Re: OM and LDAP didn't play well with each other
This is a known-good configuration. Try this and see if the UPN works. Then if it does, you can try experimenting. I don't think you will get sAMAccountName to work yet, because the code doesn't look for that. ldap_server_type=LDAP #LDAP URL # does a DNS lookup for Domain Controllers (if your DNS is setup correctly, see resolv.conf) ldap_conn_url=ldap://domain.net:389 #Login distinguished name (DN) for Authentification on LDAP Server - keep emtpy if not requiered ldap_admin_dn=CN:OpenMeetings Service Account,OU:Service Accounts,OU:Enterprise,DC:domain,DC:net #Loginpass for Authentification on LDAP Server - keep emtpy if not requiered ldap_passwd=x #base to search for userdata(of user, that wants to login ldap_search_base=DC:domain,DC:net # Fieldnames (can differ between Ldap servers) field_user_principal=userPrincipalName # Ldap auth type(SIMPLE,NONE) ldap_auth_type=SIMPLE On Mar 1, 9:00 pm, Danny Trinh danny.d.tr...@gmail.com wrote: I also tried UPN (email address), but it said invalid password. [ERROR] [NioProcessor-1] org.openmeetings.app.data.user.Usermanagement - dtr...@eastonbellsports.com not authenticated. WARN 03-01 19:58:41.296 MainService.java 2045275 254 org.openmeetings.app.remote.MainService [NioProcessor-1] - loginUser 111: f040fb3ef0ba550b0722b8432017b716 dtr...@eastonbellsports.com DEBUG 03-01 19:58:41.297 Usermanagement.java 2045276 1384 org.openmeetings.app.data.user.Usermanagement [NioProcessor-1] - Usermanagement.getUserByLoginOrEmail : dtr...@eastonbellsports.com DEBUG 03-01 19:58:41.300 MainService.java 2045279 271 org.openmeetings.app.remote.MainService [NioProcessor-1] - Ldap Login [ERROR] [NioProcessor-1] org.openmeetings.app.data.user.Usermanagement - Error occured on LDAP Search : [LDAP: error code 4 - Sizelimit Exceeded] [ERROR] [NioProcessor-1] org.openmeetings.app.data.user.Usermanagement - Authentification on LDAP Server failed : [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece] [ERROR] [NioProcessor-1] org.openmeetings.app.data.user.Usermanagement - dtr...@eastonbellsports.com not authenticated. -- You received this message because you are subscribed to the Google Groups OpenMeetings User group. To post to this group, send email to openmeetings-u...@googlegroups.com. To unsubscribe from this group, send email to openmeetings-user+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/openmeetings-user?hl=en.
Re: OM and LDAP didn't play well with each other
Try without encryption to eliminate it as a possibility. We are currently not using crypto (we run this on a closed network.) On Mar 2, 1:55 pm, Danny Trinh danny.d.tr...@gmail.com wrote: I tried both userPrincipalName and sAMAccountName, both produce similar errors. It seemed that LDAP didn't transfer MD5 crypt password correctly. I also use both Crypt-types that mention inhttp://code.google.com/p/openmeetings/wiki/CustomCryptMechanism. I think I missed some thing else. Any idea? WARN 03-02 12:46:19.005 MainService.java 52080 254 org.openmeetings.app.remote.MainService [NioProcessor-1] - loginUser 111: 7b7881983b8bbb64e9b6518ae1817ad3 dtrinh DEBUG 03-02 12:46:19.006 Usermanagement.java 52081 1384 org.openmeetings.app.data.user.Usermanagement [NioProcessor-1] - Usermanagement.getUserByLoginOrEmail : dtrinh DEBUG 03-02 12:46:19.016 MainService.java 52091 271 org.openmeetings.app.remote.MainService [NioProcessor-1] - Ldap Login [ERROR] [NioProcessor-1] org.openmeetings.app.data.user.Usermanagement - Authentification on LDAP Server failed : [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece] [ERROR] [NioProcessor-1] org.openmeetings.app.data.user.Usermanagement - Authentification on LDAP Server failed : [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece] WARN 03-02 12:46:35.343 MainService.java 68418 254 org.openmeetings.app.remote.MainService [NioProcessor-1] - loginUser 111: 7b7881983b8bbb64e9b6518ae1817ad3 dtr...@eastonbellsports.com DEBUG 03-02 12:46:35.344 Usermanagement.java 68419 1384 org.openmeetings.app.data.user.Usermanagement [NioProcessor-1] - Usermanagement.getUserByLoginOrEmail : dtr...@eastonbellsports.com DEBUG 03-02 12:46:35.349 MainService.java 68424 271 org.openmeetings.app.remote.MainService [NioProcessor-1] - Ldap Login [ERROR] [NioProcessor-1] org.openmeetings.app.data.user.Usermanagement - Authentification on LDAP Server failed : [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece] [ERROR] [NioProcessor-1] org.openmeetings.app.data.user.Usermanagement - Authentification on LDAP Server failed : [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece] -- You received this message because you are subscribed to the Google Groups OpenMeetings User group. To post to this group, send email to openmeetings-u...@googlegroups.com. To unsubscribe from this group, send email to openmeetings-user+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/openmeetings-user?hl=en.
