There appears to be a problem with the Directory Server.
Forum rules
Before you post a problem or bug, please be sure you have included the version number of IHMC CmapServer, the operating system and version, the amount of RAM, and any other information that allows us to be able to replicate the problem you are having. (i.e. what were you doing when the problem occur? were you running another program (application) by the time you have the problem?)
Before you post a problem or bug, please be sure you have included the version number of IHMC CmapServer, the operating system and version, the amount of RAM, and any other information that allows us to be able to replicate the problem you are having. (i.e. what were you doing when the problem occur? were you running another program (application) by the time you have the problem?)
-
- Posts: 6
- Joined: Fri Aug 31, 2012 8:48 am
There appears to be a problem with the Directory Server.
Hi,
I can't connect to my LDAP server.
i got this msg.
(CLASS: nlk.base.LDAPAuthenticator METHOD: authenticateUser LINE: 33)
nlk.acl.directory.DirectoryXcp: javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C090724, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v23f0 ]
CmapServer 5.04 on Windows Server 2008
Any ideas ?
Thank you
I can't connect to my LDAP server.
i got this msg.
(CLASS: nlk.base.LDAPAuthenticator METHOD: authenticateUser LINE: 33)
nlk.acl.directory.DirectoryXcp: javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C090724, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v23f0 ]
CmapServer 5.04 on Windows Server 2008
Any ideas ?
Thank you
-
- Posts: 6
- Joined: Fri Aug 31, 2012 8:48 am
Re: There appears to be a problem with the Directory Server.
Now i can log with LDAP but i can't search a user in users directory.
I switch from a LDAP server 2012 to 2003 and it work.
I also updated CmapServer to 5.05.
I switch from a LDAP server 2012 to 2003 and it work.
I also updated CmapServer to 5.05.
-
- Site Admin
- Posts: 833
- Joined: Sat Dec 13, 2008 2:22 pm
Re: There appears to be a problem with the Directory Server.
Sounds like you're making progress. Are there any messages in your CmapTools client logfile, or your CmapServer logfile, when you try to search for users?
-
- Posts: 6
- Joined: Fri Aug 31, 2012 8:48 am
Re: There appears to be a problem with the Directory Server.
(CLASS: nlk.acl.directory.ldap.LDAPUserDirectory METHOD: getUserDN LINE: 595)
LDAPUserDirectory: unable to lookup user DN with anonymous access, will not try again
LDAPUserDirectory: unable to lookup user DN with anonymous access, will not try again
-
- Site Admin
- Posts: 833
- Joined: Sat Dec 13, 2008 2:22 pm
Re: There appears to be a problem with the Directory Server.
I need a bit more info to investigate this further.
From your server log, could you please include the exception that is printed out below the line:
LDAPUserDirectory: unable to lookup user DN with anonymous access, will not try again
Also, could you please attach your CmapTools client logfile (cmaptools0.log), after trying to perform the user search?
E.g. Start CmapTools, try to search for users, quit, then save the log file and attach it here.
Here's where you can find the CmapTools logfile: viewtopic.php?f=3&t=65
Thanks.
From your server log, could you please include the exception that is printed out below the line:
LDAPUserDirectory: unable to lookup user DN with anonymous access, will not try again
Also, could you please attach your CmapTools client logfile (cmaptools0.log), after trying to perform the user search?
E.g. Start CmapTools, try to search for users, quit, then save the log file and attach it here.
Here's where you can find the CmapTools logfile: viewtopic.php?f=3&t=65
Thanks.
-
- Posts: 6
- Joined: Fri Aug 31, 2012 8:48 am
Re: There appears to be a problem with the Directory Server.
Thank you for your help
There is CmapTools log
CmapServer log
There is CmapTools log
Code: Select all
nlk.exception.resio.ResioXcp: code==56 (Directory lookup failed.)
