Page 1 of 1

There appears to be a problem with the Directory Server.

Posted: Mon Jul 28, 2014 2:23 pm
by Lucky7
Hi,

I can't connect to my LDAP server.

i got this msg.

(CLASS: nlk.base.LDAPAuthenticator METHOD: authenticateUser LINE: 33)
nlk.acl.directory.DirectoryXcp: javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C090724, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v23f0 ]

CmapServer 5.04 on Windows Server 2008

Any ideas ?

Thank you :)

Re: There appears to be a problem with the Directory Server.

Posted: Wed Jul 30, 2014 1:18 pm
by Lucky7
Now i can log with LDAP but i can't search a user in users directory.

I switch from a LDAP server 2012 to 2003 and it work.

I also updated CmapServer to 5.05.

Re: There appears to be a problem with the Directory Server.

Posted: Fri Aug 01, 2014 1:00 pm
by cmapadmin
Sounds like you're making progress. Are there any messages in your CmapTools client logfile, or your CmapServer logfile, when you try to search for users?

Re: There appears to be a problem with the Directory Server.

Posted: Mon Aug 04, 2014 1:16 pm
by Lucky7
(CLASS: nlk.acl.directory.ldap.LDAPUserDirectory METHOD: getUserDN LINE: 595)
LDAPUserDirectory: unable to lookup user DN with anonymous access, will not try again

:?

Re: There appears to be a problem with the Directory Server.

Posted: Tue Aug 05, 2014 1:21 pm
by cmapadmin
I need a bit more info to investigate this further.

From your server log, could you please include the exception that is printed out below the line:
LDAPUserDirectory: unable to lookup user DN with anonymous access, will not try again

Also, could you please attach your CmapTools client logfile (cmaptools0.log), after trying to perform the user search?
E.g. Start CmapTools, try to search for users, quit, then save the log file and attach it here.
Here's where you can find the CmapTools logfile: viewtopic.php?f=3&t=65

Thanks.

Re: There appears to be a problem with the Directory Server.

Posted: Tue Aug 05, 2014 3:14 pm
by Lucky7
Thank you for your help :)

There is CmapTools log

Code: Select all

nlk.exception.resio.ResioXcp: code==56 (Directory lookup failed.)
(CLASS: nlk.resio.RequestHandler METHOD: sendServerRequest LINE: 364)
nlk.exception.resio.ResioXcp
	at nlk.base.Authentication.getPrincipals(Authentication.java:304)
	at nlk.resio.ResourceService.getPrincipals(ResourceService.java:2627)
	at nlk.resio.ResourceService.handleHashtable(ResourceService.java:249)
	at nlk.resio.ResourceService.requestToService(ResourceService.java:93)
	at edu.uwf.server.ServiceManager.requestToService(ServiceManager.java:317)
	at edu.uwf.server.ConnManager.handleConnection(ConnManager.java:244)
	at edu.uwf.net.socket.ConnHandlerThreadCache$HandlerThread.run(ConnHandlerThreadCache.java:142)
(CLASS: nlk.resio.RequestHandler METHOD: sendServerRequest LINE: 364)
Caused by: nlk.acl.directory.DirectoryXcp: javax.naming.directory.InvalidSearchFilterException: Unbalanced parenthesis; remaining name 'OU=User,OU=Comptes,DC=domain,DC=ca'
	at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:155)
	at com.sun.jndi.ldap.Filter.encodeFilterString(Filter.java:54)
	at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:521)
	at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1965)
	at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1827)
	at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1752)
	at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321)
	at nlk.acl.directory.ldap.LDAPUserDirectory.getIndividuals(LDAPUserDirectory.java:423)
	at nlk.acl.directory.ldap.LDAPUserDirectory.getPrincipals(LDAPUserDirectory.java:318)
	at nlk.base.Authentication.getPrincipals(Authentication.java:298)
	at nlk.resio.ResourceService.getPrincipals(ResourceService.java:2627)
	at nlk.resio.ResourceService.handleHashtable(ResourceService.java:249)
	at nlk.resio.ResourceService.requestToService(ResourceService.java:93)
	at edu.uwf.server.ServiceManager.requestToService(ServiceManager.java:317)
	at edu.uwf.server.ConnManager.handleConnection(ConnManager.java:244)
	at edu.uwf.net.socket.ConnHandlerThreadCache$HandlerThread.run(ConnHandlerThreadCache.java:142)

	at nlk.acl.directory.ldap.LDAPUserDirectory.getDirectoryXcpForNamingException(LDAPUserDirectory.java:206)
	at nlk.acl.directory.ldap.LDAPUserDirectory.getPrincipals(LDAPUserDirectory.java:339)
	at nlk.base.Authentication.getPrincipals(Authentication.java:298)
(CLASS: nlk.resio.RequestHandler METHOD: sendServerRequest LINE: 364)
	... 6 more
CmapServer log

