hola, i dont think theres something principally wrong concerning the usage of the password within OM, otherwise nobody could authenicate via Ldap from OM.
-> indeed, it could be possible, that the size limit exception is the reason for your problems. i just checked the code, that concerns your configuration (-> OpenLDAP) : if openLdap is configured, there is a search call , trying to resolve the uid from searchresult and authenticate with that value. -> this codepart was added additionally for openLdap compatibility and seemed to work for openldap users -> regarding the fact, that it isnt possible for you to retrieve the uid, the following login happens analog to the AD login (using the entered username, not the uid for login) i would advise you to reduce the searchscope (ldap_search_base), to test it with a concrete user -> otherwise, you should create a patch for your installation, using additional searchFilter to reduce amount of results see ya Smoeker On 22 Mrz., 13:24, Steve Miller <smiller.n...@gmail.com> wrote: > smoeker - > > The user's sAMAccountname is correct: > > Object Path Property Name Property Title Value > LDAP://2K8DC0.<domain>.local/CN=U Sername,OU=Unpriv > Users,OU=National,DC=<domain>,DC=local sAMAccountName Pre-W2K Name > username > > and the admin Distinguished Name is correct: > > Object Path Property Name Property Title Value > LDAP://2K8DC0.<domain>.local/CN=om_admin,OU=IT,OU=National,DC=<domain>,DC=local > distinguishedName DN > CN=om_admin,OU=IT,OU=National,DC=<domain>,DC=local > > here's the full trace from the log when I try to use the users account to > log in: > > DEBUG 03-22 08:08:05.344 LdapLoginManagement.java 597412129 100 > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - > LdapLoginmanagement.isLdapConfigured > WARN 03-22 08:08:05.346 MainService.java 597412131 254 > org.openmeetings.app.remote.MainService [NioProcessor-1] - loginUser 111: > 4a7f78a4be4e6d0678f07412d1decc7d username > DEBUG 03-22 08:08:05.347 Usermanagement.java 597412132 1384 > org.openmeetings.app.data.user.Usermanagement [NioProcessor-1] - > Usermanagement.getUserByLoginOrEmail : username > DEBUG 03-22 08:08:05.348 MainService.java 597412133 271 > org.openmeetings.app.remote.MainService [NioProcessor-1] - Ldap Login > DEBUG 03-22 08:08:05.348 LdapLoginManagement.java 597412133 173 > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - > LdapLoginmanagement.doLdapLogin > DEBUG 03-22 08:08:05.348 LdapLoginManagement.java 597412133 126 > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - > LdapLoginmanagement.getLdapConfigData > DEBUG 03-22 08:08:05.349 LdapLoginManagement.java 597412134 149 > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - > LdapLoginmanagement.readConfig : > /usr/lib/openmeetings/red5/webapps/openmeetings/conf/om_ldap.cfg > DEBUG 03-22 08:08:05.350 LdapLoginManagement.java 597412135 78 > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - > isValidAuthType > DEBUG 03-22 08:08:05.350 LdapLoginManagement.java 597412135 223 > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - Searching > userdata with LDAP Search Filter :(sAMAccountName=username) > DEBUG 03-22 08:08:05.351 LdapAuthBase.java 597412136 65 > org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] - LdapAuthBase > DEBUG 03-22 08:08:05.351 LdapLoginManagement.java 597412136 231 > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - > authenticating admin... > DEBUG 03-22 08:08:05.351 LdapAuthBase.java 597412136 82 > org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] - authenticateUser > DEBUG 03-22 08:08:05.351 LdapAuthBase.java 597412136 98 > org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] - > > Authentification to LDAP - Server start > DEBUG 03-22 08:08:05.352 LdapAuthBase.java 597412137 130 > org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] - loginToLdapServer > DEBUG 03-22 08:08:05.376 LdapLoginManagement.java 597412161 234 > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - Checking > server type... > DEBUG 03-22 08:08:05.377 LdapLoginManagement.java 597412162 238 > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - LDAP server > is OpenLDAP > DEBUG 03-22 08:08:05.377 LdapLoginManagement.java 597412162 239 > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - LDAP search > baseDC=<domain>,DC=local > ERROR 03-22 08:08:05.902 LdapAuthBase.java 597412687 241 > org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] - Error occured on > LDAP Search : [LDAP: error code 4 - Sizelimit Exceeded] > DEBUG 03-22 08:08:05.902 LdapAuthBase.java 597412687 82 > org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] - authenticateUser > DEBUG 03-22 08:08:05.902 LdapAuthBase.java 597412687 98 > org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] - > > Authentification to LDAP - Server start > DEBUG 03-22 08:08:05.902 LdapAuthBase.java 597412687 130 > org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] - loginToLdapServer > ERROR 03-22 08:08:05.908 LdapAuthBase.java 597412693 104 > org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] - > > Authentification