Package: ejabberd
Version: 2.1.5-3
Severity: important
After upgrading from 2.1.3-2 to 2.1.5-3 ejabberd fails to authenticate any
users. We are using LDAP. A downgrade fixes the issue.
I've been unable to locate anything in the release notes about config changes
so I assume it is a bug.
When a user attempts to log in via XMPP the log shows merely:
=INFO REPORT==== 2011-01-26 23:59:56 ===
I(<0.529.0>:ejabberd_listener:232) : (#Port<0.3347>) Accepted connection
{{10,4,1,241},7677} -> {{10,4,4,111},5222}
=INFO REPORT==== 2011-01-26 23:59:57 ===
I(<0.553.0>:ejabberd_c2s:598) :
({socket_state,tls,{tlssock,#Port<0.3347>,#Port<0.3349>},<0.552.0>}) Failed
authentication for i...@example.com
however when an admin user attempts to log in via the web interface it returns
an error:
=ERROR REPORT==== 2011-01-26 22:36:38 ===
E(<0.519.0>:ejabberd_auth:256) : The authentication module ejabberd_auth_ldap
returned an error
when checking user "ian" in server "example.com"
Error message: {{case_clause,
{'EXIT',
{function_clause,
[{eldap,'and',
[{'or',
[{equalityMatch,
{'AttributeValueAssertion',"objectClass",
"exampleUser"}},
{equalityMatch,
{'AttributeValueAssertion',"objectClass",
"exampleIT"}}]}]},
{eldap_filter_yecc,yeccpars2_30,7},
{eldap_filter_yecc,yeccpars0,5},
{eldap_filter,parse,2},
{ejabberd_auth_ldap,find_user_dn,2},
{ejabberd_auth_ldap,is_user_exists_ldap,2},
{ejabberd_auth_ldap,is_user_exists,2},
{ejabberd_auth,'-is_user_exists/2-fun-0-',3}]}}},
[{eldap_filter,parse,2},
{ejabberd_auth_ldap,find_user_dn,2},
{ejabberd_auth_ldap,is_user_exists_ldap,2},
{ejabberd_auth_ldap,is_user_exists,2},
{ejabberd_auth,'-is_user_exists/2-fun-0-',3},
{lists,any,2},
{ejabberd_web_admin,get_auth_account,5},
{ejabberd_web_admin,process,2}]}
=ERROR REPORT==== 2011-01-26 22:36:38 ===
W(<0.519.0>:ejabberd_web_admin:220) : Access of "i...@example.com" from
"10.4.1.241" failed with error: "inexistent-account"
The upgrade process:
Stopping jabber server: ejabberd.
Unpacking replacement ejabberd ...
Processing triggers for man-db ...
Setting up ejabberd (2.1.5-3) ...
Installing new version of config file /etc/logrotate.d/ejabberd ...
Starting jabber server: ejabberd.
Waiting for ejabberd to register admin user...
Can't register admin user "ad...@jabber.example.com".
The output of ` grep '^[ \t]*[^ \t%]' ejabberd.cfg `:
override_global.
override_local.
override_acls.
{acl, admin, {user, "root", "example.com"}}.
{acl, admin, {user, "ian", "example.com"}}.
{acl, admin, {user, "aa", "example.com"}}.
{acl, admin, {user, "bb", "example.com"}}.
{hosts, ["example.com", "example2.com"]}.
{loglevel, 4}.
{listen,
[
{5222, ejabberd_c2s, [
{access, c2s},
{shaper, c2s_shaper},
{max_stanza_size, 65536},
%%zlib,
starttls, {certfile, "/etc/ejabberd/ejabberd.pem"}
]},
{5269, ejabberd_s2s_in, [
{shaper, s2s_shaper},
{max_stanza_size, 131072}
]},
{5555, ejabberd_service, [
{ip, {127, 0, 0, 1}},
{access, all},
{shaper_rule, fast},
{hosts, ["icq.example.com"],
[{password, "abc"}]}
]},
{5556, ejabberd_service, [
{ip, {127, 0, 0, 1}},
{access, all},
{shaper_rule, fast},
{host, "aim.example.com", [{password, "abc"}]}
]},
{5557, ejabberd_service, [
{ip, {127, 0, 0, 1}},
{access, all},
{shaper_rule, fast},
{host, "msn.example.com", [{password, "abc"}]}
]},
{5280, ejabberd_http, [
%%{request_handlers,
%% [
%% {["pub", "archive"], mod_http_fileserver}
%% ]},
%%captcha,
http_bind,
http_poll,
web_admin
]}
]}.
{max_fsm_queue, 1000}.
{s2s_use_starttls, true}.
{s2s_certfile, "/etc/ejabberd/ejabberd.pem"}.
{s2s_default_policy, allow}.
{auth_method, ldap}.
{ldap_servers, ["alpha.ldap.example.com", "ldap.example.com"]}.
{ldap_base, "ou=users,dc=example,dc=com"}.
{ldap_uids, [{"mail", "%u@%d"}]}.
{ldap_filter, "(&(|(objectClass=exampleUser)(objectClass=exampleIT))
(|(accountStatus=active)(accountStatus=migrate)) )"}.
{shaper, normal, {maxrate, 1000}}.
{shaper, fast, {maxrate, 50000}}.
{acl, local, {user_regexp, ""}}.
{access, max_user_sessions, [{10, all}]}.
