from:"Rohrbach, Gerald"

Re: ldap config problems with authentication

2020-03-30 Thread Rohrbach, Gerald

Also having LDAP issues:

It seems not to work.

Below is the om_ldap.cfg, that is used in the config file:

^[[39mDEBUG^[[0;39m 03-30 08:42:26.213 ^[[36mo.a.o.s.q.s.ReminderJob:93 
[Bean#0_Worker-3]^[[0;39m - Rss disabled by Admin   

 ^[[39mDEBUG^[[0;39m 03-30 08:52:26.214 ^[[36mo.a.o.s.q.s.ReminderJob:93 
[Bean#0_Worker-8]^[[0;39m - Rss disabled by Admin   

 ^[[39mDEBUG^[[0;39m 03-30 09:02:26.214 ^[[36mo.a.o.s.q.s.ReminderJob:93 
[Bean#0_Worker-5]^[[0;39m - Rss disabled by Admin   

 ^[[39mDEBUG^[[0;39m 03-30 09:11:36.412 ^[[36mo.a.o.d.d.s.LdapConfigDao:69 
[io-5443-exec-10]^[[0;39m - getActiveLdapConfigs

   ^[[39mDEBUG^[[0;39m 03-30 09:11:36.517 ^[[36mo.a.o.d.d.s.LdapConfigDao:69 
[nio-5443-exec-2]^[[0;39m - getActiveLdapConfigs

   ^[[39mDEBUG^[[0;39m 03-30 09:12:13.115 ^[[36mo.a.o.c.l.LdapLoginManager:172 
[nio-5443-exec-2]^[[0;39m - LdapLoginmanager.doLdapLogin

 ^[[1;31mERROR^[[0;39m 03-30 09:12:13.129 ^[[36mo.a.o.c.l.LdapLoginManager:226 
[nio-5443-exec-2]^[[0;39m - Not authenticated.  
   
org.apache.directory.api.ldap.model.exception.LdapAuthenticationException: 
80090308: LdapErr: DSID-0C090442, comment: AcceptSecurityContext error, data 
52e, v3839^@
 at 
org.apache.directory.api.ldap.model.message.ResultCodeEnum.processResponse(ResultCodeEnum.java:1995)


What does the LdapLogin Manager message means, was the query user not able to 
connect or was the end user password wrong.
How I can make visible, what the query for the user ist.
It should be in the form u...@domain.de , maybe the 
mapping is just wrong.





This is the modified
 ldap_conn_host=DESVR-DC01.firma.de
ldap_conn_port=389
ldap_conn_secure=false

# Login distinguished name (DN) for Authentication on LDAP Server - keep empty 
if not required
# Use full qualified LDAP DN
ldap_admin_dn=CN=ldapopenmeetings,OU=Users-Service-Accounts,DC=firma,DC=de

# Loginpass for Authentication on LDAP Server - keep empty if not required
ldap_passwd=#password#

# base to search for userdata(of user, that wants to login)
ldap_search_base=CN=Users,DC=firma,DC=de

# Fieldnames (can differ between Ldap servers)
ldap_search_query=(uid=%s)

# the scope of the search might be: OBJECT, ONELEVEL, SUBTREE
ldap_search_scope=SUBTREE

# Ldap auth type(NONE, SEARCHANDBIND, SIMPLEBIND)
#  When using SIMPLEBIND a simple bind is performed on the LDAP server to check 
user authentication
#  When using NONE, the Ldap server is not used for authentication
ldap_auth_type=SIMPLEBIND

# userDN format, will be used to bind if ldap_auth_type=SIMPLEBIND
# might be used to get provisionningDn in case ldap_auth_type=NONE
ldap_userdn_format=uid=%s,CN=Users,DC=firma,DC=de

# Ldap provisioning type(NONE, AUTOCREATE, AUTOUPDATE)
ldap_provisionning=AUTOCREATE

# Ldap deref mode (never, searching, finding, always)
ldap_deref_mode=always
ldap_use_admin_to_get_attrs=true

# Ldap-password synchronization to OM DB
#  Set this to 'true' if you want OM to synchronize the user Ldap-password to 
OM's internal DB
#  If you want to disable the feature, set this to any other string.
#  Defautl value is 'true'
ldap_sync_password_to_om=false

# Ldap group mode (NONE, ATTRIBUTE, QUERY)
# NONE means group associations will be ignored
# ATTRIBUTE means group associations will be taken from 'ldap_group_attr' 
attribute (M$ AD mode)
# QUERY means group associations will be taken as a result of 
'ldap_group_query' query
ldap_group_mode=NONE

ldap_group_query=(&(memberUid=%s)(objectClass=posixGroup))

# Ldap user attributes mapping
# Set the following internal OM user attributes to their corresponding 
Ldap-attribute

ldap_user_attr_login=uid
ldap_user_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=streetAddress
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=co
ldap_user_attr_town=l
ldap_user_attr_phone=telephoneNumber
# optional attribute for user picture
#ldap_user_attr_picture=
ldap_group_attr=memberOf

# optional, absolute URL will be used as user picture if 
#ldap_user_attr_picture will be empty
#

AW: ldap config problems with authentication

2020-03-30 Thread Rohrbach, Gerald

Maxim,

that was a good hint with the logging.
I think it is just a understanding and config issue.

   SearchRequest
baseDn : 'CN=Users,DC=company,DC=de'
filter : '(uid=x...@compay.de<mailto:uid=x...@compay.de>)'

In ADS uid attribute is not filled. Instead in ADS we need to user 
UserPrincipalName or something else.

So authentication works fine, but eyery time someone logs in a new user account 
is created.

It  looks like we still have an issue, as the create user login is wrong.
testu...@company.de@company.de

I hope I get the rest also figured out.


Gerald





Von: Maxim Solodovnik [mailto:solomax...@gmail.com]
Gesendet: Montag, 30. März 2020 11:50
An: Openmeetings user-list 
Betreff: Re: ldap config problems with authentication

Your log is hard to read due to formatting issues :((
Googling `DSID-0C090442` results something about "searching between forests" 
which I don't understand :(

Admin->LDAP has setting "Add domain to user name"
Do you have it checked? (domain to add should be specified)

What is your LDAP provider? Is it ADS?

To make logging more verbose you can
1) stop OM
2) add following line to logback-config.xml
 
3) restart OM

According to my previous experience SEARCHANDBIND might work better


On Mon, 30 Mar 2020 at 16:31, Rohrbach, Gerald 
mailto:g.rohrb...@funkegruppe.de>> wrote:
Also having LDAP issues:

It seems not to work.

Below is the om_ldap.cfg, that is used in the config file:

^[[39mDEBUG^[[0;39m 03-30 08:42:26.213 ^[[36mo.a.o.s.q.s.ReminderJob:93 
[Bean#0_Worker-3]^[[0;39m - Rss disabled by Admin   

 ^[[39mDEBUG^[[0;39m 03-30 08:52:26.214 ^[[36mo.a.o.s.q.s.ReminderJob:93 
[Bean#0_Worker-8]^[[0;39m - Rss disabled by Admin   

 ^[[39mDEBUG^[[0;39m 03-30 09:02:26.214 ^[[36mo.a.o.s.q.s.ReminderJob:93 
[Bean#0_Worker-5]^[[0;39m - Rss disabled by Admin   

 ^[[39mDEBUG^[[0;39m 03-30 09:11:36.412 ^[[36mo.a.o.d.d.s.LdapConfigDao:69 
[io-5443-exec-10]^[[0;39m - getActiveLdapConfigs

   ^[[39mDEBUG^[[0;39m 03-30 09:11:36.517 ^[[36mo.a.o.d.d.s.LdapConfigDao:69 
[nio-5443-exec-2]^[[0;39m - getActiveLdapConfigs

   ^[[39mDEBUG^[[0;39m 03-30 09:12:13.115 ^[[36mo.a.o.c.l.LdapLoginManager:172 
[nio-5443-exec-2]^[[0;39m - LdapLoginmanager.doLdapLogin

 ^[[1;31mERROR^[[0;39m 03-30 09:12:13.129 ^[[36mo.a.o.c.l.LdapLoginManager:226 
[nio-5443-exec-2]^[[0;39m - Not authenticated.  
   
org.apache.directory.api.ldap.model.exception.LdapAuthenticationException: 
80090308: LdapErr: DSID-0C090442, comment: AcceptSecurityContext error, data 
52e, v3839^@
 at 
org.apache.directory.api.ldap.model.message.ResultCodeEnum.processResponse(ResultCodeEnum.java:1995)


What does the LdapLogin Manager message means, was the query user not able to 
connect or was the end user password wrong.
How I can make visible, what the query for the user ist.
It should be in the form u...@domain.de<mailto:u...@domain.de> , maybe the 
mapping is just wrong.





This is the modified
 ldap_conn_host=DESVR-DC01.firma.de<http://DESVR-DC01.firma.de>
ldap_conn_port=389
ldap_conn_secure=false

# Login distinguished name (DN) for Authentication on LDAP Server - keep empty 
if not required
# Use full qualified LDAP DN
ldap_admin_dn=CN=ldapopenmeetings,OU=Users-Service-Accounts,DC=firma,DC=de

# Loginpass for Authentication on LDAP Server - keep empty if not required
ldap_passwd=#password#

# base to search for userdata(of user, that wants to login)
ldap_search_base=CN=Users,DC=firma,DC=de

# Fieldnames (can differ between Ldap servers)
ldap_search_query=(uid=%s)

# the scope of the search might be: OBJECT, ONELEVEL, SUBTREE
ldap_search_scope=SUBTREE

# Ldap auth type(NONE, SEARCHANDBIND, SIMPLEBIND)
#  When using SIMPLEBIND a simple bind is performed on the LDAP server to check 
user authentication
#  When using NONE, the Ldap server is not used for authentication
ldap_auth_type=SIMPLEBIND

# userDN format, will be used to bind if ldap_auth_type=SIMPLEBIND
# might be used to get provisionningDn in case ldap_auth_type=NONE
ldap_userdn_format=uid=%s,CN=Users,DC=firma,DC=de

# Ldap provisioning type(N

AW: ldap config problems with authentication

2020-03-30 Thread Rohrbach, Gerald

Maxim,

I have no problem how the userID is, if u...@domain.de<mailto:u...@domain.de> 
or just user.

The problem I have is that every time a user logs in a new account is created.
So if userA logs in 3 times I have userA 3 times in the database.
Probably simple config issue.

I understood now, that users are created from ADS when a user Logs in.
That’s fine.
Unfortunately the country from ADS does not apply.
In the ADS for the user is Deutschland, but when the user is created this is 
not picked up.
I would need to know how to set defaults.


As I had now several users deleted, because duplicate they are marked as purged.
But still shown. How can I get rid of this?

Gerald




Von: Maxim Solodovnik [mailto:solomax...@gmail.com]
Gesendet: Montag, 30. März 2020 14:37
An: Openmeetings user-list 
Betreff: Re: ldap config problems with authentication

Of cause I can add simple check 
"if-login-contains-domain-do-not-add-another-one" but I would prefer to create 
simulation of real LDAP :)

On Mon, 30 Mar 2020 at 19:31, Maxim Solodovnik 
mailto:solomax...@gmail.com>> wrote:


On Mon, 30 Mar 2020 at 19:25, Rohrbach, Gerald 
mailto:g.rohrb...@funkegruppe.de>> wrote:
Maxim,

that was a good hint with the logging.
I think it is just a understanding and config issue.

   SearchRequest
baseDn : 'CN=Users,DC=company,DC=de'
filter : '(uid=x...@compay.de<mailto:uid=x...@compay.de>)'

In ADS uid attribute is not filled. Instead in ADS we need to user 
UserPrincipalName or something else.

for ADS `samlAccountName` or something like this should be used


So authentication works fine, but eyery time someone logs in a new user account 
is created.

It  looks like we still have an issue, as the create user login is wrong.
testu...@company.de@company.de<http://company.de>

This is the issue
I'm using this
https://github.com/apache/openmeetings/blob/master/openmeetings-web/src/test/resources/schema/users.ldif
Schema for tests
Maybe you can help me to create schema for the case with "suffixed" users?


I hope I get the rest also figured out.


Gerald





Von: Maxim Solodovnik [mailto:solomax...@gmail.com<mailto:solomax...@gmail.com>]
Gesendet: Montag, 30. März 2020 11:50
An: Openmeetings user-list 
mailto:user@openmeetings.apache.org>>
Betreff: Re: ldap config problems with authentication

Your log is hard to read due to formatting issues :((
Googling `DSID-0C090442` results something about "searching between forests" 
which I don't understand :(

Admin->LDAP has setting "Add domain to user name"
Do you have it checked? (domain to add should be specified)

What is your LDAP provider? Is it ADS?

To make logging more verbose you can
1) stop OM
2) add following line to logback-config.xml
 
3) restart OM

According to my previous experience SEARCHANDBIND might work better


On Mon, 30 Mar 2020 at 16:31, Rohrbach, Gerald 
mailto:g.rohrb...@funkegruppe.de>> wrote:
Also having LDAP issues:

It seems not to work.

Below is the om_ldap.cfg, that is used in the config file:

^[[39mDEBUG^[[0;39m 03-30 08:42:26.213 ^[[36mo.a.o.s.q.s.ReminderJob:93 
[Bean#0_Worker-3]^[[0;39m - Rss disabled by Admin   

 ^[[39mDEBUG^[[0;39m 03-30 08:52:26.214 ^[[36mo.a.o.s.q.s.ReminderJob:93 
[Bean#0_Worker-8]^[[0;39m - Rss disabled by Admin   

 ^[[39mDEBUG^[[0;39m 03-30 09:02:26.214 ^[[36mo.a.o.s.q.s.ReminderJob:93 
[Bean#0_Worker-5]^[[0;39m - Rss disabled by Admin   

 ^[[39mDEBUG^[[0;39m 03-30 09:11:36.412 ^[[36mo.a.o.d.d.s.LdapConfigDao:69 
[io-5443-exec-10]^[[0;39m - getActiveLdapConfigs

   ^[[39mDEBUG^[[0;39m 03-30 09:11:36.517 ^[[36mo.a.o.d.d.s.LdapConfigDao:69 
[nio-5443-exec-2]^[[0;39m - getActiveLdapConfigs

   ^[[39mDEBUG^[[0;39m 03-30 09:12:13.115 ^[[36mo.a.o.c.l.LdapLoginManager:172 
[nio-5443-exec-2]^[[0;39m - LdapLoginmanager.doLdapLogin

 ^[[1;31mERROR^[[0;39m 03-30 09:12:13.129 ^[[36mo.a.o.c.l.LdapLoginManager:226 
[nio-5443-exec-2]^[[0;39m - Not authenticated.  
   
org.apache.directory.api.ldap.model.exception.LdapAuthenticationException: 
80090308: LdapErr: DSID-0C090442, comment: AcceptSecu

AW: ldap config problems with authentication solved

2020-03-30 Thread Rohrbach, Gerald

Maxim,

I found the solution:

This are the settings:

ldap_search_query=(userPrincipalName=%s)
ldap_userdn_format=userPrincipalName=%s,CN=Users,DC=company,DC=de

ldap_user_attr_login=sAMAccountName

Then the users are created in the right way 
use...@company.de<mailto:use...@company.de>
No duplicates anymore.


Regards

Gerald


Von: Maxim Solodovnik [mailto:solomax...@gmail.com]
Gesendet: Montag, 30. März 2020 14:37
An: Openmeetings user-list 
Betreff: Re: ldap config problems with authentication

Of cause I can add simple check 
"if-login-contains-domain-do-not-add-another-one" but I would prefer to create 
simulation of real LDAP :)

On Mon, 30 Mar 2020 at 19:31, Maxim Solodovnik 
mailto:solomax...@gmail.com>> wrote:


On Mon, 30 Mar 2020 at 19:25, Rohrbach, Gerald 
mailto:g.rohrb...@funkegruppe.de>> wrote:
Maxim,

that was a good hint with the logging.
I think it is just a understanding and config issue.

   SearchRequest
baseDn : 'CN=Users,DC=company,DC=de'
filter : '(uid=x...@compay.de<mailto:uid=x...@compay.de>)'

In ADS uid attribute is not filled. Instead in ADS we need to user 
UserPrincipalName or something else.

for ADS `samlAccountName` or something like this should be used


So authentication works fine, but eyery time someone logs in a new user account 
is created.

It  looks like we still have an issue, as the create user login is wrong.
testu...@company.de@company.de<http://company.de>

This is the issue
I'm using this
https://github.com/apache/openmeetings/blob/master/openmeetings-web/src/test/resources/schema/users.ldif
Schema for tests
Maybe you can help me to create schema for the case with "suffixed" users?


I hope I get the rest also figured out.


Gerald





Von: Maxim Solodovnik [mailto:solomax...@gmail.com<mailto:solomax...@gmail.com>]
Gesendet: Montag, 30. März 2020 11:50
An: Openmeetings user-list 
mailto:user@openmeetings.apache.org>>
Betreff: Re: ldap config problems with authentication

Your log is hard to read due to formatting issues :((
Googling `DSID-0C090442` results something about "searching between forests" 
which I don't understand :(

Admin->LDAP has setting "Add domain to user name"
Do you have it checked? (domain to add should be specified)

What is your LDAP provider? Is it ADS?

To make logging more verbose you can
1) stop OM
2) add following line to logback-config.xml
 
3) restart OM

According to my previous experience SEARCHANDBIND might work better


On Mon, 30 Mar 2020 at 16:31, Rohrbach, Gerald 
mailto:g.rohrb...@funkegruppe.de>> wrote:
Also having LDAP issues:

It seems not to work.

Below is the om_ldap.cfg, that is used in the config file:

^[[39mDEBUG^[[0;39m 03-30 08:42:26.213 ^[[36mo.a.o.s.q.s.ReminderJob:93 
[Bean#0_Worker-3]^[[0;39m - Rss disabled by Admin   

 ^[[39mDEBUG^[[0;39m 03-30 08:52:26.214 ^[[36mo.a.o.s.q.s.ReminderJob:93 
[Bean#0_Worker-8]^[[0;39m - Rss disabled by Admin   

 ^[[39mDEBUG^[[0;39m 03-30 09:02:26.214 ^[[36mo.a.o.s.q.s.ReminderJob:93 
[Bean#0_Worker-5]^[[0;39m - Rss disabled by Admin   

 ^[[39mDEBUG^[[0;39m 03-30 09:11:36.412 ^[[36mo.a.o.d.d.s.LdapConfigDao:69 
[io-5443-exec-10]^[[0;39m - getActiveLdapConfigs

   ^[[39mDEBUG^[[0;39m 03-30 09:11:36.517 ^[[36mo.a.o.d.d.s.LdapConfigDao:69 
[nio-5443-exec-2]^[[0;39m - getActiveLdapConfigs

   ^[[39mDEBUG^[[0;39m 03-30 09:12:13.115 ^[[36mo.a.o.c.l.LdapLoginManager:172 
[nio-5443-exec-2]^[[0;39m - LdapLoginmanager.doLdapLogin

 ^[[1;31mERROR^[[0;39m 03-30 09:12:13.129 ^[[36mo.a.o.c.l.LdapLoginManager:226 
[nio-5443-exec-2]^[[0;39m - Not authenticated.  
   
org.apache.directory.api.ldap.model.exception.LdapAuthenticationException: 
80090308: LdapErr: DSID-0C090442, comment: AcceptSecurityContext error, data 
52e, v3839^@
 at 
org.apache.directory.api.ldap.model.message.ResultCodeEnum.processResponse(ResultCodeEnum.java:1995)


What does the LdapLogin Manager message means, was the query user not able to 
connect or was the end user password wrong.
How I can make visible, what the query for the user

AW: ldap config problems with authentication solved - Database move to different server

2020-03-30 Thread Rohrbach, Gerald

Well, I need another hint….

As we have now tested a lot and do think we can use it for more users probably 
we
need more than one server. I interested in the clustering.
But I know this is sometimes difficult on our core switch to setup.

First step would be to have the database separated on a different server.
We have already created a lots of users in the M3 release.

For testing of the M4  I have made already a backup and restored it.
But in this case the database was also local.

Probably I need to change somewhere in a config file, where the new database is
Located, if it is not local.
Because in the backup there was a localDB, on the new server I would like a 
different machine.
Which file I need to edit?



Regards

Gerald.







Von: Maxim Solodovnik [mailto:solomax...@gmail.com]
Gesendet: Montag, 30. März 2020 16:19
An: Openmeetings user-list 
Betreff: Re: ldap config problems with authentication solved

Great news :)
I don't have to fix it :)))

Thanks a lot!

On Mon, 30 Mar 2020 at 21:16, Rohrbach, Gerald 
mailto:g.rohrb...@funkegruppe.de>> wrote:
Maxim,

I found the solution:

This are the settings:

ldap_search_query=(userPrincipalName=%s)
ldap_userdn_format=userPrincipalName=%s,CN=Users,DC=company,DC=de

ldap_user_attr_login=sAMAccountName

Then the users are created in the right way 
use...@company.de<mailto:use...@company.de>
No duplicates anymore.


Regards

Gerald


Von: Maxim Solodovnik [mailto:solomax...@gmail.com<mailto:solomax...@gmail.com>]
Gesendet: Montag, 30. März 2020 14:37
An: Openmeetings user-list 
mailto:user@openmeetings.apache.org>>
Betreff: Re: ldap config problems with authentication

Of cause I can add simple check 
"if-login-contains-domain-do-not-add-another-one" but I would prefer to create 
simulation of real LDAP :)

On Mon, 30 Mar 2020 at 19:31, Maxim Solodovnik 
mailto:solomax...@gmail.com>> wrote:


On Mon, 30 Mar 2020 at 19:25, Rohrbach, Gerald 
mailto:g.rohrb...@funkegruppe.de>> wrote:
Maxim,

that was a good hint with the logging.
I think it is just a understanding and config issue.

   SearchRequest
baseDn : 'CN=Users,DC=company,DC=de'
filter : '(uid=x...@compay.de<mailto:uid=x...@compay.de>)'

In ADS uid attribute is not filled. Instead in ADS we need to user 
UserPrincipalName or something else.

for ADS `samlAccountName` or something like this should be used


So authentication works fine, but eyery time someone logs in a new user account 
is created.

It  looks like we still have an issue, as the create user login is wrong.
testu...@company.de@company.de<http://company.de>

This is the issue
I'm using this
https://github.com/apache/openmeetings/blob/master/openmeetings-web/src/test/resources/schema/users.ldif
Schema for tests
Maybe you can help me to create schema for the case with "suffixed" users?


I hope I get the rest also figured out.


