_broker_sup,start_link,[]}},
{restart_type,permanent},
{shutdown,2000},
{child_type,supervisor}]

=PROGRESS REPORT==== 8-Jun-2005::12:09:01 ===
application: ssl
started_at: ejabberd@server01

=PROGRESS REPORT==== 8-Jun-2005::12:09:01 ===
supervisor: {local,inet_gethost_native_sup}
started: [{pid,<0.203.0>},{mfa,{inet_gethost_native,init,[[]]}}]

=PROGRESS REPORT==== 8-Jun-2005::12:09:01 ===
supervisor: {local,kernel_safe_sup}
started: [{pid,<0.202.0>},
{name,inet_gethost_native_sup},
{mfa,{inet_gethost_native,start_link,[]}},
{restart_type,temporary},
{shutdown,1000},
{child_type,worker}]

=PROGRESS REPORT==== 8-Jun-2005::12:09:01 ===
supervisor: {local,ejabberd_sup}
started: [{pid,<0.205.0>},
{name,ejabberd_hooks},
{mfa,{ejabberd_hooks,start_link,[]}},
{restart_type,permanent},
{shutdown,brutal_kill},
{child_type,worker}]

=CRASH REPORT==== 8-Jun-2005::12:09:01 ===
crasher:
pid: <0.201.0>
registered_name: eldap_ejabberd_bind
error_info: {{badmatch,{error,{asn1,
{function_clause,
[{asn1rt_ber_bin,
encode_octet_string,
[[],undefined,[]]},
{'ELDAPv3',enc_BindRequest,2},
{'ELDAPv3',
enc_LDAPMessage_protocolOp,
2},
{'ELDAPv3',enc_LDAPMessage,2},
{'ELDAPv3',encode,2},
{asn1rt,encode,3},
{eldap,bind_request,2},
{eldap,connect_bind,1}]}}}},
[{eldap,bind_request,2},
{eldap,connect_bind,1},
{eldap,connecting,2},
{gen_fsm,handle_msg,7},
{proc_lib,init_p,5}]}
initial_call: {gen,init_it,
[gen_fsm,
<0.36.0>,
<0.36.0>,
{local,eldap_ejabberd_bind},
eldap,
{["ldap.domain.co.nz"],
389,
undefined,
undefined,
#Fun},
[]]}
ancestors: [<0.36.0>]
messages: []
links: [<0.36.0>,#Port<0.289>]
dictionary: []
trap_exit: false
status: running
heap_size: 610
stack_size: 21
reductions: 449
neighbours:

=CRASH REPORT==== 8-Jun-2005::12:09:01 ===
crasher:
pid: <0.200.0>
registered_name: eldap_ejabberd
error_info: {{badmatch,{error,{asn1,
{function_clause,
[{asn1rt_ber_bin,
encode_octet_string,
[[],undefined,[]]},
{'ELDAPv3',enc_BindRequest,2},
{'ELDAPv3',
enc_LDAPMessage_protocolOp,
2},
{'ELDAPv3',enc_LDAPMessage,2},
{'ELDAPv3',encode,2},
{asn1rt,encode,3},
{eldap,bind_request,2},
{eldap,connect_bind,1}]}}}},
[{eldap,bind_request,2},
{eldap,connect_bind,1},
{eldap,connecting,2},
{gen_fsm,handle_msg,7},
{proc_lib,init_p,5}]}
initial_call: {gen,init_it,
[gen_fsm,
<0.36.0>,
<0.36.0>,
{local,eldap_ejabberd},
eldap,
{["ldap.domain.co.nz"],
389,
undefined,
undefined,
#Fun},
[]]}
ancestors: [<0.36.0>]
messages: []
links: [<0.36.0>,#Port<0.290>]
dictionary: []
trap_exit: false
status: running
heap_size: 610
stack_size: 21
reductions: 506
neighbours:

=PROGRESS REPORT==== 8-Jun-2005::12:09:01 ===
supervisor: {local,ejabberd_sup}
started: [{pid,<0.206.0>},
{name,stringprep},
{mfa,{stringprep,start_link,[]}},
{restart_type,permanent},
{shutdown,brutal_kill},
{child_type,worker}]

=PROGRESS REPORT==== 8-Jun-2005::12:09:01 ===
supervisor: {local,ejabberd_sup}
started: [{pid,<0.209.0>},
{name,ejabberd_router},
{mfa,{ejabberd_router,start_link,[]}},
{restart_type,permanent},
{shutdown,brutal_kill},
{child_type,worker}]

=PROGRESS REPORT==== 8-Jun-2005::12:09:01 ===
supervisor: {local,ejabberd_sup}
started: [{pid,<0.210.0>},
{name,ejabberd_sm},
{mfa,{ejabberd_sm,start_link,[]}},
{restart_type,permanent},
{shutdown,brutal_kill},
{child_type,worker}]

=PROGRESS REPORT==== 8-Jun-2005::12:09:01 ===
supervisor: {local,ejabberd_sup}
started: [{pid,<0.216.0>},
{name,ejabberd_s2s},
{mfa,{ejabberd_s2s,start_link,[]}},
{restart_type,permanent},
{shutdown,brutal_kill},
{child_type,worker}]

=PROGRESS REPORT==== 8-Jun-2005::12:09:01 ===
supervisor: {local,ejabberd_sup}
started: [{pid,<0.219.0>},
{name,ejabberd_local},
{mfa,{ejabberd_local,start_link,[]}},
{restart_type,permanent},
{shutdown,brutal_kill},
{child_type,worker}]

