Re: Active Directory Authentification
hmmm unfortunately i am no developer. and i am also not very confident with eclipse :-( I will write an email to sebastion about this and ask him, what it would cost us to get this combo box solution ;-) Thank you very much! If you get another idea - don't hesitate me to test something as this is really important for us. Best Regards, Markus On 10 Jun., 12:20, smoeker wrote: > hola markus, > > - there is a developer list in the wiki. > - if you already have contact to seba, u r in the best hands > concerning any OM topic ;-) > > Seba has already added the valid idea of using multiple configurations > for either mutliple LDAP - Server or multiple configurations for the > same LDAP Server... > > to keep it simple, one could save 0-N ldap configs with a certain > prefix/suffix into config folder of om - for every valid file the > combo on login could show a entry and use this configuration. > if no ldap config is available , the current standard logic could take > place (no ldap login - auth against local database).. > > concering your "-13" error, this is still kind of a mistery, because > the only place in sourcecode, i found where -13 is used as return > value is the error concering login length... > > if you are confident with eclipse debugger, i would recommend to debug > through the login process and keep an eye on exceptions/errors that > arent thrown back to GUI or even a process, changing the login > name > > see ya > > Smoeker > > On 10 Jun., 11:47, Markus wrote: > > > Hi, > > > In Fact, my Testuser already HAS 6 chars... so I don't think this is > > the Problem... I am also using the nightly Build from June 1st. I > > think it is also a strange chance, that only the users of the Asian > > and American Domain have these problems. The Europeans work... > > > I talked to an Active Directoy Specialist about this Problem and he > > told me, I would have to ask the Global Cataloge of the AD to get the > > information for all the subdomains. I did this by changing the LDAP > > Port to 3268. The Europeans still worked but it did not change > > anything for the Americans and Asians... :-( > > > Any Other Idea? > > > here my om_ldap.cfg again: > > > #specify the LDAP Server type > > ldap_server_type=AD > > > #LDAP URL > > #ldap_conn_url=ldap://rootserver.example.org:389 > > ldap_conn_url=ldap://rootserver.example.org:3268 > > > #Login distinguished name (DN) for Authentification on LDAP Server - > > keep emtpy if not requiered > > ldap_admin_dn=CN:Administrator,CN:Users,DC:example,DC:org > > > #ldap_passwd=root12 > > ldap_passwd=geheim > > > #base to search for userdata(of user, that wants to login > > ldap_search_base=DC:example,DC:org > > > # Fieldnames (can differ between Ldap servers) > > ### z.B.: testus...@eu.example.org > > #field_user_principal=sAMAccountName > > field_user_principal=userPrincipalName > > > # Ldap auth type(SIMPLE,NONE) > > ldap_auth_type=SIMPLE > > > ldap_sync_password_to_om=yes > > > # Ldap user attributes mapping > > # Set the following internal OM user attributes to their corresponding > > Ldap-attribute > > ldap_user_attr_lastname=sn > > ldap_user_attr_firstname=givenName > > ldap_user_attr_mail=mail > > ldap_user_attr_street=streetAddress > > ldap_user_attr_additionalname=description > > ldap_user_attr_fax=facsimileTelephoneNumber > > ldap_user_attr_zip=postalCode > > ldap_user_attr_country=co > > ldap_user_attr_town=l > > ldap_user_attr_phone=telephoneNumber > > > Coming Back to the idea of hiring a developer: > > > Our Customer would hire one. But then he wants something like this: > > > As Username, you use you sAMAccount Name. Then you have a Box, where > > you choose, wether you are in the European, American or Asian Domain. > > Just like it is in the Windows Login, where you can choose to which > > Domain you want to Login (or local). > > > Is it Possible to do this? And who will I have to contact? Like I > > already said: My Colleague and me met Mr. Wagner last week and asked > > him about a specific change in Openmeetings. This is the same > > customer, so I guess it could be a good win-win situation if you would > > be able to build an specialist Openmeetings. > > > Regards, > > Markus > > > On 9 Jun., 10:18, smoeker wrote: > > > > hi seba, > > > > thnx for the feedback - i just scanned an elder revision for the > > > errorcode -13 > > > > @markus : can you verify, if this limitation could be a reason for > > > your problem? > > > > see ya > > > > Smoeker > > > > On 9 Jun., 10:10, Sebastian Wagner wrote: > > > > > HI, > > > > > I think I already reduced the restriction from 6 chars to 4 chars again. > > > > Some external authentifications require 6 chars minimum, while I think > > > > 4 chars would be even enough. > > > > > Sebastian > > > > > 2010/6/9 smoeker : > > > > > > hola, > > > > > > regarding your logfile, the error doesnt seem to happen on > > > > > authentication itself, but on retrieving userdetail data from LDAP > > > > > Server after su
Re: Active Directory Authentification
