Re: OM and LDAP didn't play well with each other

2010-03-06 Thread Simon Eng 
I'm actually out on vacation, but this looks like you don't have the
correct account and password to bind to AD, or the account doesn't
have access to the object info.

As a test, try an account and pass that have higher privileges and see
if that works.

On Mar 2, 3:57 pm, Danny Trinh  wrote:
> The error is different:
> ERROR 03-02 14:56:37.488 LdapAuthBase.java 25333 209
> org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] - Error
> occured on LDAP Search : [LDAP: error code 1 - : LdapErr:
> DSID-0C090627, comment: In order to perform this operation a
> successful bind must be completed on the connection., data 0, vece]

-- 
You received this message because you are subscribed to the Google Groups 
"OpenMeetings User" group.
To post to this group, send email to openmeetings-u...@googlegroups.com.
To unsubscribe from this group, send email to 
openmeetings-user+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/openmeetings-user?hl=en.

Re: OM and LDAP didn't play well with each other

2010-03-02 Thread Danny Trinh 
The error is different:
ERROR 03-02 14:56:37.488 LdapAuthBase.java 25333 209
org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] - Error
occured on LDAP Search : [LDAP: error code 1 - : LdapErr:
DSID-0C090627, comment: In order to perform this operation a
successful bind must be completed on the connection., data 0, vece]

-- 
You received this message because you are subscribed to the Google Groups 
"OpenMeetings User" group.
To post to this group, send email to openmeetings-u...@googlegroups.com.
To unsubscribe from this group, send email to 
openmeetings-user+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/openmeetings-user?hl=en.

Re: OM and LDAP didn't play well with each other

2010-03-02 Thread Simon Eng 
Try without encryption to eliminate it as a possibility. We are
currently not using crypto (we run this on a closed network.)


On Mar 2, 1:55 pm, Danny Trinh  wrote:
> I tried both userPrincipalName and sAMAccountName, both produce
> similar errors. It seemed that LDAP didn't transfer MD5 crypt password
> correctly. I also use both Crypt-types that mention 
> inhttp://code.google.com/p/openmeetings/wiki/CustomCryptMechanism. I
> think I missed some thing else. Any idea?
>
>  WARN 03-02 12:46:19.005 MainService.java 52080 254
> org.openmeetings.app.remote.MainService [NioProcessor-1] - loginUser
> 111: 7b7881983b8bbb64e9b6518ae1817ad3 dtrinh
> DEBUG 03-02 12:46:19.006 Usermanagement.java 52081 1384
> org.openmeetings.app.data.user.Usermanagement [NioProcessor-1] -
> Usermanagement.getUserByLoginOrEmail : dtrinh
> DEBUG 03-02 12:46:19.016 MainService.java 52091 271
> org.openmeetings.app.remote.MainService [NioProcessor-1] - Ldap Login
> [ERROR] [NioProcessor-1] org.openmeetings.app.data.user.Usermanagement
> -
>
> Authentification on LDAP Server failed : [LDAP: error code 49 -
> 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext
> error, data 525, vece]
> [ERROR] [NioProcessor-1] org.openmeetings.app.data.user.Usermanagement
> -
>
> Authentification on LDAP Server failed : [LDAP: error code 49 -
> 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext
> error, data 525, vece]
>  WARN 03-02 12:46:35.343 MainService.java 68418 254
> org.openmeetings.app.remote.MainService [NioProcessor-1] - loginUser
> 111: 7b7881983b8bbb64e9b6518ae1817ad3 dtr...@eastonbellsports.com
> DEBUG 03-02 12:46:35.344 Usermanagement.java 68419 1384
> org.openmeetings.app.data.user.Usermanagement [NioProcessor-1] -
> Usermanagement.getUserByLoginOrEmail : dtr...@eastonbellsports.com
> DEBUG 03-02 12:46:35.349 MainService.java 68424 271
> org.openmeetings.app.remote.MainService [NioProcessor-1] - Ldap Login
> [ERROR] [NioProcessor-1] org.openmeetings.app.data.user.Usermanagement
> -
>
> Authentification on LDAP Server failed : [LDAP: error code 49 -
> 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext
> error, data 525, vece]
> [ERROR] [NioProcessor-1] org.openmeetings.app.data.user.Usermanagement
> -
>
> Authentification on LDAP Server failed : [LDAP: error code 49 -
> 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext
> error, data 525, vece]

-- 
You received this message because you are subscribed to the Google Groups 
"OpenMeetings User" group.
To post to this group, send email to openmeetings-u...@googlegroups.com.
To unsubscribe from this group, send email to 
openmeetings-user+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/openmeetings-user?hl=en.

Re: OM and LDAP didn't play well with each other

2010-03-02 Thread Danny Trinh 
I tried both userPrincipalName and sAMAccountName, both produce
similar errors. It seemed that LDAP didn't transfer MD5 crypt password
correctly. I also use both Crypt-types that mention in
http://code.google.com/p/openmeetings/wiki/CustomCryptMechanism. I
think I missed some thing else. Any idea?


