Hello everyone,
I am administrator of 13 Windows domains and I need to let users to communicate over jabber server that is "active directory friendly". I have trouble with binding Ejabber server 14.07 to Active Directory 2008r2, which uses ldaps.
Well, it's been working for one and half day, i could communicate across domains, everything was perfect. I was using ejabberdctl live command for quick debuging, After starting it as system service, binding is not working at all, even with "live mode". I receive many timeout messages in logs
2015-04-02 15:09:14.896 [debug] <0.2257.0>@eldap:handle_info:779 eldap. Unexpected Info: {timeout,#Ref<0.0.47.121025>,{timeout,bind_timeout}}
In state: connecting
when StateData is: {eldap,3,[<<"dc02.my.one-domain.com">>],<<"c02.my.one-domain.com">>,636,gen_tcp,none,[],undefined,<<"CN=ldap,OU=Service,DC=my,DC=one,DC=domain,DC=com">>,<<"secretpasword">>,22666,#Ref<0.0.47.128419>,{dict,0,16,16,8,80,48,{[],[],[],[],[],[],[],[],[],[],[],[],[],[],[],[]},{{[],[],[],[],[],[],[],[],[],[],[],[],[],[],[],[]}}},{[],[]}}
2015-04-02 15:09:14.896 [debug] <0.2255.0>@eldap:handle_info:779 eldap. Unexpected Info: {timeout,#Ref<0.0.47.121023>,{timeout,bind_timeout}}
In state: connecting
when StateData is: {eldap,3,[<<"dc02.my.one.domain.com">>],<<"dc02.my.one.domain.com">>,636,gen_tcp,none,[],undefined,<<"CN=ldap,OU=Service,DC=my,DC=one,DC=domain,DC=com">>,<<"secretpassword">>,22664,#Ref<0.0.47.128414>,{dict,0,16,16,8,80,48,{[],[],[],[],[],[],[],[],[],[],[],[],[],[],[],[]},{{[],[],[],[],[],[],[],[],[],[],[],[],[],[],[],[]}}},{[],[]}}
bind is never in state connected, it is always connecting or wait_bind_response
my config:
"this.one.domain.cz":
auth_method: ldap
domain_certfile: "/etc/openldap/certs/msp-cer.pem"
ldap_servers:
- "dc01.my.one.domain.com"
- "dc02.my.one.domain.com"
ldap_uids:
- "sAMAccountName"
ldap_port: 636
ldap_rootdn: "CN=ldap,OU=Service,DC=my,DC=one,DC=domain,DC=com"
ldap_password: "secretpassword"
ldap_base: "DC=my,DC=one,DC=domain,DC=com"
ldap_filter: "(&(objectCategory=person)(objectClass=user)(memberOf=CN=jabber-group,OU=Groups,DC=my,DC=one,DC=domain,DC=com))"
when i do manual ldapsearch, reply is as it used to be. there is no firewall running on any side/server. all of them has same behaviour.
any idea what the problem is, please? thanks!
small update: i've tried
small update:
i've tried couple on things that popped out of my mind:
- disable ldap user account
- rename domain certificate file
and result? still the same, no change at all.
In State: wait_bind_response
In state: connecting
i double checked permissions to certificate and other files and everything is ok...
any idea what's wrong?
well. problem solved :) my
well. problem solved :)
my config:
"this.one.domain.cz":
auth_method: ldap
ldap_encrypt: tls
ldap_tls_verify: false
Can you also help me setup my
Can you also help me setup my server?
I also have connection problems...
admin@localhost
admin
Can I reach you somewhere on IM?