Re: LDAP / ADS authentication fails in OpenMeetings

[Thibault Le Meur]

After having a look at the source code, I confirm that for AD  
authentication it tries a direct bind using the login as a fake "dn"  
and the provided password.
This doesn't work for you as shows the capture.

I would highly suggest to give a try with the openldap auth instead.

----- Message de thibault.lem...@supelec.fr ---------
    Date : Thu, 05 Apr 2012 10:03:40 +0200
     De : Thibault Le Meur <thibault.lem...@supelec.fr>
Répondre à : openmeetings-user@incubator.apache.org
 Objet : Re: LDAP / ADS authentication fails in OpenMeetings
      À : openmeetings-user@incubator.apache.org, Vieri <rentor...@yahoo.com>


Hi,


In any case, I've removed the "add domain to user" option within  
OpenMeetings LDAP configuration and tried to login as domain user  
"vdipaola" on the web interface (and using "biblio" as the bind dn  
in LDAP config). I get the same error from openmeetings:

and I'm attaching the wireshark screenshot just in case you see  
something I don't.

I'm very used to Openldap and not to AD.
In openldap we do what we call a "bind and search": we first bind as  
the bind_dn user then search for the user DN based on the login name  
entered, and finally try to bidn with the found user DN and the  
provided user password.

Here, it tries to bind without looking for the user DN. I've seen  
this working on some AD installations.

I'll have a look at the OM-LDAP code to see what occurs for AD  
authentication.

I would be interrested in a test where the LDAP directory type is  
switched to openLdap and see the related catpures.

I'll get back soon.

Thibault





I'm supposing that "BindResponse success" right after CN=biblio  
means that user "biblio" was actually successfully connected to AD,  
right?

If "vdipaola" is the domain user I'm trying to login with from the  
openmeetings web interface, does it make sense to see another  
"bindRequest" for user "vdipaola"? Also, in the second screenshot  
I'm attaching, you can see that user "vdipaola" isn't sent like  
user "biblio": it doesn't seem to send the DN as in  
CN=Users,DC=...etc.
Is this expected?

Thanks,

Vieri

Thanks for your help.

Vieri


----- Fin du message de rentor...@yahoo.com -----






----- Fin du message de thibault.lem...@supelec.fr -----