Re: OM and LDAP didn't play well with each other
Yes, we have it working. Unless the OM team gets to it first, we will put together an extension to the LDAP classes to create and populate organisations in OM based on AD group membership. We also need to be able to restrict logins based on AD group memebership. One minor bug with the LDAP auth is the fact that you have to login twice for it to take effect. The first login generates the empty organisation box, but the login is created in the OM database with the default org (if you have the correct default organisation defined). Also, we are not using the sAMAccountName. We are using UPN logins. I notice in your config that you have ldap_admin_dn=CN:openfire,DC:b,DC:c,DC:loc Are you sure that this is the correct FQDN? If the user is in the Users container, if would be something like ldap_admin_dn=CN:openfire,CN:Users,DC:b,DC:c,DC:loc Or if you have a more complex structure (like ours) ldap_admin_dn=CN:_svc_ldap,OU:Service Accounts,OU:Enterprise,DC:subdomain,DC:domain,DC:tld I also suggest that you use a simpler LDAP connection (like ldap_conn_url = ldap://10.10.10.10:389/) to get it working and then go from there. Then login using u...@domain.tld or whatever your UPN format is. On Feb 28, 11:42 am, Danny Trinh danny.d.tr...@gmail.com wrote: Below are what I have installed to try LDAP: [r...@l2dev ~]# rpm -qa |grep ldap | sort apr-util-ldap-1.3.9-2.fc12.x86_64 krb5-server-ldap-1.7.1-2.fc12.x86_64 ldapjdk-4.18-5.fc12.x86_64 mozldap-6.0.5-6.fc12.i686 mozldap-6.0.5-6.fc12.x86_64 mozldap-devel-6.0.5-6.fc12.i686 mozldap-devel-6.0.5-6.fc12.x86_64 mozldap-tools-6.0.5-6.fc12.x86_64 nss_ldap-264-8.fc12.x86_64 nss-ldapd-0.6.11-2.fc12.x86_64 openldap-2.4.19-1.fc12.i686 openldap-2.4.19-1.fc12.x86_64 openldap-clients-2.4.19-1.fc12.x86_64 openldap-devel-2.4.19-1.fc12.x86_64 openser-ldap-1.3.4-8.fc12.x86_64 php-ldap-5.3.1-1.fc12.x86_64 python-ldap-2.3.10-1.fc12.x86_64 [r...@l2dev ~]# Simon, are you successfully utilizing LDAP for OM? Can you share with us? Thanks, -- You received this message because you are subscribed to the Google Groups OpenMeetings User group. To post to this group, send email to openmeetings-u...@googlegroups.com. To unsubscribe from this group, send email to openmeetings-user+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/openmeetings-user?hl=en.
Re: OM and LDAP didn't play well with each other
I had similar issues with Centos. Which ldap rpms do you have installed? You will need some or all of the following: mozldap-6.0.5-1.el5 ldapjdk-4.18-2jpp.3.el5 openldap-2.3.43-3.el5 openldap-clients-2.3.43-3.el5 Or the Fedora equivalents. -- You received this message because you are subscribed to the Google Groups OpenMeetings User group. To post to this group, send email to openmeetings-u...@googlegroups.com. To unsubscribe from this group, send email to openmeetings-user+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/openmeetings-user?hl=en.