{access, max_user_offline_messages, [{5000, admin}, {100, all}]}.
{access, local, [{allow, local}]}.
{access, c2s, [{deny, blocked},
{allow, all}]}.
{access, c2s_shaper, [{none, admin},
{normal, all}]}.
{access, s2s_shaper, [{fast, all}]}.
{access, announce, [{allow, admin}]}.
{access, configure, [{allow, admin}]}.
{access, muc_admin, [{allow, admin}]}.
{access, muc, [{allow, all}]}.
{access, register, [{deny, all}]}.
{access, pubsub_createnode, [{allow, all}]}.
{language, "en"}.
{modules,
[
{mod_adhoc, []},
{mod_announce, [{access, announce}]}, % requires mod_adhoc
{mod_caps, []},
{mod_configure,[]}, % requires mod_adhoc
{mod_admin_extra, []},
{mod_disco, []},
{mod_irc, []},
{mod_last, []},
{mod_muc, [
%%{host, "conference.@HOST@"},
{access, muc},
{access_create, muc},
{access_persistent, muc},
{access_admin, muc_admin},
{default_room_options, [
{logging, true}
]},
{max_users, 500}
]},
{mod_muc_log,[
{dirtype, "plain"},
{outdir, "/var/log/ejabberd/muc/"}
]},
{mod_offline, [{access_max_user_messages, max_user_offline_messages}]},
{mod_privacy, []},
{mod_private, []},
{mod_proxy65, [
{access, local},
{shaper, c2s_shaper}
]},
{mod_pubsub, [ % requires mod_caps
{access_createnode, pubsub_createnode},
{pep_sendlast_offline, false},
{last_item_cache, false},
%%{plugins, ["default", "pep"]}
{plugins, ["flat", "hometree", "pep"]} % pep requires
mod_caps
]},
{mod_roster, []},
{mod_shared_roster,[]},
{mod_stats, []},
{mod_time, []},
{mod_vcard, []},
{mod_version, []},
{mod_log_chat, [{path, "/var/log/ejabberd/chat"}, {format, html}]},
{mod_http_bind, []},
{mod_vcard_ldap,
[
{ldap_rootdn, ""},
{ldap_password, ""},
{ldap_base, "ou=users,dc=example,dc=com"},
{ldap_uids, [{"cn", "%u"}]},
{ldap_filter,
"(&(|(objectClass=exampleUser)(objectClass=exampleIT))
(|(accountStatus=active) (accountStatus=migrate)) )"},
{ldap_vcard_map,
[
{"NICKNAME", "%s", ["displayName"]}, % just use user's part
of JID as his nickname
{"GIVEN", "%s", ["givenName"]},
{"FAMILY", "%s", ["sn"]},
{"FN", "%s, %s", ["sn", "givenName"]}, % example: "Smith, John"
{"EMAIL", "%s", ["mail"]}]},
{ldap_search_fields,
[{"User", "%u"},
{"Name", "givenName"},
{"Family Name", "sn"},
{"Email", "mail"}]},
{ldap_search_reported,
[{"Full Name", "FN"},
{"Nickname", "NICKNAME"} ]}
]}%%End mod_vcard_ldap
]}.
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (500, 'testing'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-trunk-686-bigmem (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash
Versions of packages ejabberd depends on:
ii adduser 3.112 add and remove users and groups
ii debconf [debconf-2.0] 1.5.32 Debian configuration management sy
ii erlang-asn1 1:14.a-dfsg-1 Erlang/OTP modules for ASN.1 suppo
ii erlang-base [erlang-abi 1:14.a-dfsg-1 Erlang/OTP virtual machine and bas
ii erlang-crypto 1:14.a-dfsg-1 Erlang/OTP cryprographic modules
ii erlang-inets 1:14.a-dfsg-1 Erlang/OTP Internet clients and se
ii erlang-mnesia 1:14.a-dfsg-1 Erlang/OTP distributed relational/
ii erlang-odbc 1:14.a-dfsg-1 Erlang/OTP interface to SQL databa
ii erlang-ssl 1:14.a-dfsg-1 Erlang/OTP implementation of SSL
ii erlang-syntax-tools 1:14.a-dfsg-1 Erlang/OTP modules for handling ab
ii libc6 2.11.2-2 Embedded GNU C Library: Shared lib
ii libexpat1 2.0.1-7 XML parsing C library - runtime li
ii libpam0g 1.1.1-3 Pluggable Authentication Modules l
ii libssl0.9.8 0.9.8o-1 SSL shared libraries
ii openssl 0.9.8o-1 Secure Socket Layer (SSL) binary a
ii ucf 3.0025 Update Configuration File: preserv
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
ejabberd recommends no packages.
Versions of packages ejabberd suggests:
pn imagemagick | graphicsmagick- <none> (no description available)
ii libunix-syslog-perl 1.1-2 Perl interface to the UNIX syslog(
-- Configuration Files:
/etc/default/ejabberd changed:
ERL_OPTIONS="-pz /usr/local/lib/ejabberd/ebin -kernel inetrc
'/etc/ejabberd/inetrc'"
/etc/ejabberd/inetrc [Errno 13] Permission denied: u'/etc/ejabberd/inetrc'
-- debconf information:
ejabberd/nomatch:
* ejabberd/user: admin
* ejabberd/hostname: jabber.example.com
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