=PROGRESS REPORT==== 8-Jun-2005::12:09:01 ===
supervisor: {local,ejabberd_sup}
started: [{pid,<0.220.0>},
{name,ejabberd_c2s_sup},
{mfa,{ejabberd_tmp_sup,
start_link,
[ejabberd_c2s_sup,ejabberd_c2s]}},
{restart_type,permanent},
{shutdown,infinity},
{child_type,supervisor}]

=PROGRESS REPORT==== 8-Jun-2005::12:09:01 ===
supervisor: {local,ejabberd_sup}
started: [{pid,<0.221.0>},
{name,ejabberd_s2s_in_sup},
{mfa,{ejabberd_tmp_sup,
start_link,
[ejabberd_s2s_in_sup,ejabberd_s2s_in]}},
{restart_type,permanent},
{shutdown,infinity},
{child_type,supervisor}]

=PROGRESS REPORT==== 8-Jun-2005::12:09:01 ===
supervisor: {local,ejabberd_sup}
started: [{pid,<0.222.0>},
{name,ejabberd_s2s_out_sup},
{mfa,{ejabberd_tmp_sup,
start_link,
[ejabberd_s2s_out_sup,ejabberd_s2s_out]}},
{restart_type,permanent},
{shutdown,infinity},
{child_type,supervisor}]

=PROGRESS REPORT==== 8-Jun-2005::12:09:01 ===
supervisor: {local,ejabberd_sup}
started: [{pid,<0.223.0>},
{name,ejabberd_service_sup},
{mfa,{ejabberd_tmp_sup,
start_link,
[ejabberd_service_sup,ejabberd_service]}},
{restart_type,permanent},
{shutdown,infinity},
{child_type,supervisor}]

=PROGRESS REPORT==== 8-Jun-2005::12:09:01 ===
supervisor: {local,ejabberd_sup}
started: [{pid,<0.224.0>},
{name,ejabberd_http_sup},
{mfa,{ejabberd_tmp_sup,
start_link,
[ejabberd_http_sup,ejabberd_http]}},
{restart_type,permanent},
{shutdown,infinity},
{child_type,supervisor}]

=PROGRESS REPORT==== 8-Jun-2005::12:09:01 ===
supervisor: {local,ejabberd_sup}
started: [{pid,<0.225.0>},
{name,ejabberd_http_poll_sup},
{mfa,{ejabberd_tmp_sup,
start_link,
[ejabberd_http_poll_sup,ejabberd_http_poll]}},
{restart_type,permanent},
{shutdown,infinity},
{child_type,supervisor}]

=PROGRESS REPORT==== 8-Jun-2005::12:09:01 ===
supervisor: {local,ejabberd_sup}
started: [{pid,<0.226.0>},
{name,ejabberd_iq_sup},
{mfa,{ejabberd_tmp_sup,
start_link,
[ejabberd_iq_sup,gen_iq_handler]}},
{restart_type,permanent},
{shutdown,infinity},
{child_type,supervisor}]

=PROGRESS REPORT==== 8-Jun-2005::12:09:01 ===
supervisor: {local,ejabberd_listeners}
started: [{pid,<0.228.0>},
{name,5222},
{mfa,{ejabberd_listener,
start,
[5222,
ejabberd_c2s,
[{access,c2s},
starttls,
{certfile,"/etc/ssl/certs/ejabberd.pem"},
{shaper,c2s_shaper}]]}},
{restart_type,transient},
{shutdown,brutal_kill},
{child_type,worker}]

=PROGRESS REPORT==== 8-Jun-2005::12:09:01 ===
supervisor: {local,ejabberd_listeners}
started: [{pid,<0.229.0>},
{name,5223},
{mfa,{ejabberd_listener,
start,
[5223,
ejabberd_c2s,
[{access,c2s},
tls,
{certfile,"/etc/ssl/certs/ejabberd.pem"},
{shaper,c2s_shaper}]]}},
{restart_type,transient},
{shutdown,brutal_kill},
{child_type,worker}]

=PROGRESS REPORT==== 8-Jun-2005::12:09:01 ===
supervisor: {local,ejabberd_listeners}
started: [{pid,<0.230.0>},
{name,5269},
{mfa,{ejabberd_listener,
start,
[5269,ejabberd_s2s_in,[{shaper,s2s_shaper}]]}},
{restart_type,transient},
{shutdown,brutal_kill},
{child_type,worker}]

=PROGRESS REPORT==== 8-Jun-2005::12:09:01 ===
supervisor: {local,ejabberd_listeners}
started: [{pid,<0.231.0>},
{name,5280},
{mfa,{ejabberd_listener,
start,
[5280,ejabberd_http,[http_poll,web_admin]]}},
{restart_type,transient},
{shutdown,brutal_kill},
{child_type,worker}]

=PROGRESS REPORT==== 8-Jun-2005::12:09:01 ===
supervisor: {local,ejabberd_sup}
started: [{pid,<0.227.0>},
{name,ejabberd_listener},
{mfa,{ejabberd_listener,start_link,[]}},
{restart_type,permanent},
{shutdown,infinity},
{child_type,supervisor}]

=PROGRESS REPORT==== 8-Jun-2005::12:09:01 ===
application: ejabberd
started_at: ejabberd@server01

those options are stored on the database

Submitted by mfoss on Wed, 2005-06-15 18:31.

However the strange thing is that once it had started up successfully once I can comment out the ldap_rootdn and ldap_password configuration items and it it still works after a restart. I'm assuming that it's being cached somewhere but I've been unable to determine where.

It seems that option is stored on the Mnesia database, on the table 'local_config'. It should be updated if you set it differently on ejabberd.cfg.

You can see it if you dump the database to a text file. You can also see it with the Erlang/OTP Table Viewer if you are too curious :). Add this option to the erl shell when starting ejabberd: -s tv

»
Syndicate content

User login