LDAP Authentication with Database Fallback
Hi All... Should it be possible to authenticate using the database if an LDAP authentication fails? If we have LDAP enabled but it doesn't work correctly, then when a database-defined User or Moderator level user logs in they get a message Your account is assigned to multiple Organisations. Please choose one for this Session. with an empty selection box. All functionality works if you log in as a user with Admin level rights. If we disable LDAP authentication, database users work correctly at all levels. Our installation: Centos 5.4 x64 OM 1_1_r2905 MySql and PostgreSQL (tried both with the same results) (both sets of tables are UTF8) SWFTools ffMPEG OpenOffice-Headless OpenJDK 1.6 and Sun JDK 6 (tried both with the same results) LDAP config file is /opt/openmeetings/webapps/openmeetings/conf/ om_ldap.cfg and that value was in the configuration. What have I missed and/or screwed up? TIA Simon ERROR 02-22 22:15:30.284 MainService.java 44225 332 org.openmeetings.app.remote.MainService [NioProcessor-1] - loginUser : java.lang.NullPointerException: null at org.openmeetings.app.ldap.LdapLoginManagement.doLdapLogin(LdapLoginManagement.java: 236) [openmeetings.jar:na] at org.openmeetings.app.remote.MainService.loginUser(MainService.java: 277) [openmeetings.jar:na] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [na:1.6.0_18] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java: 39) [na:1.6.0_18] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java: 25) [na:1.6.0_18] at java.lang.reflect.Method.invoke(Method.java:597) [na: 1.6.0_18] at org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:200) [red5.jar:na] at org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:118) [red5.jar:na] at org.red5.server.net.rtmp.RTMPHandler.invokeCall(RTMPHandler.java:165) [red5.jar:na] at org.red5.server.net.rtmp.RTMPHandler.onInvoke(RTMPHandler.java:418) [red5.jar:na] at org.red5.server.net.rtmp.BaseRTMPHandler.messageReceived(BaseRTMPHandler.java: 138) [red5.jar:na] at org.red5.server.net.rtmp.RTMPMinaIoHandler.messageReceived(RTMPMinaIoHandler.java: 180) [red5.jar:na] at org.apache.mina.core.filterchain.DefaultIoFilterChain $TailFilter.messageReceived(DefaultIoFilterChain.java:713) [mina- core-2.0.0-RC1.jar:na] at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java: 434) [mina-core-2.0.0-RC1.jar:na] at org.apache.mina.core.filterchain.DefaultIoFilterChain.access $1200(DefaultIoFilterChain.java:46) [mina-core-2.0.0-RC1.jar:na] at org.apache.mina.core.filterchain.DefaultIoFilterChain $EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793) [mina- core-2.0.0-RC1.jar:na] at org.red5.server.net.filter.TrafficShapingFilter.messageReceived(TrafficShapingFilter.java: 204) [red5.jar:na] at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java: 434) [mina-core-2.0.0-RC1.jar:na] at org.apache.mina.core.filterchain.DefaultIoFilterChain.access $1200(DefaultIoFilterChain.java:46) [mina-core-2.0.0-RC1.jar:na] at org.apache.mina.core.filterchain.DefaultIoFilterChain $EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793) [mina- core-2.0.0-RC1.jar:na] at org.apache.mina.filter.codec.ProtocolCodecFilter $ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:375) [mina- core-2.0.0-RC1.jar:na] at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java: 229) [mina-core-2.0.0-RC1.jar:na] at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java: 434) [mina-core-2.0.0-RC1.jar:na] at org.apache.mina.core.filterchain.DefaultIoFilterChain.access $1200(DefaultIoFilterChain.java:46) [mina-core-2.0.0-RC1.jar:na] at org.apache.mina.core.filterchain.DefaultIoFilterChain $EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793) [mina- core-2.0.0-RC1.jar:na] at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java: 119) [mina-core-2.0.0-RC1.jar:na] at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java: 434) [mina-core-2.0.0-RC1.jar:na] at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java: 426) [mina-core-2.0.0-RC1.jar:na] at org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java: 638) [mina-core-2.0.0-RC1.jar:na] at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java: 598) [mina-core-2.0.0-RC1.jar:na] at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java: 587)