hola markus, - there is a developer list in the wiki. - if you already have contact to seba, u r in the best hands concerning any OM topic ;-) Seba has already added the valid idea of using multiple configurations for either mutliple LDAP - Server or multiple configurations for the same LDAP Server... to keep it simple, one could save 0-N ldap configs with a certain prefix/suffix into config folder of om - for every valid file the combo on login could show a entry and use this configuration. if no ldap config is available , the current standard logic could take place (no ldap login - auth against local database).. concering your "-13" error, this is still kind of a mistery, because the only place in sourcecode, i found where -13 is used as return value is the error concering login length... if you are confident with eclipse debugger, i would recommend to debug through the login process and keep an eye on exceptions/errors that arent thrown back to GUI or even a process, changing the login name see ya Smoeker On 10 Jun., 11:47, Markus wrote: > Hi, > > In Fact, my Testuser already HAS 6 chars... so I don't think this is > the Problem... I am also using the nightly Build from June 1st. I > think it is also a strange chance, that only the users of the Asian > and American Domain have these problems. The Europeans work... > > I talked to an Active Directoy Specialist about this Problem and he > told me, I would have to ask the Global Cataloge of the AD to get the > information for all the subdomains. I did this by changing the LDAP > Port to 3268. The Europeans still worked but it did not change > anything for the Americans and Asians... :-( > > Any Other Idea? > > here my om_ldap.cfg again: > > #specify the LDAP Server type > ldap_server_type=AD > > #LDAP URL > #ldap_conn_url=ldap://rootserver.example.org:389 > ldap_conn_url=ldap://rootserver.example.org:3268 > > #Login distinguished name (DN) for Authentification on LDAP Server - > keep emtpy if not requiered > ldap_admin_dn=CN:Administrator,CN:Users,DC:example,DC:org > > #ldap_passwd=root12 > ldap_passwd=geheim > > #base to search for userdata(of user, that wants to login > ldap_search_base=DC:example,DC:org > > # Fieldnames (can differ between Ldap servers) > ### z.B.: testus...@eu.example.org > #field_user_principal=sAMAccountName > field_user_principal=userPrincipalName > > # Ldap auth type(SIMPLE,NONE) > ldap_auth_type=SIMPLE > > ldap_sync_password_to_om=yes > > # Ldap user attributes mapping > # Set the following internal OM user attributes to their corresponding > Ldap-attribute > ldap_user_attr_lastname=sn > ldap_user_attr_firstname=givenName > ldap_user_attr_mail=mail > ldap_user_attr_street=streetAddress > ldap_user_attr_additionalname=description > ldap_user_attr_fax=facsimileTelephoneNumber > ldap_user_attr_zip=postalCode > ldap_user_attr_country=co > ldap_user_attr_town=l > ldap_user_attr_phone=telephoneNumber > > Coming Back to the idea of hiring a developer: > > Our Customer would hire one. But then he wants something like this: > > As Username, you use you sAMAccount Name. Then you have a Box, where > you choose, wether you are in the European, American or Asian Domain. > Just like it is in the Windows Login, where you can choose to which > Domain you want to Login (or local). > > Is it Possible to do this? And who will I have to contact? Like I > already said: My Colleague and me met Mr. Wagner last week and asked > him about a specific change in Openmeetings. This is the same > customer, so I guess it could be a good win-win situation if you would > be able to build an specialist Openmeetings. > > Regards, > Markus > > On 9 Jun., 10:18, smoeker wrote: > > > hi seba, > > > thnx for the feedback - i just scanned an elder revision for the > > errorcode -13 > > > @markus : can you verify, if this limitation could be a reason for > > your problem? > > > see ya > > > Smoeker > > > On 9 Jun., 10:10, Sebastian Wagner wrote: > > > > HI, > > > > I think I already reduced the restriction from 6 chars to 4 chars again. > > > Some external authentifications require 6 chars minimum, while I think > > > 4 chars would be even enough. > > > > Sebastian > > > > 2010/6/9 smoeker : > > > > > hola, > > > > > regarding your logfile, the error doesnt seem to happen on > > > > authentication itself, but on retrieving userdetail data from LDAP > > > > Server after succesful login and creating user locally... > > > > > -> seems, as if user isnt created properly local (-> userid == -13, > > > > thats quite unusual ;-)) > > > > > i checked Souorcecode and it seems, as if return code = -13 says, that > > > > the loginname is too short - plz check Usermgmt.java line 997 > > > > > -> obviously an error is thrown if login name is shorter than 6 signs > > > > -> following up, this error isnt catched by the Login logic, so the > > > > user doenst receive a proper message... > > > > > hope that helps you - could you verify, if this offshore analysis >
Re: Active Directory Authentification