 WARN 03-02 12:46:19.005 MainService.java 52080 254
org.openmeetings.app.remote.MainService [NioProcessor-1] - loginUser
111: 7b7881983b8bbb64e9b6518ae1817ad3 dtrinh
DEBUG 03-02 12:46:19.006 Usermanagement.java 52081 1384
org.openmeetings.app.data.user.Usermanagement [NioProcessor-1] -
Usermanagement.getUserByLoginOrEmail : dtrinh
DEBUG 03-02 12:46:19.016 MainService.java 52091 271
org.openmeetings.app.remote.MainService [NioProcessor-1] - Ldap Login
[ERROR] [NioProcessor-1] org.openmeetings.app.data.user.Usermanagement
-

Authentification on LDAP Server failed : [LDAP: error code 49 -
80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext
error, data 525, vece]
[ERROR] [NioProcessor-1] org.openmeetings.app.data.user.Usermanagement
-

Authentification on LDAP Server failed : [LDAP: error code 49 -
80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext
error, data 525, vece]
 WARN 03-02 12:46:35.343 MainService.java 68418 254
org.openmeetings.app.remote.MainService [NioProcessor-1] - loginUser
111: 7b7881983b8bbb64e9b6518ae1817ad3 dtr...@eastonbellsports.com
DEBUG 03-02 12:46:35.344 Usermanagement.java 68419 1384
org.openmeetings.app.data.user.Usermanagement [NioProcessor-1] -
Usermanagement.getUserByLoginOrEmail : dtr...@eastonbellsports.com
DEBUG 03-02 12:46:35.349 MainService.java 68424 271
org.openmeetings.app.remote.MainService [NioProcessor-1] - Ldap Login
[ERROR] [NioProcessor-1] org.openmeetings.app.data.user.Usermanagement
-

Authentification on LDAP Server failed : [LDAP: error code 49 -
80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext
error, data 525, vece]
[ERROR] [NioProcessor-1] org.openmeetings.app.data.user.Usermanagement
-

Authentification on LDAP Server failed : [LDAP: error code 49 -
80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext
error, data 525, vece]


-- 
You received this message because you are subscribed to the Google Groups 
"OpenMeetings User" group.
To post to this group, send email to openmeetings-u...@googlegroups.com.
To unsubscribe from this group, send email to 
openmeetings-user+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/openmeetings-user?hl=en.

Re: OM and LDAP didn't play well with each other

2010-03-02 Thread Simon Eng 
This is a known-good configuration. Try this and see if the UPN works.
Then if it does, you can try experimenting. I don't think you will get
sAMAccountName to work yet, because the code doesn't look for that.

ldap_server_type=LDAP

#LDAP URL
# does a DNS lookup for Domain Controllers (if your DNS is setup
correctly, see resolv.conf)
ldap_conn_url=ldap://domain.net:389

#Login distinguished name (DN) for Authentification on LDAP Server -
keep emtpy if not requiered
ldap_admin_dn=CN:OpenMeetings Service Account,OU:Service
Accounts,OU:Enterprise,DC:domain,DC:net

#Loginpass for Authentification on LDAP Server - keep emtpy if not
requiered
ldap_passwd=x

#base to search for userdata(of user, that wants to login
ldap_search_base=DC:domain,DC:net

# Fieldnames (can differ between Ldap servers)
field_user_principal=userPrincipalName

# Ldap auth type(SIMPLE,NONE)
ldap_auth_type=SIMPLE


On Mar 1, 9:00 pm, Danny Trinh  wrote:
> I also tried UPN (email address), but it said invalid password.
> [ERROR] [NioProcessor-1] org.openmeetings.app.data.user.Usermanagement
> - dtr...@eastonbellsports.com not authenticated.
>  WARN 03-01 19:58:41.296 MainService.java 2045275 254
> org.openmeetings.app.remote.MainService [NioProcessor-1] - loginUser
> 111: f040fb3ef0ba550b0722b8432017b716 dtr...@eastonbellsports.com
> DEBUG 03-01 19:58:41.297 Usermanagement.java 2045276 1384
> org.openmeetings.app.data.user.Usermanagement [NioProcessor-1] -
> Usermanagement.getUserByLoginOrEmail : dtr...@eastonbellsports.com
> DEBUG 03-01 19:58:41.300 MainService.java 2045279 271
> org.openmeetings.app.remote.MainService [NioProcessor-1] - Ldap Login
> [ERROR] [NioProcessor-1] org.openmeetings.app.data.user.Usermanagement
> - Error occured on LDAP Search : [LDAP: error code 4 - Sizelimit
> Exceeded]
> [ERROR] [NioProcessor-1] org.openmeetings.app.data.user.Usermanagement
> -
>
> Authentification on LDAP Server failed : [LDAP: error code 49 -
> 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext
> error, data 525, vece]
> [ERROR] [NioProcessor-1] org.openmeetings.app.data.user.Usermanagement
> - dtr...@eastonbellsports.com not authenticated.

-- 
You received this message because you are subscribed to the Google Groups 
"OpenMeetings User" group.
To post to this group, send email to openmeetings-u...@googlegroups.com.
To unsubscribe from this group, send email to 
openmeetings-user+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/openmeetings-user?hl=en.