Re: LDAP Authentication with Database Fallback
And we progress. Apparently I did not install the all of the LDAP bits Centos requires. I had the base openldap RPM installed, but needed also: openldap-2.3.43-3.el5 python-ldap-2.2.0-2.1 ldapjdk-4.18-2jpp.3.el5 compat-openldap-2.3.43_2.2.29-3.el5 compat-openldap-2.3.43_2.2.29-3.el5 nss_ldap-253-22.el5_4 php-ldap-5.1.6-24.el5_4.5 nss_ldap-253-22.el5_4 openldap-clients-2.3.43-3.el5 openldap-2.3.43-3.el5 (The duplicates indicate both the 32-bit and 64-bit RPMS are installed.) Now I have a similar issue to the other poster who gets an error on the first login, but the second login works fine. Also, is there a configuration line I am missing to make it recursively search from the starting DN? For example, I would like to have it search all of the OUs under OU=Locations, OU=Company, OU=Com. -- You received this message because you are subscribed to the Google Groups OpenMeetings User group. To post to this group, send email to openmeetings-u...@googlegroups.com. To unsubscribe from this group, send email to openmeetings-user+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/openmeetings-user?hl=en.
Re: LDAP Authentication with Database Fallback
Can I suggest that you make scope = SCOPE and base = BASE?
Right now I think SCOPE is confused with BASE. Clearly there will be
other implications throughout the codebase that touches LDAP, but in
the long run it will benefit those who use LDAP authentication in
large organizations.
// ConfigConstants
public static final String CONFIGKEY_LDAP_URL =
ldap_conn_url;
public static final String CONFIGKEY_LDAP_ADMIN_DN =
ldap_admin_dn;
public static final String CONFIGKEY_LDAP_ADMIN_PASSWD =
ldap_passwd;
public static final String CONFIGKEY_LDAP_SEARCH_SCOPE =
ldap_search_scope; // {base | one | subtree}, base=base_dn,
one=include one level, subtree=base_dn and everything below, default =
subtree
public static final String CONFIGKEY_LDAP_SEARCH_BASE =
ldap_search_base;
public static final String CONFIGKEY_LDAP_AUTH_TYPE =
ldap_auth_type;
public static final String
CONFIGKEY_LDAP_FIELDNAME_USER_PRINCIPAL = field_user_principal;
--
You received this message because you are subscribed to the Google Groups
OpenMeetings User group.
To post to this group, send email to openmeetings-u...@googlegroups.com.
To unsubscribe from this group, send email to
openmeetings-user+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/openmeetings-user?hl=en.
Trouble with LDAP/AD integration
Hi All! First off, my hat's off to the OM team. What an awesome project! We have tested the basic functionality using the VM and are now building a dedicated server for our internal video conferencing. We have run into trouble though with the LDAP authentication. The setup: Centos 5.4 x64 Sun Java JDK 6.0 Postgres 8.4 OM 1.1 r2905 All other dependencies were met we believe including SWFTools, FFMPEG, OpenOffice etc. Regular user logons work fine, but I get this (logs below) when I try to log in using LDAP. Looks like I'm either missing something or I haven't configured LDAP (om_ldap.cfg) correctly?: Path to om_ldap.cfg has been verified and is correctly entered in the Configuration. What's missing? Thanks, Simon DEBUG 02-19 22:49:31.299 Fieldmanagment.java 43932 235 org.openmeetings.app.data.basic.Fieldmanagment [NioProcessor-1] - Language doesnt requiere RTL! DEBUG 02-19 22:49:31.494 Fieldmanagment.java 