Hi, In Fact, my Testuser already HAS 6 chars... so I don't think this is the Problem... I am also using the nightly Build from June 1st. I think it is also a strange chance, that only the users of the Asian and American Domain have these problems. The Europeans work... I talked to an Active Directoy Specialist about this Problem and he told me, I would have to ask the Global Cataloge of the AD to get the information for all the subdomains. I did this by changing the LDAP Port to 3268. The Europeans still worked but it did not change anything for the Americans and Asians... :-( Any Other Idea? here my om_ldap.cfg again: #specify the LDAP Server type ldap_server_type=AD #LDAP URL #ldap_conn_url=ldap://rootserver.example.org:389 ldap_conn_url=ldap://rootserver.example.org:3268 #Login distinguished name (DN) for Authentification on LDAP Server - keep emtpy if not requiered ldap_admin_dn=CN:Administrator,CN:Users,DC:example,DC:org #ldap_passwd=root12 ldap_passwd=geheim #base to search for userdata(of user, that wants to login ldap_search_base=DC:example,DC:org # Fieldnames (can differ between Ldap servers) ### z.B.: testus...@eu.example.org #field_user_principal=sAMAccountName field_user_principal=userPrincipalName # Ldap auth type(SIMPLE,NONE) ldap_auth_type=SIMPLE ldap_sync_password_to_om=yes # Ldap user attributes mapping # Set the following internal OM user attributes to their corresponding Ldap-attribute ldap_user_attr_lastname=sn ldap_user_attr_firstname=givenName ldap_user_attr_mail=mail ldap_user_attr_street=streetAddress ldap_user_attr_additionalname=description ldap_user_attr_fax=facsimileTelephoneNumber ldap_user_attr_zip=postalCode ldap_user_attr_country=co ldap_user_attr_town=l ldap_user_attr_phone=telephoneNumber Coming Back to the idea of hiring a developer: Our Customer would hire one. But then he wants something like this: As Username, you use you sAMAccount Name. Then you have a Box, where you choose, wether you are in the European, American or Asian Domain. Just like it is in the Windows Login, where you can choose to which Domain you want to Login (or local). Is it Possible to do this? And who will I have to contact? Like I already said: My Colleague and me met Mr. Wagner last week and asked him about a specific change in Openmeetings. This is the same customer, so I guess it could be a good win-win situation if you would be able to build an specialist Openmeetings. Regards, Markus On 9 Jun., 10:18, smoeker wrote: > hi seba, > > thnx for the feedback - i just scanned an elder revision for the > errorcode -13 > > @markus : can you verify, if this limitation could be a reason for > your problem? > > see ya > > Smoeker > > On 9 Jun., 10:10, Sebastian Wagner wrote: > > > HI, > > > I think I already reduced the restriction from 6 chars to 4 chars again. > > Some external authentifications require 6 chars minimum, while I think > > 4 chars would be even enough. > > > Sebastian > > > 2010/6/9 smoeker : > > > > hola, > > > > regarding your logfile, the error doesnt seem to happen on > > > authentication itself, but on retrieving userdetail data from LDAP > > > Server after succesful login and creating user locally... > > > > -> seems, as if user isnt created properly local (-> userid == -13, > > > thats quite unusual ;-)) > > > > i checked Souorcecode and it seems, as if return code = -13 says, that > > > the loginname is too short - plz check Usermgmt.java line 997 > > > > -> obviously an error is thrown if login name is shorter than 6 signs > > > -> following up, this error isnt catched by the Login logic, so the > > > user doenst receive a proper message... > > > > hope that helps you - could you verify, if this offshore analysis > > > could be right? > > > > In case , its right, there are several ways for you to get rid of your > > > problem : > > > > a) Fix the problem by yourself changing sourcecode > > > b) enter a issue in the issue list, so the problem can be solved > > > within community process > > > c) hire a developer to fix the problem for you > > > > see ya > > > > Smoeker > > > > On 8 Jun., 12:54, Markus wrote: > > >> Of Course - No Problem. > > > >> Here the Log from the Login of a User, which did not work: > > >> DEBUG 06-08 12:22:54.916 LdapLoginManagement.java 84606592 159 > > >> org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - > > >> LdapLoginmanagement.isLda > > >> pConfigured > > >> WARN 06-08 12:22:54.922 MainService.java 84606598 257 > > >> org.openmeetings.app.remote.MainService [NioProcessor-1] - loginUser > > >> 111: fe3fa12b0047242cac865652 > > >> 0ae185f2 apt...@ap.p-f.biz > > >> DEBUG 06-08 12:22:54.923 Usermanagement.java 84606599 1468 > > >> org.openmeetings.app.data.user.Usermanagement [NioProcessor-1] - > > >> Usermanagement.getUserByLogin > > >> OrEmail : apt...@ap.p-f.biz > > >> DEBUG 06-08 12:22:54.929 MainService.java 84606605 283 > > >> org.openmeetings.app.remote.MainService [NioProcessor-1] - Ldap Login > > >> DEBUG
Re: Active Directory Authentification
hi seba, thnx for the feedback - i just scanned an elder revision for the errorcode -13 @markus : can you verify, if this limitation could be a reason for your problem? see ya Smoeker On 9 Jun., 10:10, Sebastian Wagner wrote: > HI, > > I think I already reduced the restriction from 6 chars to 4 chars again. > Some external authentifications require 6 chars minimum, while I think > 4 chars would be even enough. > > Sebastian > > 2010/6/9 smoeker : > > > hola, > > > regarding your logfile, the error doesnt seem to happen on > > authentication itself, but on retrieving userdetail data from LDAP > > Server after succesful login and creating user locally... > > > -> seems, as if user isnt created properly local (-> userid == -13, > > thats quite unusual ;-)) > > > i checked Souorcecode and it seems, as if return code = -13 says, that > > the loginname is too short - plz check Usermgmt.java line 997 > > > -> obviously an error is thrown if login name is shorter than 6 signs > > -> following up, this error isnt catched by the Login logic, so the > > user doenst receive a proper message... > > > hope