After having a look at the source code, I confirm that for AD
authentication it tries a direct bind using the login as a fake "dn"
and the provided password.
This doesn't work for you as shows the capture.
I would highly suggest to give a try with the openldap auth instead.
----- Message de [email protected] ---------
Date : Thu, 05 Apr 2012 10:03:40 +0200
De : Thibault Le Meur <[email protected]>
Répondre à : [email protected]
Objet : Re: LDAP / ADS authentication fails in OpenMeetings
À : [email protected], Vieri <[email protected]>
Hi,
In any case, I've removed the "add domain to user" option within
OpenMeetings LDAP configuration and tried to login as domain user
"vdipaola" on the web interface (and using "biblio" as the bind dn
in LDAP config). I get the same error from openmeetings:
and I'm attaching the wireshark screenshot just in case you see
something I don't.
I'm very used to Openldap and not to AD.
In openldap we do what we call a "bind and search": we first bind as
the bind_dn user then search for the user DN based on the login name
entered, and finally try to bidn with the found user DN and the
provided user password.
Here, it tries to bind without looking for the user DN. I've seen
this working on some AD installations.
I'll have a look at the OM-LDAP code to see what occurs for AD
authentication.
I would be interrested in a test where the LDAP directory type is
switched to openLdap and see the related catpures.
I'll get back soon.
Thibault
I'm supposing that "BindResponse success" right after CN=biblio
means that user "biblio" was actually successfully connected to AD,
right?
If "vdipaola" is the domain user I'm trying to login with from the
openmeetings web interface, does it make sense to see another
"bindRequest" for user "vdipaola"? Also, in the second screenshot
I'm attaching, you can see that user "vdipaola" isn't sent like
user "biblio": it doesn't seem to send the DN as in
CN=Users,DC=...etc.
Is this expected?
Thanks,
Vieri
Thanks for your help.
Vieri
----- Fin du message de [email protected] -----
----- Fin du message de [email protected] -----