LDAP broken for AD with Mindtouch 10.1.0

**jdaniel3760** · 07-04-2011 03:43 AM

Hi I've just migrated from the Debian VM to RHEL 5.7.

LDAP for AD seems broken - it worked under Debian well.
LDAP for eDir still works.

Is this a known issue? Or should I try the published troubleshooting?

Using this SID
http://services.mindtouch.com/deki/s...authentication

Here is the LDAP log. Why is it trying to use Novell???

Code:

**jdaniel3760** · 07-04-2011 04:20 AM

I fixed this by using an IP addess for the hostname. Thanks

**crb** · 07-04-2011 12:26 PM

Novell make the library for the LDAP service for Mono.

"A semaphore not owned by any thread" means you can't connect to AD.

**christianheinz** · 07-04-2011 02:50 PM

Originally Posted by jdaniel3760

I fixed this by using an IP addess for the hostname. Thanks

Hello, for me changing the hostname from fqdn:3268 to xxx.xxx.xxx.xxx:3268 did not help. With 10.1.0 the LDAP authenticator is broken. Production server running same software set but Mindtouch Core 10.0.7 is fine.

Error thrown is like that:

Code:

Request URI:
http://localhost:8081/deki/users/authenticate?dream.out.format=php&dream.in.host=HOSTNAME.DOMAIN.TLD&dream.in.scheme=https&dream.in.origin=xxx.xxx.xxx.xxx&authprovider=10

Server response:
Array
(
    [exception] => Array
        (
            [coroutine] => Array
                (
                    [frame] => Array
                        (
                            [@method] => MindTouch.Deki.Services.LdapAuthenticationService.UserLogin(DreamContext context, DreamMessage request, Result`1 response)
                        )

                )

            [message] => Filter Error
            [source] => Novell.Directory.Ldap
            [stacktrace] => Array
                (
                    [frame] => Array
                        (
                            [0] => Novell.Directory.Ldap.Rfc2251.RfcFilter.unescapeString(String string_Renamed)
                            [1] => Novell.Directory.Ldap.Rfc2251.RfcFilter.parseFilterComp()
                            [2] => Novell.Directory.Ldap.Rfc2251.RfcFilter.parseFilter()
                            [3] => Novell.Directory.Ldap.Rfc2251.RfcFilter.parse(String filterExpr)
                            [4] => Novell.Directory.Ldap.Rfc2251.RfcFilter..ctor(String filter)
                            [5] => Novell.Directory.Ldap.LdapSearchRequest..ctor(String base_Renamed, Int32 scope, String filter, String[] attrs, Int32 dereference, Int32 maxResults, Int32 serverTimeLimit, Boolean typesOnly, LdapControl[] cont)
                            [6] => Novell.Directory.Ldap.LdapConnection.Search(String base_Renamed, Int32 scope, String filter, String[] attrs, Boolean typesOnly, LdapSearchQueue queue, LdapSearchConstraints cons)
                            [7] => Novell.Directory.Ldap.LdapConnection.Search(String base_Renamed, Int32 scope, String filter, String[] attrs, Boolean typesOnly, LdapSearchConstraints cons)
                            [8] => MindTouch.Deki.Services.LdapClient.LookupLdapUser(Boolean retrieveGroupMembership, String username, LdapConnection& conn)
                            [9] => MindTouch.Deki.Services.LdapClient.GetUserInfo(Boolean retrieveGroupMembership, String username)
                            [10] => MindTouch.Deki.Services.LdapClient.GetUserInfo(Boolean retrieveGroupMembership, UInt32 retries, String username)
                            [11] => MindTouch.Deki.Services.LdapAuthenticationService.<UserLogin>d__6.MoveNext()
                            [12] => MindTouch.Tasking.Coroutine.Invoke(Func`1 invocation)
                        )

                )

            [type] => Novell.Directory.Ldap.LdapLocalException
        )

)

**crb** · 07-05-2011 04:16 PM

Can you paste the config settings for your service (id 10) - redacting any hard-coded credentials?

**christianheinz** · 07-06-2011 08:27 AM

Originally Posted by crb

Can you paste the config settings for your service (id 10) - redacting any hard-coded credentials?

Hello crb,

SELECT
`service_config`.`config_id`,
`service_config`.`service_id`,
`service_config`.`config_name`,
`service_config`.`config_value`
FROM `wikidb`.`service_config`
where service_id = 10;

---------------------------------------------------------------
1033 10 groupquery (&(cn=$1)(objectCategory=group))
1032 10 groupqueryall (objectClass=group)
1031 10 hostname hostname.domain.tld:3268
1030 10 groupmembersattribute memberOf
1029 10 userquery userPrincipalName=$1
1028 10 usernameattribute userPrincipalName
1034 10 searchbase DC=domain,DC=tld
1035 10 bindingdn $1
---------------------------------------------------------------

Christian

**crb** · 07-06-2011 11:44 AM

1033 10 groupquery (&(cn=$1)(objectCategory=group))

Does it work if you change 'objectCategory' to say 'objectClass' ?

**christianheinz** · 07-06-2011 01:48 PM

Originally Posted by crb

Does it work if you change 'objectCategory' to say 'objectClass' ?

No, sorry - same error, any other ideas?

**crb** · 07-06-2011 01:56 PM

Apparently just removing the groupquery can work. See this old thread.

**christianheinz** · 07-06-2011 03:12 PM

Originally Posted by crb

Apparently just removing the groupquery can work. See this old thread.

No - sorry, same error :-(

Thread: LDAP broken for AD with Mindtouch 10.1.0

Thread Tools

Search Thread

Display

LDAP broken for AD with Mindtouch 10.1.0

Posting Permissions