that helps you - could you verify, if this offshore analysis > > could be right? > > > In case , its right, there are several ways for you to get rid of your > > problem : > > > a) Fix the problem by yourself changing sourcecode > > b) enter a issue in the issue list, so the problem can be solved > > within community process > > c) hire a developer to fix the problem for you > > > see ya > > > Smoeker > > > On 8 Jun., 12:54, Markus wrote: > >> Of Course - No Problem. > > >> Here the Log from the Login of a User, which did not work: > >> DEBUG 06-08 12:22:54.916 LdapLoginManagement.java 84606592 159 > >> org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - > >> LdapLoginmanagement.isLda > >> pConfigured > >> WARN 06-08 12:22:54.922 MainService.java 84606598 257 > >> org.openmeetings.app.remote.MainService [NioProcessor-1] - loginUser > >> 111: fe3fa12b0047242cac865652 > >> 0ae185f2 apt...@ap.p-f.biz > >> DEBUG 06-08 12:22:54.923 Usermanagement.java 84606599 1468 > >> org.openmeetings.app.data.user.Usermanagement [NioProcessor-1] - > >> Usermanagement.getUserByLogin > >> OrEmail : apt...@ap.p-f.biz > >> DEBUG 06-08 12:22:54.929 MainService.java 84606605 283 > >> org.openmeetings.app.remote.MainService [NioProcessor-1] - Ldap Login > >> DEBUG 06-08 12:22:54.929 LdapLoginManagement.java 84606605 232 > >> org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - > >> LdapLoginmanagement.doLda > >> pLogin > >> DEBUG 06-08 12:22:54.929 LdapLoginManagement.java 84606605 185 > >> org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - > >> LdapLoginmanagement.getLd > >> apConfigData > >> DEBUG 06-08 12:22:54.934 LdapLoginManagement.java 84606610 208 > >> org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - > >> LdapLoginmanagement.readC > >> onfig : /opt/openmeetings/webapps/openmeetings/conf/om_ldap.cfg > >> DEBUG 06-08 12:22:54.934 LdapLoginManagement.java 84606610 106 > >> org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - > >> isValidAuthType > >> DEBUG 06-08 12:22:54.935 LdapLoginManagement.java 84606611 350 > >> org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - > >> Searching userdata with L > >> DAP Search Filter :(userprincipalname=apt...@ap.p-f.biz) > >> DEBUG 06-08 12:22:54.935 LdapAuthBase.java 84606611 66 > >> org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] - LdapAuthBase > >> DEBUG 06-08 12:22:54.935 LdapLoginManagement.java 84606611 358 > >> org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - > >> authenticating admin... > >> DEBUG 06-08 12:22:54.935 LdapAuthBase.java 84606611 83 > >> org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] - > >> authenticateUser > >> DEBUG 06-08 12:22:54.936 LdapAuthBase.java 84606612 99 > >> org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] - > > >> Authentification to LDAP - Server start > >> DEBUG 06-08 12:22:54.936 LdapAuthBase.java 84606612 131 > >> org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] - > >> loginToLdapServer > >> DEBUG 06-08 12:22:54.956 LdapLoginManagement.java 84606632 362 > >> org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - > >> Checking server type... > >> DEBUG 06-08 12:22:54.957 LdapAuthBase.java 84606633 83 > >> org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] - > >> authenticateUser > >> DEBUG 06-08 12:22:54.957 LdapAuthBase.java 84606633 99 > >> org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] - > > >> Authentification to LDAP - Server start > >> DEBUG 06-08 12:22:54.957 LdapAuthBase.java 84606633 131 > >> org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] - > >> loginToLdapServer > >> DEBUG 06-08 12:22:54.968 Usermanagement.java 84606644 1442 > >> org.openmeetings.app.data.user.Usermanagement [NioProcessor-1] - > >> Usermanagement.getUserByLogin > >> : apt...@ap.p-f.biz > >> DEBUG 06-08 12:22:54.980 L
Re: Active Directory Authentification
HI, I think I already reduced the restriction from 6 chars to 4 chars again. Some external authentifications require 6 chars minimum, while I think 4 chars would be even enough. Sebastian 2010/6/9 smoeker : > hola, > > regarding your logfile, the error doesnt seem to happen on > authentication itself, but on retrieving userdetail data from LDAP > Server after succesful login and creating user locally... > > -> seems, as if user isnt created properly local (-> userid == -13, > thats quite unusual ;-)) > > i checked Souorcecode and it seems, as if return code = -13 says, that > the loginname is too short - plz check Usermgmt.java line 997 > > -> obviously an error is thrown if login name is shorter than 6 signs > -> following up, this error isnt catched by the Login logic, so the > user doenst receive a proper message... > > hope that helps you - could you verify, if this offshore analysis > could be right? > > > In case , its right, there are several ways for you to get rid of your > problem : > > a) Fix the problem by yourself changing sourcecode > b) enter a issue in the issue list, so the problem can be solved > within community process > c) hire a developer to fix the problem for you > > > see ya > > Smoeker > > On 8 Jun., 12:54, Markus wrote: >> Of Course - No Problem. >> >> Here the Log from the Login of a User, which did not work: >> DEBUG 06-08 12:22:54.916 LdapLoginManagement.java 84606592 159 >> org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - >> LdapLoginmanagement.isLda >> pConfigured >> WARN 06-08 12:22:54.922 MainService.java 84606598 257 >> org.openmeetings.app.remote.MainService [NioProcessor-1] - loginUser >> 111: fe3fa12b0047242cac865652 >> 0ae185f2 apt...