(CLASS: nlk.resio.RequestHandler METHOD: sendServerRequest LINE: 364)
nlk.exception.resio.ResioXcp
at nlk.base.Authentication.getPrincipals(Authentication.java:304)
at nlk.resio.ResourceService.getPrincipals(ResourceService.java:2627)
at nlk.resio.ResourceService.handleHashtable(ResourceService.java:249)
at nlk.resio.ResourceService.requestToService(ResourceService.java:93)
at edu.uwf.server.ServiceManager.requestToService(ServiceManager.java:317)
at edu.uwf.server.ConnManager.handleConnection(ConnManager.java:244)
at edu.uwf.net.socket.ConnHandlerThreadCache$HandlerThread.run(ConnHandlerThreadCache.java:142)
(CLASS: nlk.resio.RequestHandler METHOD: sendServerRequest LINE: 364)
Caused by: nlk.acl.directory.DirectoryXcp: javax.naming.directory.InvalidSearchFilterException: Unbalanced parenthesis; remaining name 'OU=User,OU=Comptes,DC=domain,DC=ca'
at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:155)
at com.sun.jndi.ldap.Filter.encodeFilterString(Filter.java:54)
at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:521)
at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1965)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1827)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1752)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321)
at nlk.acl.directory.ldap.LDAPUserDirectory.getIndividuals(LDAPUserDirectory.java:423)
at nlk.acl.directory.ldap.LDAPUserDirectory.getPrincipals(LDAPUserDirectory.java:318)
at nlk.base.Authentication.getPrincipals(Authentication.java:298)
at nlk.resio.ResourceService.getPrincipals(ResourceService.java:2627)
at nlk.resio.ResourceService.handleHashtable(ResourceService.java:249)
at nlk.resio.ResourceService.requestToService(ResourceService.java:93)
at edu.uwf.server.ServiceManager.requestToService(ServiceManager.java:317)
at edu.uwf.server.ConnManager.handleConnection(ConnManager.java:244)
at edu.uwf.net.socket.ConnHandlerThreadCache$HandlerThread.run(ConnHandlerThreadCache.java:142)
at nlk.acl.directory.ldap.LDAPUserDirectory.getDirectoryXcpForNamingException(LDAPUserDirectory.java:206)
at nlk.acl.directory.ldap.LDAPUserDirectory.getPrincipals(LDAPUserDirectory.java:339)
at nlk.base.Authentication.getPrincipals(Authentication.java:298)
(CLASS: nlk.resio.RequestHandler METHOD: sendServerRequest LINE: 364)
... 6 more
Code: Select all
(CLASS: nlk.acl.directory.ldap.LDAPUserDirectory METHOD: getUserDN LINE: 595)
LDAPUserDirectory: unable to lookup user DN with anonymous access, will not try again
(CLASS: nlk.acl.directory.ldap.LDAPUserDirectory METHOD: getUserDN LINE: 596)
javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece ]; remaining name 'OU=User,OU=Comptes,DC=domain,DC=ca'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3107)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1829)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1752)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321)
at nlk.acl.directory.ldap.LDAPUserDirectory.getUserDN(LDAPUserDirectory.java:581)
at nlk.acl.directory.ldap.LDAPUserDirectory.bind(LDAPUserDirectory.java:517)
at nlk.acl.directory.ldap.LDAPUserDirectory.authenticateUser(LDAPUserDirectory.java:142)
at nlk.base.LDAPAuthenticator.authenticateUser(LDAPAuthenticator.java:24)
at nlk.acl.NewCmapACLManager.checkPermission(NewCmapACLManager.java:148)
at nlk.acl.NewCmapACLManager.checkAdministrator(NewCmapACLManager.java:46)
at nlk.resio.ResourceService.getProjectAclInfo(ResourceService.java:1285)
at nlk.resio.ResourceService.handleHashtable(ResourceService.java:175)
at nlk.resio.ResourceService.requestToService(ResourceService.java:93)
at edu.uwf.server.ServiceManager.requestToService(ServiceManager.java:317)
at edu.uwf.server.ConnManager.handleConnection(ConnManager.java:244)
at edu.uwf.net.socket.ConnHandlerThreadCache$HandlerThread.run(ConnHandlerThreadCache.java:142)
-
- Site Admin
- Posts: 833
- Joined: Sat Dec 13, 2008 2:22 pm
Re: There appears to be a problem with the Directory Server.
Thanks for posting the log files.
The exception that appears that your CmapServer logfile is OK, it just indicates that your LDAP server doesn't support anonymous binds. CmapTools can still work with this type of LDAP server, as long as the user hierarchy is only one level deep, and the user records are stored directly under the usersBaseDN.
The exception that appears in the CmapTools client logfile, says there are "unbalanced parenthesis" in the search query. This probably indicates a problem with the CmapServer's LDAP configuration.
Could you please post the values of these parameters from your CmapServer's "serverconfig.txt" (in the "bin" folder):
ldap.user.directory.usersBaseDN=
ldap.user.directory.userAttr=
Thanks!
The exception that appears that your CmapServer logfile is OK, it just indicates that your LDAP server doesn't support anonymous binds. CmapTools can still work with this type of LDAP server, as long as the user hierarchy is only one level deep, and the user records are stored directly under the usersBaseDN.