Gerald





Von: Maxim Solodovnik [mailto:solomax...@gmail.com<mailto:solomax...@gmail.com>]
Gesendet: Montag, 30. März 2020 11:50
An: Openmeetings user-list 
mailto:user@openmeetings.apache.org>>
Betreff: Re: ldap config problems with authentication

Your log is hard to read due to formatting issues :((
Googling `DSID-0C090442` results something about "searching between forests" 
which I don't understand :(

Admin->LDAP has setting "Add domain to user name"
Do you have it checked? (domain to add should be specified)

What is your LDAP provider? Is it ADS?

To make logging more verbose you can
1) stop OM
2) add following line to logback-config.xml
 
3) restart OM

According to my previous experience SEARCHANDBIND might work better


On Mon, 30 Mar 2020 at 16:31, Rohrbach, Gerald 
mailto:g.rohrb...@funkegruppe.de>> wrote:
Also having LDAP issues:

It seems not to work.

Below is the om_ldap.cfg, that is used in the config file:

^[[39mDEBUG^[[0;39m 03-30 08:42:26.213 ^[[36mo.a.o.s.q.s.ReminderJob:93 
[Bean#0_Worker-3]^[[0;39m - Rss disabled by Admin   

 ^[[39mDEBUG^[[0;39m 03-30 08:52:26.214 ^[[36mo.a.o.s.q.s.ReminderJob:93 
[Bean#0_Worker-8]^[[0;39m - Rss disabled by Admin   

 ^[[39mDEBUG^[[0;39m 03-30 09:02:26.214 ^[[36mo.a.o.s.q.s.ReminderJob:93 
[Bean#0_Worker-5]^[[0;39m - Rss disabled by Admin   

 ^[[39mDEBUG^[[0;39m 03-30 09:11:36.412 ^[[36mo.a.o.d.d.s.LdapConfigDao:69 
[io-5443-exec-10]^[[0;39m - getActiveLdapConfigs

AW: ldap config problems with authentication

2020-03-31 Thread Rohrbach, Gerald

Maxim,

two small questions/ issues.

Is it simple possible to set in the Login the LDAP as default and localDB as 
option.
So just the other way round?

If we do use LDAP ADS it seems not to work, that a user can change his own 
setting,
If we set ldap password sync we will run into the password complexity problem.

Can we somewhere switch of the password complexity?
We are using just internal, so it is no security issue in our case.



Regards

Gerald






Von: Maxim Solodovnik [mailto:solomax...@gmail.com]
Gesendet: Montag, 30. März 2020 15:19
An: Openmeetings user-list 
Betreff: Re: ldap config problems with authentication

Just have created test and there is only one user after 2 sign-ins
Can you query DB (something like `select id,login,type,domain_id from om_user 
where login = your_multiplied_login`) and show here?

On Mon, 30 Mar 2020 at 20:09, Maxim Solodovnik 
mailto:solomax...@gmail.com>> wrote:


On Mon, 30 Mar 2020 at 20:05, Rohrbach, Gerald 
mailto:g.rohrb...@funkegruppe.de>> wrote:
Maxim,

I have no problem how the userID is, if u...@domain.de<mailto:u...@domain.de> 
or just user.

The problem I have is that every time a user logs in a new account is created.
So if userA logs in 3 times I have userA 3 times in the database.
Probably simple config issue.

This shouldn't work like this
I'll do some tests and will get back


I understood now, that users are created from ADS when a user Logs in.
That’s fine.
Unfortunately the country from ADS does not apply.
In the ADS for the user is Deutschland, but when the user is created this is 
not picked up.
I would need to know how to set defaults.

Om expects country as 2 letter country code: https://www.iban.com/country-codes
So I guess DE should work



As I had now several users deleted, because duplicate they are marked as purged.
But still shown. How can I get rid of this?

The only way to remove "purged" users is to perform export/import
These users are "ghosts" doesn't appear in searches, unable to login etc.


Gerald




Von: Maxim Solodovnik [mailto:solomax...@gmail.com<mailto:solomax...@gmail.com>]
Gesendet: Montag, 30. März 2020 14:37
An: Openmeetings user-list 
mailto:user@openmeetings.apache.org>>
Betreff: Re: ldap config problems with authentication

Of cause I can add simple check 
"if-login-contains-domain-do-not-add-another-one" but I would prefer to create 
simulation of real LDAP :)

On Mon, 30 Mar 2020 at 19:31, Maxim Solodovnik 
mailto:solomax...@gmail.com>> wrote:


On Mon, 30 Mar 2020 at 19:25, Rohrbach, Gerald 
mailto:g.rohrb...@funkegruppe.de>> wrote:
Maxim,

that was a good hint with the logging.
I think it is just a understanding and config issue.

   SearchRequest
baseDn : 'CN=Users,DC=company,DC=de'
filter : '(uid=x...@compay.de<mailto:uid=x...@compay.de>)'

In ADS uid attribute is not filled. Instead in ADS we need to user 
UserPrincipalName or something else.

for ADS `samlAccountName` or something like this should be used


So authentication works fine, but eyery time someone logs in a new user account 
is created.

It  looks like we still have an issue, as the create user login is wrong.
testu...@company.de@company.de<http://company.de>

This is the issue
I'm using this
https://github.com/apache/openmeetings/blob/master/openmeetings-web/src/test/resources/schema/users.ldif
Schema for tests
Maybe you can help me to create schema for the case with "suffixed" users?


I hope I get the rest also figured out.


Gerald





Von: Maxim Solodovnik [mailto:solomax...@gmail.com<mailto:solomax...@gmail.com>]
Gesendet: Montag, 30. März 2020 11:50
An: Openmeetings user-list 
mailto:user@openmeetings.apache.org>>
Betreff: Re: ldap config problems with authentication

Your log is hard to read due to formatting issues :((
Googling `DSID-0C090442` results something about "searching between forests" 
which I don't understand :(

Admin->LDAP has setting "Add domain to user name"
Do you have it checked? (domain to add should be specified)

What is your LDAP provider? Is it ADS?

To make logging more verbose you can
1) stop OM
2) add following line to logback-config.xml
 
3) restart OM

According to my previous experience SEARCHANDBIND might work better


On Mon, 30 Mar 2020 at 16:31, Rohrbach, Gerald 
mailto:g.rohrb...@funkegruppe.de>> wrote:
Also having LDAP issues:

It seems not to work.

Below is the om_ldap.cfg, that is used in the config file:

^[[39mDEBUG^[[0;39m 03-30 08:42:26.213 ^[[36mo.a.o.s.q.s.ReminderJob:93 
[Bean#0_Worker-3]^[[0;39m - Rss disabled by Admin   

 ^[[39mDEBUG^[[0;39m 03-30 08:52:26.214 ^[[36mo.a.o.s.q.s.ReminderJob:93 
[Bean#0_Worker-8]^[[0;39m - Rss disabled by Admin

AW: Openmeetings Docker Image / Kurento / Turn / NAT

2020-04-01 Thread Rohrbach, Gerald

Maxim,

well with your perfect support during this time you can get more beer that you 
can ever drink..
In every country in the world!

Gerald

Von: Maxim Solodovnik [mailto:solomax...@gmail.com]
Gesendet: Mittwoch, 1. April 2020 09:12
An: Openmeetings user-list 
Betreff: Re: Openmeetings Docker Image / Kurento / Turn / NAT

I'm stupid russian monkey :(((

full dockerized M3 has bug :(((
It was fixed by this 
https://github.com/openmeetings/openmeetings-docker/commit/7f08a946aa0b22a0101520a406159ca832fbcbdb
 commit
This is why TURN_URL is NOT working :(((

Not sure if I can drop current M3 image, will try to
As a workaround - you can rebuild locally ...

On Wed, 1 Apr 2020 at 14:06, Arndt, Wolfgang 
mailto:ar...@lernenfoerdern.de>> wrote:
First of all: Thx to you for helping me. I am up now again and give it the next 
try

Here is my non dockerized coturn config

root@docker-ibb-01:/var/log# cat /etc/turnserver.conf
listening-port=3478
verbose
fingerprint
lt-cred-mech
use-auth-secret
static-auth-secret=somegibberishtext
simple-log
log-file=/var/log/turn.log
min-port=49152
max-port=55000


I started the OM Conatiner with

root@docker-ibb-01:/home/wolfgang/coturn# docker run -i --rm --expose=5443 
--expose= -p 5443:5443 -p : -e TURN_URL="xxx.xxx.xxx.xxx:3478" -e 
TURN_USER="kurento" -e TURN_PASS="somegibberishtext" 
apache/openmeetings:5.0.0-M3

xxx.xxx.xxx.xxx is my external ip


No audio, video


Von: Maxim Solodovnik mailto:solomax...@gmail.com>>
Gesendet: Mittwoch, 1. April 2020 05:34
An: Openmeetings user-list 
mailto:user@openmeetings.apache.org>>
Betreff: Re: Openmeetings Docker Image / Kurento / Turn / NAT

Well
Usually it all ends up on second or third email 
Maybe you can try with non-dockerized-turnserver ?

On Wed, 1 Apr 2020 at 08:19, Arndt, Wolfgang 
mailto:ar...@lernenfoerdern.de>> wrote:
I give up for now. This is annoying.
Why things must be so complicated :-(

I tested for open ports. I openend all outgoing ports for the host where coturn 
and the Docker OM Container is.

Is there a step by step way to test?

It is such an unormal setup?


Wolfgang










--
WBR
Maxim aka solomax


--
WBR
Maxim aka solomax

wildcard certificate

2020-04-07 Thread Rohrbach, Gerald

Maxim,

so far our openMeetings server for internal use is working fine.

I found a lots of manuals using letsencrypt certificates, but this seem not to
be that easy and we need to repeat the procedure every 90 days.
To make it more comfortable for the users I think we need to get the
certificate in plac.e
Unfortunately my knowledge about this certificate stuff is going to zero…

We have an official wildcard certificate, that we can use.
But I did not found a manual how this is to install.

Is there any docu I can use? Is that specific to openMeetings or is that
more specific for tomcat?

Gerald

Von: Maxim Solodovnik [mailto:solomax...@gmail.com]
Gesendet: Montag, 30. März 2020 17:19
An: Openmeetings user-list
Betreff: Re: ldap config problems with authentication solved - Database move to
different server

First of all clustering is not working in M3
https://issues.apache.org/jira/browse/OPENMEETINGS-2186
You need M4 SNAPSHOT for this

Then, I'm afraid, there is misunderstanding: `localDB` is UI term means DB as
opposite to LDAP
To change DB location you need to change localhost to some external IP in
persistence.xml

Latest SNAPSHOT is here:
https://builds.apache.org/view/M-R/view/OpenMeetings/job/openmeetings/
Latest docs here:
https://builds.apache.org/view/M-R/view/OpenMeetings/job/openmeetings/site/openmeetings-server/Clustering.html

I hope were will be no DB updates before M4 release, so most probably DB will
be compatible

On Mon, 30 Mar 2020 at 22:13, Rohrbach, Gerald
mailto:g.rohrb...@funkegruppe.de>> wrote:
Well, I need another hint….

As we have now tested a lot and do think we can use it for more users probably
we
need more than one server. I interested in the clustering.
But I know this is sometimes difficult on our core switch to setup.

First step would be to have the database separated on a different server.
We have already created a lots of users in the M3 release.

For testing of the M4 I have made already a backup and restored it.
But in this case the database was also local.

Probably I need to change somewhere in a config file, where the new database is
Located, if it is not local.
Because in the backup there was a localDB, on the new server I would like a
different machine.
Which file I need to edit?

Regards

Gerald.

Von: Maxim Solodovnik [mailto:solomax...@gmail.com<mailto:solomax...@gmail.com>]
Gesendet: Montag, 30. März 2020 16:19
An: Openmeetings user-list
mailto:user@openmeetings.apache.org>>
Betreff: Re: ldap config problems with authentication solved

Great news :)
I don't have to fix it :)))

Thanks a lot!

On Mon, 30 Mar 2020 at 21:16, Rohrbach, Gerald
mailto:g.rohrb...@funkegruppe.de>> wrote:
Maxim,

I found the solution:

This are the settings:

ldap_search_query=(userPrincipalName=%s)
ldap_userdn_format=userPrincipalName=%s,CN=Users,DC=company,DC=de

ldap_user_attr_login=sAMAccountName

Then the users are created in the right way
use...@company.de<mailto:use...@company.de>
No duplicates anymore.

Regards

Gerald

Von: Maxim Solodovnik [mailto:solomax...@gmail.com<mailto:solomax...@gmail.com>]
Gesendet: Montag, 30. März 2020 14:37
An: Openmeetings user-list
mailto:user@openmeetings.apache.org>>
Betreff: Re: ldap config problems with authentication

Of cause I can add simple check
"if-login-contains-domain-do-not-add-another-one" but I would prefer to create
simulation of real LDAP :)

On Mon, 30 Mar 2020 at 19:31, Maxim Solodovnik
mailto:solomax...@gmail.com>> wrote:

On Mon, 30 Mar 2020 at 19:25, Rohrbach, Gerald
mailto:g.rohrb...@funkegruppe.de>> wrote:
Maxim,

that was a good hint with the logging.
I think it is just a understanding and config issue.

SearchRequest
baseDn : 'CN=Users,DC=company,DC=de'
filter : '(uid=x...@compay.de<mailto:uid=x...@compay.de>)'

In ADS uid attribute is not filled. Instead in ADS we need to user
UserPrincipalName or something else.

for ADS `samlAccountName` or something like this should be used

So authentication works fine, but eyery time someone logs in a new user account
is created.

It looks like we still have an issue, as the create user login is wrong.
testu...@company.de@company.de<http://company.de>

This is the issue
I'm using this
https://github.com/apache/openmeetings/blob/master/openmeetings-web/src/test/resources/schema/users.ldif
Schema for tests
Maybe you can help me to create schema for the case with "suffixed" users?

I hope I get the rest also figured out.

Gerald

Von: Maxim Solodovnik [mailto:solomax...@gmail.com<mailto:solomax...@gmail.com>]
Gesendet: Montag, 30. März 2020 11:50
An: Openmeetings user-list
mailto:user@openmeetings.apache.org>>
Betreff: Re: ldap config problems with authentication

Your log is hard to read due to formatting issues :((
Googling `DSID-0C090442` results something about "searchi

AW: Remove User Version 5.0.0-M3

2020-04-07 Thread Rohrbach, Gerald

I had the same issue,
Probably on database level this user is linked somewhere.
As moderator in conference room.
So that must be cleaned before.

Gerald


Von: Konrad Schwarz [mailto:kon...@familieschwarz.eu]
Gesendet: Dienstag, 7. April 2020 12:35
An: Openmeetings user-list 
Betreff: Remove User Version 5.0.0-M3

Hi All,
is it possible, to remove user complete ?
i find 2 Buttons "Delete-record" and "purge"

Both "mark" the user as deleted/purged, but the are stil in the list.

How can i clear the list, remove the user completely.

regards
Koni
[cid:image001.png@01D60CDA.AC0FAA80]

Sending E-Mail to guests / Guest Invitation / LDAP Login only from defined IP ranges

2020-04-10 Thread Rohrbach, Gerald

Maxim,
finally I got it working with certificates, you solution was the easiest one.

Our sales team is interested to use OM with customers.
Currently we only use internal, it’s a good help with all the home offices now.
I saw you add some changes to allow e-mail to unregistered users. I will test
this,
this sounds like it will fulfil our needs.

The login authentication on our internal server is against LDAP. AD
If we put our machine in a DMZ, is there a way to protect Login from external
IP`s but allow
that a meeting link will come to the invited room session?
The OM-db is on a separate sever already on MySQL.

I know, openMeetings is more for schools and trainings, but I guess during this
time a lots of companies are interested.
MS-Teams is heavy, expensive and from my point of view OM delivers nearly all
needed functionality.
And probably a lot of companies don´t want the data somewhere stored in the
cloud.
I have tested some of this tools in the past weeks….

Gerald

Von: Maxim Solodovnik [mailto:solomax...@gmail.com]
Gesendet: Dienstag, 7. April 2020 16:42
An: Openmeetings user-list
Betreff: Re: wildcard certificate

Well,

I would suggest to take original server.xml from M4
https://github.com/apache/openmeetings/blob/master/openmeetings-server/src/main/assembly/conf/server.xml#L76
And change nothing but tag
use this one

with your own paths

no native libraries, conversions etc.
one easy step :))

Please ensure cert paths are readable by OM :))

On Tue, 7 Apr 2020 at 19:50, K. Kamhamea
mailto:kamha...@googlemail.com>> wrote:
In my manual I covered wildcard certificates under System Administrator > SSL

https://cwiki.apache.org/confluence/display/OPENMEETINGS/OpemMeetings+5+Manual

Am Di., 7. Apr. 2020 um 12:43 Uhr schrieb Rohrbach, Gerald
mailto:g.rohrb...@funkegruppe.de>>:
Maxim,

so far our openMeetings server for internal use is working fine.

We have an official wildcard certificate, that we can use.
But I did not found a manual how this is to install.

Is there any docu I can use? Is that specific to openMeetings or is that
more specific for tomcat?

Gerald

Von: Maxim Solodovnik [mailto:solomax...@gmail.com<mailto:solomax...@gmail.com>]
Gesendet: Montag, 30. März 2020 17:19
An: Openmeetings user-list
mailto:user@openmeetings.apache.org>>
Betreff: Re: ldap config problems with authentication solved - Database move to
different server

First of all clustering is not working in M3
https://issues.apache.org/jira/browse/OPENMEETINGS-2186
You need M4 SNAPSHOT for this

Then, I'm afraid, there is misunderstanding: `localDB` is UI term means DB as
opposite to LDAP
To change DB location you need to change localhost to some external IP in
persistence.xml

I hope were will be no DB updates before M4 release, so most probably DB will
be compatible

On Mon, 30 Mar 2020 at 22:13, Rohrbach, Gerald
mailto:g.rohrb...@funkegruppe.de>> wrote:
Well, I need another hint….

First step would be to have the database separated on a different server.
We have already created a lots of users in the M3 release.

For testing of the M4 I have made already a backup and restored it.
But in this case the database was also local.

Regards

Gerald.

Great news :)
I don't have to fix it :)))

Thanks a lot!

On Mon, 30 Mar 2020 at 21:16, Rohrbach, Gerald
mailto:g.rohrb...@funkegruppe.de>> wrote:
Maxim,

I found the solution:

This are the settings:

ldap_search_query=(userPrincipalName=%s)
ldap_userdn_format=userPrincipalName=%s,CN=Users,DC=company,DC=de

ldap_user_attr_login=sAMAccountName

Then the users are created in the right way
use...@company.de<mailto:use...@company.de>
No duplicates anymore.

Regards

Gerald

AW: Sending E-Mail to guests / Guest Invitation / LDAP Login only from defined IP ranges

2020-04-12 Thread Rohrbach, Gerald

Maxim,

we only allow LDAP User, no registration. That´s fine. Probably the FW stuff is
too complicate.

I did not figured out the LDAP groups from the config file As our users are
stored in different AD containers, we need to set the search base
In the AD root. With that every account can be used, what internal is okay but
putting this frontend n a DMZ or internet access
it´s very unsecure.
So probably an easy way is to put OM users in an AD group and limit access to
this.

But what I need to fill in the LDAP config file. E.g. the UserGroup is name
OM-Users?

# Ldap group mode (NONE, ATTRIBUTE, QUERY)
# NONE means group associations will be ignored
# ATTRIBUTE means group associations will be taken from 'ldap_group_attr'
attribute (M$ AD mode)
# QUERY means group associations will be taken as a result of
'ldap_group_query' query
ldap_group_mode=NONE

ldap_group_query=(&(memberUid=%s)(objectClass=posixGroup))

Happy Eastern

Gerald

Von: Maxim Solodovnik [mailto:solomax...@gmail.com]
Gesendet: Samstag, 11. April 2020 18:07
An: Openmeetings user-list
Betreff: Re: Sending E-Mail to guests / Guest Invitation / LDAP Login only from
defined IP ranges

Hello Gerald,

No sure I get what is required :(
You can set-up FW to reject some IPs, but this way all traffic will be filtered
You can disable front-end registration, this way only LDAP users or invited
guests can use OM
(invited guests can only access room they were invited to, and invitation can
be limited: one time/period/endless ...)

On Sat, 11 Apr 2020 at 00:44, Rohrbach, Gerald
mailto:g.rohrb...@funkegruppe.de>> wrote:
Maxim,
finally I got it working with certificates, you solution was the easiest one.

Gerald

Von: Maxim Solodovnik [mailto:solomax...@gmail.com<mailto:solomax...@gmail.com>]
Gesendet: Dienstag, 7. April 2020 16:42
An: Openmeetings user-list
mailto:user@openmeetings.apache.org>>
Betreff: Re: wildcard certificate

Well,

with your own paths

no native libraries, conversions etc.
one easy step :))

Please ensure cert paths are readable by OM :))

On Tue, 7 Apr 2020 at 19:50, K. Kamhamea
mailto:kamha...@googlemail.com>> wrote:
In my manual I covered wildcard certificates under System Administrator > SSL

https://cwiki.apache.org/confluence/display/OPENMEETINGS/OpemMeetings+5+Manual

Am Di., 7. Apr. 2020 um 12:43 Uhr schrieb Rohrbach, Gerald
mailto:g.rohrb...@funkegruppe.de>>:
Maxim,

so far our openMeetings server for internal use is working fine.

We have an official wildcard certificate, that we can use.
But I did not found a manual how this is to install.

Is there any docu I can use? Is that specific to openMeetings or is that
more specific for tomcat?

Gerald

First of all clustering is not working in M3
https://issues.apache.org/jira/browse/OPENMEETINGS-2186
You need M4 SNAPSHOT for this

Then, I'm afraid, there is misunderstanding: `localDB` is UI term means DB as
opposite to LDAP
To change DB location you need to change localhost to some external IP in
persistence.xml

Latest SNAPSHOT is here:
https://builds.apache.org/view/M-R/view/OpenMeetings/job/openmeetings/
Latest docs here:
https://builds.apache.org/view/M-R/view/OpenMeetings/job/openmeetings/site/openme

AW: Sending E-Mail to guests / Guest Invitation / LDAP Login only from defined IP ranges

2020-04-12 Thread Rohrbach, Gerald

Well, at least what is possible that hackers try to get accounts hacked.

After 3 wrongs passwords the ADS account is disabled. In case of simple users
that is no big problem if
this happens for a low number of accounts.
If also service accounts are involved it´s more difficult.

That`s why I would like to setup an AD group where the OM users are listed.
Only this should be allowed by LDAP to check against ldap password.
But I do not understand the logic of the ldap-query below.