@ap.p-f.biz >> DEBUG 06-08 12:22:54.923 Usermanagement.java 84606599 1468 >> org.openmeetings.app.data.user.Usermanagement [NioProcessor-1] - >> Usermanagement.getUserByLogin >> OrEmail : apt...@ap.p-f.biz >> DEBUG 06-08 12:22:54.929 MainService.java 84606605 283 >> org.openmeetings.app.remote.MainService [NioProcessor-1] - Ldap Login >> DEBUG 06-08 12:22:54.929 LdapLoginManagement.java 84606605 232 >> org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - >> LdapLoginmanagement.doLda >> pLogin >> DEBUG 06-08 12:22:54.929 LdapLoginManagement.java 84606605 185 >> org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - >> LdapLoginmanagement.getLd >> apConfigData >> DEBUG 06-08 12:22:54.934 LdapLoginManagement.java 84606610 208 >> org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - >> LdapLoginmanagement.readC >> onfig : /opt/openmeetings/webapps/openmeetings/conf/om_ldap.cfg >> DEBUG 06-08 12:22:54.934 LdapLoginManagement.java 84606610 106 >> org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - >> isValidAuthType >> DEBUG 06-08 12:22:54.935 LdapLoginManagement.java 84606611 350 >> org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - >> Searching userdata with L >> DAP Search Filter :(userprincipalname=apt...@ap.p-f.biz) >> DEBUG 06-08 12:22:54.935 LdapAuthBase.java 84606611 66 >> org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] - LdapAuthBase >> DEBUG 06-08 12:22:54.935 LdapLoginManagement.java 84606611 358 >> org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - >> authenticating admin... >> DEBUG 06-08 12:22:54.935 LdapAuthBase.java 84606611 83 >> org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] - >> authenticateUser >> DEBUG 06-08 12:22:54.936 LdapAuthBase.java 84606612 99 >> org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] - >> >> Authentification to LDAP - Server start >> DEBUG 06-08 12:22:54.936 LdapAuthBase.java 84606612 131 >> org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] - >> loginToLdapServer >> DEBUG 06-08 12:22:54.956 LdapLoginManagement.java 84606632 362 >> org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - >> Checking server type... >> DEBUG 06-08 12:22:54.957 LdapAuthBase.java 84606633 83 >> org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] - >> authenticateUser >> DEBUG 06-08 12:22:54.957 LdapAuthBase.java 84606633 99 >> org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] - >> >> Authentification to LDAP - Server start >> DEBUG 06-08 12:22:54.957 LdapAuthBase.java 84606633 131 >> org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] - >> loginToLdapServer >> DEBUG 06-08 12:22:54.968 Usermanagement.java 84606644 1442 >> org.openmeetings.app.data.user.Usermanagement [NioProcessor-1] - >> Usermanagement.getUserByLogin >> : apt...@ap.p-f.biz >> DEBUG 06-08 12:22:54.980 LdapLoginManagement.java 84606656 405 >> org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - user >> doesnt exist local -> create new >> >> DEBUG 06-08 12:22:54.980 LdapAuthBase.java 84606656 154 >> org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] - getData >> DEBUG 06-08 12:22:54.982 LdapLoginManagement.java 84606658 456 >> org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - >> Synching
Re: Active Directory Authentification
hola, regarding your logfile, the error doesnt seem to happen on authentication itself, but on retrieving userdetail data from LDAP Server after succesful login and creating user locally... -> seems, as if user isnt created properly local (-> userid == -13, thats quite unusual ;-)) i checked Souorcecode and it seems, as if return code = -13 says, that the loginname is too short - plz check Usermgmt.java line 997 -> obviously an error is thrown if login name is shorter than 6 signs -> following up, this error isnt catched by the Login logic, so the user doenst receive a proper message... hope that helps you - could you verify, if this offshore analysis could be right? In case , its right, there are several ways for you to get rid of your problem : a) Fix the problem by yourself changing sourcecode b) enter a issue in the issue list, so the problem can be solved within community process c) hire a developer to fix the problem for you see ya Smoeker On 8 Jun., 12:54, Markus wrote: > Of Course - No Problem. > > Here the Log from the Login of a User, which did not work: > DEBUG 06-08 12:22:54.916 LdapLoginManagement.java 84606592 159 > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - > LdapLoginmanagement.isLda > pConfigured > WARN 06-08 12:22:54.922 MainService.java 84606598 257 > org.openmeetings.app.remote.MainService [NioProcessor-1] - loginUser > 111: fe3fa12b0047242cac865652 > 0ae185f2 apt...@ap.p-f.biz > DEBUG 06-08 12:22:54.923 Usermanagement.java 84606599 1468 > org.openmeetings.app.data.user.Usermanagement [NioProcessor-1] - > Usermanagement.getUserByLogin > OrEmail : apt...