subject:"LDAP Authentication with Database Fallback"

Re: LDAP Authentication with Database Fallback

2010-02-23 Thread smoeker

hola,

concerning your question about database fallback :

if the OM installation is able to find the configured Ldap
Configuration file, we assume, you want LDAP auth.
- the database fallback should only take place, when LDAP auth is
turned off (ment, to be able with OM while LDAP server is down or
maintained in some way...)
- admin users are always authenticated against local database


concerning the organizations :
- i am not sure, but i think, the message for multiplpe orgs is the
same as for no org at all ;-)
- after successful LDAP login, the user will be created/updated
locally and assigned to the Default organization

Can I suggest that you make scope = SCOPE and base = BASE? 

- sure u can ;-)


see ya

 Smoeker

On 23 Feb., 00:11, Simon Eng s...@ctfdi.com wrote:
 Can I suggest that you make scope = SCOPE and base = BASE?
 Right now I think SCOPE is confused with BASE. Clearly there will be
 other implications throughout the codebase that touches LDAP, but in
 the long run it will benefit those who use LDAP authentication in
 large organizations.

        // ConfigConstants
         public static final String CONFIGKEY_LDAP_URL =
 ldap_conn_url;
         public static final String CONFIGKEY_LDAP_ADMIN_DN =
 ldap_admin_dn;
         public static final String CONFIGKEY_LDAP_ADMIN_PASSWD =
 ldap_passwd;
         public static final String CONFIGKEY_LDAP_SEARCH_SCOPE =
 ldap_search_scope;  // {base | one | subtree}, base=base_dn,
 one=include one level, subtree=base_dn and everything below, default =
 subtree
         public static final String CONFIGKEY_LDAP_SEARCH_BASE =
 ldap_search_base;
         public static final String CONFIGKEY_LDAP_AUTH_TYPE =
 ldap_auth_type;
         public static final String
 CONFIGKEY_LDAP_FIELDNAME_USER_PRINCIPAL = field_user_principal;

-- 
You received this message because you are subscribed to the Google Groups 
OpenMeetings User group.
To post to this group, send email to openmeetings-u...@googlegroups.com.
To unsubscribe from this group, send email to 
openmeetings-user+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/openmeetings-user?hl=en.

LDAP Authentication with Database Fallback

2010-02-22 Thread Simon Eng

Hi All...

Should it be possible to authenticate using the database if an LDAP
authentication fails? If we have LDAP enabled but it doesn't work
correctly, then when a database-defined User or Moderator level user
logs in they get a message Your account is assigned to multiple
Organisations. Please choose one for this Session. with an empty
selection box. All functionality works if you log in as a user with
Admin level rights.

If we disable LDAP authentication, database users work correctly at
all levels.

Our installation:

Centos 5.4 x64
OM 1_1_r2905
MySql and PostgreSQL (tried both with the same results) (both sets of
tables are UTF8)
SWFTools
ffMPEG
OpenOffice-Headless
OpenJDK 1.6 and Sun JDK 6 (tried both with the same results)
LDAP config file is  /opt/openmeetings/webapps/openmeetings/conf/
om_ldap.cfg and that value was in the configuration.

What have I missed and/or screwed up?

