Uploaded image for project: 'ejabberd development'
  1. ejabberd development
  2. EJAB-1715

empty user list in web admin page when using AD, registered_users shows empty list

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: ejabberd 14.07
    • Fix Version/s: None
    • Component/s: None
    • Labels:
    • Environment:
      Ubuntu Linux 14.04

      Description

      i have ejabberd 14.07 setuped with AD support. Users could login normally as expected via xmpp client though web admin page shows empty list. Logged in (online) users are shown in web admin page. Here is a sample of host_config part
      host_config:

        "domain.com":
           auth_method: ldap
           ldap_servers:
             - "192.168.0.1"
           ldap_port: 389
           ldap_rootdn: "cn=********,ou=SE-ServiceAccount,dc=*******,dc=priv"
           ldap_password: "************"
           ldap_base: "dc=**********,dc=priv"
           ldap_uids:
             "sAMAccountName":
                   - "%u"
           ldap_filter: "(&(userPrincipalName=%u@domain.com)(memberOf=CN=**************,OU=**********,OU=**********,DC=***********,DC=priv))"
      

      Error.log message:

      2014-08-22 06:11:27.521 [error] <0.4366.0> gen_fsm 'eldap_#Ref<0.0.0.166540>' in state active terminated with reason: no match of right hand value {error,{asn1,{function_clause,[{'ELDAPv3',enc_SubstringFilter_substrings_components,[{'SubstringFilter_substrings',[{final,<<"@domain.com">>}]},[],0],[{file,"src/ELDAPv3.erl"},{line,1768}]},{'ELDAPv3',enc_SubstringFilter_substrings,2,[{file,"src/ELDAPv3.erl"},{line,1765}]},{'ELDAPv3',enc_SubstringFilter,2,[{file,"src/ELDAPv3.erl"},{line,1753}]},{'ELDAPv3',enc_Filter,2,[{file,"src/ELDAPv3.erl"},{line,1604}]},{'ELDAPv3',enc_Filter_and_components,3,[{file,"src/ELDAPv3.erl"},{line,1636}]},...]}}} in eldap:send_command/3 line 831
      2014-08-22 06:11:27.521 [error] <0.4385.0>@eldap_pool:do_request:77 LDAP request failed: eldap:search([[{base,<<"dc=*******,dc=priv">>},{filter,{and,[{present,<<"sAMAccountName">>},{and,[{substrings,{'SubstringFilter',<<"userPrincipalName">>,{'SubstringFilter_substrings',[{final,<<"@domain.com">>}]}}},{equalityMatch,{'AttributeValueAssertion',<<"memberOf">>,<<"CN=*******,OU=*******,OU=*******,DC=*******,DC=priv">>}}]}]}},{timeout,5},{deref_aliases,never},{attributes,[<<"sAMAccountName">>]}]])
      Reason: {{{badmatch,{error,{asn1,{function_clause,[{'ELDAPv3',enc_SubstringFilter_substrings_components,[{'SubstringFilter_substrings',[{final,<<"@domain.com">>}]},[],0],[{file,"src/ELDAPv3.erl"},{line,1768}]},{'ELDAPv3',enc_SubstringFilter_substrings,2,[{file,"src/ELDAPv3.erl"},{line,1765}]},{'ELDAPv3',enc_SubstringFilter,2,[{file,"src/ELDAPv3.erl"},{line,1753}]},{'ELDAPv3',enc_Filter,2,[{file,"src/ELDAPv3.erl"},{line,1604}]},{'ELDAPv3',enc_Filter_and_components,3,[{file,"src/ELDAPv3.erl"},{line,1636}]},{'ELDAPv3',enc_Filter_and,2,[{file,"src/ELDAPv3.erl"},{line,1629}]},{'ELDAPv3',enc_Filter,2,[{file,"src/ELDAPv3.erl"},{line,1596}]},{'ELDAPv3',enc_Filter_and_components,3,[{file,"src/ELDAPv3.erl"},{line,1636}]}]}}}},[{eldap,send_command,3,[{file,"src/eldap.erl"},{line,831}]},{eldap,process_command,3,[{file,"src/eldap.erl"},{line,813}]},{gen_fsm,handle_msg,7,[{file,"gen_fsm.erl"},{line,505}]},{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,239}]}]},{gen_fsm,sync_send_event,[<0.4366.0>,{search,{eldap_search,wholeSubtree,<<"dc=*******,dc=priv">>,{and,[{present,<<"sAMAccountName">>},{and,[{substrings,{'SubstringFilter',<<"userPrincipalName">>,{'SubstringFilter_substrings',[{final,<<"@domain.com">>}]}}},{equalityMatch,{'AttributeValueAssertion',<<"memberOf">>,<<"CN=*******,OU=*******,OU=*******,DC=*******,DC=priv">>}}]}]},0,[<<"sAMAccountName">>],false,neverDerefAliases,5}},110500]}}
      2014-08-22 06:11:27.521 [error] <0.4366.0> CRASH REPORT Process 'eldap_#Ref<0.0.0.166540>' with 2 neighbours exited with reason: no match of right hand value {error,{asn1,{function_clause,[{'ELDAPv3',enc_SubstringFilter_substrings_components,[{'SubstringFilter_substrings',[{final,<<"@domain.com">>}]},[],0],[{file,"src/ELDAPv3.erl"},{line,1768}]},{'ELDAPv3',enc_SubstringFilter_substrings,2,[{file,"src/ELDAPv3.erl"},{line,1765}]},{'ELDAPv3',enc_SubstringFilter,2,[{file,"src/ELDAPv3.erl"},{line,1753}]},{'ELDAPv3',enc_Filter,2,[{file,"src/ELDAPv3.erl"},{line,1604}]},{'ELDAPv3',enc_Filter_and_components,3,[{file,"src/ELDAPv3.erl"},{line,1636}]},...]}}} in eldap:send_command/3 line 831 in gen_fsm:terminate/7 line 622
      2014-08-22 06:11:27.522 [error] <0.2190.0> Supervisor ejabberd_sup had child 'ejabberd_auth_ldap_domain.com' started with ejabberd_auth_ldap:start_link(<<"domain.com">>) at <0.4365.0> exit with reason no match of right hand value {error,{asn1,{function_clause,[{'ELDAPv3',enc_SubstringFilter_substrings_components,[{'SubstringFilter_substrings',[{final,<<"@domain.com">>}]},[],0],[{file,"src/ELDAPv3.erl"},{line,1768}]},{'ELDAPv3',enc_SubstringFilter_substrings,2,[{file,"src/ELDAPv3.erl"},{line,1765}]},{'ELDAPv3',enc_SubstringFilter,2,[{file,"src/ELDAPv3.erl"},{line,1753}]},{'ELDAPv3',enc_Filter,2,[{file,"src/ELDAPv3.erl"},{line,1604}]},{'ELDAPv3',enc_Filter_and_components,3,[{file,"src/ELDAPv3.erl"},{line,1636}]},...]}}} in eldap:send_command/3 line 831 in context child_terminated
      