@ap.p-f.biz > DEBUG 06-08 12:22:54.929 MainService.java 84606605 283 > org.openmeetings.app.remote.MainService [NioProcessor-1] - Ldap Login > DEBUG 06-08 12:22:54.929 LdapLoginManagement.java 84606605 232 > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - > LdapLoginmanagement.doLda > pLogin > DEBUG 06-08 12:22:54.929 LdapLoginManagement.java 84606605 185 > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - > LdapLoginmanagement.getLd > apConfigData > DEBUG 06-08 12:22:54.934 LdapLoginManagement.java 84606610 208 > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - > LdapLoginmanagement.readC > onfig : /opt/openmeetings/webapps/openmeetings/conf/om_ldap.cfg > DEBUG 06-08 12:22:54.934 LdapLoginManagement.java 84606610 106 > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - > isValidAuthType > DEBUG 06-08 12:22:54.935 LdapLoginManagement.java 84606611 350 > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - > Searching userdata with L > DAP Search Filter :(userprincipalname=apt...@ap.p-f.biz) > DEBUG 06-08 12:22:54.935 LdapAuthBase.java 84606611 66 > org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] - LdapAuthBase > DEBUG 06-08 12:22:54.935 LdapLoginManagement.java 84606611 358 > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - > authenticating admin... > DEBUG 06-08 12:22:54.935 LdapAuthBase.java 84606611 83 > org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] - > authenticateUser > DEBUG 06-08 12:22:54.936 LdapAuthBase.java 84606612 99 > org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] - > > Authentification to LDAP - Server start > DEBUG 06-08 12:22:54.936 LdapAuthBase.java 84606612 131 > org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] - > loginToLdapServer > DEBUG 06-08 12:22:54.956 LdapLoginManagement.java 84606632 362 > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - > Checking server type... > DEBUG 06-08 12:22:54.957 LdapAuthBase.java 84606633 83 > org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] - > authenticateUser > DEBUG 06-08 12:22:54.957 LdapAuthBase.java 84606633 99 > org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] - > > Authentification to LDAP - Server start > DEBUG 06-08 12:22:54.957 LdapAuthBase.java 84606633 131 > org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] - > loginToLdapServer > DEBUG 06-08 12:22:54.968 Usermanagement.java 84606644 1442 > org.openmeetings.app.data.user.Usermanagement [NioProcessor-1] - > Usermanagement.getUserByLogin > : apt...@ap.p-f.biz > DEBUG 06-08 12:22:54.980 LdapLoginManagement.java 84606656 405 > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - user > doesnt exist local -> create new > > DEBUG 06-08 12:22:54.980 LdapAuthBase.java 84606656 154 > org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] - getData > DEBUG 06-08 12:22:54.982 LdapLoginManagement.java 84606658 456 > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - > Synching Ldap user to OM > DB with password > DEBUG 06-08 12:22:54.982 LdapLoginManagement.java 84606658 546 > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - > LdapLoginmanagement.creat > eUserFromLdapData > DEBUG 06-08 12:22:54.982 LdapLoginManagement.java 84606658 546 > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-
Re: Active Directory Authentification
Of Course - No Problem. Here the Log from the Login of a User, which did not work: DEBUG 06-08 12:22:54.916 LdapLoginManagement.java 84606592 159 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - LdapLoginmanagement.isLda pConfigured WARN 06-08 12:22:54.922 MainService.java 84606598 257 org.openmeetings.app.remote.MainService [NioProcessor-1] - loginUser 111: fe3fa12b0047242cac865652 0ae185f2 apt...@ap.p-f.biz DEBUG 06-08 12:22:54.923 Usermanagement.java 84606599 1468 org.openmeetings.app.data.user.Usermanagement [NioProcessor-1] - Usermanagement.getUserByLogin OrEmail : apt...@ap.p-f.biz DEBUG 06-08 12:22:54.929 MainService.java 84606605 283 org.openmeetings.app.remote.MainService [NioProcessor-1] - Ldap Login DEBUG 06-08 12:22:54.929 LdapLoginManagement.java 84606605 232 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - LdapLoginmanagement.doLda pLogin DEBUG 06-08 12:22:54.929 LdapLoginManagement.java 84606605 185 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - LdapLoginmanagement.getLd apConfigData DEBUG 06-08 12:22:54.934 LdapLoginManagement.java 84606610 208 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - LdapLoginmanagement.readC onfig : /opt/openmeetings/webapps/openmeetings/conf/om_ldap.cfg DEBUG 06-08 12:22:54.934 LdapLoginManagement.java 84606610 106 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - isValidAuthType DEBUG 06-08 12:22:54.935 LdapLoginManagement.java 84606611 350 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - Searching userdata with L DAP Search Filter :(userprincipalname=apt...@ap.p-f.biz) DEBUG 06-08 12:22:54.935 LdapAuthBase.java 84606611 66 org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] - LdapAuthBase DEBUG 06-08 12:22:54.935 LdapLoginManagement.java 84606611 358 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - authenticating admin... DEBUG 06-08 12:22:54.935 LdapAuthBase.java 84606611 83 org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] - authenticateUser DEBUG 06-08 12:22:54.936 LdapAuthBase.java 84606612 99 org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] - Authentification to LDAP - Server start DEBUG 06-08 12:22:54.936 LdapAuthBase.java 84606612 131 org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] - loginToLdapServer DEBUG 06-08 12:22:54.956 LdapLoginManagement.java 84606632 362 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - Checking server type... DEBUG 06-08 12:22:54.957 LdapAuthBase.java 84606633 83 org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] - authenticateUser DEBUG 06-08 12:22:54.957 LdapAuthBase.java 84606633 99 org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] - Authentification to LDAP - Server start DEBUG 06-08 12:22:54.957 LdapAuthBase.java 84606633 131 org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] - loginToLdapServer DEBUG 06-08 12:22:54.968 Usermanagement.java 84606644 1442 org.openmeetings.app.data.user.Usermanagement [NioProcessor-1] - Usermanagement.getUserByLogin : apt...