44127 203 org.openmeetings.app.data.basic.Fieldmanagment [NioProcessor-1] - Getting Labels for Language english DEBUG 02-19 22:49:31.495 Fieldmanagment.java 44128 235 org.openmeetings.app.data.basic.Fieldmanagment [NioProcessor-1] - Language doesnt requiere RTL! DEBUG 02-19 22:49:31.688 Fieldmanagment.java 44321 203 org.openmeetings.app.data.basic.Fieldmanagment [NioProcessor-1] - Getting Labels for Language english DEBUG 02-19 22:49:31.689 Fieldmanagment.java 44322 235 org.openmeetings.app.data.basic.Fieldmanagment [NioProcessor-1] - Language doesnt requiere RTL! DEBUG 02-19 22:49:31.872 Fieldmanagment.java 44505 203 org.openmeetings.app.data.basic.Fieldmanagment [NioProcessor-1] - Getting Labels for Language english DEBUG 02-19 22:49:31.873 Fieldmanagment.java 44506 235 org.openmeetings.app.data.basic.Fieldmanagment [NioProcessor-1] - Language doesnt requiere RTL! DEBUG 02-19 22:49:32.089 Fieldmanagment.java 44722 203 org.openmeetings.app.data.basic.Fieldmanagment [NioProcessor-1] - Getting Labels for Language english DEBUG 02-19 22:49:32.090 Fieldmanagment.java 44723 235 org.openmeetings.app.data.basic.Fieldmanagment [NioProcessor-1] - Language doesnt requiere RTL! DEBUG 02-19 22:49:32.303 Fieldmanagment.java 44936 203 org.openmeetings.app.data.basic.Fieldmanagment [NioProcessor-1] - Getting Labels for Language english DEBUG 02-19 22:49:32.303 Fieldmanagment.java 44936 235 org.openmeetings.app.data.basic.Fieldmanagment [NioProcessor-1] - Language doesnt requiere RTL! DEBUG 02-19 22:49:32.497 Fieldmanagment.java 45130 203 org.openmeetings.app.data.basic.Fieldmanagment [NioProcessor-1] - Getting Labels for Language english DEBUG 02-19 22:49:32.498 Fieldmanagment.java 45131 235 org.openmeetings.app.data.basic.Fieldmanagment [NioProcessor-1] - Language doesnt requiere RTL! DEBUG 02-19 22:49:32.692 Fieldmanagment.java 45325 203 org.openmeetings.app.data.basic.Fieldmanagment [NioProcessor-1] - Getting Labels for Language english DEBUG 02-19 22:49:32.693 Fieldmanagment.java 45326 235 org.openmeetings.app.data.basic.Fieldmanagment [NioProcessor-1] - Language doesnt requiere RTL! ERROR 02-19 22:49:35.813 Sessionmanagement.java 48446 112 org.openmeetings.app.data.basic.Sessionmanagement [NioProcessor-1] - Could not find session to update: WARN 02-19 22:49:48.144 MainService.java 60777 254 org.openmeetings.app.remote.MainService [NioProcessor-1] - loginUser 111: 2451b087b6aa3a400d53138bbd5d0d6e mylo...@network.net DEBUG 02-19 22:49:48.145 Usermanagement.java 60778 1384 org.openmeetings.app.data.user.Usermanagement [NioProcessor-1] - Usermanagement.getUserByLoginOrEmail : mylo...@network.net DEBUG 02-19 22:49:48.187 MainService.java 60820 271 org.openmeetings.app.remote.MainService [NioProcessor-1] - Ldap Login ERROR 02-19 22:49:48.631 MainService.java 61264 332 org.openmeetings.app.remote.MainService [NioProcessor-1] - loginUser : java.lang.NullPointerException: null at org.openmeetings.app.ldap.LdapLoginManagement.doLdapLogin(LdapLoginManagement.java: 236) [openmeetings.jar:na] at org.openmeetings.app.remote.MainService.loginUser(MainService.java: 277) [openmeetings.jar:na] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [na:1.6.0_18] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java: 39) [na:1.6.0_18] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java: 25) [na:1.6.0_18] at java.lang.reflect.Method.invoke(Method.java:597) [na: 1.6.0_18] at org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:200) [red5.jar:na] at org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:118) [red5.jar:na] at org.red5.server.net.rtmp.RTMPHandler.invokeCall(RTMPHandler.java:165) [red5.jar:na] at org.red5.server.net.rtmp.RTMPHandler.onInvoke(RTMPHandler.java:418) [red5.jar:na] at org.red5.server.net.rtmp.BaseRTMPHandler.messageReceived(BaseRTMPHandler.java: 138) [red5.jar:na] at