Gerald.

Von: Maxim Solodovnik [mailto:solomax...@gmail.com]
Gesendet: Sonntag, 12. April 2020 12:56
An: Openmeetings user-list
Betreff: Re: Sending E-Mail to guests / Guest Invitation / LDAP Login only from
defined IP ranges

I don't see how ldap search can be insecure :(
User provides credentials and they are being checked inside some private network
And user is authenticated only if there was a match

Maybe you can modify the search to search only inside group?

On Sun, Apr 12, 2020, 14:31 Rohrbach, Gerald
mailto:g.rohrb...@funkegruppe.de>> wrote:
Maxim,

we only allow LDAP User, no registration. That´s fine. Probably the FW stuff is
too complicate.

But what I need to fill in the LDAP config file. E.g. the UserGroup is name
OM-Users?

ldap_group_query=(&(memberUid=%s)(objectClass=posixGroup))

Happy Eastern

Gerald

Von: Maxim Solodovnik [mailto:solomax...@gmail.com<mailto:solomax...@gmail.com>]
Gesendet: Samstag, 11. April 2020 18:07
An: Openmeetings user-list
mailto:user@openmeetings.apache.org>>
Betreff: Re: Sending E-Mail to guests / Guest Invitation / LDAP Login only from
defined IP ranges

Hello Gerald,

On Sat, 11 Apr 2020 at 00:44, Rohrbach, Gerald
mailto:g.rohrb...@funkegruppe.de>> wrote:
Maxim,
finally I got it working with certificates, you solution was the easiest one.

Gerald

Well,

with your own paths

no native libraries, conversions etc.
one easy step :))

Please ensure cert paths are readable by OM :))

On Tue, 7 Apr 2020 at 19:50, K. Kamhamea
mailto:kamha...@googlemail.com>> wrote:
In my manual I covered wildcard certificates under System Administrator > SSL

https://cwiki.apache.org/confluence/display/OPENMEETINGS/OpemMeetings+5+Manual

Am Di., 7. Apr. 2020 um 12:43 Uhr schrieb Rohrbach, Gerald
mailto:g.rohrb...@funkegruppe.de>>:
Maxim,

so far our openMeetings server for internal use is working fine.

AW: LDAP config Manual, 1st draft - extension

2020-04-13 Thread Rohrbach, Gerald

Orm,

I had the same issues with LDAP. It tooks a long time to figure it out.

A very good hint was from Maxim to switch debug logging on.
With that it was much easier.  So probably it’s good to add this to you 
documentation.
Somehow the LDAP config is related how in a corporate user accounts are setup, 
that needs
some understanding about this ldap config.

To make logging more verbose you can
1) stop OM
2) add following line to logback-config.xml
 
3) restart OM

Here my config., I marked changes with ##


#LDAP URL
# This is the URL used to access your LDAP server.
# if you want to use "ldaps://" links, please be aware that you need to import 
your CA certificate
#  to a java keystore and add the -Djavax.net.ssl.keyStore, 
-Djavax.net.ssl.keyStorePassword,
#  -Djavax.net.ssl.trustStore and -Djavax.net.ssl.trustStorePassword parameters 
to your
#  JAVA_OPT environment
ldap_conn_host=DomainController.mydomain.de ##

ldap_conn_port=389
ldap_conn_secure=false

# Login distinguished name (DN) for Authentication on LDAP Server - keep empty 
if not required
# Use full qualified LDAP DN
ldap_admin_dn=CN=ldapopenmeetings,OU=Users-Service-Accounts,DC=mydomain,DC=de 
##

# Loginpass for Authentication on LDAP Server - keep empty if not required
ldap_passwd=#mypassword# 
##

# base to search for userdata(of user, that wants to login)
ldap_search_base=DC=mydomain,DC=de 
##

# Fieldnames (can differ between Ldap servers)
# ldap_search_query=(uid=%s)
ldap_search_query=(userPrincipalName=%s) 
##


# the scope of the search might be: OBJECT, ONELEVEL, SUBTREE
ldap_search_scope=SUBTREE   
  ##


# Ldap auth type(NONE, SEARCHANDBIND, SIMPLEBIND)
#  When using SIMPLEBIND a simple bind is performed on the LDAP server to check 
user authentication
#  When using NONE, the Ldap server is not used for authentication
ldap_auth_type=SEARCHANDBIND
  ##


# userDN format, will be used to bind if ldap_auth_type=SIMPLEBIND
# might be used to get provisionningDn in case ldap_auth_type=NONE
# ldap_userdn_format=uid=%s,CN=Users,DC=mydomain,DC=de
ldap_userdn_format=userPrincipalName=%s,CN=Users,DC=mydomain,DC=de  
  ##


# Ldap provisioning type(NONE, AUTOCREATE, AUTOUPDATE)
ldap_provisionning=AUTOCREATE   
 ##


# Ldap deref mode (never, searching, finding, always)
ldap_deref_mode=always

#  Set this to 'true' if you want to use admin_dn to get user attributes
#  If any other value is set, user_dn will be used
ldap_use_admin_to_get_attrs=true

# Ldap-password synchronization to OM DB
#  Set this to 'true' if you want OM to synchronize the user Ldap-password to 
OM's internal DB
#  If you want to disable the feature, set this to any other string.
#  Defautl value is 'true'
ldap_sync_password_to_om=true   
   ##


# Ldap group mode (NONE, ATTRIBUTE, QUERY)
# NONE means group associations will be ignored
# ATTRIBUTE means group associations will be taken from 'ldap_group_attr' 
attribute (M$ AD mode)
# QUERY means group associations will be taken as a result of 
'ldap_group_query' query
ldap_group_mode=NONE

ldap_group_query=(&(memberUid=%s)(objectClass=posixGroup))

# Ldap user attributes mapping
# Set the following internal OM user attributes to their corresponding 
Ldap-attribute
ldap_user_attr_login=sAMAccountName 
##
ldap_user_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=streetAddress
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=co
ldap_user_attr_town=l
ldap_user_attr_phone=telephoneNumber
# optional attribute for user picture
#ldap_user_attr_picture=
ldap_group_attr=memberOf

# optional, absolute URL will be used as user picture if 
#ldap_user_attr_picture will be empty
#ldap_user_picture_uri=picture_uri

# optional
# the timezone has to match any timezone available in Java, otherwise the 
timezone defined in the value of
# the conf_key "default.timezone" in OpenMeetings "configurations" table
#ldap_user_timezone=timezone

# Ldap ignore upper/lower case, convert all input to lower case
ldap_use_lower_case=false

# Ldap import query, this query should retrieve all LDAP users
ldap_import_query=(objectClass=inetOrgPerson)


Von: Maxim Solodovnik [mailto:solomax...@gmail.com]
Gesendet: Montag, 13. April 2020 05:53
An: Openmeetings user-list 
Betreff: Re: LDAP config Manual, 1st draft

AW: LDAP config Manual, 1st draft - extension

2020-04-13 Thread Rohrbach, Gerald

I do not remember, but I have to do some testing anyway tomorrow. So I'll check.
I have to figure out, how to setup that only members of an AD group om-users 
get access to om.


Gerald


-Ursprüngliche Nachricht-
Von: Orm Finnendahl [mailto:orm.finnend...@selma.hfmdk-frankfurt.de] 
Gesendet: Montag, 13. April 2020 12:31
An: user@openmeetings.apache.org
Betreff: Re: LDAP config Manual, 1st draft - extension

Hi Gerald,

 thanks, I'll incorporate your suggestions into the HOWTO before submitting the 
pull request. Are the verbose debug logs also written to "catalina.out"?

--
Orm


Am Montag, den 13. April 2020 um 09:20:26 Uhr (+0000) schrieb Rohrbach, Gerald:
> Orm,
> 
> I had the same issues with LDAP. It tooks a long time to figure it out.
> 
> A very good hint was from Maxim to switch debug logging on.
> With that it was much easier.  So probably it’s good to add this to you 
> documentation.
> Somehow the LDAP config is related how in a corporate user accounts 
> are setup, that needs some understanding about this ldap config.
> 
> To make logging more verbose you can
> 1) stop OM
> 2) add following line to logback-config.xml   name="org.apache.directory" level="DEBUG" />
> 3) restart OM
> 
> Here my config., I marked changes with ##
> 
> 
> #LDAP URL
> # This is the URL used to access your LDAP server.
> # if you want to use "ldaps://" links, please be aware that you need 
> to import your CA certificate #  to a java keystore and add the 
> -Djavax.net.ssl.keyStore, -Djavax.net.ssl.keyStorePassword, #  
> -Djavax.net.ssl.trustStore and -Djavax.net.ssl.trustStorePassword 
> parameters to your #  JAVA_OPT environment 
> ldap_conn_host=DomainController.mydomain.de ##
> 
> ldap_conn_port=389
> ldap_conn_secure=false
> 
> # Login distinguished name (DN) for Authentication on LDAP Server - 
> keep empty if not required # Use full qualified LDAP DN 
> ldap_admin_dn=CN=ldapopenmeetings,OU=Users-Service-Accounts,DC=mydomai
> n,DC=de ##
> 
> # Loginpass for Authentication on LDAP Server - keep empty if not required
> ldap_passwd=#mypassword# 
> ##
> 
> # base to search for userdata(of user, that wants to login)
> ldap_search_base=DC=mydomain,DC=de 
> ##
> 
> # Fieldnames (can differ between Ldap servers) # 
> ldap_search_query=(uid=%s)
> ldap_search_query=(userPrincipalName=%s) 
> ##
> 
> 
> # the scope of the search might be: OBJECT, ONELEVEL, SUBTREE
> ldap_search_scope=SUBTREE 
> ##
> 
> 
> # Ldap auth type(NONE, SEARCHANDBIND, SIMPLEBIND) #  When using 
> SIMPLEBIND a simple bind is performed on the LDAP server to check user 
> authentication #  When using NONE, the Ldap server is not used for 
> authentication
> ldap_auth_type=SEARCHANDBIND  
> ##
> 
> 
> # userDN format, will be used to bind if ldap_auth_type=SIMPLEBIND # 
> might be used to get provisionningDn in case ldap_auth_type=NONE # 
> ldap_userdn_format=uid=%s,CN=Users,DC=mydomain,DC=de
> ldap_userdn_format=userPrincipalName=%s,CN=Users,DC=mydomain,DC=de
> ##
> 
> 
> # Ldap provisioning type(NONE, AUTOCREATE, AUTOUPDATE)
> ldap_provisionning=AUTOCREATE 
>##
> 
> 
> # Ldap deref mode (never, searching, finding, always) 
> ldap_deref_mode=always
> 
> #  Set this to 'true' if you want to use admin_dn to get user 
> attributes #  If any other value is set, user_dn will be used 
> ldap_use_admin_to_get_attrs=true
> 
> # Ldap-password synchronization to OM DB #  Set this to 'true' if you 
> want OM to synchronize the user Ldap-password to OM's internal DB #  
> If you want to disable the feature, set this to any other string.
> #  Defautl value is 'true'
> ldap_sync_password_to_om=true 
>  ##
> 
> 
> # Ldap group mode (NONE, ATTRIBUTE, QUERY) # NONE means group 
> associations will be ignored # ATTRIBUTE means group associations will 
> be taken from 'ldap_group_attr' attribute (M$ AD mode) # QUERY means 
> group associations will be taken as a result of 'ldap_group_query' 
> query ldap_group_mode=NONE
> 
> ldap_group_query=(&(memberUid=%s)(objectClass=posixGroup))
> 
> # Ldap user attributes mapping

AW: LDAP config Manual, Limit access to AD Group members

2020-04-13 Thread Rohrbach, Gerald

Maxim, Orm

finally I found the solution after reading openldap manuals and doing some 
testing.
As expected, very easy….., but I took a while to understand the logic.

Now only members of the AD group appOpenmeetings can login.

ldap_search_query=(&(userPrincipalName=%s)(memberOf=CN=appOpenMeetings,OU=Groups,DC=mydomain,DC=de))

Still I have a problem with the country, that is not right transferred from the 
AD.
But I think this is an openLdap issue, not OM.

I can see in the debug log co = Deutschland is read from AD, so that’s okay.
Countrycode = 276

Later on this line:
WARN  04-13 15:14:35.964 o.a.o.d.u.LocaleHelper:54 [nio-5443-exec-7] - Invalid 
country found: DEUTSCHLAND, will be replaced with: AD

AD means Andorra, so that´s wrong.

AD probably is the first entry.  Probably GERMANY is listed.
I do not think the mapping is done in OM

But this is a cosmetic issue only and in OM no real problem.
Maybe I will find sometimes a fix for that.

Gerald

Von: Maxim Solodovnik [mailto:solomax...@gmail.com]
Gesendet: Montag, 13. April 2020 12:48
An: Openmeetings user-list 
Betreff: Re: LDAP config Manual, 1st draft - extension

On Mon, Apr 13, 2020, 17:40 Rohrbach, Gerald 
mailto:g.rohrb...@funkegruppe.de>> wrote:
I do not remember, but I have to do some testing anyway tomorrow. So I'll check.
I have to figure out, how to setup that only members of an AD group om-users 
get access to om.

Can you use SEARCHANDBIND
and set up search query to return results from this group only?

Gerald

-Ursprüngliche Nachricht-
Von: Orm Finnendahl 
[mailto:orm.finnend...@selma.hfmdk-frankfurt.de<mailto:orm.finnend...@selma.hfmdk-frankfurt.de>]
Gesendet: Montag, 13. April 2020 12:31
An: user@openmeetings.apache.org<mailto:user@openmeetings.apache.org>
Betreff: Re: LDAP config Manual, 1st draft - extension

Hi Gerald,

 thanks, I'll incorporate your suggestions into the HOWTO before submitting the 
pull request. Are the verbose debug logs also written to "catalina.out"?

--
Orm

Am Montag, den 13. April 2020 um 09:20:26 Uhr (+) schrieb Rohrbach, Gerald:
> Orm,
>
> I had the same issues with LDAP. It tooks a long time to figure it out.
>
> A very good hint was from Maxim to switch debug logging on.
> With that it was much easier.  So probably it’s good to add this to you 
> documentation.
> Somehow the LDAP config is related how in a corporate user accounts
> are setup, that needs some understanding about this ldap config.
>
> To make logging more verbose you can
> 1) stop OM
> 2) add following line to logback-config.xml   name="org.apache.directory" level="DEBUG" />
> 3) restart OM
>
> Here my config., I marked changes with ##
>
>
> #LDAP URL
> # This is the URL used to access your LDAP server.
> # if you want to use "ldaps://" links, please be aware that you need
> to import your CA certificate #  to a java keystore and add the
> -Djavax.net.ssl.keyStore, -Djavax.net.ssl.keyStorePassword, #
> -Djavax.net.ssl.trustStore and -Djavax.net.ssl.trustStorePassword
> parameters to your #  JAVA_OPT environment
> ldap_conn_host=DomainController.mydomain.de<http://DomainController.mydomain.de>
>  ##
>
> ldap_conn_port=389
> ldap_conn_secure=false
>
> # Login distinguished name (DN) for Authentication on LDAP Server -
> keep empty if not required # Use full qualified LDAP DN
> ldap_admin_dn=CN=ldapopenmeetings,OU=Users-Service-Accounts,DC=mydomai
> n,DC=de ##
>
> # Loginpass for Authentication on LDAP Server - keep empty if not required
> ldap_passwd=#mypassword# 
> ##
>
> # base to search for userdata(of user, that wants to login)
> ldap_search_base=DC=mydomain,DC=de 
> ##
>
> # Fieldnames (can differ between Ldap servers) #
> ldap_search_query=(uid=%s)
> ldap_search_query=(userPrincipalName=%s) 
> ##
>
>
> # the scope of the search might be: OBJECT, ONELEVEL, SUBTREE
> ldap_search_scope=SUBTREE 
> ##
>
>
> # Ldap auth type(NONE, SEARCHANDBIND, SIMPLEBIND) #  When using
> SIMPLEBIND a simple bind is performed on the LDAP server to check user
> authentication #  When using NONE, the Ldap server is not used for 
> authentication
> ldap_auth_type=SEARCHANDBIND  
> ##
>
>
> # userDN format, will be used to bind if ldap_auth_type=SIMPLEBIND #
> might be used to get provisionningDn in case ldap_auth_type=NONE #
> ldap_userdn_format=uid=%s,CN=Users,DC=mydomain,DC=de
> ldap_userdn_format=userPrincipalName=%s,CN=Users,DC=mydomain,

AW: Country from Active Directory Deutschland not mapped because OM expexts DE.

2020-04-14 Thread Rohrbach, Gerald

Maxim,
now I remember you wrote this already…. I´m getting old…

I think I can’t change what is stored in ActiveDirectory. It’s a predefined 
list from MS.

But what you wrote means you are doing a mapping in OM.
So maybe I have a chance to add just Deutschland to the list.

But my code reading is for beginners only…
I looked in the db, so there is no table.
Where is the list of countries coming from?

I hope it´s from an XML, so that I can just add the entry.
Another way, I just use the first 2 characters from Deutschland, this is DE , 
mapping should work then.

Quick and dirty….

/apache/openmeetings/db/util/LocaleHelper.java

[cid:image001.png@01D6123E.DD26FB00]

Von: Maxim Solodovnik [mailto:solomax...@gmail.com]
Gesendet: Montag, 13. April 2020 18:44
An: Openmeetings user-list 
Betreff: Re: LDAP config Manual, Limit access to AD Group members

Hello,

On Mon, 13 Apr 2020 at 20:49, Rohrbach, Gerald 
mailto:g.rohrb...@funkegruppe.de>> wrote:
Maxim, Orm

finally I found the solution after reading openldap manuals and doing some 
testing.
As expected, very easy….., but I took a while to understand the logic.

Now only members of the AD group appOpenmeetings can login.

ldap_search_query=(&(userPrincipalName=%s)(memberOf=CN=appOpenMeetings,OU=Groups,DC=mydomain,DC=de))

Still I have a problem with the country, that is not right transferred from the 
AD.
But I think this is an openLdap issue, not OM.

I can see in the debug log co = Deutschland is read from AD, so that’s okay.
Countrycode = 276

Later on this line:
WARN  04-13 15:14:35.964 o.a.o.d.u.LocaleHelper:54 [nio-5443-exec-7] - Invalid 
country found: DEUTSCHLAND, will be replaced with: AD

I do remember I wrote this before: OM expects country code NOT country name
if country wasn't found the first country from the list is taken

So OM expects LDAP to return "DE" as country NOT "Deutschland"

AD means Andorra, so that´s wrong.

AD probably is the first entry.  Probably GERMANY is listed.
I do not think the mapping is done in OM

But this is a cosmetic issue only and in OM no real problem.
Maybe I will find sometimes a fix for that.

Gerald

Von: Maxim Solodovnik [mailto:solomax...@gmail.com<mailto:solomax...@gmail.com>]
Gesendet: Montag, 13. April 2020 12:48
An: Openmeetings user-list 
mailto:user@openmeetings.apache.org>>
Betreff: Re: LDAP config Manual, 1st draft - extension

On Mon, Apr 13, 2020, 17:40 Rohrbach, Gerald 
mailto:g.rohrb...@funkegruppe.de>> wrote:
I do not remember, but I have to do some testing anyway tomorrow. So I'll check.
I have to figure out, how to setup that only members of an AD group om-users 
get access to om.

Can you use SEARCHANDBIND
and set up search query to return results from this group only?

Gerald

-Ursprüngliche Nachricht-
Von: Orm Finnendahl 
[mailto:orm.finnend...@selma.hfmdk-frankfurt.de<mailto:orm.finnend...@selma.hfmdk-frankfurt.de>]
Gesendet: Montag, 13. April 2020 12:31
An: user@openmeetings.apache.org<mailto:user@openmeetings.apache.org>
Betreff: Re: LDAP config Manual, 1st draft - extension

Hi Gerald,

 thanks, I'll incorporate your suggestions into the HOWTO before submitting the 
pull request. Are the verbose debug logs also written to "catalina.out"?

--
Orm

Am Montag, den 13. April 2020 um 09:20:26 Uhr (+) schrieb Rohrbach, Gerald:
> Orm,
>
> I had the same issues with LDAP. It tooks a long time to figure it out.
>
> A very good hint was from Maxim to switch debug logging on.
> With that it was much easier.  So probably it’s good to add this to you 
> documentation.
> Somehow the LDAP config is related how in a corporate user accounts
> are setup, that needs some understanding about this ldap config.
>
> To make logging more verbose you can
> 1) stop OM
> 2) add following line to logback-config.xml   name="org.apache.directory" level="DEBUG" />
> 3) restart OM
>
> Here my config., I marked changes with ##
>
>
> #LDAP URL
> # This is the URL used to access your LDAP server.
> # if you want to use "ldaps://" links, please be aware that you need
> to import your CA certificate #  to a java keystore and add the
> -Djavax.net.ssl.keyStore, -Djavax.net.ssl.keyStorePassword, #
> -Djavax.net.ssl.trustStore and -Djavax.net.ssl.trustStorePassword
> parameters to your #  JAVA_OPT environment
> ldap_conn_host=DomainController.mydomain.de<http://DomainController.mydomain.de>
>  ##
>
> ldap_conn_port=389
> ldap_conn_secure=false
>
> # Login distinguished name (DN) for Authentication on LDAP Server -
> keep empty if not required # Use full qualified LDAP DN
> ldap_admin_dn=CN=ldapopenmeetings,OU=Users-Service-Accounts,DC=mydomai
> n,DC=de ##
>
> # Loginpass for Authenticatio

AW: Country from Active Directory Deutschland not mapped because OM expexts DE.

2020-04-14 Thread Rohrbach, Gerald

Maxim, Orm

I figured it out. In the LDAP config file co is mapped. This is in our case 
wrong,

ldap_user_attr_country=co

Looking at the attributes in AD, we need attribute c and not co.

c=DE
co=Deutschland.

So without any additional work for you…..

Gerald

Maxim,
now I remember you wrote this already…. I´m getting old…

I think I can’t change what is stored in ActiveDirectory. It’s a predefined 
list from MS.

But what you wrote means you are doing a mapping in OM.
So maybe I have a chance to add just Deutschland to the list.

But my code reading is for beginners only…
I looked in the db, so there is no table.
Where is the list of countries coming from?

I hope it´s from an XML, so that I can just add the entry.
Another way, I just use the first 2 characters from Deutschland, this is DE , 
mapping should work then.

Quick and dirty….