@ap.p-f.biz DEBUG 06-08 12:22:54.980 LdapLoginManagement.java 84606656 405 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - user doesnt exist local - > create new DEBUG 06-08 12:22:54.980 LdapAuthBase.java 84606656 154 org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] - getData DEBUG 06-08 12:22:54.982 LdapLoginManagement.java 84606658 456 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - Synching Ldap user to OM DB with password DEBUG 06-08 12:22:54.982 LdapLoginManagement.java 84606658 546 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - LdapLoginmanagement.creat eUserFromLdapData DEBUG 06-08 12:22:54.982 LdapLoginManagement.java 84606658 546 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - LdapLoginmanagement.creat eUserFromLdapData DEBUG 06-08 12:22:54.989 LdapLoginManagement.java 84606665 667 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - User Created! DEBUG 06-08 12:22:54.994 LdapLoginManagement.java 84606670 671 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - Adding user '-13' to organization '1' ERROR 06-08 12:22:54.995 Organisationmanagement.java 84606671 486 org.openmeetings.app.data.user.Organisationmanagement [NioProcessor-1] - getOrganisation_UserByUserAndOrganisation -13 1 ERROR 06-08 12:22:55.001 Organisationmanagement.java 84606677 499 org.openmeetings.app.data.user.Organisationmanagement [NioProcessor-1] - getOrganisation_UserByUserAndOrganisation: 1 DEBUG 06-08 12:22:55.002 LdapLoginManagement.java 84606678 459 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - New User ID : -13 DEBUG 06-08 12:22:55.002 Sessionmanagement.java 84606678 233 org.openmeetings.app.data.basic.Sessionmanagement [NioProcessor-1] - updateUser User: -13 || fe3fa12b0047242cac8656520ae185f2 DEBUG 06-08 12:22:55.008 Sessionmanagement.java 84606684 260 org.openmeetings.app.data.basic.Sessionmanagem
Re: Active Directory Authentification
hi markus, can you post your current log containing the latest errors? concering your subdomains : are they hierarchically on the same node level? see ya Smoeker On 8 Jun., 11:41, Markus wrote: > OK - I got this now. I don't know how - It just worked after a few > changes here and there. > > Now I have another Problem and hopefully - this Time someone can help > me :-/ > > My Active Directory includes 3 Subdomains. Imagine it like this: > > example.org > > asia.example.org usa.example.org > eu.example.org > > My Default Organisation is just called: example.org > > The Users from eu.example.org can login with their userPrincipalName > and it works great! > > The Others: No chance - the same problem as I had before --> user gets > in and can only see the upper side of the screen. No Main Menu. Just > the Log Out Button... > > Any ideas? -- You received this message because you are subscribed to the Google Groups "OpenMeetings User" group. To post to this group, send email to openmeetings-u...@googlegroups.com. To unsubscribe from this group, send email to openmeetings-user+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/openmeetings-user?hl=en.
Re: Active Directory Authentification
hm I can only forward that to Oliver, but it looks like you might need more then one ldap-config and somehow a switch in the Login-Box that enables you to auth against domain1, domain2, domain3 ... I think we have discussed that already. Sebastian 2010/6/8 Markus : > OK - I got this now. I don't know how - It just worked after a few > changes here and there. > > Now I have another Problem and hopefully - this Time someone can help > me :-/ > > My Active Directory includes 3 Subdomains. Imagine it like this: > > example.org > > asia.example.org usa.example.org > eu.example.org > > My Default Organisation is just called: example.org > > The Users from eu.example.org can login with their userPrincipalName > and it works great! > > The Others: No chance - the same problem as I had before --> user gets > in and can only see the upper side of the screen. No Main Menu. Just > the Log Out Button... > > Any ideas? > > -- > You received this message because you are subscribed to the Google Groups > "OpenMeetings User" group. > To post to this group, send email to openmeetings-u...@googlegroups.com. > To unsubscribe from this group, send email to > openmeetings-user+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/openmeetings-user?hl=en. > > -- Sebastian Wagner http://www.webbase-design.de http://openmeetings.googlecode.com http://www.laszlo-forum.de seba.wag...@gmail.com -- You received this message because you are subscribed to the Google Groups "OpenMeetings User" group. To post to this group, send email to openmeetings-u...@googlegroups.com. To unsubscribe from this group, send email to openmeetings-user+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/openmeetings-user?hl=en.
