smoeker - The user's sAMAccountname is correct:
Object Path Property Name Property Title Value LDAP://2K8DC0.<domain>.local/CN=U Sername,OU=Unpriv Users,OU=National,DC=<domain>,DC=local sAMAccountName Pre-W2K Name username and the admin Distinguished Name is correct: Object Path Property Name Property Title Value LDAP://2K8DC0.<domain>.local/CN=om_admin,OU=IT,OU=National,DC=<domain>,DC=local distinguishedName DN CN=om_admin,OU=IT,OU=National,DC=<domain>,DC=local here's the full trace from the log when I try to use the users account to log in: DEBUG 03-22 08:08:05.344 LdapLoginManagement.java 597412129 100 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - LdapLoginmanagement.isLdapConfigured WARN 03-22 08:08:05.346 MainService.java 597412131 254 org.openmeetings.app.remote.MainService [NioProcessor-1] - loginUser 111: 4a7f78a4be4e6d0678f07412d1decc7d username DEBUG 03-22 08:08:05.347 Usermanagement.java 597412132 1384 org.openmeetings.app.data.user.Usermanagement [NioProcessor-1] - Usermanagement.getUserByLoginOrEmail : username DEBUG 03-22 08:08:05.348 MainService.java 597412133 271 org.openmeetings.app.remote.MainService [NioProcessor-1] - Ldap Login DEBUG 03-22 08:08:05.348 LdapLoginManagement.java 597412133 173 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - LdapLoginmanagement.doLdapLogin DEBUG 03-22 08:08:05.348 LdapLoginManagement.java 597412133 126 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - LdapLoginmanagement.getLdapConfigData DEBUG 03-22 08:08:05.349 LdapLoginManagement.java 597412134 149 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - LdapLoginmanagement.readConfig : /usr/lib/openmeetings/red5/webapps/openmeetings/conf/om_ldap.cfg DEBUG 03-22 08:08:05.350 LdapLoginManagement.java 597412135 78 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - isValidAuthType DEBUG 03-22 08:08:05.350 LdapLoginManagement.java 597412135 223 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - Searching userdata with LDAP Search Filter :(sAMAccountName=username) DEBUG 03-22 08:08:05.351 LdapAuthBase.java 597412136 65 org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] - LdapAuthBase DEBUG 03-22 08:08:05.351 LdapLoginManagement.java 597412136 231 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - authenticating admin... DEBUG 03-22 08:08:05.351 LdapAuthBase.java 597412136 82 org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] - authenticateUser DEBUG 03-22 08:08:05.351 LdapAuthBase.java 597412136 98 org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] - Authentification to LDAP - Server start DEBUG 03-22 08:08:05.352 LdapAuthBase.java 597412137 130 org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] - loginToLdapServer DEBUG 03-22 08:08:05.376 LdapLoginManagement.java 597412161 234 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - Checking server type... DEBUG 03-22 08:08:05.377 LdapLoginManagement.java 597412162 238 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - LDAP server is OpenLDAP DEBUG 03-22 08:08:05.377 LdapLoginManagement.java 597412162 239 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - LDAP search baseDC=<domain>,DC=local ERROR 03-22 08:08:05.902 LdapAuthBase.java 597412687 241 org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] - Error occured on LDAP Search : [LDAP: error code 4 - Sizelimit Exceeded] DEBUG 03-22 08:08:05.902 LdapAuthBase.java 597412687 82 org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] - authenticateUser DEBUG 03-22 08:08:05.902 LdapAuthBase.java 597412687 98 org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] - Authentification to LDAP - Server start DEBUG 03-22 08:08:05.902 LdapAuthBase.java 597412687 130 org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] - loginToLdapServer ERROR 03-22 08:08:05.908 LdapAuthBase.java 597412693 104 org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] - Authentification on LDAP Server failed : [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db0] ERROR 03-22 08:08:05.908 LdapLoginManagement.java 597412693 247 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - username not authenticated. 