Re: OM and LDAP didn't play well with each other

2010-03-01 Thread Danny Trinh 
I also tried UPN (email address), but it said invalid password.
[ERROR] [NioProcessor-1] org.openmeetings.app.data.user.Usermanagement
- dtr...@eastonbellsports.com not authenticated.
 WARN 03-01 19:58:41.296 MainService.java 2045275 254
org.openmeetings.app.remote.MainService [NioProcessor-1] - loginUser
111: f040fb3ef0ba550b0722b8432017b716 dtr...@eastonbellsports.com
DEBUG 03-01 19:58:41.297 Usermanagement.java 2045276 1384
org.openmeetings.app.data.user.Usermanagement [NioProcessor-1] -
Usermanagement.getUserByLoginOrEmail : dtr...@eastonbellsports.com
DEBUG 03-01 19:58:41.300 MainService.java 2045279 271
org.openmeetings.app.remote.MainService [NioProcessor-1] - Ldap Login
[ERROR] [NioProcessor-1] org.openmeetings.app.data.user.Usermanagement
- Error occured on LDAP Search : [LDAP: error code 4 - Sizelimit
Exceeded]
[ERROR] [NioProcessor-1] org.openmeetings.app.data.user.Usermanagement
-

Authentification on LDAP Server failed : [LDAP: error code 49 -
80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext
error, data 525, vece]
[ERROR] [NioProcessor-1] org.openmeetings.app.data.user.Usermanagement
- dtr...@eastonbellsports.com not authenticated.

-- 
You received this message because you are subscribed to the Google Groups 
"OpenMeetings User" group.
To post to this group, send email to openmeetings-u...@googlegroups.com.
To unsubscribe from this group, send email to 
openmeetings-user+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/openmeetings-user?hl=en.

Re: OM and LDAP didn't play well with each other

2010-03-01 Thread Danny Trinh 
I used LDAP config below:

ldap_server_type=OpenLDAP
ldap_conn_url=ldap://10.1.1.100:389
ldap_admin_dn=CN:openfire,OU:Service Accounts,OU:
Administrators,OU:ccc,DC:,DC:c,DC:loc
ldap_passwd=openfire3
ldap_search_base=DC:LOC
field_user_principal=sAMAccountName (I want to use this instead of
UPN)
ldap_auth_type=SIMPLE

Then I got different errors:
Authentification on LDAP Server failed : [LDAP: error code 49 -
80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext
error, data 525, vece]
[ERROR] [NioProcessor-1] org.openmeetings.app.data.user.Usermanagement
- dtrinh not authenticated.
 WARN 03-01 19:39:52.763 MainService.java 916742 254
org.openmeetings.app.remote.MainService [NioProcessor-1] - loginUser
111: f040fb3ef0ba550b0722b8432017b716 dtrinh
DEBUG 03-01 19:39:52.763 Usermanagement.java 916742 1384
org.openmeetings.app.data.user.Usermanagement [NioProcessor-1] -
Usermanagement.getUserByLoginOrEmail : dtrinh
DEBUG 03-01 19:39:52.767 MainService.java 916746 271
org.openmeetings.app.remote.MainService [NioProcessor-1] - Ldap Login
[ERROR] [NioProcessor-1] org.openmeetings.app.data.user.Usermanagement
- Error occured on LDAP Search : [LDAP: error code 4 - Sizelimit
Exceeded]
[ERROR] [NioProcessor-1] org.openmeetings.app.data.user.Usermanagement
-

Authentification on LDAP Server failed : [LDAP: error code 49 -
80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext
error, data 525, vece]
[ERROR] [NioProcessor-1] org.openmeetings.app.data.user.Usermanagement
- dtrinh not authenticated.

I use both MD5 Crypt, but the errors are similar. What can I try next?
Thanks,

-- 
You received this message because you are subscribed to the Google Groups 
"OpenMeetings User" group.
To post to this group, send email to openmeetings-u...@googlegroups.com.
To unsubscribe from this group, send email to 
openmeetings-user+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/openmeetings-user?hl=en.

Re: OM and LDAP didn't play well with each other

2010-02-28 Thread Simon Eng 
Yes, we have it working. Unless the OM team gets to it first, we will
put together an extension to the LDAP classes to create and populate
organisations in OM based on AD group membership. We also need to be
able to restrict logins based on AD group memebership.

One minor bug with the LDAP auth is the fact that you have to login
twice for it to take effect. The first login generates the empty
organisation box, but the login is created in the OM database with the
default org (if you have the correct default organisation defined).

Also, we are not using the sAMAccountName. We are using UPN logins.

I notice in your config that you have

ldap_admin_dn=CN:openfire,DC:b,DC:c,DC:loc

Are you sure that this is the correct FQDN? If the user is in the
Users container, if would be something like

ldap_admin_dn=CN:openfire,CN:Users,DC:b,DC:c,DC:loc

Or if you have a more complex structure (like ours)

ldap_admin_dn=CN:_svc_ldap,OU:Service
Accounts,OU:Enterprise,DC:subdomain,DC:domain,DC:tld

I also suggest that you use a simpler LDAP connection (like
ldap_conn_url = ldap://10.10.10.10:389/)  to get it working and then
go from there.

Then login using u...@domain.tld or whatever your UPN format is.