/apache/openmeetings/db/util/LocaleHelper.java

[cid:image001.png@01D6123E.DD26FB00]

Von: Maxim Solodovnik [mailto:solomax...@gmail.com]
Gesendet: Montag, 13. April 2020 18:44
An: Openmeetings user-list 
Betreff: Re: LDAP config Manual, Limit access to AD Group members

Hello,

On Mon, 13 Apr 2020 at 20:49, Rohrbach, Gerald 
mailto:g.rohrb...@funkegruppe.de>> wrote:
Maxim, Orm

finally I found the solution after reading openldap manuals and doing some 
testing.
As expected, very easy….., but I took a while to understand the logic.

Now only members of the AD group appOpenmeetings can login.

ldap_search_query=(&(userPrincipalName=%s)(memberOf=CN=appOpenMeetings,OU=Groups,DC=mydomain,DC=de))

Still I have a problem with the country, that is not right transferred from the 
AD.
But I think this is an openLdap issue, not OM.

I can see in the debug log co = Deutschland is read from AD, so that’s okay.
Countrycode = 276

Later on this line:
WARN  04-13 15:14:35.964 o.a.o.d.u.LocaleHelper:54 [nio-5443-exec-7] - Invalid 
country found: DEUTSCHLAND, will be replaced with: AD

I do remember I wrote this before: OM expects country code NOT country name
if country wasn't found the first country from the list is taken

So OM expects LDAP to return "DE" as country NOT "Deutschland"

AD means Andorra, so that´s wrong.

AD probably is the first entry.  Probably GERMANY is listed.
I do not think the mapping is done in OM

But this is a cosmetic issue only and in OM no real problem.
Maybe I will find sometimes a fix for that.

Gerald

Von: Maxim Solodovnik [mailto:solomax...@gmail.com<mailto:solomax...@gmail.com>]
Gesendet: Montag, 13. April 2020 12:48
An: Openmeetings user-list 
mailto:user@openmeetings.apache.org>>
Betreff: Re: LDAP config Manual, 1st draft - extension

On Mon, Apr 13, 2020, 17:40 Rohrbach, Gerald 
mailto:g.rohrb...@funkegruppe.de>> wrote:
I do not remember, but I have to do some testing anyway tomorrow. So I'll check.
I have to figure out, how to setup that only members of an AD group om-users 
get access to om.

Can you use SEARCHANDBIND
and set up search query to return results from this group only?

Gerald

-Ursprüngliche Nachricht-
Von: Orm Finnendahl 
[mailto:orm.finnend...@selma.hfmdk-frankfurt.de<mailto:orm.finnend...@selma.hfmdk-frankfurt.de>]
Gesendet: Montag, 13. April 2020 12:31
An: user@openmeetings.apache.org<mailto:user@openmeetings.apache.org>
Betreff: Re: LDAP config Manual, 1st draft - extension

Hi Gerald,

 thanks, I'll incorporate your suggestions into the HOWTO before submitting the 
pull request. Are the verbose debug logs also written to "catalina.out"?

--
Orm

Am Montag, den 13. April 2020 um 09:20:26 Uhr (+) schrieb Rohrbach, Gerald:
> Orm,
>
> I had the same issues with LDAP. It tooks a long time to figure it out.
>
> A very good hint was from Maxim to switch debug logging on.
> With that it was much easier.  So probably it’s good to add this to you 
> documentation.
> Somehow the LDAP config is related how in a corporate user accounts
> are setup, that needs some understanding about this ldap config.
>
> To make logging more verbose you can
> 1) stop OM
> 2) add following line to logback-config.xml   name="org.apache.directory" level="DEBUG" />
> 3) restart OM
>
> Here my config., I marked changes with ##
>
>
> #LDAP URL
> # This is the URL used to access your LDAP server.
> # if you want to use "ldaps://" links, please be aware that you need
> to import your CA certificate #  to a java keystore and add the
> -Djavax.net.ssl.keyStore, -Djavax.net.ssl.keyStorePassword, #
> -Djavax.net.ssl.trustStore and -Djavax.net.ssl.trustStorePassword
> parameters to your #  JAVA_OPT environment
> ldap_conn_host=DomainController.mydomain.de<http://DomainController.mydomain.de>
>  ##
>
> ldap_conn_port=389
> ldap_conn_secure=false
>
> # Login distinguished name (DN) for Authentication on LD

Disable Record button from ScreenSharing

2020-04-15 Thread Rohrbach, Gerald

Maxim,

is it possible to  disallow from screen sharing the record button?

We have switched of for testing in the room configuration the recording,
But with this obviously the screen sharing does not work.

We want prohibit for everyone recording. The users should be able to show and 
share documents.


Gerald

AW: Found your problems with LDAP and OpenMeetings, have the same

2020-04-15 Thread Rohrbach, Gerald

Yes, it works fine. Read mailing lists.
Gerald

Von: Maxim Solodovnik [mailto:solomax...@gmail.com]
Gesendet: Mittwoch, 15. April 2020 13:27
An: Mathias Kocks 
Cc: Openmeetings user-list 
Betreff: Re: Found your problems with LDAP and OpenMeetings, have the same

please do not write direct emails, subscribe and write to the list instead: 
https://openmeetings.apache.org/mailing-lists.html

I'm one of OpenMeetings developers
Not sure what problems are you talking about :)
everything seems to work as expected :)


On Wed, 15 Apr 2020 at 17:56, Mathias Kocks 
mailto:itko...@googlemail.com>> wrote:
Hello,
i found your mails about the problem with LDAP-Sync and OpenMeetings. Do you 
have found a fix? Because i am in the same trouble... It is now the second day 
without a clue why it is not working. Very annoying...

Thanks in advance.
Best regards
Mathias Kocks
Dortmund, Germany


--
Best regards,
Maxim

AW: Can not use LDAP-Sync with Microsoft Active Directory

2020-04-15 Thread Rohrbach, Gerald

This is working
I would not use an DomainAdmin account for query. It can be a simple restricted 
user...

Maxim pointed already to a link, the debug mode is helpful...


ldap_conn_host=DESVR-AD01.mydomain.de
ldap_conn_port=389
ldap_conn_secure=false

ldap_admin_dn=CN=ldapopenmeetings,OU=Users-Service-Accounts,DC=mydomain,DC=de

ldap_passwd=#password#
ldap_search_base=DC=mydomain,DC=de

ldap_search_query=(userPrincipalName=%s)

ldap_search_scope=SUBTREE

ldap_auth_type=SEARCHANDBIND

ldap_userdn_format=userPrincipalName=%s,CN=Users,DC=mydomain,DC=de

ldap_provisionning=AUTOCREATE

ldap_deref_mode=always

ldap_use_admin_to_get_attrs=true
ldap_sync_password_to_om=true

ldap_group_mode=NONE

ldap_group_query=(&(memberUid=%s)(objectClass=posixGroup))

# Ldap user attributes mapping
# Set the following internal OM user attributes to their corresponding 
Ldap-attribute
ldap_user_attr_login=sAMAccountName
ldap_user_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=streetAddress
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=c
ldap_user_attr_town=l
ldap_user_attr_phone=telephoneNumber

ldap_group_attr=memberOf


ldap_use_lower_case=false

# Ldap import query, this query should retrieve all LDAP users
ldap_import_query=(objectClass=inetOrgPerson)

Dortmund is not far away...

Regards

Gerald

Von: Mathias Kocks [mailto:ko...@labmed.de]
Gesendet: Mittwoch, 15. April 2020 14:06
An: user@openmeetings.apache.org
Betreff: Can not use LDAP-Sync with Microsoft Active Directory

Hello,
i am new to this project and a have a problem with the LDAP-Sync. I even can 
not find any good documentations...

My problem is, that slapd does not find any user in my AD. I am not even shure, 
if it is searching for real. I found in the mailing list archive some example 
configs, but they does not work for me.
I found this one:

#LDAP URL
ldap_conn_host=LDAP_server.Company.com
ldap_conn_port=636
ldap_conn_secure=true

# Login distinguished name (DN) for Authentication on LDAP Server
# Use full qualified LDAP DN
ldap_admin_dn=CN=ldapauth,OU=Users,DC=Company,DC=com

# Loginpass for Authentication on LDAP Server
ldap_passwd=ldapauthpasswd

# base to search for userdata(of user, that wants to login)
ldap_search_base=OU=Users,DC=Company,DC=com
#ldap_search_base=DC=Company,DC=com

# Fieldnames (can differ between Ldap servers)
ldap_search_query=(&(objectCategory=person)(objectClass=person)(sAMAccountName=%1$s))
#ldap_search_query=(sAMAccountName=%s)
#ldap_search_query=(CN=%s)

# the scope of the search might be: OBJECT, ONELEVEL, SUBTREE
ldap_search_scope=SUBTREE

# Ldap auth type(NONE, SEARCHANDBIND, SIMPLEBIND)
ldap_auth_type=SEARCHANDBIND

# userDN format, will be used to bind if ldap_auth_type=SIMPLEBIND
ldap_userdn_format=sAMAccountName=%s,OU=Users,DC=beuth-hochschule.de,DC=com
#ldap_userdn_format=sAMAccountName=%s,DC=Company,DC=com
#ldap_userdn_format=CN=%s,OU=Users,DC=Company,DC=com
#ldap_userdn_format=CN=%s,DC=Company,DC=com

# Ldap-password synchronization to OM DB
ldap_sync_password_to_om=false

# Ldap user attributes mapping
# Set the following internal OM user attributes to their corresponding
Ldap-attribute
ldap_user_attr_lastname=sn

But even after i changed it to my AD and tried several changes, no users were 
found.

My actual config:

ldap_server_type=AD
ldap_conn_host=dc2.labmed.de
ldap_conn_port=389
ldap_conn_secure=false
ldap_admin_dn=CN=Administrator,CN=Users,DC=labmed,DC=de
ldap_passwd=SuperSecretPassword
ldap_search_base=OU=labmed,DC=labmed,DC=de
#ldap_search_query=(&(objectCategory=*)(objectClass=*)(sAMAccountName=%s))
ldap_search_query=(sAMAccountName=%s)
ldap_search_scope= SUBTREE
ldap_auth_type=SEARCHANDBIND
ldap_deref_mode=never
ldap_userdn_format=sAMAccountName=%s,DC=labmed,DC=de
ldap_provisionning=NONE
ldap_use_admin_to_get_attrs=true
ldap_sync_password_to_om=false
ldap_sync_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=streetAddress
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=co
ldap_user_attr_town=l
ldap_user_attr_phone=telephoneNumber
ldap_use_lower_case=false


It is the second day by now were i am bursting by happyness



Mit freundlichen Grüßen

Mathias Kocks
Teamleitung IT-Infrastruktur
Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)

Überörtliche Berufsausübungsgemeinschaft
Medizinisches Versorgungszentrum
Dr. Eberhard & Partner Dortmund
MVZ-Haus 3: Balkenstr. 12-14
44137 Dortmund, Germany

Tel.:  +49 231 9572 7158
Fax.: +49 231 9572 18 159
E-Mail: ko...@labmed.de
Web: https://www.labmed.de

AW: Ldap with Microsoft Active Directory

2020-04-15 Thread Rohrbach, Gerald

Stephen, depends on your AD and how users login.
For us this worked
ldap_search_query=(userPrincipalName=%s)

Go under AD, pik one user account, properties, Attribute Editor. This shows all.
(
Probably under view you need to switch on advanced features!

Gerald


Von: Stephen COTTHAM [mailto:stephen.cott...@robertbird.com.au]
Gesendet: Mittwoch, 15. April 2020 14:22
An: user@openmeetings.apache.org
Betreff: Ldap with Microsoft Active Directory

Hey Guys,

I am in the same situation as Mathias ldap issue below.

My Config:

ldap_conn_host=DC
ldap_conn_port=389
ldap_conn_secure=false
ldap_admin_dn='CN=Adm some user,OU=London,OU=Administrative 
Users,OU=RBG,OU=Rights Delegation,DC=domain,DC=local'
ldap_passwd='**'
ldap_search_base='OU=Company,DC=domain,DC=local'
ldap_search_query=(sAMAccountName=%s)
ldap_search_scope=ONELEVEL
ldap_auth_type=SIMPLEBIND
ldap_userdn_format='sAMAccountName=%s,OU=Users,OU=London,OU=UK,OU=Company,DC=domain,DC=local'
ldap_provisionning=AUTOCREATE
ldap_deref_mode=always
ldap_use_admin_to_get_attrs=true
ldap_sync_password_to_om=true
ldap_group_mode=NONE
ldap_group_query=(&(memberUid=%s)(objectClass=posixGroup))
ldap_user_attr_login=sAMAccountName
ldap_user_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=streetAddress
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=co
ldap_user_attr_town=l
ldap_user_attr_phone=telephoneNumber
ldap_group_attr=memberOf
ldap_use_lower_case=false
ldap_import_query=(objectClass=inetOrgPerson)

Always returns:

No users was found:

Checked with ldapsearch and I can retrieve them fine, other systems that use 
LDAP from Linux such as Apache Guacamole and Next Cloud both have working AD 
integration using the same values I set there.

Is there a way to get a better debug logs from open Meetings? About what it is 
sending to the DC? The initial bind status, error code from the DC etc..

I rem in old versions of OM we could run it in debug mode to stdout?

Otherwise is there anything obviously I'm missing here?

Best regards

Stephen




From: Mathias Kocks mailto:ko...@labmed.de>>
Sent: 15 April 2020 13:06
To: user@openmeetings.apache.org
Subject: [Possible Untrusted Sender] Can not use LDAP-Sync with Microsoft 
Active Directory

Hello,
i am new to this project and a have a problem with the LDAP-Sync. I even can 
not find any good documentations...

My problem is, that slapd does not find any user in my AD. I am not even shure, 
if it is searching for real. I found in the mailing list archive some example 
configs, but they does not work for me.
I found this one:

#LDAP URL
ldap_conn_host=LDAP_server.Company.com
ldap_conn_port=636
ldap_conn_secure=true

# Login distinguished name (DN) for Authentication on LDAP Server
# Use full qualified LDAP DN
ldap_admin_dn=CN=ldapauth,OU=Users,DC=Company,DC=com

# Loginpass for Authentication on LDAP Server
ldap_passwd=ldapauthpasswd

# base to search for userdata(of user, that wants to login)
ldap_search_base=OU=Users,DC=Company,DC=com
#ldap_search_base=DC=Company,DC=com

# Fieldnames (can differ between Ldap servers)
ldap_search_query=(&(objectCategory=person)(objectClass=person)(sAMAccountName=%1$s))
#ldap_search_query=(sAMAccountName=%s)
#ldap_search_query=(CN=%s)

# the scope of the search might be: OBJECT, ONELEVEL, SUBTREE
ldap_search_scope=SUBTREE

# Ldap auth type(NONE, SEARCHANDBIND, SIMPLEBIND)
ldap_auth_type=SEARCHANDBIND

# userDN format, will be used to bind if ldap_auth_type=SIMPLEBIND
ldap_userdn_format=sAMAccountName=%s,OU=Users,DC=beuth-hochschule.de,DC=com
#ldap_userdn_format=sAMAccountName=%s,DC=Company,DC=com
#ldap_userdn_format=CN=%s,OU=Users,DC=Company,DC=com
#ldap_userdn_format=CN=%s,DC=Company,DC=com

# Ldap-password synchronization to OM DB
ldap_sync_password_to_om=false

# Ldap user attributes mapping
# Set the following internal OM user attributes to their corresponding
Ldap-attribute
ldap_user_attr_lastname=sn

But even after i changed it to my AD and tried several changes, no users were 
found.

My actual config:

ldap_server_type=AD
ldap_conn_host=dc2.labmed.de
ldap_conn_port=389
ldap_conn_secure=false
ldap_admin_dn=CN=Administrator,CN=Users,DC=labmed,DC=de
ldap_passwd=SuperSecretPassword
ldap_search_base=OU=labmed,DC=labmed,DC=de
#ldap_search_query=(&(objectCategory=*)(objectClass=*)(sAMAccountName=%s))
ldap_search_query=(sAMAccountName=%s)
ldap_search_scope= SUBTREE
ldap_auth_type=SEARCHANDBIND
ldap_deref_mode=never
ldap_userdn_format=sAMAccountName=%s,DC=labmed,DC=de
ldap_provisionning=NONE
ldap_use_admin_to_get_attrs=true
ldap_sync_password_to_om=false
ldap_sync_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=streetAddress
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=c

AW: Disable Record button from ScreenSharing

2020-04-15 Thread Rohrbach, Gerald

Maxim,

if in the room recording is disallowed also screen sharing is not available.
I also can’t understand why this is related.
My colleague just tested this again some minutes ago.

We want allow screen sharing, but disallow recording.

Name
OpenMeetings
Version
5.0.0-M4-SNAPSHOT
Revision
4d3d756
Builddate
2020-04-11T15:48:24Z



Gerald



Von: Maxim Solodovnik [mailto:solomax...@gmail.com]
Gesendet: Mittwoch, 15. April 2020 13:33
An: Openmeetings user-list 
Betreff: Re: Disable Record button from ScreenSharing

Hello Gerald,


On Wed, 15 Apr 2020 at 17:36, Rohrbach, Gerald 
mailto:g.rohrb...@funkegruppe.de>> wrote:
Maxim,

is it possible to  disallow from screen sharing the record button?

I'm not sure I understand the problem :(


We have switched of for testing in the room configuration the recording,

Are you have switched off "Allow recording" in some room?

But with this obviously the screen sharing does not work.

Why screen-sharing shouldn't work in this case?


We want prohibit for everyone recording. The users should be able to show and 
share documents.

So someone can start recording with "Allow recording" turned OFF?



Gerald




--
Best regards,
Maxim

AW: Ldap with Microsoft Active Directory

2020-04-15 Thread Rohrbach, Gerald

Maxim gave this tip some days ago. I spent also some time to get it working...
To make logging more verbose you can
1) stop OM
2) add following line to logback-config.xml
 
3) restart OM

According to my previous experience SEARCHANDBIND might work better



Von: Stephen COTTHAM [mailto:stephen.cott...@robertbird.com.au]
Gesendet: Mittwoch, 15. April 2020 15:02
An: user@openmeetings.apache.org
Betreff: RE: Ldap with Microsoft Active Directory

Thanks Gerald,

Ive tried as suggested by using SAM and the UPN, even tried injecting the 
domain portion after the @ with the domain and email namespace, both result in 
the - No users was found:

Looking at the logs as they are we see this:

DEBUG 04-15 12:51:52.393 o.a.o.d.d.u.UserDao:626 [nio-5443-exec-7] - No users 
was found: stephen.cottham
DEBUG 04-15 12:51:52.393 o.a.o.c.l.LdapLoginManager:201 [nio-5443-exec-7] - 
getByLogin:: authenticated ? false, login = 'stephen.cottham', domain = 1, user 
= null
ERROR 04-15 12:51:52.394 o.a.o.c.l.LdapLoginManager:338 [nio-5443-exec-7] - 
LDAP entry is null, search or lookup by Dn failed

The last line, is it saying the variable is NULL as it returned no results from 
the bind OR is it saying the initial bind was not successful and therefore the 
variable is null? (this distinguishes if it's the DN of the lookup user vs. 
getting the expected format correct)

Sorry I think I missed the debug option, can you please relink that here and 
I'll see what else I can find out.

Also to confirm, the config file is escaping out the spaces?

For example:

ldap_admin_dn='CN=Adm some user with spaces,OU=London,OU=Administrative 
Users,OU=RBG,OU=Rights Delegation,DC=domain,DC=local'

Assume we don't need to put the ' ' after the ='cn ? (just ruling this out 
as a cause)

Best regards

Stephen


From: Rohrbach, Gerald 
mailto:g.rohrb...@funkegruppe.de>>
Sent: 15 April 2020 13:41
To: user@openmeetings.apache.org<mailto:user@openmeetings.apache.org>
Subject: AW: Ldap with Microsoft Active Directory

Stephen, depends on your AD and how users login.
For us this worked
ldap_search_query=(userPrincipalName=%s)

Go under AD, pik one user account, properties, Attribute Editor. This shows all.
(
Probably under view you need to switch on advanced features!

Gerald


Von: Stephen COTTHAM [mailto:stephen.cott...@robertbird.com.au]
Gesendet: Mittwoch, 15. April 2020 14:22
An: user@openmeetings.apache.org<mailto:user@openmeetings.apache.org>
Betreff: Ldap with Microsoft Active Directory

Hey Guys,

I am in the same situation as Mathias ldap issue below.

My Config:

ldap_conn_host=DC
ldap_conn_port=389
ldap_conn_secure=false
ldap_admin_dn='CN=Adm some user,OU=London,OU=Administrative 
Users,OU=RBG,OU=Rights Delegation,DC=domain,DC=local'
ldap_passwd='**'
ldap_search_base='OU=Company,DC=domain,DC=local'
ldap_search_query=(sAMAccountName=%s)
ldap_search_scope=ONELEVEL
ldap_auth_type=SIMPLEBIND
ldap_userdn_format='sAMAccountName=%s,OU=Users,OU=London,OU=UK,OU=Company,DC=domain,DC=local'
ldap_provisionning=AUTOCREATE
ldap_deref_mode=always
ldap_use_admin_to_get_attrs=true
ldap_sync_password_to_om=true
ldap_group_mode=NONE
ldap_group_query=(&(memberUid=%s)(objectClass=posixGroup))
ldap_user_attr_login=sAMAccountName
ldap_user_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=streetAddress
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=co
ldap_user_attr_town=l
ldap_user_attr_phone=telephoneNumber
ldap_group_attr=memberOf
ldap_use_lower_case=false
ldap_import_query=(objectClass=inetOrgPerson)

Always returns:

No users was found:

Checked with ldapsearch and I can retrieve them fine, other systems that use 
LDAP from Linux such as Apache Guacamole and Next Cloud both have working AD 
integration using the same values I set there.

Is there a way to get a better debug logs from open Meetings? About what it is 
sending to the DC? The initial bind status, error code from the DC etc..

I rem in old versions of OM we could run it in debug mode to stdout?

Otherwise is there anything obviously I'm missing here?

Best regards

Stephen




From: Mathias Kocks mailto:ko...@labmed.de>>
Sent: 15 April 2020 13:06
To: user@openmeetings.apache.org<mailto:user@openmeetings.apache.org>
Subject: [Possible Untrusted Sender] Can not use LDAP-Sync with Microsoft 
Active Directory

Hello,
i am new to this project and a have a problem with the LDAP-Sync. I even can 
not find any good documentations...

