LDAP Troubleshooting

最近弄了几次Ldap,最初安装使用的是Redhat5.2自带的ldap rpm包安装的。也配置好了,可以使用ldap浏览器浏览,但不知道为什么就是不能使Ldap与Crowd,jira集成,弄的我很迷茫!可能不是很了解ldap,所以已源码的方式编译了一下Openldap,也让我了解跟多的ldap里面的配置等信息!当然查看的错误信息等是绝对没少查。也许ldap顺利的情况下,真的是超级简单,但如果你遇到问题了,那对不起,ldap真的给你麻烦了!
OpenLDAP我已经安装好了,现在等有时间在多整理一下这方面的文档,然后就会发到博客上@

以下内容是我查找到的ldap的疑难问题

Configuring Macromedia Contribute Publishing Services (CPS) to use Lightweight Directory Access Protocol (LDAP) can be confusing. Included in the CPS administration is a testing tab, but before using the tab you will need to obtain the path to the internal LDAP system. With the path we recommend using a LDAP browser to view the directory to gain a better understanding of how LDAP is implemented at your company.

Using a LDAP browser

One example of a free LDAP Browser is available from Softerra. If you can connect with the Browser, you can navigate through the tree to see where the users are stored. When you find the directory with the users, look at the top bar of the LDAP Browser to get your User Search dn path. Groups can be found similarly.

Each user should have certain attributes that Contribute is interested in:

  • The user’s unique username in LDAP, which is how users are connected to groups
  • The user’s email address (for notification email)
  • The user’s name

Using the LDAP Browser, you can verify a user’s information. Typically you will enter "uid", "mail", and "cn" respectively for these fields.

The Service Settings panel allows you to specify the User Directory, E-mail, Log, and Website Settings. The two Directory types are flat file and LDAP/Active Directory. For most configurations, you will have to pass the full dn for the username, but this can vary depending upon your configuration (e.g. Active Directory), so you have to understand the directory well to pass the test tab.

LDAP Bind Authentication

Most customers will use the "LDAP Bind" authentication; the Password in Directory will apply in relatively few cases.

In order to accomodate the greatest amount of flexibility, the authentication in Contribute is completely independent and self-contained. You’ll have to set up your prefix and suffix to create the proper dn from the user id. Authentication uses parameters strictly from the Settings page. User Search is for finding lists of available users and for looking up attributes of users that are authenticating. Please note that after a user passes the authentication module, Contribute ensures their username is in the User Search query. Therefore, if you’re using Windows domain authentication but have just a subset of domain users in your Active Directory User Search, only the desired users will pass authentication.

Contribute Publishing Services relies on a group having an attribute containing a list of all users in the group. By default CPS looks for the "member" attribute, but this is customizable in the Group tab. However, CPS does not use the User’s "memberOf" attribute.

When Contribute Publishing Services is installed on linux, Solaris or other non-Windows servers, the "Password in windows domain" Authentication type does not apply.

Log files

The error messages resulting from testing various settings of LDAP can be rather generic. Longer error messages are often found in the Contribute Publishing Services log files. When installed in the default directory on Windows, the log files are stored in C:\Program Files\Macromedia\Contribute Publishing Services\logs\.

LDAP Specific Errors

1. Error: com.macromedia.contribute.server.exception.DBException: Error in bind() from LDAP source: [server]:[port]
Cause: This is a very general error, and it means something went wrong when trying to bind to LDAP/AD. Check to see if the LDAP/AD server name and/or port number you have specified is incorrect or an incorrect DN was specified as the administrator username.
Notes: For more detail look at the sub-exception, which can be 1,2,3,4 or 5 below.

2. Error: javax.naming.CommunicationException: [server]:[port] [Root exception is java.net.ConnectException: Connection refused: connect]
Cause: The port name you have specified for the LDAP/AD server is incorrect.

3. Error: javax.naming.CommunicationException: [server]:[port] [Root exception is java.net.UnknownHostException: [server]]
Cause: The LDAP/AD server name you have specified is incorrect.

4. Error: javax.naming.NamingException: Cannot parse url: [protocol]://[server]:[port] [Root exception is java.net.MalformedURLException: Not an LDAP URL: [protocol]://[server]:[port]]
Cause: The protocol you have specified is not correct.
Note: Currently if you specify anything besidesldap for the protocol, you will receive this error.

5. Error: javax.naming.AuthenticationException: [LDAP: error code 49 – Invalid Credentials]
Cause: The DN path or password which you have specified for the administrator is invalid. Any of the below will result in this error:

· Pointed to non-user DN

· Pointed to a non-existent user, but in existing DN

· Pointed to non existent DN

· Pointed to an existing user, but non existing DN

· Pointed to an incorrect admin DN, uid instead of cn

· Pointed to a non administrator user

· Pointed to a valid admin but password is incorrect

6. Error: com.macromedia.contribute.server.exception.DBException: Error in searchForUserList from LDAP plugin: [LDAP: error code 32 – No Such Object]
Cause: Very general error when there is a problem finding the users in LDAP/AD. Could be that the DN pointing to the users is pointing to the wrong place or is just incorrect and does not exist.
Note: For more detail look at the sub-exception, which can be 7 below.

7. Error: javax.naming.NameNotFoundException: [LDAP: error code 32 – No Such Object]; remaining name ‘[DN]’
Cause: The DN path which points to where the users are located in the directory is invalid.

8. Error: com.macromedia.contribute.server.exception.DBException: Error in searchForUserList from LDAP plugin: [LDAP: error code 2 – Bad search filter]
Cause:
Invalid search filter passed to the LDAP/AD server.
Note:
For more detail look at the sub-exception, which can be 9, or 10 below.

