7 Replies Latest reply on Aug 16, 2007 9:55 AM by Will

    1.3 to 1.4 upgrade

    bdavis

      Tried the upgrade today and ran into problems with LDAP. Can't login to the site or

      admin console. Here's part of the stack trace:

       

      ......

      Aug 3, 2007 4:30:06 PM com.jivesoftware.base.Log error

      SEVERE: Initial context factory class failed to load: .  Using default initial context factory class instead.

      Aug 3, 2007 4:30:06 PM com.jivesoftware.base.Log info

      INFO: User:ra014620 was not authenticated because of exception: javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece ....

           at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3025)

           at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2931)

           at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2737)

           at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1808)

           at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1731)

       

       

      The other thing it's doing now is writing the LDAP configuration over and over again

      to the log including the Administrator Password.

       

      ......

      Aug 3, 2007 4:30:06 PM com.jivesoftware.base.Log info

      INFO: Connection Pooling Enabled:

      Aug 3, 2007 4:30:06 PM com.jivesoftware.base.Log info

      INFO: Initial Context Factory:

      Aug 3, 2007 4:30:06 PM com.jivesoftware.base.Log info

      INFO: Search Wild Card Pattern:*   etc ...

       

      A new 1.4 installation with the same LDAP parameters works fine (except for the yards of INFO messages).

        • Re: 1.3 to 1.4 upgrade

          I'm seeing the same problem, & same exception on the logs after upgrading 1.2->1.4.

           

          I can login authenticate successfully via the admin console.

           

          One thing that I notice is that all the LdapUserManager properties are now listed in System Properties with this prefix:

          ___jive.spi.com.jivesoftware.spi.user.impl.ldap.AuthenticationProviderImpl

           

          Other pre-existing properties look normal, such as: abuse.threshold

           

          I notice that at some point (soon) after the stack trace for the exception mentioned by bdavis, I get another exception from a different thread (?) as follows:

           

          INFO: null

          java.lang.NullPointerException

                  at com.jivesoftware.spi.user.impl.ldap.AuthenticationProviderImpl.login(AuthenticationProviderImpl.java:31)

           

          I was able to dig out these packets from the catalina.out, so it seems the denial does come from the AD server:

          <- hornet.xxxx.com:389

           

          0000: 30 84 00 00 00 67 02 01   01 61 84 00 00 00 5E 0A  0....g...a....^.

          0010: 01 31 04 00 04 57 38 30   30 39 30 33 30 38 3A 20  .1...W80090308:

          0020: 4C 64 61 70 45 72 72 3A   20 44 53 49 44 2D 30 43  LdapErr: DSID-0C

          0030: 30 39 30 33 33 34 2C 20   63 6F 6D 6D 65 6E 74 3A  090334, comment:

          0040: 20 41 63 63 65 70 74 53   65 63 75 72 69 74 79 43   AcceptSecurityC

          0050: 6F 6E 74 65 78 74 20 65   72 72 6F 72 2C 20 64 61  ontext error, da

          0060: 74 61 20 35 32 35 2C 20   76 65 63 65 00           ta 525, vece.

           

          <- hornet.xxxx.com:389

           

          0000: 30 84 00 00 00 A7 02 01   01 65 84 00 00 00 9E 0A  0........e......

          0010: 01 01 04 00 04 84 00 00   00 93 30 30 30 30 30 30  ..........000000

          0020: 30 30 3A 20 4C 64 61 70   45 72 72 3A 20 44 53 49  00: LdapErr: DSI

          0030: 44 2D 30 43 30 39 30 36   32 37 2C 20 63 6F 6D 6D  D-0C090627, comm

          0040: 65 6E 74 3A 20 49 6E 20   6F 72 64 65 72 20 74 6F  ent: In order to

          0050: 20 70 65 72 66 6F 72 6D   20 74 68 69 73 20 6F 70   perform this op

          0060: 65 72 61 74 69 6F 6E 20   61 20 73 75 63 63 65 73  eration a succes

          0070: 73 66 75 6C 20 62 69 6E   64 20 6D 75 73 74 20 62  sful bind must b

          0080: 65 20 63 6F 6D 70 6C 65   74 65 64 20 6F 6E 20 74  e completed on t

          0090: 68 65 20 63 6F 6E 6E 65   63 74 69 6F 6E 2E 2C 20  he connection.,

          00A0: 64 61 74 61 20 30 2C 20   76 65 63 65 00           data 0, vece.