on LDAP Server failed : [LDAP: error code 49 - 80090308: > LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, > v1db0] > ERROR 03-22 08:08:05.908 LdapLoginManagement.java 597412693 247 > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - username > not authenticated. > > 52e is ERROR_LOGON_FAILURE (Logon failure: unknown user name or bad > password.) which will come up if the username is found, but the password is > incorrect - the password that I am using will allow me to log onto any > domain computer but not through OpenMeetings. Also, AD has a way of locking > out the accounts if you try the wrong password too many times, but this is > not happening to the account at all, no matter how many times that I try to > log in. I'm thinking that there's something not being read correctly > somewhere. > > The admin account in my config file is both a Domain Admin and a Enterprise > Admin, so it should be able to read the users account just fine. I've also > tried authenticating off the other domain controllers we have as well, both > Server 2008 R2 and Server 2003, no change. > > On Mon, Mar 22, 2010 at 3:52 AM, smoeker <o.beche...@medint.de> wrote: > > hola, > > > @Danny : indeed, there are only 2 option in ldap.cfg at the moment - > > OpenLDAP and everything else. The OM Ldap auth was developed and > > designed against Active Directory, afterwards there were efforts to > > create openLdap compatibility, so somebody created the new configval > > ldap_server_type and added so me logic to the code, respecting that > > configflag. > > > -> so, if you are using Active Directory, you can enter anything you > > want here > > > There are already some efforts to extend the ldap configuration (check > > issues) - maybe that hits your experiences.... > > > Concerning the size errors, i would advise you to change sourcecode > > for your installation, entering some filters in searchbase, as long > > as it isnt configurable. > > > @Steve : for the binding of the adminuser itself, make sure, that you > > have configured the complete DN of the admin, concering the > > authentication of a user, make sure, the entered username matches your > > configured principal, in your case the sAMAccountName > > > see ya > > > Smoeker > > > On 22 Mrz., 00:03, Steve Miller <smiller.n...@gmail.com> wrote: > > > Upon further testing, I have found that the Sizelimit error I am getting > > is > > > not affecting the search as the username that I am searching for is being > > > found, but rather I am now getting: > > > > Authentification on LDAP Server failed : [LDAP: error code 49 - 80090308: > > > LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, > > > v1db0] > > > ERROR 03-21 19:00:49.841 LdapLoginManagement.java 550176626 247 > > > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - username > > > not authenticated. > > > > The 'data 52e' is "ERROR_LOGON_FAILURE (Logon failure: unknown user name > > or > > > bad password.)" but that's not true, I can log into any domain computer > > with > > > the same credentials that I am trying to use in OpenMeetings. > > > > On Sun, Mar 21, 2010 at 6:51 PM, Danny Trinh <danny.d.tr...@gmail.com > > >wrote: > > > > > My AD is big too, we got 1000+ users. It seems we need couple more > > options > > > > for om_ldap.cfg. May I suggest we have some thing like: > > > > > alternate_ldap_conn_url=ldap://2k8dc0.<domain>.local:3268 > > > > ldap_search_base=<something> > > > > ldap_search_base2=<something2> > > > > ldap_search_base3=<something3> > > > > SizeLimit=<something_bigger_than_default> > > > > > I'm using port 3268 instead of 389 for other apps to get all > > > > Domain_Users_ID_of_AD. > > > > > -- > > > > You received this message because you are subscribed to the Google > > Groups > > > > "OpenMeetings User" group. > > > > To post to this group, send email to > > openmeetings-u...@googlegroups.com. > > > > To unsubscribe from this group, send email to > > > > openmeetings-user+unsubscr...@googlegroups.com<openmeetings-user%2bunsubscr...@googlegroups.com> > > <openmeetings-user%2bunsubscr...@googlegroups.com<openmeetings-user%252bunsubscr...@googlegroups.com> > > > > > . > > > > For more options, visit this group at > > > >http://groups.google.com/group/openmeetings-user?hl=en. > > > -- > > You received this message because you are subscribed to the Google Groups > > "OpenMeetings User" group. > > To post to this group, send email to openmeetings-u...@googlegroups.com. > > To unsubscribe from this group, send email to > > openmeetings-user+unsubscr...@googlegroups.com<openmeetings-user%2bunsubscr...@googlegroups.com> > > . > > For more options, visit this group at > >http://groups.google.com/group/openmeetings-user?hl=en. -- You received this message because you are subscribed to the Google Groups "OpenMeetings User" group. To post to this group, send email to openmeetings-u...@googlegroups.com. To unsubscribe from this group, send email to openmeetings-user+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/openmeetings-user?hl=en.
