Hi, thanks Thibault for that detailed log analysis!
If there are suggestions how to improve the debug or error messages I am open for discussion on those points. I would rather prefer doing improvements on the error output then on writing docs :)) Sebastian 2011/1/31 <[email protected]> > Le 31/01/2011 08:19, Garry C a écrit : > > Bump...... >> Just another question, does anyone have a definitive guide to LDAP >> setup. >> > > No there is no guide to LDAP setup because there are so much different LDAP > servers, architectures and configurations. > > This is especially true when using ActiveDirectory as the LDAP server. > > > DEBUG 01-27 17:02:34.278 LdapLoginManagement.java 29665158 189 >>> org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - >>> LdapLoginmanagement.getLdapConfigData >>> DEBUG 01-27 17:02:34.278 LdapLoginManagement.java 29665158 216 >>> org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - >>> LdapLoginmanagement.readConfig : /opt/red5/webapps/openmeetings/conf/ >>> om_ldap.cfg >>> DEBUG 01-27 17:02:34.279 LdapLoginManagement.java 29665159 108 >>> org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - >>> isValidAuthType >>> >> > ==> Ldap setup has been read correctly... > > > DEBUG 01-27 17:02:34.279 LdapLoginManagement.java 29665159 358 >>> org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - >>> Searching userdata with LDAP Search Filter :(sAMAccountName=27679) >>> >> ==> The LDAP search filter is created with the user login name which is > "27679". > > I assume that in your ActiveDirecty you expect username to be numbers. > > > DEBUG 01-27 17:02:34.279 LdapLoginManagement.java 29665159 366 >>> org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - >>> authenticating admin... >>> >> > ==> Now OM will try to login to AD using the "admin" user and passwd > declared in your ldap OM setup file, in order to look for the user using the > above filter. > > > Authentification to LDAP - Server start >>> DEBUG 01-27 17:02:34.289 LdapAuthBase.java 29665169 133 >>> org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] - >>> loginToLdapServer >>> ERROR 01-27 17:02:34.295 LdapAuthBase.java 29665175 105 >>> org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] - >>> >>> Authentification on LDAP Server failed : [LDAP: error code 49 - >>> 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext >>> error, data 525, vece] >>> ERROR 01-27 17:02:34.297 LdapAuthBase.java 29665177 106 >>> org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] - >>> [Authentification on LDAP Server failed] >>> >> > Authentication using the "admin" account failed > > ==> double check your Admin user and password. > > > > javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: >>> LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data >>> 525, vece] >>> >> > The best way to troubleshoot this is to try to connect to your AD using an > external tool such as ldapExplorer http://ldaptool.sourceforge.net/ > > ==> When you're able to connect to the AD using your admin user/passwd, > then try to browse the directory and search for your samAccountName=27679. > If it doesn't work: > * double check you admin user/pass > * try with SSL or TLS security > > Please also read: > http://www-01.ibm.com/support/docview.wss?uid=swg21290631 > > In your case: "data 525" means "user not found" > ==> your admin user defined in you LDAP configuration file is wrong. > ==> Change "ldap_admin_dn=CN:test,OU:HPSAccounts,OU:Accounts,OU:Business > Units,DC:ad,DC:ncc,DC:local" to the correct DN > > When everything works with "ldapexplorer", then you can get back to OM LDAP > setup. > > Thibault > > > -- > You received this message because you are subscribed to the Google Groups > "OpenMeetings User" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<openmeetings-user%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/openmeetings-user?hl=en. > > -- Sebastian Wagner http://www.webbase-design.de http://openmeetings.googlecode.com http://www.wagner-sebastian.com [email protected] -- You received this message because you are subscribed to the Google Groups "OpenMeetings User" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/openmeetings-user?hl=en.