      

        Activity

        Hide
        holger Holger Weiß added a comment - - edited

        FWIW, the above patch should work around the issue.

        Show
        holger Holger Weiß added a comment - - edited FWIW, the above patch should work around the issue.
        Hide
        l.flis Lukasz Flis added a comment -

        Many Thanks for Holger for providing the patch.
        We've had the same problem as described above and the patch made auth_ldap working again.

        Thank You!

        Show
        l.flis Lukasz Flis added a comment - Many Thanks for Holger for providing the patch. We've had the same problem as described above and the patch made auth_ldap working again. Thank You!
        Hide
        l.flis Lukasz Flis added a comment -

        To add some information:

        Problem is not AD specific - it is occuring with any LDAP server when ldap_uid is set to
        ldap_uids: "someAttribute" : "%u@anydomain.com"

        ejabber is unable to create proper LDAP query for retrieving list of users - as a result list of server users remains empty.

        Show
        l.flis Lukasz Flis added a comment - To add some information: Problem is not AD specific - it is occuring with any LDAP server when ldap_uid is set to ldap_uids: "someAttribute" : "%u@anydomain.com" ejabber is unable to create proper LDAP query for retrieving list of users - as a result list of server users remains empty.
        Hide
        Delams Ju Delams added a comment -

        I was unable to perform a search with mod_vcard_ldap with ejabberd 14.12.

        2015-01-14 10:29:54.816 [error] <0.20620.1> gen_fsm 'eldap_#Ref<0.0.1.60266>' in state active terminated with reason: no match of right hand value {error,{asn1,{function_clause,[{'ELDAPv3',enc_SubstringFilter_substrings_components,[{'SubstringFilter_substrings',[

        {any,<<"plop">>}

        ]},[],0],[

        {file,"src/ELDAPv3.erl"},{line,1768}]},{'ELDAPv3',enc_SubstringFilter_substrings,2,[{file,"src/ELDAPv3.erl"}

        ,

        {line,1765}

        ]},{'ELDAPv3',enc_SubstringFilter,2,[

        {file,"src/ELDAPv3.erl"},{line,1753}]},{'ELDAPv3',enc_Filter,2,[{file,"src/ELDAPv3.erl"}

        ,

        {line,1604}

        ]},{'ELDAPv3',enc_Filter_and_components,3,[

        {file,"src/ELDAPv3.erl"}

        ,

        {line,1636}

        ]},

        {'ELDAPv3',...}

        ,...]}}} in eldap:send_command/3 line 831

        The submited patch did the trick.

        thx

        Show
        Delams Ju Delams added a comment - I was unable to perform a search with mod_vcard_ldap with ejabberd 14.12. 2015-01-14 10:29:54.816 [error] <0.20620.1> gen_fsm 'eldap_#Ref<0.0.1.60266>' in state active terminated with reason: no match of right hand value {error,{asn1,{function_clause,[{'ELDAPv3',enc_SubstringFilter_substrings_components,[{'SubstringFilter_substrings',[ {any,<<"plop">>} ]},[],0],[ {file,"src/ELDAPv3.erl"},{line,1768}]},{'ELDAPv3',enc_SubstringFilter_substrings,2,[{file,"src/ELDAPv3.erl"} , {line,1765} ]},{'ELDAPv3',enc_SubstringFilter,2,[ {file,"src/ELDAPv3.erl"},{line,1753}]},{'ELDAPv3',enc_Filter,2,[{file,"src/ELDAPv3.erl"} , {line,1604} ]},{'ELDAPv3',enc_Filter_and_components,3,[ {file,"src/ELDAPv3.erl"} , {line,1636} ]}, {'ELDAPv3',...} ,...]}}} in eldap:send_command/3 line 831 The submited patch did the trick. thx
        Hide
        ekhramtsov@process-one.net Evgeniy Khramtsov added a comment -

        Fixed in master.

        Show
        ekhramtsov@process-one.net Evgeniy Khramtsov added a comment - Fixed in master.

          People

          • Votes:
            3 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development