           

          HTH

          • Re: 1.3 to 1.4 upgrade

            Oh, and the exception I mentioned is preceded by a message that may be of use in the INFO log as follows:

             

            2007.08.03 21:43:23 User:null was not authenticated because of exception: java.lang.NullPointerException

            2007.08.03 21:43:23

            java.lang.NullPointerException

            at com.jivesoftware.spi.user.impl.ldap.AuthenticationProviderImpl.login(AuthenticationProviderImpl.java:31)

              • Re: 1.3 to 1.4 upgrade

                Regarding the exception above:

                The call stack appears to be followed because LdapAuthFactory does not implement this prototype:

                public static AuthToken createAuthToken(HttpServletRequest request, HttpServletResponse response)

                 

                So base class method AuthFactory.createAuthToken() gets called & falls through to "check 3", then passes null as a username to spi.user.impl.ldap.AuthenticationProviderImpl.login() - kaboom when user.getUserName() is called.

                 

                So, I'm assuming that my admin console works ok because it calls AuthFactory.getAuthToken() with arguments of username,password as opposed to request,response

              • Re: 1.3 to 1.4 upgrade

                Hi bdavis,

                 

                I have talked with a developer on this, and he says that there may be a possible workaround to allow you to upgrade. It is as follows:

                 

                There maybe a work around by setting this setting value:

                 

                AuthFactory.className =  com.jivesoftware.base.profile.BasicAuthFactory

                 

                You can do this by executing a query against the database or by using the

                admin console (Not sure whether you can login into admin console or not).

                 

                SQL:

                    UPDATE jiveProperty set

                propValue='com.jivesoftware.base.profile.BasicAuthFactory' where

                name='AuthFactory.className'

                 

                Let us know if that works, Thanks for your help with this,

                Will

                  • Re: 1.3 to 1.4 upgrade
                    bdavis

                    The AuthFactory.className property is already set to com.jivesoftware.base.profile.BasicAuthFactory.

                     

                    Changed it back to com.jivesoftware.base.ldap.LdapAuthFactory and I can now login

                    to the admin console.

                     

                    the user site does something strange, though. It accepts my

                    username and password because on the menu bar it says

                    "Welcome, Ben Davis (Log out) etc...)

                    but the bottom half of the screen says "Invalid username"

                    and displays the login screen.

                     

                    What about all the INFO messages? How do I turn those off?

                     

                     

                         

                    Message was edited by: bdavis

                    • Re: 1.3 to 1.4 upgrade
                      bdavis

                      I narrowed the problem down a bit. When you run the upgrade it changes the AuthFactory.className to com.jivesoftware.base.profile.BasicAuthFactory.

                      This is OK if you are not using ldap.alternateBaseDN. Mine was populated so I could not login until I re-ran setup. If you run setup it changes AuthFactory.className back to com.jivesoftware.base.ldap.LdapAuthFactory.

                       

                      I noticed something else too. A new install of 1.4 has a new table called jivePluginProp.

                      The upgrade does not create this table. Do I need it?

                       

                      About the INFO messages. When an anonymous user visits the site, AuthenticationProviderImpl.login() throws a null pointer exception and dumps a stack trace and the entire LDAP configuration to the log. This happens every time I click on a link.

                      Is this really the best way to handle anonymous users? Why depend on exception handling here instead of just testing for a null User?

                        • Re: 1.3 to 1.4 upgrade

                          Hi Ben,

                           

                          I have checked in with a product engineer to ask his input on these upgrade issues. I will report to you when I have found any answers.

                           

                          I appreciate your patience and help with this,

                          Will