My problem is, that slapd does not find any user in my AD. I am not even shure, 
if it is searching for real. I found in the mailing list archive some example 
configs, but they does not work for me.
I found this one:

#LDAP URL
ldap_conn_host=LDAP_server.Company.com
ldap_conn_port=636
ldap_conn_secure=

AW: Disable Record button from ScreenSharing

2020-04-15 Thread Rohrbach, Gerald

%s is  replaced with the string the user keys  , SQL Like…
UserPrincipalName, look at AD, user attributes. Depends on your AD-setup if 
this is the right variable.

Von: Mathias Kocks [mailto:ko...@labmed.de]
Gesendet: Mittwoch, 15. April 2020 15:09
An: user@openmeetings.apache.org
Betreff: AW: Disable Record button from ScreenSharing

Can anybody tell me, what the „=%s“ is for?
In Example in „ldap_userdn_format=userPrincipalName=%s“.
I would love to get this understanding of all parameters by RTFM...

Mit freundlichen Grüßen

Mathias Kocks
Teamleitung IT-Infrastruktur
Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)

Überörtliche Berufsausübungsgemeinschaft
Medizinisches Versorgungszentrum
Dr. Eberhard & Partner Dortmund
MVZ-Haus 3: Balkenstr. 12-14
44137 Dortmund, Germany

Tel.:  +49 231 9572 7158
Fax.: +49 231 9572 18 159
E-Mail: ko...@labmed.de<mailto:ko...@labmed.de>
Web: https://www.labmed.de<https://www.labmed.de/>

Von: Rohrbach, Gerald 
mailto:g.rohrb...@funkegruppe.de>>
Gesendet: Mittwoch, 15. April 2020 14:46
An: user@openmeetings.apache.org<mailto:user@openmeetings.apache.org>
Betreff: AW: Disable Record button from ScreenSharing

Maxim,

if in the room recording is disallowed also screen sharing is not available.
I also can’t understand why this is related.
My colleague just tested this again some minutes ago.

We want allow screen sharing, but disallow recording.

Name
OpenMeetings
Version
5.0.0-M4-SNAPSHOT
Revision
4d3d756
Builddate
2020-04-11T15:48:24Z



Gerald



Von: Maxim Solodovnik [mailto:solomax...@gmail.com]
Gesendet: Mittwoch, 15. April 2020 13:33
An: Openmeetings user-list 
mailto:user@openmeetings.apache.org>>
Betreff: Re: Disable Record button from ScreenSharing

Hello Gerald,


On Wed, 15 Apr 2020 at 17:36, Rohrbach, Gerald 
mailto:g.rohrb...@funkegruppe.de>> wrote:
Maxim,

is it possible to  disallow from screen sharing the record button?

I'm not sure I understand the problem :(


We have switched of for testing in the room configuration the recording,

Are you have switched off "Allow recording" in some room?

But with this obviously the screen sharing does not work.

Why screen-sharing shouldn't work in this case?


We want prohibit for everyone recording. The users should be able to show and 
share documents.

So someone can start recording with "Allow recording" turned OFF?



Gerald




--
Best regards,
Maxim

AW: Can not use LDAP-Sync with Microsoft Active Directory

2020-04-15 Thread Rohrbach, Gerald

Under administration you can set the default language to German…
This helped us.

Gerald

Von: Mathias Kocks [mailto:ko...@labmed.de]
Gesendet: Mittwoch, 15. April 2020 16:51
An: user@openmeetings.apache.org
Betreff: AW: Can not use LDAP-Sync with Microsoft Active Directory

Got it.

This configuration runs with our Active Directory:

ldap_server_type=AD
ldap_conn_host=dc2.labmed.de
ldap_conn_port=389
ldap_conn_secure=false
ldap_admin_dn=CN=Some Username with 
blanks,OU=User,OU=EDV,OU=labmed,DC=labmed,DC=de
ldap_passwd=SuperSecretPassword
ldap_search_base=DC=labmed,DC=de
ldap_search_query=(userprincipalname=%s)
ldap_search_scope= SUBTREE
ldap_auth_type=SEARCHANDBIND
ldap_deref_mode=never
ldap_userdn_format=%s
ldap_provisionning=AUTOCREATE
ldap_use_admin_to_get_attrs=false

ldap_sync_password_to_om=true
ldap_sync_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_zip=postalCode
ldap_user_attr_country=c
ldap_user_attr_phone=telephoneNumber
#ldap_use_lower_case=false



The only thing that bothers me is, that we do not have an flag for language in 
our AD, so every new user in OpenMeetings is english by default...





Mit freundlichen Grüßen

Mathias Kocks
Teamleitung IT-Infrastruktur
Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)

Überörtliche Berufsausübungsgemeinschaft
Medizinisches Versorgungszentrum
Dr. Eberhard & Partner Dortmund
MVZ-Haus 3: Balkenstr. 12-14
44137 Dortmund, Germany

Tel.:  +49 231 9572 7158
Fax.: +49 231 9572 18 159
E-Mail: ko...@labmed.de<mailto:ko...@labmed.de>
Web: https://www.labmed.de<https://www.labmed.de/>

Von: Maxim Solodovnik mailto:solomax...@gmail.com>>
Gesendet: Mittwoch, 15. April 2020 16:28
An: Openmeetings user-list 
mailto:user@openmeetings.apache.org>>
Betreff: Re: Can not use LDAP-Sync with Microsoft Active Directory

will answer here

`%s` mean put passed parameter to this place as string
full options are here 
https://docs.oracle.com/javase/7/docs/api/java/util/Formatter.html

On Wed, 15 Apr 2020 at 19:37, Rohrbach, Gerald 
mailto:g.rohrb...@funkegruppe.de>> wrote:
This is working….
I would not use an DomainAdmin account for query. It can be a simple restricted 
user…

Maxim pointed already to a link, the debug mode is helpful…


ldap_conn_host=DESVR-AD01.mydomain.de<http://DESVR-AD01.mydomain.de>
ldap_conn_port=389
ldap_conn_secure=false

ldap_admin_dn=CN=ldapopenmeetings,OU=Users-Service-Accounts,DC=mydomain,DC=de

ldap_passwd=#password#
ldap_search_base=DC=mydomain,DC=de

ldap_search_query=(userPrincipalName=%s)

ldap_search_scope=SUBTREE

ldap_auth_type=SEARCHANDBIND

ldap_userdn_format=userPrincipalName=%s,CN=Users,DC=mydomain,DC=de

ldap_provisionning=AUTOCREATE

ldap_deref_mode=always

ldap_use_admin_to_get_attrs=true
ldap_sync_password_to_om=true

ldap_group_mode=NONE

ldap_group_query=(&(memberUid=%s)(objectClass=posixGroup))

# Ldap user attributes mapping
# Set the following internal OM user attributes to their corresponding 
Ldap-attribute
ldap_user_attr_login=sAMAccountName
ldap_user_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=streetAddress
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=c
ldap_user_attr_town=l
ldap_user_attr_phone=telephoneNumber

ldap_group_attr=memberOf


ldap_use_lower_case=false

# Ldap import query, this query should retrieve all LDAP users
ldap_import_query=(objectClass=inetOrgPerson)

Dortmund is not far away…

Regards

Gerald

Von: Mathias Kocks [mailto:ko...@labmed.de<mailto:ko...@labmed.de>]
Gesendet: Mittwoch, 15. April 2020 14:06
An: user@openmeetings.apache.org<mailto:user@openmeetings.apache.org>
Betreff: Can not use LDAP-Sync with Microsoft Active Directory

Hello,
i am new to this project and a have a problem with the LDAP-Sync. I even can 
not find any good documentations...

My problem is, that slapd does not find any user in my AD. I am not even shure, 
if it is searching for real. I found in the mailing list archive some example 
configs, but they does not work for me.
I found this one:

#LDAP URL
ldap_conn_host=LDAP_server.Company.com<http://LDAP_server.Company.com>
ldap_conn_port=636
ldap_conn_secure=true

# Login distinguished name (DN) for Authentication on LDAP Server
# Use full qualified LDAP DN
ldap_admin_dn=CN=ldapauth,OU=Users,DC=Company,DC=com

# Loginpass for Authentication on LDAP Server
ldap_passwd=ldapauthpasswd

# base to search for userdata(of user, that wants to login)
ldap_search_base=OU=Users,DC=Company,DC=com
#ldap_search_base=DC=Company,DC=com

# Fieldnames (can differ between Ldap servers)
ldap_search_query=(&(objectCategory=pe

SIP setup / testing

2020-04-15 Thread Rohrbach, Gerald

Maxim,

what all needs to be done for the SIP stuff?

I would spend some time in this, as we have some use cases for it.
So at least I can setup an asterisks for testing purpose.
Do you see a realistic chance to get this working in the next weeks?

I read on the older version it was working, so maybe there is not too much to 
do.
I´m not asterisk expert, but at least I have used it in some areas.


Gerald





Von: Maxim Solodovnik [mailto:solomax...@gmail.com]
Gesendet: Mittwoch, 15. April 2020 16:58
An: Openmeetings user-list 
Betreff: Re: Can not use LDAP-Sync with Microsoft Active Directory

congrats :)

On Wed, 15 Apr 2020 at 21:53, Rohrbach, Gerald 
mailto:g.rohrb...@funkegruppe.de>> wrote:
Under administration you can set the default language to German…
This helped us.

Gerald

Von: Mathias Kocks [mailto:ko...@labmed.de<mailto:ko...@labmed.de>]
Gesendet: Mittwoch, 15. April 2020 16:51
An: user@openmeetings.apache.org<mailto:user@openmeetings.apache.org>
Betreff: AW: Can not use LDAP-Sync with Microsoft Active Directory

Got it.

This configuration runs with our Active Directory:

ldap_server_type=AD
ldap_conn_host=dc2.labmed.de<http://dc2.labmed.de>
ldap_conn_port=389
ldap_conn_secure=false
ldap_admin_dn=CN=Some Username with 
blanks,OU=User,OU=EDV,OU=labmed,DC=labmed,DC=de
ldap_passwd=SuperSecretPassword
ldap_search_base=DC=labmed,DC=de
ldap_search_query=(userprincipalname=%s)
ldap_search_scope= SUBTREE
ldap_auth_type=SEARCHANDBIND
ldap_deref_mode=never
ldap_userdn_format=%s
ldap_provisionning=AUTOCREATE
ldap_use_admin_to_get_attrs=false

ldap_sync_password_to_om=true
ldap_sync_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_zip=postalCode
ldap_user_attr_country=c
ldap_user_attr_phone=telephoneNumber
#ldap_use_lower_case=false



The only thing that bothers me is, that we do not have an flag for language in 
our AD, so every new user in OpenMeetings is english by default...





Mit freundlichen Grüßen

Mathias Kocks
Teamleitung IT-Infrastruktur
Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)

Überörtliche Berufsausübungsgemeinschaft
Medizinisches Versorgungszentrum
Dr. Eberhard & Partner Dortmund
MVZ-Haus 3: Balkenstr. 12-14
44137 Dortmund, Germany

Tel.:  +49 231 9572 7158
Fax.: +49 231 9572 18 159
E-Mail: ko...@labmed.de<mailto:ko...@labmed.de>
Web: https://www.labmed.de<https://www.labmed.de/>

Von: Maxim Solodovnik mailto:solomax...@gmail.com>>
Gesendet: Mittwoch, 15. April 2020 16:28
An: Openmeetings user-list 
mailto:user@openmeetings.apache.org>>
Betreff: Re: Can not use LDAP-Sync with Microsoft Active Directory

will answer here

`%s` mean put passed parameter to this place as string
full options are here 
https://docs.oracle.com/javase/7/docs/api/java/util/Formatter.html

On Wed, 15 Apr 2020 at 19:37, Rohrbach, Gerald 
mailto:g.rohrb...@funkegruppe.de>> wrote:
This is working….
I would not use an DomainAdmin account for query. It can be a simple restricted 
user…

Maxim pointed already to a link, the debug mode is helpful…


ldap_conn_host=DESVR-AD01.mydomain.de<http://DESVR-AD01.mydomain.de>
ldap_conn_port=389
ldap_conn_secure=false

ldap_admin_dn=CN=ldapopenmeetings,OU=Users-Service-Accounts,DC=mydomain,DC=de

ldap_passwd=#password#
ldap_search_base=DC=mydomain,DC=de

ldap_search_query=(userPrincipalName=%s)

ldap_search_scope=SUBTREE

ldap_auth_type=SEARCHANDBIND

ldap_userdn_format=userPrincipalName=%s,CN=Users,DC=mydomain,DC=de

ldap_provisionning=AUTOCREATE

ldap_deref_mode=always

ldap_use_admin_to_get_attrs=true
ldap_sync_password_to_om=true

ldap_group_mode=NONE

ldap_group_query=(&(memberUid=%s)(objectClass=posixGroup))

# Ldap user attributes mapping
# Set the following internal OM user attributes to their corresponding 
Ldap-attribute
ldap_user_attr_login=sAMAccountName
ldap_user_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=streetAddress
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=c
ldap_user_attr_town=l
ldap_user_attr_phone=telephoneNumber

ldap_group_attr=memberOf


ldap_use_lower_case=false

# Ldap import query, this query should retrieve all LDAP users
ldap_import_query=(objectClass=inetOrgPerson)

Dortmund is not far away…

Regards

Gerald

Von: Mathias Kocks [mailto:ko...@labmed.de<mailto:ko...@labmed.de>]
Gesendet: Mittwoch, 15. April 2020 14:06
An: user@openmeetings.apache.org<mailto:user@openmeetings.apache.org>
Betreff: Can not use LDAP-Sync with Microsoft Active Directory

Hello,
i am new to this project and a have a problem with the LDAP-Sync. I even can 
not find any good documentations...

AW: Can not use LDAP-Sync with Microsoft Active Directory

2020-04-15 Thread Rohrbach, Gerald

LDAP Mapping Problem, depends on
ldap_userdn_format=userPrincipalName=%s,CN=Users,DC=mydomain,DC=de

ldap_user_attr_login=sAMAccountName

With debug you can analyse. It depends if users login with userPrinicalName 
like in our case I use sAMAccountName for storing in db.


Gerald

Von: Mathias Kocks [mailto:ko...@labmed.de]
Gesendet: Mittwoch, 15. April 2020 17:19
An: user@openmeetings.apache.org
Betreff: AW: Can not use LDAP-Sync with Microsoft Active Directory

And another problem:
Every time i log into OpenMeetings, i get a new entry in the user database with 
login entry n...@ourdomain.de<mailto:n...@ourdomain.de>.

Mit freundlichen Grüßen

Mathias Kocks
Teamleitung IT-Infrastruktur
Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)

Überörtliche Berufsausübungsgemeinschaft
Medizinisches Versorgungszentrum
Dr. Eberhard & Partner Dortmund
MVZ-Haus 3: Balkenstr. 12-14
44137 Dortmund, Germany

Tel.:  +49 231 9572 7158
Fax.: +49 231 9572 18 159
E-Mail: ko...@labmed.de<mailto:ko...@labmed.de>
Web: https://www.labmed.de<https://www.labmed.de/>

Von: Maxim Solodovnik mailto:solomax...@gmail.com>>
Gesendet: Mittwoch, 15. April 2020 16:58
An: Openmeetings user-list 
mailto:user@openmeetings.apache.org>>
Betreff: Re: Can not use LDAP-Sync with Microsoft Active Directory

congrats :)

On Wed, 15 Apr 2020 at 21:53, Rohrbach, Gerald 
mailto:g.rohrb...@funkegruppe.de>> wrote:
Under administration you can set the default language to German…
This helped us.

Gerald

Von: Mathias Kocks [mailto:ko...@labmed.de<mailto:ko...@labmed.de>]
Gesendet: Mittwoch, 15. April 2020 16:51
An: user@openmeetings.apache.org<mailto:user@openmeetings.apache.org>
Betreff: AW: Can not use LDAP-Sync with Microsoft Active Directory

Got it.

This configuration runs with our Active Directory:

ldap_server_type=AD
ldap_conn_host=dc2.labmed.de<http://dc2.labmed.de>
ldap_conn_port=389
ldap_conn_secure=false
ldap_admin_dn=CN=Some Username with 
blanks,OU=User,OU=EDV,OU=labmed,DC=labmed,DC=de
ldap_passwd=SuperSecretPassword
ldap_search_base=DC=labmed,DC=de
ldap_search_query=(userprincipalname=%s)
ldap_search_scope= SUBTREE
ldap_auth_type=SEARCHANDBIND
ldap_deref_mode=never
ldap_userdn_format=%s
ldap_provisionning=AUTOCREATE
ldap_use_admin_to_get_attrs=false

ldap_sync_password_to_om=true
ldap_sync_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_zip=postalCode
ldap_user_attr_country=c
ldap_user_attr_phone=telephoneNumber
#ldap_use_lower_case=false



The only thing that bothers me is, that we do not have an flag for language in 
our AD, so every new user in OpenMeetings is english by default...





Mit freundlichen Grüßen

Mathias Kocks
Teamleitung IT-Infrastruktur
Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)

Überörtliche Berufsausübungsgemeinschaft
Medizinisches Versorgungszentrum
Dr. Eberhard & Partner Dortmund
MVZ-Haus 3: Balkenstr. 12-14
44137 Dortmund, Germany

Tel.:  +49 231 9572 7158
Fax.: +49 231 9572 18 159
E-Mail: ko...@labmed.de<mailto:ko...@labmed.de>
Web: https://www.labmed.de<https://www.labmed.de/>

Von: Maxim Solodovnik mailto:solomax...@gmail.com>>
Gesendet: Mittwoch, 15. April 2020 16:28
An: Openmeetings user-list 
mailto:user@openmeetings.apache.org>>
Betreff: Re: Can not use LDAP-Sync with Microsoft Active Directory

will answer here

`%s` mean put passed parameter to this place as string
full options are here 
https://docs.oracle.com/javase/7/docs/api/java/util/Formatter.html

On Wed, 15 Apr 2020 at 19:37, Rohrbach, Gerald 
mailto:g.rohrb...@funkegruppe.de>> wrote:
This is working….
I would not use an DomainAdmin account for query. It can be a simple restricted 
user…

Maxim pointed already to a link, the debug mode is helpful…


ldap_conn_host=DESVR-AD01.mydomain.de<http://DESVR-AD01.mydomain.de>
ldap_conn_port=389
ldap_conn_secure=false

ldap_admin_dn=CN=ldapopenmeetings,OU=Users-Service-Accounts,DC=mydomain,DC=de

ldap_passwd=#password#
ldap_search_base=DC=mydomain,DC=de

ldap_search_query=(userPrincipalName=%s)

ldap_search_scope=SUBTREE

ldap_auth_type=SEARCHANDBIND

ldap_userdn_format=userPrincipalName=%s,CN=Users,DC=mydomain,DC=de

ldap_provisionning=AUTOCREATE

ldap_deref_mode=always

ldap_use_admin_to_get_attrs=true
ldap_sync_password_to_om=true

ldap_group_mode=NONE

ldap_group_query=(&(memberUid=%s)(objectClass=posixGroup))

# Ldap user attributes mapping
# Set the following internal OM user attributes to their corresponding 
Ldap-attribute
ldap_user_attr_login=sAMAccountName
ldap_user_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=streetAddress
ldap_user_attr_additionalname=descript

AW: SIP setup / testing

2020-04-15 Thread Rohrbach, Gerald

Maxim,

Audio is he only interesting with SIP.
I will try to read about the old implementation

Gerald


Von: Maxim Solodovnik [mailto:solomax...@gmail.com]
Gesendet: Mittwoch, 15. April 2020 17:34
An: Openmeetings user-list 
Betreff: Re: SIP setup / testing



On Wed, 15 Apr 2020 at 22:20, Rohrbach, Gerald 
mailto:g.rohrb...@funkegruppe.de>> wrote:
Maxim,

what all needs to be done for the SIP stuff?

The only thing required: is to implement it 
https://issues.apache.org/jira/browse/OPENMEETINGS-2239


I would spend some time in this, as we have some use cases for it.
So at least I can setup an asterisks for testing purpose.
Do you see a realistic chance to get this working in the next weeks?

So far I have lots of day-time job and no idea how to implement this
I doubt it is weeks :(
Audio/Video transfer part need to be totally re-implemented


I read on the older version it was working, so maybe there is not too much to 
do.
I´m not asterisk expert, but at least I have used it in some areas.

Asterisk integration will work (rooms, users etc.)
Multimedia server has been changed, so I doubt it will be fast and easy



Gerald


--
Best regards,
Maxim

AW: SIP setup / testing

2020-04-15 Thread Rohrbach, Gerald

Maxim,

I do not know much about the technical background.
OM is using kurento that´s my understanding.

I do not know the integration depth of the old Red5 SIP in OM.

For me it is not necessary, that the audio users are listed by name or somehow, 
they should just listen and should be able to talk be mobile phones
or classic phones. That of course would be a nice feature if they are somehow 
listed in the room, but probably a lot of work.

Before inventing the wheel again, maybe we can use another open source project 
and can combine it.
I have seen some kurento SIP projects. If the sip connection works, a deeper 
integration can be done.
Asterisks is good documented and easy to setup.

Unfortunately all this takes time and needs deep understanding of the 
technology OM uses.
Probably you know much about kurento and definitely about OM.
https://www.kurento.org/kurento-architecture

What`s your opinion about this way? You know the technology best. Could this 
speed up the process?


Gerald






Von: Maxim Solodovnik [mailto:solomax...@gmail.com]
Gesendet: Mittwoch, 15. April 2020 18:18
An: Openmeetings user-list 
Betreff: Re: SIP setup / testing

Old one was RTMP based (since OM was based on Red5 which is RTMP)
Now it is KMS and WebRTC
So multi-media part need to be written from scratch ...

On Wed, 15 Apr 2020 at 23:14, Rohrbach, Gerald 
mailto:g.rohrb...@funkegruppe.de>> wrote:
Maxim,

Audio is he only interesting with SIP.
I will try to read about the old implementation

Gerald


Von: Maxim Solodovnik [mailto:solomax...@gmail.com<mailto:solomax...@gmail.com>]
Gesendet: Mittwoch, 15. April 2020 17:34
An: Openmeetings user-list 
mailto:user@openmeetings.apache.org>>
Betreff: Re: SIP setup / testing



On Wed, 15 Apr 2020 at 22:20, Rohrbach, Gerald 
mailto:g.rohrb...@funkegruppe.de>> wrote:
Maxim,

what all needs to be done for the SIP stuff?

The only thing required: is to implement it 
https://issues.apache.org/jira/browse/OPENMEETINGS-2239


I would spend some time in this, as we have some use cases for it.
So at least I can setup an asterisks for testing purpose.
Do you see a realistic chance to get this working in the next weeks?