On Feb 28, 11:42 am, Danny Trinh  wrote:
> Below are what I have installed to try LDAP:
> [r...@l2dev ~]# rpm -qa |grep ldap | sort
> apr-util-ldap-1.3.9-2.fc12.x86_64
> krb5-server-ldap-1.7.1-2.fc12.x86_64
> ldapjdk-4.18-5.fc12.x86_64
> mozldap-6.0.5-6.fc12.i686
> mozldap-6.0.5-6.fc12.x86_64
> mozldap-devel-6.0.5-6.fc12.i686
> mozldap-devel-6.0.5-6.fc12.x86_64
> mozldap-tools-6.0.5-6.fc12.x86_64
> nss_ldap-264-8.fc12.x86_64
> nss-ldapd-0.6.11-2.fc12.x86_64
> openldap-2.4.19-1.fc12.i686
> openldap-2.4.19-1.fc12.x86_64
> openldap-clients-2.4.19-1.fc12.x86_64
> openldap-devel-2.4.19-1.fc12.x86_64
> openser-ldap-1.3.4-8.fc12.x86_64
> php-ldap-5.3.1-1.fc12.x86_64
> python-ldap-2.3.10-1.fc12.x86_64
> [r...@l2dev ~]#
>
> Simon, are you successfully utilizing LDAP for OM? Can you share with
> us?
> Thanks,

-- 
You received this message because you are subscribed to the Google Groups 
"OpenMeetings User" group.
To post to this group, send email to openmeetings-u...@googlegroups.com.
To unsubscribe from this group, send email to 
openmeetings-user+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/openmeetings-user?hl=en.

Re: OM and LDAP didn't play well with each other

2010-02-28 Thread Danny Trinh 
Below are what I have installed to try LDAP:
[r...@l2dev ~]# rpm -qa |grep ldap | sort
apr-util-ldap-1.3.9-2.fc12.x86_64
krb5-server-ldap-1.7.1-2.fc12.x86_64
ldapjdk-4.18-5.fc12.x86_64
mozldap-6.0.5-6.fc12.i686
mozldap-6.0.5-6.fc12.x86_64
mozldap-devel-6.0.5-6.fc12.i686
mozldap-devel-6.0.5-6.fc12.x86_64
mozldap-tools-6.0.5-6.fc12.x86_64
nss_ldap-264-8.fc12.x86_64
nss-ldapd-0.6.11-2.fc12.x86_64
openldap-2.4.19-1.fc12.i686
openldap-2.4.19-1.fc12.x86_64
openldap-clients-2.4.19-1.fc12.x86_64
openldap-devel-2.4.19-1.fc12.x86_64
openser-ldap-1.3.4-8.fc12.x86_64
php-ldap-5.3.1-1.fc12.x86_64
python-ldap-2.3.10-1.fc12.x86_64
[r...@l2dev ~]#

Simon, are you successfully utilizing LDAP for OM? Can you share with
us?
Thanks,

-- 
You received this message because you are subscribed to the Google Groups 
"OpenMeetings User" group.
To post to this group, send email to openmeetings-u...@googlegroups.com.
To unsubscribe from this group, send email to 
openmeetings-user+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/openmeetings-user?hl=en.

Re: OM and LDAP didn't play well with each other

2010-02-27 Thread Simon Eng 
I had similar issues with Centos. Which ldap rpms do you have
installed? You will need some or all of the following:

mozldap-6.0.5-1.el5
ldapjdk-4.18-2jpp.3.el5
openldap-2.3.43-3.el5
openldap-clients-2.3.43-3.el5

Or the Fedora equivalents.

-- 
You received this message because you are subscribed to the Google Groups 
"OpenMeetings User" group.
To post to this group, send email to openmeetings-u...@googlegroups.com.
To unsubscribe from this group, send email to 
openmeetings-user+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/openmeetings-user?hl=en.

Re: OM and LDAP didn't play well with each other

2010-02-26 Thread John Davis 

Looking at the code there is no way to assoicate an AD user with and
organization.

Unless everyone is put in default which doesn't look like the case.
When there is

no organization it will login the user but the dashboard will fail to
show.

LDAP code should allow setting group attributes from AD or other auth
managers.

Simple fix.