Code: Select all

(CLASS: nlk.acl.directory.ldap.LDAPUserDirectory METHOD: getUserDN LINE: 595)
LDAPUserDirectory: unable to lookup user DN with anonymous access, will not try again
(CLASS: nlk.acl.directory.ldap.LDAPUserDirectory METHOD: getUserDN LINE: 596)
javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece ]; remaining name 'OU=User,OU=Comptes,DC=domain,DC=ca'
	at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3107)
	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013)
	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820)
	at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1829)
	at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1752)
	at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321)
	at nlk.acl.directory.ldap.LDAPUserDirectory.getUserDN(LDAPUserDirectory.java:581)
	at nlk.acl.directory.ldap.LDAPUserDirectory.bind(LDAPUserDirectory.java:517)
	at nlk.acl.directory.ldap.LDAPUserDirectory.authenticateUser(LDAPUserDirectory.java:142)
	at nlk.base.LDAPAuthenticator.authenticateUser(LDAPAuthenticator.java:24)
	at nlk.acl.NewCmapACLManager.checkPermission(NewCmapACLManager.java:148)
	at nlk.acl.NewCmapACLManager.checkAdministrator(NewCmapACLManager.java:46)
	at nlk.resio.ResourceService.getProjectAclInfo(ResourceService.java:1285)
	at nlk.resio.ResourceService.handleHashtable(ResourceService.java:175)
	at nlk.resio.ResourceService.requestToService(ResourceService.java:93)
	at edu.uwf.server.ServiceManager.requestToService(ServiceManager.java:317)
	at edu.uwf.server.ConnManager.handleConnection(ConnManager.java:244)
	at edu.uwf.net.socket.ConnHandlerThreadCache$HandlerThread.run(ConnHandlerThreadCache.java:142)

Re: There appears to be a problem with the Directory Server.

Posted: Mon Aug 11, 2014 4:24 pm
by cmapadmin
Thanks for posting the log files.

The exception that appears that your CmapServer logfile is OK, it just indicates that your LDAP server doesn't support anonymous binds. CmapTools can still work with this type of LDAP server, as long as the user hierarchy is only one level deep, and the user records are stored directly under the usersBaseDN.

The exception that appears in the CmapTools client logfile, says there are "unbalanced parenthesis" in the search query. This probably indicates a problem with the CmapServer's LDAP configuration.

Could you please post the values of these parameters from your CmapServer's "serverconfig.txt" (in the "bin" folder):
ldap.user.directory.usersBaseDN=
ldap.user.directory.userAttr=

Thanks!

Re: There appears to be a problem with the Directory Server.

Posted: Tue Aug 12, 2014 2:46 pm
by Lucky7
Hi,

Thank you for your answer :)

Here is my server config:
ldap.user.directory.usersBaseDN=OU\=Users,OU\=Comptes,DC\=domain,DC\=ca
ldap.user.directory.userAttr=cn


For ldap.user.directory.userAttr, i also tried sAMAccountName without susccess.

The user for binding is deeper then the common users.
CN\=UN_Cmap_auth,OU\=BSP,OU\=Unites,OU\=Institutionnel,DC\=domain,DC\=ca

I also tried to bind with a user directly in usersBaseDN (CN\=lucky,OU\=Users,OU\=Comptes,DC\=domain,DC\=ca) and it's not working, can't even log with a LDAP user.

Re: There appears to be a problem with the Directory Server.

Posted: Wed Aug 13, 2014 12:53 pm
by cmapadmin
This may be a typo, but in the log file you sent previously, it says:

Caused by: nlk.acl.directory.DirectoryXcp: javax.naming.directory.InvalidSearchFilterException: Unbalanced parenthesis; remaining name 'OU=User,OU=Comptes,DC=domain,DC=ca'

Note that it says "OU=User", not "OU=Users"...

I assume that "OU=Users" is the correct value?

I'm still not sure what could be causing the "Unbalanced parenthesis" -- did you type any parenthesis in the user search box, when searching for users?

Are you still getting this same error in the client ("Unbalanced parenthesis") every time you search for users?

What about when you change the userAttr to sAMAccountName? Is the error the same?

Also, I'm not sure if your ActiveDirectory LDAP server is case sensitive or not... you might try using "CN" as the userAttr rather than "cn".

If you could send the client logs for each of these cases, along with the search terms you are typing into the user search box, that would be very helpful. Thanks.

Re: There appears to be a problem with the Directory Server.

Posted: Thu Jul 21, 2016 10:54 am
by Lucky7
Still have the same problem with new version.

Server : Windows Server 2012 R2
CmapServer : 6.04

This is new in client log.

Caused by: nlk.acl.directory.DirectoryXcp: javax.naming.SizeLimitExceededException: [LDAP: error code 4 - Sizelimit Exceeded];