So far I have lots of day-time job and no idea how to implement this
I doubt it is weeks :(
Audio/Video transfer part need to be totally re-implemented


I read on the older version it was working, so maybe there is not too much to 
do.
I´m not asterisk expert, but at least I have used it in some areas.

Asterisk integration will work (rooms, users etc.)
Multimedia server has been changed, so I doubt it will be fast and easy



Gerald


--
Best regards,
Maxim


--
Best regards,
Maxim

AW: [HELP NEEDED] 5.0.0 release

2020-04-16 Thread Rohrbach, Gerald

Maxim,

I will test the actual snapshot today, when the build is finished in 40 minutes.

Gerald

Von: Maxim Solodovnik [mailto:solomax...@gmail.com]
Gesendet: Donnerstag, 16. April 2020 10:06
An: Openmeetings user-list 
Betreff: Re: [HELP NEEDED] 5.0.0 release

Hello All,

I plan to start VOTE on M4 tomorrow,
Please stop me if you will see any blockers :)

On Tue, 14 Apr 2020 at 20:00, Peter Dähn mailto:da...@vcrp.de>> 
wrote:
Hi Maxim,

no blockers found yet. Yesterday I tested clustering in my
test-environment. Seemed to work so far.

Greetings Peter

Am 14.04.20 um 08:33 schrieb Maxim Solodovnik:
> Hello All,
>
> I would like to start a VOTE for new release ASAP
> Are there any blockers?
>
>

--
Best regards,
Maxim

AW: Problem with recording session

2020-04-16 Thread Rohrbach, Gerald


openmeetings.markmail.org


Search is there

IExplorer will probaly not work. Firefox, Opera etc.

Gerald

Von: Peter-Otto Weber [mailto:cyber...@hotmail.de]
Gesendet: Donnerstag, 16. April 2020 14:55
An: user@openmeetings.apache.org
Betreff: Problem with recording session

Hello,

i am able to record a short Audio / Video sequence setting up the System with 
(Check Setup).

But inside a room i can share a screen but not record the session.

The recording is listed in the files but „not available“

OM and Kurento are running on the same user.

How can i debug this to find the cause?

I can see, that my current user i am logged in with is not allowed to Access 
the „streams“ Folder.

Thanks for helping.

Maybe this Question was answered before but this really old fashione Mailing 
list is not giving me a feature to search for this ☹

POW

AW: Invitation to: Test of Room 4 (public video and whiteboard room) tomorrow, Thursday APril 16 at 19:00 UTC (London time)

2020-04-16 Thread Rohrbach, Gerald

Well, Rene for Germany that is already late….

Gerald

Von: R. Scholz [mailto:rene.sch...@abakus-edv-systems.de]
Gesendet: Donnerstag, 16. April 2020 20:41
An: user@openmeetings.apache.org
Betreff: Re: Invitation to: Test of Room 4 (public video and whiteboard room) 
tomorrow, Thursday APril 16 at 19:00 UTC (London time)

Hello Ed,

it seems that is the same thing like yesterday: no interest from the other to 
make a "Kurento-test".
With two members it makes no sense.

Best regards,

René

Am 16.04.2020 um 09:39 schrieb Maxim Solodovnik:
I'm in GMT+7
19:00 GMT will be 02:00 for me, so it will be impossible for me to participate
Will update server and restart KMS so you can test without issues :))

On Thu, 16 Apr 2020 at 14:35, BBS Technik 
mailto:dormiti...@gmx.de>> wrote:
I will try to participate too.


Regards Ed


> Gesendet: Mittwoch, 15. April 2020 um 16:58 Uhr
> Von: i...@bureau-de-poste.net
> An: user@openmeetings.apache.org
> Betreff: Invitation to: Test of Room 4 (public video and whiteboard room) 
> tomorrow, Thursday APril 16 at 19:00 UTC (London time)
>
>  Hello All,
> 
>  I have an interesting idea, I think. The test server  (5.0.0 M4)
>  at https://om.alteametasoft.com:8443/next/signin seems to me to
>  be very fast. Why don't many of us testers agree to meet
>  tomorrow, Thursday, April 16 in a specific room - I suggest the
>  Public Video and Whiteboard Room (room no. 4), and if we have 5
>  or more people, we can see for ourselves how fast it is, and
>  whether or not video conference participants need to exit and
>  re-login to actively participate in a conference. I had a problem
>  with 5.0.0 M3 with only 2 users, and I had to either refresh one
>  user every once in a while, or - what worked better - re-login at
>  least once.
> 
>  There are already two of us who will be there - can anyone else
>  meet virtually in room number 4 to test it? tomorrow, Thursday at
>  19:00 UTC (London, England time).
> 
>  Best regards,
> 
>  Ed
>
>
>


--
Best regards,
Maxim

Guest-Users Database records

2020-04-17 Thread Rohrbach, Gerald

Maxim,

do I understand right?

If I send invitation to a none OM User, a user in the OM-UserDB is created with 
a prefix of the room?
Modus is contact.

I do found some database records with that layout..
It seems that the prefix is the owner_id

After some time I would like to delete this records.
I remember if deleted with the frontend, they are still shown.
Can I delete just by sql query in the DB or will I mix up something there?


Geral

Re: [VOTE] Apache OpenMeetings 5.0.0-M4 Release Candidate 1

2020-04-20 Thread Rohrbach, Gerald

Maxim,

we do have snapshot   5.0.0-M4-SNAPSHOT 1ba1986 in use some days now. Migration 
from older snapshot.
The best Test system is the life system...

Everything seems fine.
We are not doing any recording...

Gerald

AW: KMS Crash

2020-04-23 Thread Rohrbach, Gerald

We are using only internal on one VM, with several people. We did not noticed 
such problems.

What I can imagine is, that it is related to coturn and double natting.

We do have a second physical machine, connected direct to internet.
Also no issues here. We did some ISO audits with this over hours.

But the plan is once to get rid of the physical machine and use a DMZ.
So we need than also to run coturn…

Gerald

Von: R. Scholz [mailto:rene.sch...@abakus-edv-systems.de]
Gesendet: Donnerstag, 23. April 2020 12:29
An: user@openmeetings.apache.org
Betreff: Re: KMS Crash

Hello,

today I tried a webinar with 8 members - with me as moderator/presenter.

After a few minutes the viewers not see me. Behind the chat-Tab are the red 
error-messages "Multimedia inaccessible".
But: at two viewers all is OK: They se my video and hear my voice.

I started my script to restart KMS, coturn and tomcat. The 2 viewers see and 
hear me further, the other had no video, no audio
and, behind the chat-tab "Multimedia inaccessible".

I tried to restart separately KMS and coturn, cause it is fast to restart this. 
(Tomcat neeeds after a reboot 15 minutes to come up, with a restart it needs 30 
seconds.)

"Multimedia inaccessible".

I canceled my webinar after 15 minutes and many restarts of the services.

My system:
Internet: 1GBit sym.

OM 5.0.0-M4-SNAPSHOT
Revision 96d9435
Builddate 2020-04-14T16:48:43Z

Kurento: 6.13.0

CPU: i3, 8GB RAM

With best regards,

René

Am 21.04.2020 um 12:12 schrieb Maxim Solodovnik:
OM should reconnect to KMS (please file JIRA, I'll check it)

According to limit login - I'm afraid it might produce much more bad scenarious

What version of KMS are you using?
Does it have enough resources? (Ram, cpu)

On Tue, Apr 21, 2020, 15:51 YUP mailto:yupad...@gmail.com>> 
wrote:
KMS server is very unstable in my case too.

On Tue, Apr 21, 2020 at 9:32 AM R. Scholz
mailto:rene.sch...@abakus-edv-systems.de>> 
wrote:
>
> Hello,
>
> today I had a manager (a little older one) who try the first time "such
> modern thing like a online-conference".
>
> I sent him an invitation-email and he made three (or more) times a
> doube-click on the link.
> I see his name a lot of in the client-list.
>
> After that I see the red error "no multimedia" (or sth. like that).
>
> I restarted KMS and Tomcat and all is OK again.
>
> Is it possible to avoid that? Maybe only one connection per invitation?
>
> Best regards,
>
> René
>

AW: Reconnection loop in meeting room

2020-05-01 Thread Rohrbach, Gerald

Fabian,

there are good documentation for the coturn setup avaialable:
https://cwiki.apache.org/confluence/display/OPENMEETINGS/Tutorials+for+installing+OpenMeetings+and+Tools

Gerald


Von: Fabian Kopatschek [mailto:fabian.kopatsc...@yahoo.de]
Gesendet: Freitag, 1. Mai 2020 16:20
An: user@openmeetings.apache.org
Betreff: Re: Reconnection loop in meeting room

Thanks for the hint. I've setup a TURN server and openmeetings seems to use it.
The log of the TURN server show the following entries:

...
session 002002: realm  user : incoming packet 
CREATE_PERMISSION processed, success
session 001001: realm  user <>: incoming packet message 
processed, error 401: Unauthorized
...
check_stun_auth: Cannot find credentials of user <1588346030:someuser>
...

What i've done so far is:
- set the Environment Variables TURN_URL, TURN_USER, TURN_PASS
- configured turnURL in /etc/kurento/modules/kurento/WebRtcEndpoint.conf.ini

Is there some other place i have to conigure something? I'm wondering about the 
empty user und the user the numbers in front.

Kinds Regards
Fabian
Am 01.05.2020 um 14:11 schrieb Maxim Solodovnik:
You need to setup TURN server

On Fri, May 1, 2020, 18:54 Fabian Kopatschek 
mailto:fabian.kopatsc...@yahoo.de>> wrote:
Hi everybody,

i'm facing a reconnection loop in my meeting rooms. On the lower right
corner of the broweser the following message pops up:
"Media server connection for user xy is failed, will try to reconnect"

I have this setup:
Openmeetings 5.0.0-M4 as Docker Container and nginx as reverse proxy. As
browsers i've tried Chrome, Firefox and Edge.

So the communication chain is like this:
browser <=https=> nginx <=https=> openmeetings

This is the logoutput from the docker logs of the openmeetings container
when the reconnection happens:

DEBUG 05-01 11:47:42.478 o.a.o.c.r.StreamProcessor:87 [nio-5443-exec-1]
- Incoming message from user with ID '2':
{"type":"kurento","id":"broadcastStarted","uid":"7e406ec6-a8f3-44e5-aa1e-a07865aa75c6","sdpOffer":"v=0\r\no=-
6125256671074174141 2 IN IP4 127.0.0.1\r\ns=-\r\nt=0 0\r\na=group:BUNDLE
0 1\r\na=msid-semantic: WMS
kvm52h4aFVcmL8xnOqOfn36E0fmJ17XLYRhu\r\nm=audio 9 UDP/TLS/RTP/SAVPF 111
103 104 9 0 8 106 105 13 110 112 113 126\r\nc=IN IP4 0.0.0.0\r\na=rtcp:9
IN IP4
0.0.0.0\r\na=ice-ufrag:Xy3a\r\na=ice-pwd:rL+/Ze66uQfpKtww7wQyh2EV\r\na=ice-options:trickle\r\na=fingerprint:sha-256
53:61:34:03:07:37:9A:48:28:DB:95:5C:BA:21:F2:26:AB:79:B6:D9:A8:FB:1F:48:53:0F:29:60:EB:13:40:36\r\na=setup:actpass\r\na=mid:0\r\na=extmap:1
urn:ietf:params:rtp-hdrext:ssrc-audio-level\r\na=extmap:2
http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time\r\na=extmap:3
http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01\r\na=extmap:4
urn:ietf:params:rtp-hdrext:sdes:mid\r\na=extmap:5
urn:ietf:params:rtp-hdrext:sdes:rtp-stream-id\r\na=extmap:6
urn:ietf:params:rtp-hdrext:sdes:repaired-rtp-stream-id\r\na=sendrecv\r\na=msid:kvm52h4aFVcmL8xnOqOfn36E0fmJ17XLYRhu
706e78f6-ddee-4b5b-8043-7a5da49f9f9d\r\na=rtcp-mux\r\na=rtpmap:111
opus/48000/2\r\na=rtcp-fb:111 transport-cc\r\na=fmtp:111
minptime=10;useinbandfec=1\r\na=rtpmap:103 ISAC/16000\r\na=rtpmap:104
ISAC/32000\r\na=rtpmap:9 G722/8000\r\na=rtpmap:0 PCMU/8000\r\na=rtpmap:8
PCMA/8000\r\na=rtpmap:106 CN/32000\r\na=rtpmap:105
CN/16000\r\na=rtpmap:13 CN/8000\r\na=rtpmap:110
telephone-event/48000\r\na=rtpmap:112
telephone-event/32000\r\na=rtpmap:113
telephone-event/16000\r\na=rtpmap:126
telephone-event/8000\r\na=ssrc:219987797
cname:o0Zi7givYp+YopVE\r\na=ssrc:219987797
msid:kvm52h4aFVcmL8xnOqOfn36E0fmJ17XLYRhu
706e78f6-ddee-4b5b-8043-7a5da49f9f9d\r\na=ssrc:219987797
mslabel:kvm52h4aFVcmL8xnOqOfn36E0fmJ17XLYRhu\r\na=ssrc:219987797
label:706e78f6-ddee-4b5b-8043-7a5da49f9f9d\r\nm=video 9
UDP/TLS/RTP/SAVPF 96 97 98 99 100 101 102 122 127 121 125 107 108 109
124 120 123 119 114 115 116\r\nc=IN IP4 0.0.0.0\r\na=rtcp:9 IN IP4
0.0.0.0\r\na=ice-ufrag:Xy3a\r\na=ice-pwd:rL+/Ze66uQfpKtww7wQyh2EV\r\na=ice-options:trickle\r\na=fingerprint:sha-256
53:61:34:03:07:37:9A:48:28:DB:95:5C:BA:21:F2:26:AB:79:B6:D9:A8:FB:1F:48:53:0F:29:60:EB:13:40:36\r\na=setup:actpass\r\na=mid:1\r\na=extmap:14
urn:ietf:params:rtp-hdrext:toffset\r\na=extmap:2
http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time\r\na=extmap:13
urn:3gpp:video-orientation\r\na=extmap:3
http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01\r\na=extmap:12
http://www.webrtc.org/experiments/rtp-hdrext/playout-delay\r\na=extmap:11
http://www.webrtc.org/experiments/rtp-hdrext/video-content-type\r\na=extmap:7

SIP integration

2020-05-02 Thread Rohrbach, Gerald

Sebastian,

is for M5 the SIP integration planned?

We are using M4 already. In our case only for internal use,
so it´s not that critical. And up to know it seems to be stable.

The dial in is a feature often requested from users, that do have a web cam or 
microphone.

In theory kurunto should handle this, and also asterisk is able to do a webrtc 
connection.
But probably in practise there is a lot of testing to do.
I tried to read all the documentation and try to get a basic understanding,
how this all can work together.

I have been working with asterisk a while ago.
I guess each room needs only one callerId, the rest the conference bridge
should do.
For someone like me who never used kurento bevore it´s difficult to
understand how the connection to kurento are handled.

Do you have already an idea, how a simple connection just for testing
can made?
Maybe just sending an invitation like  for guests, and use this
for a script to make a webrtc connection from asterisk to this room?.
I have seen also some other projects for kurento and asterisk connection.
Are there somewhere documentation available how OM and kurento
are working together.

Regards

Gerald






Von: seba.wag...@gmail.com [mailto:seba.wag...@gmail.com]
Gesendet: Samstag, 2. Mai 2020 00:27
An: Openmeetings user-list 
Betreff: Re: Maybe stupid question - updating

5.0.0-M5 hasn't been released yet. Its only available as Snapshot.
Releases will be announced via website and mailing list. There will be also 
discussions and vote's on the dev mailing list to discuss releases ready.

M4 is not even recommended for Prod usage yet. The "M" in the version number 
stands for beta. Although I may understand people want to use it since it 
doesn't require Flash.

Re upgrade process: See: https://openmeetings.apache.org/Upgrade.html
There is a backup and re-import feature. If you want to migrate 
users/rooms/files from one installation to another.

However if you don't mind loosing some of the user generated data you can also 
simply start a new instance.

Cheers
Seb

Sebastian Wagner
https://www.linkedin.com/in/sebastianwagner/


On Fri, 1 May 2020 at 01:25, Peter-Otto Weber 
mailto:cyber...@hotmail.de>> wrote:
Hello,

is it easy to update to newer releases?

Lets say to 5.0.0-M5.

How will new official releases be announced ?

Does it make sense to update M5 right now?

Regards

POW

AW: LDAP configuration

2020-05-02 Thread Rohrbach, Gerald

There is a new documentation:

https://cwiki.apache.org/confluence/display/OPENMEETINGS/Tutorials+for+installing+OpenMeetings+and+Tools

Gerald


Von: K. Kamhamea [mailto:kamha...@googlemail.com]
Gesendet: Samstag, 2. Mai 2020 10:24
An: user@openmeetings.apache.org
Betreff: LDAP configuration

Hello,
There is a bug in the description of administration > LDAP

It says the config file has to be uploaded to the conf directory

[The config files are in the folder webapps/openmeetings/conf. You need to 
manually upload the files to this folder. Changes to the config file are 
immediately online.]

But that wrong it is the webapps/openmeetings/data/conf directory. And It would 
be helpful to mention in that text that already a current template resides in 
that directory that can be modified.

So now that I have the correct config file in place it probably connects to 
ldap but I cannot log in. I always get a wrong credentials error.

In LDAP data are stored as follows:
uid     login
cn     login
mail     email
userPassword (SHA256)  PW

Is there a trouble shooting tutorial?

AW: OpenMeetings <-> BigBlueButton

2020-05-04 Thread Rohrbach, Gerald

Peter,

good question. I mean not if Maxim is sleeping ever…

Yes, I think it’s an important hint to use a standard port.
In business environments it´s a problem with special ports.

Maxim, where we have to configure this?


Regards

Gerald.


Von: Peter-Otto Weber [mailto:cyber...@hotmail.de]
Gesendet: Dienstag, 5. Mai 2020 08:05
An: user@openmeetings.apache.org
Betreff: AW: OpenMeetings <-> BigBlueButton

Hello Maxim,

has this been tested / done before and mos impotant for „newbies“ how can this 
be configured?

Regards

è Do you ever sleep ? 😉

POW

Von: Maxim Solodovnik mailto:solomax...@gmail.com>>
Gesendet: Dienstag, 5. Mai 2020 08:02
An: Openmeetings user-list 
mailto:user@openmeetings.apache.org>>
Betreff: Re: OpenMeetings <-> BigBlueButton



On Tue, 5 May 2020 at 12:58, Peter-Otto Weber 
mailto:cyber...@hotmail.de>> wrote:
I just got in first contact with „bigbluebutton“.

It seems to be very similar to openmeetings but – as i suggested before – has a 
better implementation of video arrangement.

All videos automatically were arranged above the whitboard – i like it.

What i wonder is ,why open meetings needs to use specific https port and 
bigbluebutton does not?

port 8443 is used for demo-next because version 4.0.x using 443 ATM
port 5443 is used for out-of-box version to avoid conflicts with running HTTP 
server

you free to set up OM on port 443


The main problem is with customers having a firewall allowing only 80/443. We 
had scheduled a meeting with customers that had to be canceled due to 
networking / firewall problems.

Using 80/443 like on bigbluebutton would make everything much easier? Is this 
possible?

Best wishes

POW


--
Best regards,
Maxim

Edge Browser

2020-05-05 Thread Rohrbach, Gerald

Maxim

I tried today the newest Edge Version with the Chrome engine. Version 
81.0416.68.

It works with video and microphone,
but the screen sharing produces an error message:

TypeError: navigator.getDisplayMedia is not a function×

Are you aware of this?  Is there a work around?
It`s not possible to stop the sharing, so you need to reenter the room.

Usually we are using Firefox, but some externals do have just edge.


Name
OpenMeetings
Version
5.0.0-M4-SNAPSHOT
Revision
1ba1986

Maybe you fixed it already in a newer release?


Regards

Gerald.







Von: Maxim Solodovnik [mailto:solomax...@gmail.com]
Gesendet: Dienstag, 5. Mai 2020 08:45
An: Openmeetings user-list 
Betreff: Re: Domain certificate not working

You should select one way or another
The topic was discussed you can search mailing-list archives
(from mobile, sorry for typos)

On Tue, May 5, 2020, 13:36 Ninnig, Alexander 
mailto:alexander.nin...@rechnungshof.rlp.de>>
 wrote:
Hi,

THAT'S exactly the kind of information, I was looking for. I figured, it could 
be something like this.

Just one last question: I do this INSTEAD of all this other keystore-stuff? Or 
AFTER?

Best Regards,
Alex

-Ursprüngliche Nachricht-
Von: ratatouille mailto:ratatoui...@bitclusive.de>>
Gesendet: Montag, 4. Mai 2020 17:15
An: user@openmeetings.apache.org
Betreff: Re: Domain certificate not working

Hello!

I made https available just by editing server.xml like this:



http://domain.de/cert.pem>"
 
certificateKeyFile="/etc/letsencrypt/live/domain.de/privkey.pem"
 
certificateChainFile="/etc/letsencrypt/live/domain.de/fullchain.pem"
 />



and it worked, nothing else I did.