On Feb 26, 7:30 am, Danny Trinh  wrote:
> I modified the om_ldap.cfg according to Smoeker's advised, but I still
> got errors (see below). I looked deeper in errors and noticed that
> it's trying to read LdapAuthBase.java, LdapLoginManagement.java, etc
> in openmeetings.jar, red5.jar, etc., but seeing none. Am I missing
> something that makes java produces these errors?
> Thanks,
>
> ERROR 02-26 06:56:00.190 MainService.java 75912 332
> org.openmeetings.app.remote.MainService [NioProcessor-1] -
> loginUser :
> java.lang.NullPointerException: null
>         at java.util.Hashtable.put(Hashtable.java:411) [na:1.6.0_0]
>         at
> org.openmeetings.app.ldap.LdapAuthBase.authenticateUser(LdapAuthBase.java:
> 86) [openmeetings.jar:na]
>         at
> org.openmeetings.app.ldap.LdapLoginManagement.doLdapLogin(LdapLoginManagement.java:
> 232) [openmeetings.jar:na]
>         at org.openmeetings.app.remote.MainService.loginUser(MainService.java:
> 277) [openmeetings.jar:na]
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [na:
> 1.6.0_0]
>         at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
> 57) [na:1.6.0_0]
>         at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:
> 43) [na:1.6.0_0]
>         at java.lang.reflect.Method.invoke(Method.java:616) [na:1.6.0_0]
>         at org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:
> 200) [red5.jar:na]
>         at org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:
> 118) [red5.jar:na]
>         at org.red5.server.net.rtmp.RTMPHandler.invokeCall(RTMPHandler.java:
> 165) [red5.jar:na]
>         at org.red5.server.net.rtmp.RTMPHandler.onInvoke(RTMPHandler.java:
> 418) [red5.jar:na]
>         at
> org.red5.server.net.rtmp.BaseRTMPHandler.messageReceived(BaseRTMPHandler.java:
> 138) [red5.jar:na]
>         at
> org.red5.server.net.rtmp.RTMPMinaIoHandler.messageReceived(RTMPMinaIoHandler.java:
> 180) [red5.jar:na]
>         at org.apache.mina.core.filterchain.DefaultIoFilterChain
> $TailFilter.messageReceived(DefaultIoFilterChain.java:713) [mina-
> core-2.0.0-RC1.jar:na]
>         at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:
> 434) [mina-core-2.0.0-RC1.jar:na]
>         at org.apache.mina.core.filterchain.DefaultIoFilterChain.access
> $1200(DefaultIoFilterChain.java:46) [mina-core-2.0.0-RC1.jar:na]
>         at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl
> $1.messageReceived(DefaultIoFilterChain.java:793) [mina-core-2.0.0-
> RC1.jar:na]
>         at
> org.red5.server.net.filter.TrafficShapingFilter.messageReceived(TrafficShapingFilter.java:
> 204) [red5.jar:na]
>         at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:
> 434) [mina-core-2.0.0-RC1.jar:na]
>         at org.apache.mina.core.filterchain.DefaultIoFilterChain.access
> $1200(DefaultIoFilterChain.java:46) [mina-core-2.0.0-RC1.jar:na]
>         at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl
> $1.messageReceived(DefaultIoFilterChain.java:793) [mina-core-2.0.0-
> RC1.jar:na]
>         at org.apache.mina.filter.codec.ProtocolCodecFilter
> $ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:375) [mina-
> core-2.0.0-RC1.jar:na]
>         at
> org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:
> 229) [mina-core-2.0.0-RC1.jar:na]
>         at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:
> 434) [mina-core-2.0.0-RC1.jar:na]
>         at org.apache.mina.core.filterchain.DefaultIoFilterChain.access
> $1200(DefaultIoFilterChain.java:46) [mina-core-2.0.0-RC1.jar:na]
>         at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl
> $1.messageReceived(DefaultIoFilterChain.java:793) [mina-core-2.0.0-
> RC1.jar:na]
>         at
> org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:
> 119) [mina-core-2.0.0-RC1.jar:na]
>         at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:
> 434) [mina-core-2.0.0-RC1.jar:na]
>         at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:
> 426) [mina-core-2.0.0-RC1.jar:na]
>         at
> org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:
> 638) [mina-core-2.0.0-RC1.jar:na]
>         at
> org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcess

Re: OM and LDAP didn't play well with each other

2010-02-26 Thread Danny Trinh 
I modified the om_ldap.cfg according to Smoeker's advised, but I still
got errors (see below). I looked deeper in errors and noticed that
it's trying to read LdapAuthBase.java, LdapLoginManagement.java, etc
in openmeetings.jar, red5.jar, etc., but seeing none. Am I missing
something that makes java produces these errors?
Thanks,

ERROR 02-26 06:56:00.190 MainService.java 75912 332
org.openmeetings.app.remote.MainService [NioProcessor-1] -
loginUser :
java.lang.NullPointerException: null
at java.util.Hashtable.put(Hashtable.java:411) [na:1.6.0_0]
at
org.openmeetings.app.ldap.LdapAuthBase.authenticateUser(LdapAuthBase.java:
86) [openmeetings.jar:na]
at
org.openmeetings.app.ldap.LdapLoginManagement.doLdapLogin(LdapLoginManagement.java:
232) [openmeetings.jar:na]
at org.openmeetings.app.remote.MainService.loginUser(MainService.java:
277) [openmeetings.jar:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [na:
1.6.0_0]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
57) [na:1.6.0_0]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:
43) [na:1.6.0_0]
at java.lang.reflect.Method.invoke(Method.java:616) [na:1.6.0_0]
at org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:
200) [red5.jar:na]
at org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:
118) [red5.jar:na]
at org.red5.server.net.rtmp.RTMPHandler.invokeCall(RTMPHandler.java:
165) [red5.jar:na]
at org.red5.server.net.rtmp.RTMPHandler.onInvoke(RTMPHandler.java:
418) [red5.jar:na]
at
org.red5.server.net.rtmp.BaseRTMPHandler.messageReceived(BaseRTMPHandler.java:
138) [red5.jar:na]
at
org.red5.server.net.rtmp.RTMPMinaIoHandler.messageReceived(RTMPMinaIoHandler.java:
180) [red5.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain
$TailFilter.messageReceived(DefaultIoFilterChain.java:713) [mina-
core-2.0.0-RC1.jar:na]
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:
434) [mina-core-2.0.0-RC1.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access
$1200(DefaultIoFilterChain.java:46) [mina-core-2.0.0-RC1.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl
$1.messageReceived(DefaultIoFilterChain.java:793) [mina-core-2.0.0-
RC1.jar:na]
at
org.red5.server.net.filter.TrafficShapingFilter.messageReceived(TrafficShapingFilter.java:
204) [red5.jar:na]
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:
434) [mina-core-2.0.0-RC1.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access
$1200(DefaultIoFilterChain.java:46) [mina-core-2.0.0-RC1.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl
$1.messageReceived(DefaultIoFilterChain.java:793) [mina-core-2.0.0-
RC1.jar:na]
at org.apache.mina.filter.codec.ProtocolCodecFilter
$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:375) [mina-
core-2.0.0-RC1.jar:na]
at
org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:
229) [mina-core-2.0.0-RC1.jar:na]
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:
434) [mina-core-2.0.0-RC1.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access
$1200(DefaultIoFilterChain.java:46) [mina-core-2.0.0-RC1.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl
$1.messageReceived(DefaultIoFilterChain.java:793) [mina-core-2.0.0-
RC1.jar:na]
at
org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:
119) [mina-core-2.0.0-RC1.jar:na]
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:
434) [mina-core-2.0.0-RC1.jar:na]
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:
426) [mina-core-2.0.0-RC1.jar:na]
at
org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:
638) [mina-core-2.0.0-RC1.jar:na]
at
org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:
598) [mina-core-2.0.0-RC1.jar:na]
at
org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:
587) [mina-core-2.0.0-RC1.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor.access
$400(AbstractPollingIoProcessor.java:61) [mina-core-2.0.0-RC1.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor
$Processor.run(AbstractPollingIoProcessor.java:969) [mina-core-2.0.0-
RC1.jar:na]
at
org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:

Re: OM and LDAP didn't play well with each other

2010-02-26 Thread smoeker 
hola,

first of all : at the moment, there's no relation between the OM
organization and a Ldap Group at all.
-> means : if LDAP Auth is on and a user logs in successfully for the
first time, his userdata is written to local database and he gets
added to the default organization u added on install process.
-> please make sure, that a default organization exists.

at the moment, theres a open task concerning LDAP auth restricted by
LdapGroup membership - maybe that hits your requierements?


btw : if you want your users to login via sAMAccountName , i think you
should configure that either by config :

field_user_principal=sAMAccountName

or by using LdapUrl *tricks* like

ldap://YOURSERVER:389/?sAMAccountName ?sub?(objectClass=user)

-> i didnt test that on OM, but use it for other projects - maybe we
could change code, if the URL - params arent supported by current
trunk, to make the LDAP Auth more configurable?


what do you mean?


see ya

Smoeker


On 26 Feb., 03:20, Danny Trinh  wrote:
> I use sAMAccountName for userID, and memberOf for group (extract CN in
> memberOf to get group name). Also, openfire has used the following to
> collect the data from AD:
>
>   ldap.adminDN openfire
> ldap.adminPassword openfire1
> ldap.autoFollowAliasReferrals true
> ldap.autoFollowReferrals false
> ldap.baseDN DC=LOC
> ldap.connectionPoolEnabled true
> ldap.debugEnabled false
> ldap.emailField mail
> ldap.groupDescriptionField description
> ldap.groupMemberField member
> ldap.groupNameField cn
> ldap.groupSearchFilter (&(objectClass=group)(member=*)(!(|(cn=Domain
> Guests)(cn=Domain Users)(cn=Exchange Domain Servers
> ldap.host 10.10.10.10
> ldap.ldapDebugEnabled false
> ldap.nameField cn
> ldap.override.avatar true
> ldap.port 3268
> ldap.posixMode false
> ldap.searchFilter (&(objectCategory=person)(objectClass=user)
> (objectClass=organizationalPerson)(mailNickname=*)(!(|
> (name=SystemMailbox*)(sAMAccountName=*ap-*)(sAMAccountName=*admin)
> (sAMAccountName=abuse
> ldap.sslEnabled false
> ldap.usernameField sAMAccountName
> ldap.vcard-mapping (this is to fill the info of user such as name/full-
> name/last-name/etc.)
>         {cn}
> {mail}
> {displayName}
> {givenName}
> 
> 
> {homePostalAddress}
> {homeZip}
> {co}
> 
> 
> 
> {streetAddress}
> {l}
> {st}
> {postalCode}
> {co}
> 
> 
> 
> 
> {homePhone}
> 
> 
> 
> 
> {mobile}
> 
> 
> 
> 
> {telephoneNumber}
> 
> 
> 
> 
> {mobile}
> 
> 
> 
> 
> {facsimileTelephoneNumber}
> 
> 
> 
> 
> {pager}
> 
> {title}
> 
> {department}
> 
> ]]>">

-- 
You received this message because you are subscribed to the Google Groups 
"OpenMeetings User" group.
To post to this group, send email to openmeetings-u...@googlegroups.com.
To unsubscribe from this group, send email to 
openmeetings-user+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/openmeetings-user?hl=en.