52e is ERROR_LOGON_FAILURE (Logon failure: unknown user name or bad password.) which will come up if the username is found, but the password is incorrect - the password that I am using will allow me to log onto any domain computer but not through OpenMeetings. Also, AD has a way of locking out the accounts if you try the wrong password too many times, but this is not happening to the account at all, no matter how many times that I try to log in. I'm thinking that there's something not being read correctly somewhere. The admin account in my config file is both a Domain Admin and a Enterprise Admin, so it should be able to read the users account just fine. I've also tried authenticating off the other domain controllers we have as well, both Server 2008 R2 and Server 2003, no change. On Mon, Mar 22, 2010 at 3:52 AM, smoeker <o.beche...@medint.de> wrote: > hola, > > @Danny : indeed, there are only 2 option in ldap.cfg at the moment - > OpenLDAP and everything else. The OM Ldap auth was developed and > designed against Active Directory, afterwards there were efforts to > create openLdap compatibility, so somebody created the new configval > ldap_server_type and added so me logic to the code, respecting that > configflag. > > -> so, if you are using Active Directory, you can enter anything you > want here > > > There are already some efforts to extend the ldap configuration (check > issues) - maybe that hits your experiences.... > > Concerning the size errors, i would advise you to change sourcecode > for your installation, entering some filters in searchbase, as long > as it isnt configurable. > > > @Steve : for the binding of the adminuser itself, make sure, that you > have configured the complete DN of the admin, concering the > authentication of a user, make sure, the entered username matches your > configured principal, in your case the sAMAccountName > > > see ya > > Smoeker > > On 22 Mrz., 00:03, Steve Miller <smiller.n...@gmail.com> wrote: > > Upon further testing, I have found that the Sizelimit error I am getting > is > > not affecting the search as the username that I am searching for is being > > found, but rather I am now getting: > > > > Authentification on LDAP Server failed : [LDAP: error code 49 - 80090308: > > LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, > > v1db0] > > ERROR 03-21 19:00:49.841 LdapLoginManagement.java 550176626 247 > > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - username > > not authenticated. > > > > The 'data 52e' is "ERROR_LOGON_FAILURE (Logon failure: unknown user name > or > > bad password.)" but that's not true, I can log into any domain computer > with > > the same credentials that I am trying to use in OpenMeetings. > > > > On Sun, Mar 21, 2010 at 6:51 PM, Danny Trinh <danny.d.tr...@gmail.com > >wrote: > > > > > My AD is big too, we got 1000+ users. It seems we need couple more > options > > > for om_ldap.cfg. May I suggest we have some thing like: > > > > > alternate_ldap_conn_url=ldap://2k8dc0.<domain>.local:3268 > > > ldap_search_base=<something> > > > ldap_search_base2=<something2> > > > ldap_search_base3=<something3> > > > SizeLimit=<something_bigger_than_default> > > > > > I'm using port 3268 instead of 389 for other apps to get all > > > Domain_Users_ID_of_AD. > > > > > -- > > > You received this message because you are subscribed to the Google > Groups > > > "OpenMeetings User" group. > > > To post to this group, send email to > openmeetings-u...@googlegroups.com. > > > To unsubscribe from this group, send email to > > > openmeetings-user+unsubscr...@googlegroups.com<openmeetings-user%2bunsubscr...@googlegroups.com> > <openmeetings-user%2bunsubscr...@googlegroups.com<openmeetings-user%252bunsubscr...@googlegroups.com> > > > > > . > > > For more options, visit this group at > > >http://groups.google.com/group/openmeetings-user?hl=en. > > -- > You received this message because you are subscribed to the Google Groups > "OpenMeetings User" group. > To post to this group, send email to openmeetings-u...@googlegroups.com. > To unsubscribe from this group, send email to > openmeetings-user+unsubscr...@googlegroups.com<openmeetings-user%2bunsubscr...@googlegroups.com> > . > For more options, visit this group at > http://groups.google.com/group/openmeetings-user?hl=en. > > -- You received this message because you are subscribed to the Google Groups "OpenMeetings User" group. To post to this group, send email to openmeetings-u...@googlegroups.com. To unsubscribe from this group, send email to openmeetings-user+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/openmeetings-user?hl=en.