Re: LDAP Authentication with Database Fallback
hola, concerning your question about database fallback : if the OM installation is able to find the configured Ldap Configuration file, we assume, you want LDAP auth. - the database fallback should only take place, when LDAP auth is turned off (ment, to be able with OM while LDAP server is down or maintained in some way...) - admin users are always authenticated against local database concerning the organizations : - i am not sure, but i think, the message for multiplpe orgs is the same as for no org at all ;-) - after successful LDAP login, the user will be created/updated locally and assigned to the Default organization Can I suggest that you make scope = SCOPE and base = BASE? - sure u can ;-) see ya Smoeker On 23 Feb., 00:11, Simon Eng s...@ctfdi.com wrote: Can I suggest that you make scope = SCOPE and base = BASE? Right now I think SCOPE is confused with BASE. Clearly there will be other implications throughout the codebase that touches LDAP, but in the long run it will benefit those who use LDAP authentication in large organizations. // ConfigConstants public static final String CONFIGKEY_LDAP_URL = ldap_conn_url; public static final String CONFIGKEY_LDAP_ADMIN_DN = ldap_admin_dn; public static final String CONFIGKEY_LDAP_ADMIN_PASSWD = ldap_passwd; public static final String CONFIGKEY_LDAP_SEARCH_SCOPE = ldap_search_scope; // {base | one | subtree}, base=base_dn, one=include one level, subtree=base_dn and everything below, default = subtree public static final String CONFIGKEY_LDAP_SEARCH_BASE = ldap_search_base; public static final String CONFIGKEY_LDAP_AUTH_TYPE = ldap_auth_type; public static final String CONFIGKEY_LDAP_FIELDNAME_USER_PRINCIPAL = field_user_principal; -- You received this message because you are subscribed to the Google Groups OpenMeetings User group. To post to this group, send email to openmeetings-u...@googlegroups.com. To unsubscribe from this group, send email to openmeetings-user+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/openmeetings-user?hl=en.
LDAP Authentication with Database Fallback
Hi All... Should it be possible to authenticate using the database if an LDAP authentication fails? If we have LDAP enabled but it doesn't work correctly, then when a database-defined User or Moderator level user logs in they get a message Your account is assigned to multiple Organisations. Please choose one for this Session. with an empty selection box. All functionality works if you log in as a user with Admin level rights. If we disable LDAP authentication, database users work correctly at all levels. Our installation: Centos 5.4 x64 OM 1_1_r2905 MySql and PostgreSQL (tried both with the same results) (both sets of tables are UTF8) SWFTools ffMPEG OpenOffice-Headless OpenJDK 1.6 and Sun JDK 6 (tried both with the same results) LDAP config file is /opt/openmeetings/webapps/openmeetings/conf/ om_ldap.cfg and that value was in the configuration. What have I missed and/or screwed up? TIA Simon ERROR 02-22 22:15:30.284 MainService.java 44225 332 org.openmeetings.app.remote.MainService [NioProcessor-1] - loginUser : java.lang.NullPointerException: null at org.openmeetings.app.ldap.LdapLoginManagement.doLdapLogin(LdapLoginManagement.java: 236) [openmeetings.jar:na] at org.openmeetings.app.remote.MainService.loginUser(MainService.java: 277) [openmeetings.jar:na] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [na:1.6.0_18] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java: 39) [na:1.6.0_18] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java: 25) [na:1.6.0_18] at java.lang.reflect.Method.invoke(Method.java:597) [na: 1.6.0_18] at org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:200) [red5.jar:na] at org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:118) [red5.jar:na] at org.red5.server.net.rtmp.RTMPHandler.invokeCall(RTMPHandler.java:165) [red5.jar:na] at org.red5.server.net.rtmp.RTMPHandler.onInvoke(RTMPHandler.java:418) [red5.jar:na] at org.red5.server.net.rtmp.BaseRTMPHandler.messageReceived(BaseRTMPHandler.java: 138) [red5.jar:na] at org.red5.server.net.rtmp.RTMPMinaIoHandler.messageReceived(RTMPMinaIoHandler.java: 180) [red5.jar:na] at org.apache.mina.core.filterchain.DefaultIoFilterChain $TailFilter.messageReceived(DefaultIoFilterChain.java:713) [mina- core-2.0.0-RC1.jar:na] at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java: 