There appears to be a problem with the Directory Server.

Having problems with IHMC CmapServer? Think you have found a bug? Let us know!
Forum rules
Before you post a problem or bug, please be sure you have included the version number of IHMC CmapServer, the operating system and version, the amount of RAM, and any other information that allows us to be able to replicate the problem you are having. (i.e. what were you doing when the problem occur? were you running another program (application) by the time you have the problem?)
Post Reply
Lucky7
Posts: 6
Joined: Fri Aug 31, 2012 8:48 am

There appears to be a problem with the Directory Server.

Post by Lucky7 » Mon Jul 28, 2014 2:23 pm

Hi,

I can't connect to my LDAP server.

i got this msg.

(CLASS: nlk.base.LDAPAuthenticator METHOD: authenticateUser LINE: 33)
nlk.acl.directory.DirectoryXcp: javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C090724, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v23f0 ]

CmapServer 5.04 on Windows Server 2008

Any ideas ?

Thank you :)

Lucky7
Posts: 6
Joined: Fri Aug 31, 2012 8:48 am

Re: There appears to be a problem with the Directory Server.

Post by Lucky7 » Wed Jul 30, 2014 1:18 pm

Now i can log with LDAP but i can't search a user in users directory.

I switch from a LDAP server 2012 to 2003 and it work.

I also updated CmapServer to 5.05.

cmapadmin
Site Admin
Posts: 626
Joined: Sat Dec 13, 2008 2:22 pm

Re: There appears to be a problem with the Directory Server.

Post by cmapadmin » Fri Aug 01, 2014 1:00 pm

Sounds like you're making progress. Are there any messages in your CmapTools client logfile, or your CmapServer logfile, when you try to search for users?

Lucky7
Posts: 6
Joined: Fri Aug 31, 2012 8:48 am

Re: There appears to be a problem with the Directory Server.

Post by Lucky7 » Mon Aug 04, 2014 1:16 pm

(CLASS: nlk.acl.directory.ldap.LDAPUserDirectory METHOD: getUserDN LINE: 595)
LDAPUserDirectory: unable to lookup user DN with anonymous access, will not try again

:?

cmapadmin
Site Admin
Posts: 626
Joined: Sat Dec 13, 2008 2:22 pm

Re: There appears to be a problem with the Directory Server.

Post by cmapadmin » Tue Aug 05, 2014 1:21 pm

I need a bit more info to investigate this further.

From your server log, could you please include the exception that is printed out below the line:
LDAPUserDirectory: unable to lookup user DN with anonymous access, will not try again

Also, could you please attach your CmapTools client logfile (cmaptools0.log), after trying to perform the user search?
E.g. Start CmapTools, try to search for users, quit, then save the log file and attach it here.
Here's where you can find the CmapTools logfile: viewtopic.php?f=3&t=65

Thanks.

Lucky7
Posts: 6
Joined: Fri Aug 31, 2012 8:48 am

Re: There appears to be a problem with the Directory Server.

Post by Lucky7 » Tue Aug 05, 2014 3:14 pm

Thank you for your help :)

There is CmapTools log

Code: Select all

nlk.exception.resio.ResioXcp: code==56 (Directory lookup failed.)
(CLASS: nlk.resio.RequestHandler METHOD: sendServerRequest LINE: 364)
nlk.exception.resio.ResioXcp
	at nlk.base.Authentication.getPrincipals(Authentication.java:304)
	at nlk.resio.ResourceService.getPrincipals(ResourceService.java:2627)
	at nlk.resio.ResourceService.handleHashtable(ResourceService.java:249)
	at nlk.resio.ResourceService.requestToService(ResourceService.java:93)
	at edu.uwf.server.ServiceManager.requestToService(ServiceManager.java:317)
	at edu.uwf.server.ConnManager.handleConnection(ConnManager.java:244)
	at edu.uwf.net.socket.ConnHandlerThreadCache$HandlerThread.run(ConnHandlerThreadCache.java:142)
(CLASS: nlk.resio.RequestHandler METHOD: sendServerRequest LINE: 364)
Caused by: nlk.acl.directory.DirectoryXcp: javax.naming.directory.InvalidSearchFilterException: Unbalanced parenthesis; remaining name 'OU=User,OU=Comptes,DC=domain,DC=ca'
	at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:155)
	at com.sun.jndi.ldap.Filter.encodeFilterString(Filter.java:54)
	at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:521)
	at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1965)
	at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1827)
	at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1752)
	at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321)
	at nlk.acl.directory.ldap.LDAPUserDirectory.getIndividuals(LDAPUserDirectory.java:423)
	at nlk.acl.directory.ldap.LDAPUserDirectory.getPrincipals(LDAPUserDirectory.java:318)
	at nlk.base.Authentication.getPrincipals(Authentication.java:298)
	at nlk.resio.ResourceService.getPrincipals(ResourceService.java:2627)
	at nlk.resio.ResourceService.handleHashtable(ResourceService.java:249)
	at nlk.resio.ResourceService.requestToService(ResourceService.java:93)
	at edu.uwf.server.ServiceManager.requestToService(ServiceManager.java:317)
	at edu.uwf.server.ConnManager.handleConnection(ConnManager.java:244)
	at edu.uwf.net.socket.ConnHandlerThreadCache$HandlerThread.run(ConnHandlerThreadCache.java:142)

	at nlk.acl.directory.ldap.LDAPUserDirectory.getDirectoryXcpForNamingException(LDAPUserDirectory.java:206)
	at nlk.acl.directory.ldap.LDAPUserDirectory.getPrincipals(LDAPUserDirectory.java:339)
	at nlk.base.Authentication.getPrincipals(Authentication.java:298)
(CLASS: nlk.resio.RequestHandler METHOD: sendServerRequest LINE: 364)
	... 6 more
CmapServer log