9. Error: javax.naming.directory.InvalidSearchFilterException: Missing ‘equals’; remaining name ‘[DN]’

Cause:
The filter specified is wrong or CPS constructed a bad filter.

10. Error: javax.naming.directory.InvalidSearchFilterException: Unbalanced parenthesis; remaining name [DN]

Cause:
You did not have correct opening and closing of parenthesis in your search filter.

11. Error: Error in bind from LDAP source: [LDAP: error code 49 – Invalid Credentials] javax.naming.AuthenticationException

Cause:
Could not authenticate the user trying to login. This can be the result of an incorrect username or password, or an incorrect prefix and/or suffix specified in the Settings tab, depending on the type of LDAP/AD system. Could also mean the authentication type is incorrect.

12. Error: Error in bind from LDAP source: [LDAP: error code 34 – invalid DN] javax.naming.InvalidNameException

Cause:
This is caused by a bad prefix specified in the Settings tab, on most LDAP/AD systems. This could mean you did not specify a prefix at all, which means the LDAP/AD server did not receive a full DN from CPS or that you did not specify a correct prefix, such as CN instead of UID, which results in the LDAP/AD server not receiving a correct DN from CPS. Can also be caused by a missing comma at the beginning of the suffix or an extra comma at the end of the suffix. This error could also mean the authentication type is incorrect.

13. Error: NoSuchAttributeException
Cause: This is caused by providing a name for an attribute which is not correct or does not exist.

Active Directory Specific Errors

1. Error: com.macromedia.contribute.server.exception.DBException: Error in bind() from LDAP source: [LDAP: error code 49 – 80090308: LdapErr: DSID-0C09030F, comment: AcceptSecurityContext error, data 525, vece] javax.naming.AuthenticationException

Cause:
The administrator domain name, username, and or password is incorrect in the Settings tab.

2. Error: com.macromedia.contribute.server.exception.DBException: Error in searchForUserList from LDAP plugin: [LDAP: error code 32 – 0000208D: NameErr: DSID-031001C6, problem 2001 (NO_OBJECT), data 0, best match of: ‘[DN]’ ] javax.naming.NameNotFoundException

Cause:
A non-existent DN specified in the User Search field.

3. Error: javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: [server]:[port] [Root exception is java.net.UnknownHostException: [server]]]

Cause:
An incorrect DN was specified in the User Search field.

4. Error: com.macromedia.contribute.server.exception.DBException: Error in searchForUserList from LDAP plugin: [DN]: [LDAP: error code 34 – 0000208F: NameErr: DSID-031001B3, problem 2006 (BAD_NAME), data 8350, best match of: ‘[DN],’ ] javax.naming.InvalidNameException

Cause:
An incorrectly formatted DN was specified.

5. Error: javax.naming.NameNotFoundException: [LDAP: error code 32 – 0000208D: NameErr: DSID-03100198, problem 2001 (NO_OBJECT), data 0, best match of: ”]; remaining name ”

Cause:
This error appears if you do not have Group settings filled in, but have User Search filled in. Some systems do not care, while some systems experience problems with the empty DN.

6. Error: Error in bind from LDAP source: [LDAP: error code 49 – 80090308: LdapErr: DSID-0C09030F, comment: AcceptSecurityContext error, data 52e, vece ] javax.naming.AuthenticationException
Cause: Could not authenticate the user trying to login. This can be the result of an incorrect username or password, or an incorrect prefix and/or suffix specified in the Settings tab, depending on the type of LDAP/AD system. Could also mean the authentication type is incorrect. Also an incorrect username attribute or incorrect name attribute can cause this. Common cause of this error is a user trying to login with DOMAIN\login instead of just login.

7. Error: javax.naming.NamingException: [LDAP: error code 1 – 000020D6: SvcErr: DSID-03100690, problem 5012 (DIR_ERROR), data 0 ];
Cause: The DN specified in the User Search tab is incorrect, wrong, or incorrectly formatted.

8. Error: Error 12: Server.ActionProcessException: Error in authenticateUser in user plugin. Error in searchForUser from LDAP plugin: [LDAP: error code 1 – 000020D6: SvcErr: DSID-031006C5, problem 5012 (DIR_ERROR), data 0
Cause: User could not be found. Most likely due to DN settings in the User Search tab or the suffix or prefix fields in the Settings tab.

9. Error: com.macromedia.contribute.server.exception.DomainException: Error in authenticateUser in user plugin. Error in searchForUser from LDAP plugin: [LDAP: error code 1 – 000020D6: SvcErr: DSID-03100690, problem 5012 (DIR_ERROR), data 0] javax.naming.NamingException
Cause: Most likely caused by a bad username or password. Common cause of this error is a user trying to login with DOMAIN\login instead of just login.

General Errors:

1. Error: Error 12: Server.ActionProcessException: Error in authenticateUser in user plugin. No user found for username <username> in user database — 100.
Cause:
Most likely the result of a bad prefix or suffix in the settings tab or a bad DN or username or name attribute in the User Search attribute.

Additional information

One excellent resource for LDAP Error codes is available at wikis.sun.com/display/SunJavaSystem/LDAP+Error+Codes

- THE END -
版权声明:
转载原创文章请注明,文章出处:http://kinggoo.com
原文地址:http://kinggoo.com/app-openldap-ldaperrorcodes.htm
发表评论?

2 条评论。

  1. Don’t cross the bridges before you come to them.

发表评论