Re: OM and LDAP didn't play well with each other

2010-02-25 Thread Danny Trinh 
I use sAMAccountName for userID, and memberOf for group (extract CN in
memberOf to get group name). Also, openfire has used the following to
collect the data from AD:

  ldap.adminDN openfire
ldap.adminPassword openfire1
ldap.autoFollowAliasReferrals true
ldap.autoFollowReferrals false
ldap.baseDN DC=LOC
ldap.connectionPoolEnabled true
ldap.debugEnabled false
ldap.emailField mail
ldap.groupDescriptionField description
ldap.groupMemberField member
ldap.groupNameField cn
ldap.groupSearchFilter (&(objectClass=group)(member=*)(!(|(cn=Domain
Guests)(cn=Domain Users)(cn=Exchange Domain Servers
ldap.host 10.10.10.10
ldap.ldapDebugEnabled false
ldap.nameField cn
ldap.override.avatar true
ldap.port 3268
ldap.posixMode false
ldap.searchFilter (&(objectCategory=person)(objectClass=user)
(objectClass=organizationalPerson)(mailNickname=*)(!(|
(name=SystemMailbox*)(sAMAccountName=*ap-*)(sAMAccountName=*admin)
(sAMAccountName=abuse
ldap.sslEnabled false
ldap.usernameField sAMAccountName
ldap.vcard-mapping (this is to fill the info of user such as name/full-
name/last-name/etc.)
{cn}
{mail}
{displayName}
{givenName}


{homePostalAddress}
{homeZip}
{co}



{streetAddress}
{l}
{st}
{postalCode}
{co}




{homePhone}




{mobile}




{telephoneNumber}




{mobile}




{facsimileTelephoneNumber}




{pager}

{title}

{department}

]]>">

-- 
You received this message because you are subscribed to the Google Groups 
"OpenMeetings User" group.
To post to this group, send email to openmeetings-u...@googlegroups.com.
To unsubscribe from this group, send email to 
openmeetings-user+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/openmeetings-user?hl=en.

Re: OM and LDAP didn't play well with each other

2010-02-25 Thread John Davis 

What are the attributes that you are using fro group and userid. They
are different that the default on many Ad deployments.


On Feb 25, 4:45 pm, Danny Trinh  wrote:
> Below is my ldap config:
>
> ldap_server_type=OpenLDAP
> ldap_conn_url = ldap://10.10.10.10:389/?sAMAccountName?sub?(objectClass=user)
> ldap_admin_dn=CN:openfire,DC:b,DC:c,DC:loc
> ldap_passwd=openfire1
>
> ldap_search_base=DC:b,DC:c,DC:LOC
>
> field_user_principal=userPrincipalName
> ldap_auth_type=SIMPLE
>
> If you need more info, please let me know. Thanks,

-- 
You received this message because you are subscribed to the Google Groups 
"OpenMeetings User" group.
To post to this group, send email to openmeetings-u...@googlegroups.com.
To unsubscribe from this group, send email to 
openmeetings-user+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/openmeetings-user?hl=en.

Re: OM and LDAP didn't play well with each other

2010-02-25 Thread Danny Trinh 
Below is my ldap config:

ldap_server_type=OpenLDAP
ldap_conn_url = ldap://10.10.10.10:389/?sAMAccountName?sub?(objectClass=user)
ldap_admin_dn=CN:openfire,DC:b,DC:c,DC:loc
ldap_passwd=openfire1

ldap_search_base=DC:b,DC:c,DC:LOC

field_user_principal=userPrincipalName
ldap_auth_type=SIMPLE

If you need more info, please let me know. Thanks,

-- 
You received this message because you are subscribed to the Google Groups 
"OpenMeetings User" group.
To post to this group, send email to openmeetings-u...@googlegroups.com.
To unsubscribe from this group, send email to 
openmeetings-user+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/openmeetings-user?hl=en.

Re: OM and LDAP didn't play well with each other

2010-02-25 Thread Sebastian Wagner 
hi,

that box should be not shown at all.
Oliver has made the LDAP Connector, also against ADS. Maybe he has the tipp
to solve that.

Sebastian

2010/2/25 Danny Trinh 

> Hi Sebastian,
>
>
> On Feb 25, 12:30 pm, Sebastian Wagner  wrote:
> > What do you mean by *I can't see "organisation"*
> > you have the box of organizations but no chose to actually take anything?
> >
>
> Yes, I saw the box of organization, but there is nothing to choose.
>
> Regarding of LDAP, I believe we just have a read-only to collect data
> (userID/passwd/group) from AD. What is "organization" refered to? i.e.
> group/OU/O.
> Thanks,
>
> --
> You received this message because you are subscribed to the Google Groups
> "OpenMeetings User" group.
> To post to this group, send email to openmeetings-u...@googlegroups.com.
> To unsubscribe from this group, send email to
> openmeetings-user+unsubscr...@googlegroups.com
> .
> For more options, visit this group at
> http://groups.google.com/group/openmeetings-user?hl=en.
>
>


-- 
Sebastian Wagner
http://www.webbase-design.de
http://openmeetings.googlecode.com
http://www.laszlo-forum.de
seba.wag...@gmail.com

-- 
You received this message because you are subscribed to the Google Groups 
"OpenMeetings User" group.
To post to this group, send email to openmeetings-u...@googlegroups.com.
To unsubscribe from this group, send email to 
openmeetings-user+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/openmeetings-user?hl=en.

Re: OM and LDAP didn't play well with each other

2010-02-25 Thread Sebastian Wagner 
What do you mean by *I can't see "organisation"*
you have the box of organizations but no chose to actually take anything?