Re: Active Directory Authentification
OK - I got this now. I don't know how - It just worked after a few changes here and there. Now I have another Problem and hopefully - this Time someone can help me :-/ My Active Directory includes 3 Subdomains. Imagine it like this: example.org asia.example.org usa.example.org eu.example.org My Default Organisation is just called: example.org The Users from eu.example.org can login with their userPrincipalName and it works great! The Others: No chance - the same problem as I had before --> user gets in and can only see the upper side of the screen. No Main Menu. Just the Log Out Button... Any ideas? -- You received this message because you are subscribed to the Google Groups "OpenMeetings User" group. To post to this group, send email to openmeetings-u...@googlegroups.com. To unsubscribe from this group, send email to openmeetings-user+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/openmeetings-user?hl=en.
Re: Active Directory Authentification
OK, I found this error. My ldap.cfg was wrong. This is how it should look: #ConfigurationFile for LDAP Auth #specify the LDAP Server type ldap_server_type=ActiveDirectory #LDAP URL ldap_conn_url=ldap://192.168.0.6:389 #Login distinguished name (DN) for Authentification on LDAP Server - keep emtpy if not requiered ldap_admin_dn=CN:Administrator,CN:Users,DC:out-put,DC:net #Loginpass for Authentification on LDAP Server - keep emtpy if not requiered ldap_passwd=root12 #base to search for userdata(of user, that wants to login ldap_search_base=dc:out-put,dc:net # Fieldnames (can differ between Ldap servers) field_user_principal=userPrincipalName # Ldap auth type(SIMPLE,NONE) ldap_auth_type=SIMPLE Now I've got another Problem: It Basically works. I can login with user: testu...@emample.org (userPrincipalName from ADS ) But every First Time a user logs in - I get the Question about in which Organisation I want to be. But the Box, where I could choose is empty! But I am sure, there are Organisations created. When I click on OK - I just get the upper Part of the Openmeetings Application (Profile, Logout, Report a Bug). Then I log out. When I am Login in then - it works! Now Problems anymore! But what can I do to have this working without these Problems in the Beginning? Another Question: Ist it somehow possible to Login with the sAMAccountName? I mean if it is possible to use a Setting like this: field_user_principal=sAMAccountName or something similar... Best Regards Markus On 21 Mai, 16:47, Markus wrote: > Hello, > > I am having Problems with the Active Directory Authentification with > Openmeetings. > > Everytime, I try to login I get this Error in the red5 error.log : > > 2010-05-21 16:44:56,299 [NioProcessor-1] ERROR > o.o.app.data.user.Usermanagement - > > Authentification on LDAP Server failed : [LDAP: error code 49 - > 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext > error, data 525, vece] > > This is my ldap.cfg: > > #ConfigurationFile for LDAP Auth > #ConfigKey 'ldap_config_path' must be set in DataBase Configration of > OM and point to this file > #o.becherer,14.01.2009 > > #specify the LDAP Server type > ldap_server_type=ActiveDirectory > > #LDAP URL > ldap_conn_url=ldap://192.168.0.6:389 > > #Login distinguished name (DN) for Authentification on LDAP Server - > keep emtpy if not requiered > ldap_admin_dn=CN:ADMINISTRATOR,CN:USERS,DC:OUT-PUT,DC:NET > > #Loginpass for Authentification on LDAP Server - keep emtpy if not > requiered > ldap_passwd=secret > > #base to search for userdata(of user, that wants to login > ldap_search_base=CN:USERS,DC:OUT-PUT,DC:NET > > # Fieldnames (can differ between Ldap servers) > field_user_principal=sAMAccountName > > # Ldap auth type(SIMPLE,NONE) > ldap_auth_type=SIMPLE > > my openmeetings.log: > > WARN 05-21 16:46:19.561 MainService.java 5747417 254 > org.openmeetings.app.remote.MainService [NioProcessor-1] - loginUser > 111: fb8fbc3ab794274c772e7c940b49624f michaela > DEBUG 05-21 16:46:19.562 Usermanagement.java 5747418 1384 > org.openmeetings.app.data.user.Usermanagement [NioProcessor-1] - > Usermanagement.getUserByLoginOrEmail : michaela > DEBUG 05-21 16:46:19.563 MainService.java 5747419 271 > org.openmeetings.app.remote.MainService [NioProcessor-1] - Ldap Login > > The User I am trying to Authenticate is "michaela". > > I hope, someone can Help me. > > Thanks in Advance, > Markus > > -- > You received this message because you are subscribed to the Google Groups > "OpenMeetings User" group. > To post to this group, send email to openmeetings-u...@googlegroups.com. > To unsubscribe from this group, send email to > openmeetings-user+unsubscr...@googlegroups.com. > For more options, visit this group > athttp://groups.google.com/group/openmeetings-user?hl=en. -- You received this message because you are subscribed to the Google Groups "OpenMeetings User" group. To post to this group, send email to openmeetings-u...@googlegroups.com. To unsubscribe from this group, send email to openmeetings-user+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/openmeetings-user?hl=en.