TIA
Simon

ERROR 02-22 22:15:30.284 MainService.java 44225 332
org.openmeetings.app.remote.MainService [NioProcessor-1] - loginUser :
java.lang.NullPointerException: null
at
org.openmeetings.app.ldap.LdapLoginManagement.doLdapLogin(LdapLoginManagement.java:
236) [openmeetings.jar:na]
at
org.openmeetings.app.remote.MainService.loginUser(MainService.java:
277) [openmeetings.jar:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[na:1.6.0_18]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
39) [na:1.6.0_18]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:
25) [na:1.6.0_18]
at java.lang.reflect.Method.invoke(Method.java:597) [na:
1.6.0_18]
at
org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:200)
[red5.jar:na]
at
org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:118)
[red5.jar:na]
at
org.red5.server.net.rtmp.RTMPHandler.invokeCall(RTMPHandler.java:165)
[red5.jar:na]
at
org.red5.server.net.rtmp.RTMPHandler.onInvoke(RTMPHandler.java:418)
[red5.jar:na]
at
org.red5.server.net.rtmp.BaseRTMPHandler.messageReceived(BaseRTMPHandler.java:
138) [red5.jar:na]
at
org.red5.server.net.rtmp.RTMPMinaIoHandler.messageReceived(RTMPMinaIoHandler.java:
180) [red5.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain
$TailFilter.messageReceived(DefaultIoFilterChain.java:713) [mina-
core-2.0.0-RC1.jar:na]
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:
434) [mina-core-2.0.0-RC1.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access
$1200(DefaultIoFilterChain.java:46) [mina-core-2.0.0-RC1.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain
$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793) [mina-
core-2.0.0-RC1.jar:na]
at
org.red5.server.net.filter.TrafficShapingFilter.messageReceived(TrafficShapingFilter.java:
204) [red5.jar:na]
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:
434) [mina-core-2.0.0-RC1.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access
$1200(DefaultIoFilterChain.java:46) [mina-core-2.0.0-RC1.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain
$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793) [mina-
core-2.0.0-RC1.jar:na]
at org.apache.mina.filter.codec.ProtocolCodecFilter
$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:375) [mina-
core-2.0.0-RC1.jar:na]
at
org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:
229) [mina-core-2.0.0-RC1.jar:na]
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:
434) [mina-core-2.0.0-RC1.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access
$1200(DefaultIoFilterChain.java:46) [mina-core-2.0.0-RC1.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain
$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793) [mina-
core-2.0.0-RC1.jar:na]
at
org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:
119) [mina-core-2.0.0-RC1.jar:na]
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:
434) [mina-core-2.0.0-RC1.jar:na]
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:
426) [mina-core-2.0.0-RC1.jar:na]
at
org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:
638) [mina-core-2.0.0-RC1.jar:na]
at
org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:
598) [mina-core-2.0.0-RC1.jar:na]
at
org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:
587)

Re: LDAP Authentication with Database Fallback

2010-02-22 Thread Simon Eng

And we progress. Apparently I did not install the all of the LDAP bits
Centos requires. I had the base openldap RPM installed, but needed
also:

openldap-2.3.43-3.el5
python-ldap-2.2.0-2.1
ldapjdk-4.18-2jpp.3.el5
compat-openldap-2.3.43_2.2.29-3.el5
compat-openldap-2.3.43_2.2.29-3.el5
nss_ldap-253-22.el5_4
php-ldap-5.1.6-24.el5_4.5
nss_ldap-253-22.el5_4
openldap-clients-2.3.43-3.el5
openldap-2.3.43-3.el5

(The duplicates indicate both the 32-bit and 64-bit RPMS are
installed.)


Now I have a similar issue to the other poster who gets an error on
the first login, but the second login works fine.

Also, is there a configuration line I am missing to make it
recursively search from the starting DN? For example, I would like to
have it search all of the OUs under OU=Locations, OU=Company, OU=Com.

-- 
You received this message because you are subscribed to the Google Groups 
OpenMeetings User group.
To post to this group, send email to openmeetings-u...@googlegroups.com.
To unsubscribe from this group, send email to 
openmeetings-user+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/openmeetings-user?hl=en.

Re: LDAP Authentication with Database Fallback

2010-02-22 Thread Simon Eng

Can I suggest that you make scope = SCOPE and base = BASE?
Right now I think SCOPE is confused with BASE. Clearly there will be
other implications throughout the codebase that touches LDAP, but in
the long run it will benefit those who use LDAP authentication in
large organizations.

// ConfigConstants
public static final String CONFIGKEY_LDAP_URL =
ldap_conn_url;
public static final String CONFIGKEY_LDAP_ADMIN_DN =
ldap_admin_dn;
public static final String CONFIGKEY_LDAP_ADMIN_PASSWD =
ldap_passwd;
public static final String CONFIGKEY_LDAP_SEARCH_SCOPE =
ldap_search_scope;  // {base | one | subtree}, base=base_dn,
one=include one level, subtree=base_dn and everything below, default =
subtree
public static final String CONFIGKEY_LDAP_SEARCH_BASE =
ldap_search_base;
public static final String CONFIGKEY_LDAP_AUTH_TYPE =
ldap_auth_type;
public static final String
CONFIGKEY_LDAP_FIELDNAME_USER_PRINCIPAL = field_user_principal;

-- 
You received this message because you are subscribed to the Google Groups 
OpenMeetings User group.
To post to this group, send email to openmeetings-u...@googlegroups.com.
To unsubscribe from this group, send email to 
openmeetings-user+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/openmeetings-user?hl=en.

Re: LDAP Authentication with Database Fallback

LDAP Authentication with Database Fallback

Re: LDAP Authentication with Database Fallback

Re: LDAP Authentication with Database Fallback

4 matches

Site Navigation

Mail list logo

Footer information