Sebastian

2010/2/25 Danny Trinh 

> It seemed to be working but it's not. When I read all document and
> discussion about LDAP on this forum + wiki, I started setup OM to
> connect to Windows AD. So I can integrate all AD's users to this OM.
> The results are OM can't collect data from AD.
> Here what I did:
> - Setup fedora 64 and install all necessary packages according to the
> wiki.
> - modify om_ldap.cfg and hibernate.cfg.xml
> - start mysql server aand red5.sh
> - start setup OM by using http://localhost:5080/openmeetings/install
> (localhost==10.10.10.10
> )
> - connect to OM http://10.10.10.10:5080/openmeetings
> - I can login to OM by the initial user. But when I try to use windows
> AD userID, it seems to login but not. I can't see "organisation". I
> even logout and log back in, and still can't see the "organisation".
> - I check /opt/openmeetings/log/openmeetings.log and see the following
> errors:
>  DEBUG 02-25 11:55:53.976 Usermanagement.java 2196984 1384
> org.openmeetings.app.data.user.Usermanagement [NioProcessor-1] -
> Usermanagement.getUserByLoginOrEmail : dtrinh
> DEBUG 02-25 11:55:53.979 MainService.java 2196987 271
> org.openmeetings.app.remote.MainService [NioProcessor-1] - Ldap Login
> ERROR 02-25 11:55:53.994 MainService.java 2197002 332
> org.openmeetings.app.remote.MainService [NioProcessor-1] -
> loginUser :
> java.lang.NullPointerException: null
>at java.util.Hashtable.put(Hashtable.java:411) [na:1.6.0_0]
>at
> org.openmeetings.app.ldap.LdapAuthBase.authenticateUser(LdapAuthBase.java:
> 86) [openmeetings.jar:na]
>at
>
> org.openmeetings.app.ldap.LdapLoginManagement.doLdapLogin(LdapLoginManagement.java:
> 232) [openmeetings.jar:na]
>at
> org.openmeetings.app.remote.MainService.loginUser(MainService.java:
> 277) [openmeetings.jar:na]
>at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [na:
> 1.6.0_0]
>at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:
> 57) [na:1.6.0_0]
>at
>
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:
> 43) [na:1.6.0_0]
>at java.lang.reflect.Method.invoke(Method.java:616) [na:1.6.0_0]
>at
> org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:
> 200) [red5.jar:na]
>at
> org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:
> 118) [red5.jar:na]
>at org.red5.server.net.rtmp.RTMPHandler.invokeCall(RTMPHandler.java:
> 165) [red5.jar:na]
>at org.red5.server.net.rtmp.RTMPHandler.onInvoke(RTMPHandler.java:
> 418) [red5.jar:na]
>at
>
> org.red5.server.net.rtmp.BaseRTMPHandler.messageReceived(BaseRTMPHandler.java:
> 138) [red5.jar:na]
>at
>
> org.red5.server.net.rtmp.RTMPMinaIoHandler.messageReceived(RTMPMinaIoHandler.java:
> 180) [red5.jar:na]
>at org.apache.mina.core.filterchain.DefaultIoFilterChain
> $TailFilter.messageReceived(DefaultIoFilterChain.java:713) [mina-
> core-2.0.0-RC1.jar:na]
>at
>
> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:
> 434) [mina-core-2.0.0-RC1.jar:na]
>at org.apache.mina.core.filterchain.DefaultIoFilterChain.access
> $1200(DefaultIoFilterChain.java:46) [mina-core-2.0.0-RC1.jar:na]
>at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl
> $1.messageReceived(DefaultIoFilterChain.java:793) [mina-core-2.0.0-
> RC1.jar:na]
>at
>
> org.red5.server.net.filter.TrafficShapingFilter.messageReceived(TrafficShapingFilter.java:
> 204) [red5.jar:na]
>at
>
> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:
> 434) [mina-core-2.0.0-RC1.jar:na]
>at org.apache.mina.core.filterchain.DefaultIoFilterChain.access
> $1200(DefaultIoFilterChain.java:46) [mina-core-2.0.0-RC1.jar:na]
>at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl
> $1.messageReceived(DefaultIoFilterChain.java:793) [mina-core-2.0.0-
> RC1.jar:na]
>at org.apache.mina.filter.codec.ProtocolCodecFilter
> $ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:375) [mina-
> core-2.0.0-RC1.jar:na]
>at
>
> org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:
> 229) [mina-core-2.0.0-RC1.jar:na]
>at
>
> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:
> 434) [mina-core-2.0.0-RC1.jar:na]
>at org.apache.mina.core.filterchain.DefaultIoFilterChain.access
> $1200(DefaultIoFilterChain.java:46) [mina-core-2.0.0-RC1.jar:na]
>at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl
> $1.messageReceived(DefaultIoFilterChain.java:793) [mina-core-2.0.0-
> RC1.ja

Re: OM and LDAP didn't play well with each other

2010-02-25 Thread Danny Trinh 
Hi Sebastian,


On Feb 25, 12:30 pm, Sebastian Wagner  wrote:
> What do you mean by *I can't see "organisation"*
> you have the box of organizations but no chose to actually take anything?
>

Yes, I saw the box of organization, but there is nothing to choose.

Regarding of LDAP, I believe we just have a read-only to collect data
(userID/passwd/group) from AD. What is "organization" refered to? i.e.
group/OU/O.
Thanks,

-- 
You received this message because you are subscribed to the Google Groups 
"OpenMeetings User" group.
To post to this group, send email to openmeetings-u...@googlegroups.com.
To unsubscribe from this group, send email to 
openmeetings-user+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/openmeetings-user?hl=en.