The exception that appears in the CmapTools client logfile, says there are "unbalanced parenthesis" in the search query. This probably indicates a problem with the CmapServer's LDAP configuration.
Could you please post the values of these parameters from your CmapServer's "serverconfig.txt" (in the "bin" folder):
ldap.user.directory.usersBaseDN=
ldap.user.directory.userAttr=
Thanks!
-
- Posts: 6
- Joined: Fri Aug 31, 2012 8:48 am
Re: There appears to be a problem with the Directory Server.
Hi,
Thank you for your answer
Here is my server config:
ldap.user.directory.usersBaseDN=OU\=Users,OU\=Comptes,DC\=domain,DC\=ca
ldap.user.directory.userAttr=cn
For ldap.user.directory.userAttr, i also tried sAMAccountName without susccess.
The user for binding is deeper then the common users.
CN\=UN_Cmap_auth,OU\=BSP,OU\=Unites,OU\=Institutionnel,DC\=domain,DC\=ca
I also tried to bind with a user directly in usersBaseDN (CN\=lucky,OU\=Users,OU\=Comptes,DC\=domain,DC\=ca) and it's not working, can't even log with a LDAP user.
Thank you for your answer
Here is my server config:
ldap.user.directory.usersBaseDN=OU\=Users,OU\=Comptes,DC\=domain,DC\=ca
ldap.user.directory.userAttr=cn
For ldap.user.directory.userAttr, i also tried sAMAccountName without susccess.
The user for binding is deeper then the common users.
CN\=UN_Cmap_auth,OU\=BSP,OU\=Unites,OU\=Institutionnel,DC\=domain,DC\=ca
I also tried to bind with a user directly in usersBaseDN (CN\=lucky,OU\=Users,OU\=Comptes,DC\=domain,DC\=ca) and it's not working, can't even log with a LDAP user.
-
- Site Admin
- Posts: 833
- Joined: Sat Dec 13, 2008 2:22 pm
Re: There appears to be a problem with the Directory Server.
This may be a typo, but in the log file you sent previously, it says:
Caused by: nlk.acl.directory.DirectoryXcp: javax.naming.directory.InvalidSearchFilterException: Unbalanced parenthesis; remaining name 'OU=User,OU=Comptes,DC=domain,DC=ca'
Note that it says "OU=User", not "OU=Users"...
I assume that "OU=Users" is the correct value?
I'm still not sure what could be causing the "Unbalanced parenthesis" -- did you type any parenthesis in the user search box, when searching for users?
Are you still getting this same error in the client ("Unbalanced parenthesis") every time you search for users?
What about when you change the userAttr to sAMAccountName? Is the error the same?
Also, I'm not sure if your ActiveDirectory LDAP server is case sensitive or not... you might try using "CN" as the userAttr rather than "cn".
If you could send the client logs for each of these cases, along with the search terms you are typing into the user search box, that would be very helpful. Thanks.
Caused by: nlk.acl.directory.DirectoryXcp: javax.naming.directory.InvalidSearchFilterException: Unbalanced parenthesis; remaining name 'OU=User,OU=Comptes,DC=domain,DC=ca'
Note that it says "OU=User", not "OU=Users"...
I assume that "OU=Users" is the correct value?
I'm still not sure what could be causing the "Unbalanced parenthesis" -- did you type any parenthesis in the user search box, when searching for users?
Are you still getting this same error in the client ("Unbalanced parenthesis") every time you search for users?
What about when you change the userAttr to sAMAccountName? Is the error the same?
Also, I'm not sure if your ActiveDirectory LDAP server is case sensitive or not... you might try using "CN" as the userAttr rather than "cn".
If you could send the client logs for each of these cases, along with the search terms you are typing into the user search box, that would be very helpful. Thanks.
-
- Posts: 6
- Joined: Fri Aug 31, 2012 8:48 am
Re: There appears to be a problem with the Directory Server.
Still have the same problem with new version.
Server : Windows Server 2012 R2
CmapServer : 6.04
This is new in client log.
Caused by: nlk.acl.directory.DirectoryXcp: javax.naming.SizeLimitExceededException: [LDAP: error code 4 - Sizelimit Exceeded];
Server : Windows Server 2012 R2
CmapServer : 6.04
This is new in client log.
Caused by: nlk.acl.directory.DirectoryXcp: javax.naming.SizeLimitExceededException: [LDAP: error code 4 - Sizelimit Exceeded];