  Andreas


"Ninnig, Alexander" 
mailto:alexander.nin...@rechnungshof.rlp.de>>
 schrieb am 04.05.20 um 13:55:43 Uhr:

> Hi,
>
> I installed Openmeetings 504 on a virtual Ubuntu 18.04 Server, following the 
> instructions of the newest tutorial. As far as I can tell, everything works 
> fine.
>
> Now, I am trying to replace the selfsigned certificate and use a 
> domain-certificate instead, following the information from: 
> https://openmeetings.apache.org/HTTPS.html#real-certificate. But after this 
> and after a reboot - the https-site is not avaiable anymore (site cannot be 
> found). I am a bit at loss here about what to do now.
>
> Here is what I did:
>
> First Attempt
> --
> --
>
> cd /opt/open504/conf
> sudo mv localhost.jks localhost.org
> sudo keytool -keysize 4096 -genkey -alias openmeetings -keyalg RSA -storetype 
> PKCS12 -keystore /opt/open504/conf/localhost.jks
> Old password:   PassW0rd
> New password:   PassW0rd
> Name (Websitename): myserver
> (...)
>
> sudo keytool -certreq -keyalg RSA -alias openmeetings -file
> openmeetings.csr -keystore /opt/open504/conf/localhost.jks sudo cp
> openmeetings.csr /media/netshare
>
> Here, I opened the website of my domain-CA, which is a Server 2012 R2
> Windows Server (https://issuingca/certsrv/) I chose: request a certificate.
> I chose: advanced certificate request.
> I chose: submit a certificate request by using a base-64-encoded (...).
> I opened the request-file (openmeetings.csr) in a texteditor and used copy & 
> paste to hand in my request.
> I chose "Web Server" as certificate-template and start the request.
> I download the certificate as Base-64-Certificate (cer-filetype) - the 
> certificate is valid.
> I copy this certificate and the certificate of my root and my issuing CA onto 
> my netshare, so I can access it from my OpenMeetings-Linux-Server.
>
> cd /opt/open504/conf
> sudo cp /media/netshare/root.crt root.crt sudo cp
> /media/netshare/issuing.cer issuing.cer sudo cp
> /media/netshare/myserver.cer myserver.cer sudo keytool -import -alias
> root -keystore /opt/open504/conf/localhost.jks -trustcacerts -file
> root.crt sudo keytool -import -alias intermed -keystore
> /opt/open504/conf/localhost.jks -trustcacerts -file issuing.cer sudo
> keytool -import -alias openmeetings -keystore
> /opt/open504/conf/localhost.jks -trustcacerts -file myserver.cer
>
> ==> No errors so far.
>
> sudo reboot now
> sudo /etc/init.d/mysql start
> sudo /etc/init.d/kurento-media-server start sudo /etc/init.d/tomcat3
> start
>
> ==> HTTPS-Website is not available.
>
> Second Attempt
> --
> --
>
> I found out, that the certificate-template "Web Server" may not be right. It 
> says, the maximum is 2048.
> So I created a new template ("Web Server 4096") and changed the length to 
> 4096.
> I also checked the option, that the private key is exportable.
> I started from the beginning - same result.
>
> Third Attempt
> -

AW: OpenMeetings - switch to port 443

2020-05-06 Thread Rohrbach, Gerald

Peter,

thanks for the conclusion, with the fixes from Juan I was also able to get it 
working on 443.

As in your later posts commented a problem are company firewalls.
They are much more restrictive. And in many companies the firewalls are 
maintained by externals or
Corporate IT. So it’s nearly impossible to get some ports opened in a short 
time.
The second possibility is using hosted services, but LDAP and AD can’t really 
be used then.

In home offices the home routers are not a problem in most cases.
This is our experience. As we are a smaller company firewall is under our 
control,
and we have also a test internet link to play with..

To use just port 443 is probably technical difficult, because it needs probably 
a total redesign of OM and the components in use.



Gerald






Von: Peter-Otto Weber [mailto:cyber...@hotmail.de]
Gesendet: Dienstag, 5. Mai 2020 19:33
An: user@openmeetings.apache.org
Betreff: OpenMeetings - switch to port 443

Together with Maxim and Juan (they had the brain and i had the fingers) i was 
able to configure my OpenMeetings m3 to work on Port 443.

The base system follows the guides

· Installation OpenMeetings 5.0.0-M3 on Ubuntu 18.04 LTS.pdf
· Installation SSL certificates and Coturn for OpenMeetings 5.0.0-M3.pdf

The main problems were with firewall and Coturn using „kurento“ as user and not 
„nobody“.

After all it was not so many things to do:

Backup /opt(open503/openmeetings.service
Backup /opt/open503/config/server.xml

Change openmeetings.service

[Service]
Type=forking
ADD THIS LINE --> AmbientCapabilities=CAP_NET_BIND_SERVICE

Change all folders /openmeetings/ to /open503/

Change User=nobody to User = kurento

Copy this file to /etc/systemd/system/openmeetings.service

Change all port 5443 to 443 in server.xml (two places)

Check firewall and open port 443 if not open as in my case 😉  )

Reboot

sudo /etc/init.d/mysql start MariaDB data server
sudo /etc/init.d/kurento-media-server start   Kurento media server
sudo systemctl start openmeetings   openmeetings

There’s still a problem with creating pid file – i will check out later…

Best wishes

POW

AW: OpenMeeting 5.0.0-M4, LDAP-connection recognizes "Deutschland" as "Andorra"

2020-05-06 Thread Rohrbach, Gerald

Alexander,

if I remember right you need to use c instead of co.
Look at AD  attributes under the user. c = DE
With that the mapping will work in OM


Gerald

-Ursprüngliche Nachricht-
Von: Ninnig, Alexander [mailto:alexander.nin...@rechnungshof.rlp.de] 
Gesendet: Mittwoch, 6. Mai 2020 15:09
An: user@openmeetings.apache.org
Betreff: OpenMeeting 5.0.0-M4, LDAP-connection recognizes "Deutschland" as 
"Andorra"

Hi,

I managed to get a working LDAP-connection. But OpenMeetings gets the country 
wrong.
All my users have the country "Deutschland", which is a drop-down-menue in 
Active Directory, so there's no chance of misspelling.
This AD-attribute is "co".
In my om_ldap.conf, the corresponding line is: "ldap_user_attr_country=co", so 
that's correct.
But after logging in using this LDAP-connection, German users have "Andorra" as 
country, not "Deutschland".
Can I fix this myself?

AD provides a country-code (for Germany, this would be 276). Can OpenMeetings 
use this instead?


Side-question (not directly related to the country-question): Are there more 
ldap_user_attributes I could use (other than mentioned in the om_ldap.cfg)?

Best regards,
Alex

AW: [DISCUSSION] next release

2020-05-13 Thread Rohrbach, Gerald

Maxim,

cool, you are coming forward…


SIP Next Release means 6.0.0?


Gerald

Von: Maxim Solodovnik [mailto:solomax...@gmail.com]
Gesendet: Mittwoch, 13. Mai 2020 17:47
An: Openmeetings user-list 
Betreff: [DISCUSSION] next release

Hello All,

Today I've noticed we already addressed 41 issue for M5
I would like to perform next release as soon as current `master` will be even 
more stable
And release it as "5.0.0" (NOT 5.0.0-M5)

I plan to include
https://issues.apache.org/jira/browse/OPENMEETINGS-2297
https://issues.apache.org/jira/browse/OPENMEETINGS-2236
https://issues.apache.org/jira/browse/OPENMEETINGS-2217

to upcoming release as well

there is no ETA yet due to
1) we still have reports regarding stability
2) we are waiting for Apache Wicket release

please let me know if you see other blockers :)

SIP most probably will go to the next release

--
Best regards,
Maxim

AW: [DISCUSSION] next release

2020-05-13 Thread Rohrbach, Gerald

Sebastian,

unfortunately we have only up to 10 users in one room.
We are using only for internal communication and the server is in intranet only.

We are using nearly the latest snapshot.
I have tried a machine in DMZ with coturn but running on some issues, where in 
the moment not the
time is to look in detail. In general it works, issues are from our internal 
network.

We have a second physical machine with OM direct connected to internet, for 
some special cases with
Externals.

My technical question is, if we have 50 users connected from outside and just 
one presenter is sharing his video
do we then need 50 times of the bandwidth or just one time?
I would think that it is not 1 stream but 50.

We have currently only 100Mbit/100Mbit link, but we need to keep an eye on the 
used bandwidth in the moment. So if the bandwidth needed for large meetings is 
high one of the solution is to use
a machine from a provider.


Gerald



Von: seba.wag...@gmail.com [mailto:seba.wag...@gmail.com]
Gesendet: Donnerstag, 14. Mai 2020 06:36
An: Openmeetings user-list 
Betreff: Re: [DISCUSSION] next release

Yeah that would be great if we have some users that can provide some testing 
feedback with larger audiences.

We had some Universities in the past that could run some tests for us.

Thanks,
Seb

Sebastian Wagner
Director Arrakeen Solutions
http://arrakeen-solutions.co.nz/
[https://docs.google.com/uc?export=download&id=1t5l4fYqVtbJjERRDpWr4rAWs1NaTQTTs&revid=0B8S16KN5ZufrSC9HTi9iN01hYmZ4TlcvejJKU0NpWDJpdG1nPQ]<https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>[https://docs.google.com/uc?export=download&id=1AZVcWPzy8wuL5aEYb991Tg11BLowsVFj&revid=0B8S16KN5ZufrT0pNRmJyZEpiQWVwN1FrMWh4MXFaUTFSZHBFPQ]<https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>


On Thu, 14 May 2020 at 14:59, Maxim Solodovnik 
mailto:solomax...@gmail.com>> wrote:
Hello Sebastian,

On Thu, 14 May 2020 at 06:03, 
seba.wag...@gmail.com<mailto:seba.wag...@gmail.com> 
mailto:seba.wag...@gmail.com>> wrote:
How are we doing in terms of Load Testing ?

Well I see no way to test heavy load at one machine
Here are some number for KMS: https://testrtc.com/sessions-kurento-server/

I had plans to re-implement external video functionality
this might allow as to test room load with multiple streams
but I believe this is not real-world scenario

my laptop can handle ~20-30 simultaneous tabs, not 100 


I don't mind so much feature completeness or 100% replicating what was in 4.x.

But I am mindful of the backlash in terms of being production ready if we have 
issues in scaling up to 100+ concurrent users.

Do we have any positive results/feedback/scenarios on that ?
Can we do anything to de-risk this and confirm we are ready for production ?

Are there any users on this list that can help us and that can run a low risk 
scenario with 100+ users in a presentation conference room ?

Peter has published numbers for 4.x
Maybe he can share numbers for 5.0 if it will be stable enough :)


Thanks,
Seb

Sebastian Wagner
Director Arrakeen Solutions
http://arrakeen-solutions.co.nz/
[https://docs.google.com/uc?export=download&id=1t5l4fYqVtbJjERRDpWr4rAWs1NaTQTTs&revid=0B8S16KN5ZufrSC9HTi9iN01hYmZ4TlcvejJKU0NpWDJpdG1nPQ]<https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>[https://docs.google.com/uc?export=download&id=1AZVcWPzy8wuL5aEYb991Tg11BLowsVFj&revid=0B8S16KN5ZufrT0pNRmJyZEpiQWVwN1FrMWh4MXFaUTFSZHBFPQ]<https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>


On Thu, 14 May 2020 at 08:55, K. Kamhamea 
mailto:kamha...@googlemail.com>> wrote:
Please can someone explain?
I understand that SIP has something to do with IP telephones, but what does 
that mean to OM functionality?
Best K.

Am Mi., 13. Mai 2020 um 18:15 Uhr schrieb R. Scholz 
mailto:rene.sch...@abakus-edv-systems.de>>:
Hello Maxim,

at this moment two things are important for me:
- calling a room directly with room-name
- SIP-support

Best regards,

René

Am 13.05.2020 um 17:59 schrieb Maxim Solodovnik:

On Wed, 13 May 2020 at 22:55, Rohrbach, Gerald 
mailto:g.rohrb...@funkegruppe.de>> wrote:
Maxim,

cool, you are coming forward…


SIP Next Release means 6.0.0?

This need to be discussed separately, but I would say 5.1.0 :)



Gerald

Von: Maxim Solodovnik [mailto:solomax...@gmail.com<mailto:solomax...@gmail.com>]
Gesendet: Mittwoch, 13. Mai 2020 17:47
An: Openmeetings user-list 
mailto:user@openmeetings.apache.org>>
Betreff: [DISCUSSION] next release

Hello All,

Today I've noticed we already addressed 41 issue for M5
I would like to perform next release as soon as current `master` will be even 
more stable
And release it as "5.0.0" (NOT 5.0.0-M5)

I plan to include
https://issues.apache.org/jira/browse/OPENMEETINGS-2297
https://issues.apache.org/jira/browse

AW: New Features: "very fast conference" and more

2020-05-17 Thread Rohrbach, Gerald

Rene, this looks like Jitsi

For Video conferencing it´s okay and simple to setup.
But functionality is different than OM.

Running on corporate links and firewalls seems to work fine with our 
subsidiaries.
But with the German AVM Fritzbox router we did not got it working. 
There was a hard delay of video/voice, several seconds. ( often > 10 seconds)
With all testing changes, forwarding, priority we did not got it working.
The Internet bandwidth with 50/10 Mbit should be okay. We tested with
different people, different links, differnent laptops/Pc`s
It seems that the box has some priority for VOIP somehow setup.

At the end this was the killer to use it, as a lot of people do have such a 
router in the home office.

WLAN always seems to have not the best bandwidth for Jitsi and also OM.
That’s why I recommend always cable connection to get a good result.

Maybe someone knows a solution for this.


Regards

Gerald.







-Ursprüngliche Nachricht-
Von: R. Scholz [mailto:rene.sch...@abakus-edv-systems.de] 
Gesendet: Freitag, 15. Mai 2020 19:14
An: user@openmeetings.apache.org
Betreff: New Features: "very fast conference" and more

Hello,

today we had a online-conference from our marketing-company.
They have their own conference-system.

Total easy to login and runs very nice.
All members (without exception) have no problems to enter the conference-room 
and use their microphone and, the notebook-user, their camera.

I must admit freely: Not bad.

I think there are some features we shpuld have a deeper look on it - and 
implement in our OM.

- No problems with ports: All members, including the members  from official 
institutions, can login without problems and no changes with their firewall.
(I asked one (or two) weeks ago that question.) And use the microphone and 
camera.
Essential point: It seems it is possible to make a video/audio-conference with 
all peoples, including this one who are behind a "Great firewall".

- The handling -> New OM-feature: "Quick-conference":
1.) Calling a URL
2.) Enter a Name
Thats all.
(That was the only information we got from the marketing-company.) And it works.

(We must use Google-Chrome. It was recommended.)

- a very tidy desktop: a few icons and all work very good, including sharing 
desktop.

- OK, security is not a focus here. But that is a "Quick-conference".

...

If anybody wants to try:
https://besprechung.konferenzen.online

With best regards,

René

AW: resize SCREEN (disconnect and connect)

2020-05-22 Thread Rohrbach, Gerald

Maxim,

thanks for the info with the hotkey,
I had the same experience like Martin,  the hotkey is a good hint. I will try 
in the next sessions.

Probably Martin means to store the positions of all the user windows once they 
are connected, so if they reconnect the window will appear in the same places, 
where we moved it before.


Gerald

Von: Maxim Solodovnik [mailto:solomax...@gmail.com]
Gesendet: Freitag, 22. Mai 2020 13:20
An: Openmeetings user-list 
Betreff: Re: resize SCREEN (disconnect and connect)



On Fri, 22 May 2020 at 18:16, Chamberland, Martin 
mailto:martin.chamberl...@fadq.qc.ca>> wrote:

[cid:banner1.jpg]

Thank’s Maxim for the hotkey, but I will try to explain better.
When you enter a room, your video windows showing on the main screen of the 
meetings, just above the whiteboard, right ?
Suppose they are 5 users in that room,  so you have to move and resize the 
screen of each of them to fit your need.

After the meeting start, everything is good,  all those windows are placed when 
you to them to be, that is perfect.
But, what we can see is that if any of those 5 users have a bad internet 
connection, poor quality, it will maybe disconnect and reconnect because of 
that poor internet network.
And then,  his screen (only that user) will become again (after his 
reconnection automaticly) with the original size, so you have to again, resize 
it to fit your need.
If 2-3 users of those 5 have bad connection, it can become really anoying.

I hope it’s more clear.

Yes,
The hotkey I posted should do the following:
1) resize all video windows to be 120x90
2) allign them left-to-right, bottom-to-top

Not sure what else can done :(


De : Maxim Solodovnik [mailto:solomax...@gmail.com]
Envoyé : 21 mai 2020 22:04
À : Openmeetings user-list 
mailto:user@openmeetings.apache.org>>
Objet : Re: resize SCREEN (disconnect and connect)

Hello Martin,

On Fri, 22 May 2020 at 02:17, Chamberland, Martin 
mailto:martin.chamberl...@fadq.qc.ca>> wrote:

[cid:image001.jpg@01D63008.CBBE8260]

It’s probably not really a bug, but let me  try to explain.

When someone enter a room, you have to resize his screen to fit your need (do 
that for everyone).
The problem start, when someone in the meeting have a poor connection,  he will 
be disconnected and reconnected automaticly, but you have to “again” and 
“again”…. Resize his screen.
That is pretty annoying.

There is hotkey to resize video pod + align (Ctrl+Shift+KeyA by default 
https://openmeetings.apache.org/GeneralConfiguration.html)
Is it what you are looking for?


Can we disable something, to get rid of this behavior.

I hope I’m enough clear in my explanation


--
Best regards,
Maxim


--
Best regards,
Maxim

OM 5 - Android Tablet

2020-05-29 Thread Rohrbach, Gerald

Maxim,

OM 5 version is working fine. Also with new Chrome based browser Egde  it works 
fine.
OM 5 Snapshot 5 OBE4245


We have tested with Android tablets, also works fine in general.
To resize the video windows is a little bit tricky, you need to find the right 
position with the finger to resize.
Maybe you have an idea how to improve this.

Screen sharing is not working, NotAllowed: Invaild status.
If I remember right there is a different technology in use to transfer the 
screen.
Do you think there is an easy way to fix it?
If you do not have an tablet, what information I should deliver.

Regards

Gerald

AW: OM 5 - Android Tablet

2020-06-01 Thread Rohrbach, Gerald

Maxim,

after some training with the windows resizing it works on Android table.
Probably most users would give up. It´s really hard.
Thinking about the feature to store the video window size and position by room 
maybe
this can be done on the left side, where all users are listed.
So by user, for the video standard position A,B,C,D and SizeA,SizeB, SizeC.
If the window is moved manually, just the relative coordinates.
Maybe like in Android, relative, percentages so if the room is called with a 
different resolution,
It would looks similar.


We have also tested with Ipad. With Firefox on the Ipad no success,
but Safari works. Video perfect, but no sound. Also no Screen sharing, browser 
not supported.

Just to give some feedback. Maybe someone know a solution for the audio issue.
Maybe just a security setting

Regards

Gerald




Von: Maxim Solodovnik [mailto:solomax...@gmail.com]
Gesendet: Samstag, 30. Mai 2020 05:36
An: Openmeetings user-list 
Betreff: Re: OM 5 - Android Tablet

Hello Gerald,

On Fri, 29 May 2020 at 21:00, Rohrbach, Gerald 
mailto:g.rohrb...@funkegruppe.de>> wrote:
Maxim,

OM 5 version is working fine. Also with new Chrome based browser Egde  it works 
fine.
OM 5 Snapshot 5 OBE4245


We have tested with Android tablets, also works fine in general.
To resize the video windows is a little bit tricky, you need to find the right 
position with the finger to resize.
Maybe you have an idea how to improve this.

The only way I see: increase video pod and make bottom-right angle with resize 
icon more visible ...
Any other ideas?


Screen sharing is not working, NotAllowed: Invaild status.
If I remember right there is a different technology in use to transfer the 
screen.
Do you think there is an easy way to fix it?
If you do not have an tablet, what information I should deliver.

Android tablet is sort of single threaded
So while you are in OM room you can share browser tab with OM room only
(it sounds useless)

I would expect browser sharing API shouldn't be available
I'll try to reproduce using my Android phone and will report back


Regards

Gerald


--
Best regards,
Maxim

AW: Guest Handling - Show nickname in Video Windows also

2020-06-02 Thread Rohrbach, Gerald

Peter,

well, I´m doing with the command line:

Backup:
./admin.sh -b -file /opt/open505-1-sik.zip

Restore:
./admin.sh -i -file /opt/open505-1-sik.zip --db-type mysql --db-host -OM-DB
--db-name open5052 --db-user omdb --db-pass '#Password#'

This works well, of course you need to create a new database..
Mysql:
CREATE DATABASE open5052 DEFAULT CHARACTER SET 'utf8';

GRANT ALL PRIVILEGES ON open5052.* TO 'omdb'@'%' IDENTIFIED BY '#Password#'
WITH GRANT OPTION;
I have done several times, so it works fine but ….

Gerald

Von: Peter-Otto Weber [mailto:cyber...@hotmail.de]
Gesendet: Dienstag, 2. Juni 2020 12:57
An: user@openmeetings.apache.org
Betreff: AW: Guest Handling - Show nickname in Video Windows also

o.k. i am a big step further but do have problems restoring the backup.

I was able to do all this „§“§$“$%&%!§$%!§$&!$§%&$§&!“ things needed to come
back tot he install of OM 5.0.5.

Now i wanted to restore the previous over gui backupped data.

Especially all users and user configs.

Well i can check the zip file but nothing happens???

Not even a feedback via gui.

Just selecting the zip, pressing o.k. and nothing more?

And now – Vodka and Gin??

POW

Von: Maxim Solodovnik mailto:solomax...@gmail.com>>
Gesendet: Dienstag, 2. Juni 2020 12:00
An: Openmeetings user-list
mailto:user@openmeetings.apache.org>>
Betreff: Re: Guest Handling - Show nickname in Video Windows also

On Tue, 2 Jun 2020 at 16:55, Peter-Otto Weber
mailto:cyber...@hotmail.de>> wrote:
AArghl guess i need some wodka …

Great choice :))
But might be a bit early for vodka :)))

Von: Maxim Solodovnik mailto:solomax...@gmail.com>>
Gesendet: Dienstag, 2. Juni 2020 11:32
An: Openmeetings user-list
mailto:user@openmeetings.apache.org>>
Betreff: Re: Guest Handling - Show nickname in Video Windows also

On Tue, 2 Jun 2020 at 16:24, Peter-Otto Weber
mailto:cyber...@hotmail.de>> wrote:
Well – looks like at least bringing back the original data made the system
available again.

Maxim – you should be aware that i am a „stupid end user“ regarding OM
Installations.

You are setting up and administer server, so I doubt it is true :)))

Well right now i have the system working again.

What ist he best way to update?

I guess that i need to put all the changes i made regarding „kurento“ user, own
SSL certificate a.s.o. back into the system after unpacking the directory?

Backup preserves and restores only DB
So you have to restore all changes you have made to OM configuration
Including but not limited by
1) conf/server.xml
2) webapps/openmeetings/WEB-INF/classes/applicationContext.xml

since you are using `./admin.sh -v -i -file ../backup_today.zip --drop
--skip-default-objects`
You have to manually update
webapps/openmeetings/WEB-INF/classes/META-INF/persistense.xml
**This can be avoided if you will pass desired DB params to `./admin.sh`
script (be careful with passing password, it might be preserved in bash history
... )

Will / shall this be done by the backup?

POW

Von: Maxim Solodovnik mailto:solomax...@gmail.com>>
Gesendet: Dienstag, 2. Juni 2020 11:17
An: Openmeetings user-list
mailto:user@openmeetings.apache.org>>
Betreff: Re: Guest Handling - Show nickname in Video Windows also

I was hoping you test using additional copy with internal H2 DB ...

Since you did all backups you can just
1) restore DB using DB tool for restore
2) restore your previous OM version

According to WARN and ERROR - I can't help until I see them ...