Code: Select all

(CLASS: nlk.acl.directory.ldap.LDAPUserDirectory METHOD: getUserDN LINE: 595)
LDAPUserDirectory: unable to lookup user DN with anonymous access, will not try again
(CLASS: nlk.acl.directory.ldap.LDAPUserDirectory METHOD: getUserDN LINE: 596)
javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece ]; remaining name 'OU=User,OU=Comptes,DC=domain,DC=ca'
	at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3107)
	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013)
	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820)
	at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1829)
	at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1752)
	at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321)
	at nlk.acl.directory.ldap.LDAPUserDirectory.getUserDN(LDAPUserDirectory.java:581)
	at nlk.acl.directory.ldap.LDAPUserDirectory.bind(LDAPUserDirectory.java:517)
	at nlk.acl.directory.ldap.LDAPUserDirectory.authenticateUser(LDAPUserDirectory.java:142)
	at nlk.base.LDAPAuthenticator.authenticateUser(LDAPAuthenticator.java:24)
	at nlk.acl.NewCmapACLManager.checkPermission(NewCmapACLManager.java:148)
	at nlk.acl.NewCmapACLManager.checkAdministrator(NewCmapACLManager.java:46)
	at nlk.resio.ResourceService.getProjectAclInfo(ResourceService.java:1285)
	at nlk.resio.ResourceService.handleHashtable(ResourceService.java:175)
	at nlk.resio.ResourceService.requestToService(ResourceService.java:93)
	at edu.uwf.server.ServiceManager.requestToService(ServiceManager.java:317)
	at edu.uwf.server.ConnManager.handleConnection(ConnManager.java:244)
	at edu.uwf.net.socket.ConnHandlerThreadCache$HandlerThread.run(ConnHandlerThreadCache.java:142)

cmapadmin
Site Admin
Posts: 626
Joined: Sat Dec 13, 2008 2:22 pm

Re: There appears to be a problem with the Directory Server.

Post by cmapadmin » Mon Aug 11, 2014 4:24 pm

Thanks for posting the log files.

The exception that appears that your CmapServer logfile is OK, it just indicates that your LDAP server doesn't support anonymous binds. CmapTools can still work with this type of LDAP server, as long as the user hierarchy is only one level deep, and the user records are stored directly under the usersBaseDN.

The exception that appears in the CmapTools client logfile, says there are "unbalanced parenthesis" in the search query. This probably indicates a problem with the CmapServer's LDAP configuration.

Could you please post the values of these parameters from your CmapServer's "serverconfig.txt" (in the "bin" folder):
ldap.user.directory.usersBaseDN=
ldap.user.directory.userAttr=

Thanks!

Lucky7
Posts: 6
Joined: Fri Aug 31, 2012 8:48 am

Re: There appears to be a problem with the Directory Server.

Post by Lucky7 » Tue Aug 12, 2014 2:46 pm

Hi,

Thank you for your answer :)

Here is my server config:
ldap.user.directory.usersBaseDN=OU\=Users,OU\=Comptes,DC\=domain,DC\=ca
ldap.user.directory.userAttr=cn


For ldap.user.directory.userAttr, i also tried sAMAccountName without susccess.

The user for binding is deeper then the common users.
CN\=UN_Cmap_auth,OU\=BSP,OU\=Unites,OU\=Institutionnel,DC\=domain,DC\=ca

I also tried to bind with a user directly in usersBaseDN (CN\=lucky,OU\=Users,OU\=Comptes,DC\=domain,DC\=ca) and it's not working, can't even log with a LDAP user.

cmapadmin
Site Admin
Posts: 626
Joined: Sat Dec 13, 2008 2:22 pm

Re: There appears to be a problem with the Directory Server.

Post by cmapadmin » Wed Aug 13, 2014 12:53 pm

This may be a typo, but in the log file you sent previously, it says:

Caused by: nlk.acl.directory.DirectoryXcp: javax.naming.directory.InvalidSearchFilterException: Unbalanced parenthesis; remaining name 'OU=User,OU=Comptes,DC=domain,DC=ca'

Note that it says "OU=User", not "OU=Users"...

I assume that "OU=Users" is the correct value?

I'm still not sure what could be causing the "Unbalanced parenthesis" -- did you type any parenthesis in the user search box, when searching for users?

Are you still getting this same error in the client ("Unbalanced parenthesis") every time you search for users?

What about when you change the userAttr to sAMAccountName? Is the error the same?

Also, I'm not sure if your ActiveDirectory LDAP server is case sensitive or not... you might try using "CN" as the userAttr rather than "cn".

If you could send the client logs for each of these cases, along with the search terms you are typing into the user search box, that would be very helpful. Thanks.

Lucky7
Posts: 6
Joined: Fri Aug 31, 2012 8:48 am

Re: There appears to be a problem with the Directory Server.

Post by Lucky7 » Thu Jul 21, 2016 10:54 am

Still have the same problem with new version.

Server : Windows Server 2012 R2
CmapServer : 6.04

This is new in client log.

Caused by: nlk.acl.directory.DirectoryXcp: javax.naming.SizeLimitExceededException: [LDAP: error code 4 - Sizelimit Exceeded];

Post Reply