434) [mina-core-2.0.0-RC1.jar:na] at org.apache.mina.core.filterchain.DefaultIoFilterChain.access $1200(DefaultIoFilterChain.java:46) [mina-core-2.0.0-RC1.jar:na] at org.apache.mina.core.filterchain.DefaultIoFilterChain $EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793) [mina- core-2.0.0-RC1.jar:na] at org.red5.server.net.filter.TrafficShapingFilter.messageReceived(TrafficShapingFilter.java: 204) [red5.jar:na] at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java: 434) [mina-core-2.0.0-RC1.jar:na] at org.apache.mina.core.filterchain.DefaultIoFilterChain.access $1200(DefaultIoFilterChain.java:46) [mina-core-2.0.0-RC1.jar:na] at org.apache.mina.core.filterchain.DefaultIoFilterChain $EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793) [mina- core-2.0.0-RC1.jar:na] at org.apache.mina.filter.codec.ProtocolCodecFilter $ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:375) [mina- core-2.0.0-RC1.jar:na] at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java: 229) [mina-core-2.0.0-RC1.jar:na] at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java: 434) [mina-core-2.0.0-RC1.jar:na] at org.apache.mina.core.filterchain.DefaultIoFilterChain.access $1200(DefaultIoFilterChain.java:46) [mina-core-2.0.0-RC1.jar:na] at org.apache.mina.core.filterchain.DefaultIoFilterChain $EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793) [mina- core-2.0.0-RC1.jar:na] at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java: 119) [mina-core-2.0.0-RC1.jar:na] at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java: 434) [mina-core-2.0.0-RC1.jar:na] at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java: 426) [mina-core-2.0.0-RC1.jar:na] at org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java: 638) [mina-core-2.0.0-RC1.jar:na] at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java: 598) [mina-core-2.0.0-RC1.jar:na] at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java: 587)
Re: LDAP Authentication with Database Fallback
And we progress. Apparently I did not install the all of the LDAP bits Centos requires. I had the base openldap RPM installed, but needed also: openldap-2.3.43-3.el5 python-ldap-2.2.0-2.1 ldapjdk-4.18-2jpp.3.el5 compat-openldap-2.3.43_2.2.29-3.el5 compat-openldap-2.3.43_2.2.29-3.el5 nss_ldap-253-22.el5_4 php-ldap-5.1.6-24.el5_4.5 nss_ldap-253-22.el5_4 openldap-clients-2.3.43-3.el5 openldap-2.3.43-3.el5 (The duplicates indicate both the 32-bit and 64-bit RPMS are installed.) Now I have a similar issue to the other poster who gets an error on the first login, but the second login works fine. Also, is there a configuration line I am missing to make it recursively search from the starting DN? For example, I would like to have it search all of the OUs under OU=Locations, OU=Company, OU=Com. -- You received this message because you are subscribed to the Google Groups OpenMeetings User group. To post to this group, send email to openmeetings-u...@googlegroups.com. To unsubscribe from this group, send email to openmeetings-user+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/openmeetings-user?hl=en.
Re: LDAP Authentication with Database Fallback
Can I suggest that you make scope = SCOPE and base = BASE? Right now I think SCOPE is confused with BASE. Clearly there will be other implications throughout the codebase that touches LDAP, but in the long run it will benefit those who use LDAP authentication in large organizations. // ConfigConstants public static final String CONFIGKEY_LDAP_URL = ldap_conn_url; public static final String CONFIGKEY_LDAP_ADMIN_DN = ldap_admin_dn; public static final String CONFIGKEY_LDAP_ADMIN_PASSWD = ldap_passwd; public static final String CONFIGKEY_LDAP_SEARCH_SCOPE = ldap_search_scope; // {base | one | subtree}, base=base_dn, one=include one level, subtree=base_dn and everything below, default = subtree public static final String CONFIGKEY_LDAP_SEARCH_BASE = ldap_search_base; public static final String CONFIGKEY_LDAP_AUTH_TYPE = ldap_auth_type; public static final String CONFIGKEY_LDAP_FIELDNAME_USER_PRINCIPAL = field_user_principal; -- You received this message because you are subscribed to the Google Groups OpenMeetings User group. To post to this group, send email to openmeetings-u...@googlegroups.com. To unsubscribe from this group, send email to openmeetings-user+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/openmeetings-user?hl=en.