LDAP authentication broken with 16.02 #1037

wahjava · 2016-03-28T12:48:27Z

What version of ejabberd are you using?

16.02

What operating system (version) are you using?

FreeBSD

How did you install ejabberd (source, package, distribution)?

distribution

What did not work as expected? Are there error messages in the log? What
was the unexpected behavior? What was the expected result?

I am seeing following messages in ejabberd.log file on startup:

2016-03-28 18:07:53.466 [info] <0.2774.0> Application mnesia started on node 'ejabberd@localhost.localdomain'
2016-03-28 18:07:53.896 [info] <0.2774.0> Application inets started on node 'ejabberd@localhost.localdomain'
2016-03-28 18:07:54.233 [info] <0.2805.0>@cyrsasl_digest:start:60 FQDN used to check DIGEST-MD5 SASL authentication: localhost.localdomain
2016-03-28 18:07:54.234 [info] <0.3110.0>@eldap_pool:start_link:61 Err = {'EXIT',{undef,[{eldap,start_link,[<<"#Ref<0.0.1.71472>">>,[<<"127.0.0.1">>],389,<<"cn=Manager,dc=localhost,dc=localdomain">>,<<"foobar">>,[{encrypt,none},{tls_verify,false},{tls_cacertfile,undefined},{tls_depth,undefined}]],[]},{eldap_pool,'-start_link/7-fun-2-',7,[{file,"src/eldap_pool.erl"},{line,55}]},{lists,foreach,2,[{file,"lists.erl"},{line,1337}]},{ejabberd_auth_ldap,init,1,[{file,"src/ejabberd_auth_ldap.erl"},{line,105}]},{gen_server,init_it,6,[{file,"gen_server.erl"},{line,328}]},{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,240}]}]}}
2016-03-28 18:07:54.234 [info] <0.3110.0>@eldap_pool:start_link:61 Err = {'EXIT',{undef,[{eldap,start_link,[<<"#Ref<0.0.1.71481>">>,[<<"127.0.0.1">>],389,<<"cn=Manager,dc=localhost,dc=localdomain">>,<<"foobar">>,[{encrypt,none},{tls_verify,false},{tls_cacertfile,undefined},{tls_depth,undefined}]],[]},{eldap_pool,'-start_link/7-fun-2-',7,[{file,"src/eldap_pool.erl"},{line,55}]},{lists,foreach,2,[{file,"lists.erl"},{line,1337}]},{ejabberd_auth_ldap,init,1,[{file,"src/ejabberd_auth_ldap.erl"},{line,109}]},{gen_server,init_it,6,[{file,"gen_server.erl"},{line,328}]},{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,240}]}]}}
2016-03-28 18:07:54.259 [info] <0.3207.0>@ejabberd_listener:listen_tcp:189 Reusing listening port for {5222,{0,0,0,0},tcp}
2016-03-28 18:07:54.259 [info] <0.3208.0>@ejabberd_listener:listen_tcp:189 Reusing listening port for {5269,{0,0,0,0},tcp}

Relevant excerpt from ejabberd configuration:

auth_method: [ldap]

ldap_servers:
        - "127.0.0.1"
ldap_port: 389
ldap_rootdn: "cn=Manager,dc=localhost,dc=localdomain"
ldap_password: "foobar"
ldap_base: "ou=People,dc=localhost,dc=localdomain"
ldap_filter: "(objectClass=person)"

I am using OpenLDAP server, and following works:

λ ldapsearch -w foobar -xLLL -D cn=Manager,dc=localhost,dc=localdomain  -b 'ou=People,dc=localhost,dc=localdomain' '(objectClass=person)'
dn: cn=user,ou=People,dc=localhost,dc=localdomain
objectClass: person
cn: user
cn: user
sn: foo
userPassword:: Zm9vYmFy

The ejabberd configuration is mostly pristine, except for the LDAP excerpt. Please let me know if you need more information.

Thanks!

The text was updated successfully, but these errors were encountered:

mremond · 2016-03-28T15:28:54Z

I checked and I can actually authenticate fine with LDAP on 16.02.
You are missing eldap module (undef). You seem to have an issue with your installation.

wahjava · 2016-03-28T17:27:25Z

@mremond Thanks you for checking. Following is the output from my host:

ejabberd-16.02 λ pkg info -l ejabberd-16.02|fgrep eldap
        /usr/local/lib/erlang/lib/ejabberd-16.02/ebin/eldap.beam
        /usr/local/lib/erlang/lib/ejabberd-16.02/ebin/eldap_filter.beam
        /usr/local/lib/erlang/lib/ejabberd-16.02/ebin/eldap_filter_yecc.beam
        /usr/local/lib/erlang/lib/ejabberd-16.02/ebin/eldap_pool.beam
        /usr/local/lib/erlang/lib/ejabberd-16.02/ebin/eldap_utils.beam
        /usr/local/lib/erlang/lib/ejabberd-16.02/include/eldap.hrl
ejabberd-16.02 λ find . |fgrep eldap |fgrep -iv .erl   
./include/eldap.hrl
./src/eldap_filter_yecc.yrl
./ebin/eldap_filter_yecc.beam
./ebin/eldap_pool.beam
./ebin/eldap_filter.beam
./ebin/eldap_utils.beam
./ebin/eldap.beam

pkg info -l ejabberd-16.02 outputs the list of files installed by ejabberd distribution package. ejabberd-16.02 is the directory where ejabberd-16.02.tgz is extracted and built with following configure options:

./configure --localstatedir=/var --libdir=/usr/local/lib/erlang/lib --disable-full-xml --enable-iconv --disable-mysql --disable-odbc --disable-pam --disable-pgsql --disable-redis --disable-riak --disable-sqlite --disable-tools --prefix=/usr/local --mandir=/usr/local/man --infodir=/usr/local/info/ --build=amd64-portbld-freebsd10.2

Could you point out exactly what I am missing here ?

Thanks in advance!

mremond · 2016-03-29T07:05:54Z

Likely you have the module eldap that have been added to Erlang higher in your path and your are shadowing ejabberd eldap module.

vst377 · 2016-03-30T08:44:33Z

Hello. I hade the same problem as Wahjava. Thanks to Mremond for the tip.
My files:

# find /usr/local/lib/erlang/lib/ -name "eldap*"
/usr/local/lib/erlang/lib/eldap-1.2.1
/usr/local/lib/erlang/lib/eldap-1.2.1/ebin/eldap.app
/usr/local/lib/erlang/lib/eldap-1.2.1/ebin/eldap.appup
/usr/local/lib/erlang/lib/eldap-1.2.1/ebin/eldap.beam
/usr/local/lib/erlang/lib/eldap-1.2.1/include/eldap.hrl
/usr/local/lib/erlang/lib/eldap-1.2.1/src/eldap.erl
/usr/local/lib/erlang/lib/ejabberd-16.02/ebin/eldap.beam
/usr/local/lib/erlang/lib/ejabberd-16.02/ebin/eldap_pool.beam
/usr/local/lib/erlang/lib/ejabberd-16.02/ebin/eldap_filter.beam
/usr/local/lib/erlang/lib/ejabberd-16.02/ebin/eldap_filter_yecc.beam
/usr/local/lib/erlang/lib/ejabberd-16.02/ebin/eldap_utils.beam
/usr/local/lib/erlang/lib/ejabberd-16.02/include/eldap.hrl

My solution (probably wrong, but working):
# rm -r /usr/local/lib/erlang/lib/eldap-1.2.1

wahjava · 2016-03-31T14:15:49Z

@mremond Thanks for figuring out the cause. Do you have any recommendation on how to have ejabberd override the eldap module shipped with Erlang 18.2 in ejabberdctl ? What I have tried so far is passing -pa "/usr/local/lib/erlang/lib/ejabberd-16.02/ /usr/local/lib/erlang/lib/ejabberd-16.02/lib" to erl in ejabberdctl, and that didn't quite get ejabberd to start.

Any ideas or help will be appreciated.

Thanks!

cromain · 2016-03-31T14:22:07Z

it should be -pa /usr/local/lib/erlang/lib/ejabberd-16.02/ebin

wahjava · 2016-03-31T14:32:05Z

@cromain, thanks for the reply. Although, I'm planning to go with, which is less intrusive in maintenance of the ejabberdctl, thanks to jlouis on #erlang for pointing out code:get_path():

ERL_LIBS="/usr/local/lib/erlang/lib/ejabberd-16.02:/usr/local/lib/erlang/lib/ejabberd-16.02/lib"

I'm marking this issue as closed, and will commit the fix to the port.

Thanks for your time, and attention.

lock · 2019-06-11T19:15:25Z

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

mremond added Component:LDAP Note:Cannot reproduce labels Mar 28, 2016

wahjava closed this as completed Mar 31, 2016

lock bot locked as resolved and limited conversation to collaborators Jun 11, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

LDAP authentication broken with 16.02 #1037

LDAP authentication broken with 16.02 #1037

wahjava commented Mar 28, 2016

mremond commented Mar 28, 2016

wahjava commented Mar 28, 2016

mremond commented Mar 29, 2016

vst377 commented Mar 30, 2016

wahjava commented Mar 31, 2016

cromain commented Mar 31, 2016

wahjava commented Mar 31, 2016

lock bot commented Jun 11, 2019

LDAP authentication broken with 16.02 #1037

LDAP authentication broken with 16.02 #1037

Comments

wahjava commented Mar 28, 2016

mremond commented Mar 28, 2016

wahjava commented Mar 28, 2016

mremond commented Mar 29, 2016

vst377 commented Mar 30, 2016

wahjava commented Mar 31, 2016

cromain commented Mar 31, 2016

wahjava commented Mar 31, 2016

lock bot commented Jun 11, 2019