On Tue, 2 Jun 2020 at 16:13, Peter-Otto Weber
mailto:cyber...@hotmail.de>> wrote:
Why does it always have to be me???

I followed the guide to update the server:

Detailed steps

1. Stop Openmeetings
2. (*) Backup folder with existing installation
3. (*) Perform DB backup using tools available for your database
4. ./admin.sh -v -b -file ../backup_today.zip
5. Delete/move folder with existing installation of OM
6. Unzip new version of OM into the same folder
7. ./admin.sh -v -i -file ../backup_today.zip --drop --skip-default-objects
(Optionally you can specify additional parameters like DB
host/user/pass/instance etc.)
8. Start Openmeetings
9. go to http://localhost:5080/openmeetings
Well – trying to restore i get – nothing but WARN and ERROR.

The server does not come up – productive system down.

Any help?

Von: Maxim Solodovnik mailto:solomax...@gmail.com>>
Gesendet: Dienstag, 2. Juni 2020 03:32
An: Openmeetings user-list
mailto:user@openmeetings.apache.org>>
Betreff: Re: Guest Handling - Show nickname in Video Windows also

The latest release is 5.0.0-M4
(I believe we should drop "M" and release 5.0.0 ASAP)

latest release is here https://openmeetings.apache.org/downloads.html
most recent unreleased version here
https://builds.apache.org/view/M-R/view/OpenMeetings/job/openmeetings/

I would appreciate if you can test if the issue is reproducible using latest
SNAPSHOT :))

On Sun, 31 May 2020 at 19:46, Peter-Otto Weber
mailto:cyber...@hotmail.de>> wrote:

AW: OM 5 - Android Tablet

2020-06-07 Thread Rohrbach, Gerald

Tested latest snapshot some minutes ago.

Perfect now, this is much better now Maxim.

Gerald

Von: Maxim Solodovnik [mailto:solomax...@gmail.com]
Gesendet: Dienstag, 2. Juni 2020 04:04
An: Openmeetings user-list
Betreff: Re: OM 5 - Android Tablet

Hello Gerald,

On Mon, 1 Jun 2020 at 23:20, Rohrbach, Gerald
mailto:g.rohrb...@funkegruppe.de>> wrote:
Maxim,

after some training with the windows resizing it works on Android table.
Probably most users would give up. It´s really hard.

I'll try to make resize handle visible
https://stackoverflow.com/questions/16061117/jquery-ui-1-10-2-how-to-get-resize-handles-visible-inside-dialog
might help

could you create JIRA?

Thinking about the feature to store the video window size and position by room
maybe
this can be done on the left side, where all users are listed.
So by user, for the video standard position A,B,C,D and SizeA,SizeB, SizeC.
If the window is moved manually, just the relative coordinates.
Maybe like in Android, relative, percentages so if the room is called with a
different resolution,
It would looks similar.

Will try to answer in other thread

We have also tested with Ipad. With Firefox on the Ipad no success,
but Safari works. Video perfect, but no sound. Also no Screen sharing, browser
not supported.

Just to give some feedback. Maybe someone know a solution for the audio issue.
Maybe just a security setting

Can't help right now :(
don't have Mac :(((

Regards

Gerald

Von: Maxim Solodovnik [mailto:solomax...@gmail.com<mailto:solomax...@gmail.com>]
Gesendet: Samstag, 30. Mai 2020 05:36
An: Openmeetings user-list
mailto:user@openmeetings.apache.org>>
Betreff: Re: OM 5 - Android Tablet

Hello Gerald,

On Fri, 29 May 2020 at 21:00, Rohrbach, Gerald
mailto:g.rohrb...@funkegruppe.de>> wrote:
Maxim,

OM 5 version is working fine. Also with new Chrome based browser Egde it works
fine.
OM 5 Snapshot 5 OBE4245

We have tested with Android tablets, also works fine in general.
To resize the video windows is a little bit tricky, you need to find the right
position with the finger to resize.
Maybe you have an idea how to improve this.

The only way I see: increase video pod and make bottom-right angle with resize
icon more visible ...
Any other ideas?

Screen sharing is not working, NotAllowed: Invaild status.
If I remember right there is a different technology in use to transfer the
screen.
Do you think there is an easy way to fix it?
If you do not have an tablet, what information I should deliver.

Android tablet is sort of single threaded
So while you are in OM room you can share browser tab with OM room only
(it sounds useless)

I would expect browser sharing API shouldn't be available
I'll try to reproduce using my Android phone and will report back

Regards

Gerald

--
Best regards,
Maxim

Open Meetings 5 - Autostart docker

2020-09-14 Thread Rohrbach, Gerald

I reinstalled my open meeting server with actual version.
The manual is nearly perfect from Alvaros.

I missed the part to start the kms docker automatically after rebooting machine.
It seems also that the tomcat3 script does not autostart.

Can someone point me in the right direction. I´m running Ubuntu 20.04.

Thanks
Gerald

Von: dww [mailto:dwort...@mykolab.com]
Gesendet: Samstag, 12. September 2020 21:35
An: user@openmeetings.apache.org
Betreff: Re: Installation issue with Kurento Media Server

Hi,

I am at a loss on what to do. I checked all the log files I could find and the 
error below from the log file for the kms docker container is the only thing I 
could find but I followed the tutorial for applicationContext.xml.
The only strange thing I saw was that in /opt/logs, I see log files 
openmeetings.log and like openmeetings.2020-08-30.0.log however they have not 
been written to since 8/31/2020.

Any other suggestions? I would like to get this working for a small non-profit 
group so we can avoid using Zoom.

Should I do a direct install of KMS instead of using the docker container? 
However, I surmise that alot of users got this to work.

Thanks,

Dennis





On Tue, 2020-09-08 at 09:44 +0700, Maxim Solodovnik wrote:


On Tue, 8 Sep 2020 at 09:39, dww 
mailto:dwort...@mykolab.com>> wrote:
In /var/lib/docker/containers/ I opened the Json file with the docker container 
for KMS in the file name.

In that file I see around the time of the failure:

{"log":"5:29:26.856026045 1 0x7f9618004430 INFO
KurentoWebRtcEndpointImpl 
WebRtcEndpointImpl.cpp:104:remove_not_supported_codecs_from_array:\u003ckmswebrtcendpoint1\u003e
 Removing not supported codec 
'AMR/8000'\n","stream":"stderr","time":"2020-09-08T02:12:56.902103176Z"}

{"log":"5:29:26.868700168 1 0x7f9618004430 INFO
KurentoWebRtcEndpointImpl WebRtcEndpointImpl.cpp:540:WebRtcEndpointImpl: STUN 
port not found in config; using default value: 
3478\n","stream":"stderr","time":"2020-09-08T02:12:56.914764538Z"}

{"log":"5:29:26.869257940 1 0x7f9618004430 INFO
KurentoWebRtcEndpointImpl WebRtcEndpointImpl.cpp:548:WebRtcEndpointImpl: STUN 
server not found in config; remember that NAT traversal requires STUN or 
TURN\n","stream":"stderr","time":"2020-09-08T02:12:56.91519092Z"}

{"log":"5:29:26.869322090 1 0x7f9618004430 INFO
KurentoWebRtcEndpointImpl WebRtcEndpointImpl.cpp:571:WebRtcEndpointImpl: TURN 
server not found in config; remember that NAT traversal requires STUN or 
TURN\n","stream":"stderr","time":"2020-09-08T02:12:56.91523371Z"}

It appears that the STUN port and server, and the TURN server are not found in 
the config. I don't understand I followed the directions in the tutorial?

Are they referring to the file: var/lib/docker/containers/{container 
no}\config.v2.json? In there I see

"KMS_MTU=","KMS_EXTERNAL_ADDRESS=","KMS_NETWORK_INTERFACES=","KMS_STUN_IP=","KMS_STUN_PORT=","KMS_TURN_URL="]


Do these need to filled in manually?


well,
i was unable to provide STUN/TURN to KMS (it doesn't work for me)
this is why it is configured in applicationContext.xml


Thanks,

Dennis

On Mon, 2020-09-07 at 21:59 -0400, dww wrote:

This is frustrating , I checked docker ps and got:
CONTAINER IDIMAGE  COMMAND CREATED  
   STATUS   PORTSNAMES
518e88f02d50kurento/kurento-media-server   "/entrypoint.sh"7 days 
ago  Up 5 hours (healthy) 0.0.0.0:->/tcp   kms


However is see no folder named /var/log/kurento-media-server and therefore no 
log files

Also where I installed OM: /opt/open500/logs I see no file openmeetings.log, I 
see file that start with catalina, host-manager, localhose, 
localhose_access_log, manager. But there is no error in those as far as I can 
see. In syslog there was a problem with rabbitmq-server which I solved but I 
think is unrelated.

Why am I seeing no OM or KMS log files?

Dennis
On Mon, 2020-09-07 at 09:45 +0700, Maxim Solodovnik wrote:
Hello Dennis,

On Mon, 7 Sep 2020 at 02:39, dww 
mailto:dwort...@mykolab.com>> wrote:
On Thu, 2020-09-03 at 22:39 +0700, Maxim Solodovnik wrote:
What is the client OS/browser?
Tried on laptop with PureOS , debian derived distro and with PureBrowser a 
derivative of Firefox
Also tried on 64 bit Windows 10 laptop with both Firefox and Chrom
Same problem with both.


1-2 clients usually works without issues


Do you have enough resources on server?
I have OM and KMS installed on a Linode (VM) with 8GB, 4 Cores, 160 GB SSD 
storage, Network Transfer-5TB, Network In-40Gpbs, Network Out-5000Mbps


8GB might be not enough, start/stop params and logs need to be examined


Can you check OM and KMS logs? are there any errors?
Sorry to ask, but are the locations of the logs on the server?


OM logs are here: ${OM_HOME}/logs/openmeetings.log
KMS logs are in /var/log/kurento-media-server/  (I would recommend to stop KMS, 
clean log dir, start it and then try to r

AW: Open Meetings 5 - Autostart docker

2020-09-14 Thread Rohrbach, Gerald

Alvaro,

works fine. It takes a while for booting up. Thanks.

Is there still only the way for the screen sharing resolution to change in the
.html file or is there a better way now?
I have been using a lot of former snapshot versions, the update and manual
steeps always took some time

Screen Sharing
webapps/openmeetings/WEB-INF/classes/org/apache/openmeetings/web/room/RoomPanel.html
You must look for > 1280 value = 600 >> 720

Maybe you have a hint for this too. I do not want to change the whole file,
just this settings.

Gerald

Von: Alvaro [mailto:zurca...@gmail.com]
Gesendet: Montag, 14. September 2020 16:08
An: user@openmeetings.apache.org
Betreff: Re: Open Meetings 5 - Autostart docker

Hello Gerald,

It i do is:

# systemctl enable docker.service

...that is for auto boot docker.

# Build a script to auto-run kms and coturm (turn server):

nano /etc/init.d/boot

...and copy-paste inside:

#!/bin/bash
docker start kms
/etc/init.d/coturn start

...you can add /etc/init.d/tomcat3 start ...and press
Ctrl+X...will ask if save...press Y and ENTER to exit nano editor.

Now give execution permission:

chmod +x /etc/init.d/boot

...and a link to this script for running when boot:

ln -s /etc/init.d/boot /etc/rc3.d/S98boot

All this works for me in Ubuntu 20.04

El lun, 14-09-2020 a las 12:41 +, Rohrbach, Gerald escribió:
I reinstalled my open meeting server with actual version.
The manual is nearly perfect from Alvaros.

I missed the part to start the kms docker automatically after rebooting machine.
It seems also that the tomcat3 script does not autostart.

Can someone point me in the right direction. I´m running Ubuntu 20.04.

Thanks
Gerald

Von: dww [mailto:dwort...@mykolab.com]
Gesendet: Samstag, 12. September 2020 21:35
An: user@openmeetings.apache.org<mailto:user@openmeetings.apache.org>
Betreff: Re: Installation issue with Kurento Media Server

Hi,

I am at a loss on what to do. I checked all the log files I could find and the
error below from the log file for the kms docker container is the only thing I
could find but I followed the tutorial for applicationContext.xml.
The only strange thing I saw was that in /opt/logs, I see log files
openmeetings.log and like openmeetings.2020-08-30.0.log however they have not
been written to since 8/31/2020.

Any other suggestions? I would like to get this working for a small non-profit
group so we can avoid using Zoom.

Should I do a direct install of KMS instead of using the docker container?
However, I surmise that alot of users got this to work.

Thanks,

Dennis

On Tue, 2020-09-08 at 09:44 +0700, Maxim Solodovnik wrote:

On Tue, 8 Sep 2020 at 09:39, dww
mailto:dwort...@mykolab.com>> wrote:
In /var/lib/docker/containers/ I opened the Json file with the docker container
for KMS in the file name.

In that file I see around the time of the failure:

{"log":"5:29:26.856026045 1 0x7f9618004430 INFO
KurentoWebRtcEndpointImpl
WebRtcEndpointImpl.cpp:104:remove_not_supported_codecs_from_array:\u003ckmswebrtcendpoint1\u003e
Removing not supported codec
'AMR/8000'\n","stream":"stderr","time":"2020-09-08T02:12:56.902103176Z"}

{"log":"5:29:26.868700168 1 0x7f9618004430 INFO
KurentoWebRtcEndpointImpl WebRtcEndpointImpl.cpp:540:WebRtcEndpointImpl: STUN
port not found in config; using default value:
3478\n","stream":"stderr","time":"2020-09-08T02:12:56.914764538Z"}

{"log":"5:29:26.869257940 1 0x7f9618004430 INFO
KurentoWebRtcEndpointImpl WebRtcEndpointImpl.cpp:548:WebRtcEndpointImpl: STUN
server not found in config; remember that NAT traversal requires STUN or
TURN\n","stream":"stderr","time":"2020-09-08T02:12:56.91519092Z"}

{"log":"5:29:26.869322090 1 0x7f9618004430 INFO
KurentoWebRtcEndpointImpl WebRtcEndpointImpl.cpp:571:WebRtcEndpointImpl: TURN
server not found in config; remember that NAT traversal requires STUN or
TURN\n","stream":"stderr","time":"2020-09-08T02:12:56.91523371Z"}

It appears that the STUN port and server, and the TURN server are not found in
the config. I don't understand I followed the directions in the tutorial?

Are they referring to the file: var/lib/docker/containers/{container
no}\config.v2.json? In there I see

"KMS_MTU=","KMS_EXTERNAL_ADDRESS=","KMS_NETWORK_INTERFACES=","KMS_STUN_IP=","KMS_STUN_PORT=","KMS_TURN_URL="]

Do these need to filled in manually?

well,
i was unable to provide STUN/TURN to KMS (it doesn't work for me)
this is why it is configured in applicationContext.xml

Thanks,

Dennis

On Mon, 2020-09-07 at 21:59 -0400, dww wrote:

This is frustrating , I checked docker ps and got:
CONTAINE

AW: [HELP NEEDED] Asterisk configuration

2020-10-29 Thread Rohrbach, Gerald

Maxim,

is that for version 5?. Did you started now with implementation for SIP?

Gerald

Von: Maxim Solodovnik [mailto:solomax...@gmail.com]
Gesendet: Donnerstag, 29. Oktober 2020 08:09
An: Openmeetings user-list 
Betreff: [HELP NEEDED] Asterisk configuration

Hello All,

I really hope we have Asterisk experts on this list, who willing to help :))

My current configuration is described here 
https://github.com/apache/openmeetings/blob/master/openmeetings-server/src/site/markdown/AsteriskIntegration.md
(the only exception im using `ws` instead of `wss`)

I'm trying to send video stream from OM room to Asterisk room

-- Registered SIP 'omsip_user' at 
192.168.1.211:39117
  == Using SIP VIDEO CoS mark 6
  == Using SIP RTP CoS mark 5
   > 0x7fc3d0028f50 -- Strict RTP learning after remote address set to: 
0.0.0.0:9
-- Executing [4005@rooms-omsip:1] GotoIf("SIP/omsip_user-", 
"1?ok:notavail") in new stack
-- Goto (rooms-omsip,4005,2)
-- Executing [4005@rooms-omsip:2] ConfBridge("SIP/omsip_user-", 
"4005,default_bridge,omsip_user") in new stack
  == Manager 'openmeetings' logged on from 192.168.1.211
  == Manager 'openmeetings' logged off from 192.168.1.211
[Oct 29 13:56:00] WARNING[27219]: res_http_websocket.c:559 ws_safe_read: Web 
socket closed abruptly
-- Channel CBAnn/4005-;2 joined 'softmix' base-bridge 
<33b25509-2939-4d7e-b057-81b0ea795ca4>
[Oct 29 13:56:00] WARNING[27220][C-0002]: channel.c:5686 set_format: Unable 
to find a codec translation path: (gsm) -> (vp8)
[Oct 29 13:56:00] WARNING[27220][C-0002]: file.c:1262 ast_streamfile: 
Unable to open conf-onlyperson (format (vp8)): No such file or directory
-- Channel SIP/omsip_user- joined 'softmix' base-bridge 
<33b25509-2939-4d7e-b057-81b0ea795ca4>
[Oct 29 13:56:00] WARNING[27220][C-0002]: translate.c:488 
ast_translator_build_path: No translator path: (starting codec is not valid)
[Oct 29 13:56:00] WARNING[27220][C-0002]: channel.c:5686 set_format: Unable 
to find a codec translation path: (slin) -> (vp8)
-- Channel SIP/omsip_user- left 'softmix' base-bridge 
<33b25509-2939-4d7e-b057-81b0ea795ca4>

It looks like it is not working :(
what can be wrong?

--
Best regards,
Maxim

openMeeting 5.1 Media Server Disconnected

2020-11-07 Thread Rohrbach, Gerald

I've been using the 5.0.0-M5-SNAPSHOT version quite a while, with LDAP works 
fine.
That was the traditional setup with kurento local installed.

As I got a new hardware server now I want to install an actual snapshot
apache-openmeetings-5.1.0-SNAPSHOT.tar.gz ( Ubuntu 20.04 server)

So far I know the steps and used Alvaros documentation. Pretty perfect.
The only issue comes with installing vlc. As I want only commandline version 
vlc installs the desktop also.
and some powersaving options make it difficult. So I do not install vlc. Maybe 
a hint for documentation.

However, the install works fine.
The server is connected direct to internet, official IPV4 address. No Natting 
at this point.

I also followed the document installing coturn and letsencrypt certificates.

sudo nano 
/opt/open501/webapps/openmeetings/WEB-INF/classes/applicationContext.xml
Well, in my applicationContext.xml there is no section.






That's at the end the Problem:
If I go into a room, choosed camera etc. I get my video, after 10 seconds this 
message, video disappeared
Media Server connection failed, try to reconnect.

So probably it is related to the coturn config.

Is the documentation wrong somehow, mistake between ears or some changes for 
the newest version?

I'm very interested in the SIP connection and would like to test this in detail.


Kind regards
Gerald

AW: openMeeting 5.1 Media Server Disconnected

2020-11-08 Thread Rohrbach, Gerald

Maxim,

did this. No difference.

I did a new installation, following the install instruction, to make sure
I did not missed one line...
Second time I did not used coturn and certifactes, for that I used chrome 
instead of firefox.
Firefox does not allows the connection without certificates.

The same result, no improvement or change.

If I go into a room, choosed camera etc. I get my video, after 10 
> seconds this message, video disappeared
>
> Media Server connection failed, try to reconnect
But it is  not reconnecting.

We have over the last weeks several time reinstalled , restarted, always the 
same issue.
With the none docker kms version we had it working fine, older Version M4.

I´m pretty sure it has to do with our installation.
The folder open 510 is nobody and nogroup.

But log files are all root root. Is this correct?

We will install next week again and use only internal network, but I remember 
we did this, same behaviour.
It`s standard Ubuntu 20.04 server, fresh install.

Where is a good starting point for searching the problem?

I don’t think its related with the new version 5.1.  5.01 we had the same 
issues.
I have the feeling it has to do with the docker kms.


Regards

Gerald



-Ursprüngliche Nachricht-
Von: Maxim Solodovnik [mailto:solomax...@gmail.com] 
Gesendet: Sonntag, 8. November 2020 02:46
An: Openmeetings user-list 
Betreff: Re: openMeeting 5.1 Media Server Disconnected

in upcoming 5.1.0 these changes need to be done in `openmeetings.properties` 
file just fill your previous values without quotes :)

On Sun, 8 Nov 2020 at 01:30, Rohrbach, Gerald  wrote:
>
> I’ve been using the 5.0.0-M5-SNAPSHOT version quite a while, with LDAP works 
> fine.
>
> That was the traditional setup with kurento local installed.
>
>
>
> As I got a new hardware server now I want to install an actual 
> snapshot
>
> apache-openmeetings-5.1.0-SNAPSHOT.tar.gz ( Ubuntu 20.04 server)
>
>
>
> So far I know the steps and used Alvaros documentation. Pretty perfect.
>
> The only issue comes with installing vlc. As I want only commandline version 
> vlc installs the desktop also.
>
> and some powersaving options make it difficult. So I do not install vlc. 
> Maybe a hint for documentation.
>
>
>
> However, the install works fine.
>
> The server is connected direct to internet, official IPV4 address. No Natting 
> at this point.
>
>
>
> I also followed the document installing coturn and letsencrypt certificates.
>
>
>
> sudo nano 
> /opt/open501/webapps/openmeetings/WEB-INF/classes/applicationContext.x
> ml
>
> Well, in my applicationContext.xml there is no section.
>
>
>
>
>
> 
>
>  class="org.apache.openmeetings.core.remote.KurentoHandler"
>
> p:kurentoWsUrl="ws://127.0.0.1:/kurento"
>
> p:checkTimeout="1"
>
> p:watchThreadCount="10"
>
> p:turnUrl="
>
> Public IP of your server
>
> :
>
> 3478
>
> "
>
> p:turnUser="
>
> nobody
>
> :
>
> here the password you choose for kurento in step 6
>
> "
>
> p:turnSecret="
>
> 751c45cae60a2839711a94c8d6bf0089e78b2149ca602fdX
>
> "
>
> p:turnMode="rest"
>
> p:turnTtl="60"
>
> p:objCheckTimeout="200"
>
> p:flowoutTimeout="5"
>
> p:kuid="df992960-e7b0-11ea-9acd-337fb30dd93d"
>
> p:ignoredKuids=""
>
> />
>
>
>
>
>
> That’s at the end the Problem:
>
> If I go into a room, choosed camera etc. I get my video, after 10 
> seconds this message, video disappeared
>
> Media Server connection failed, try to reconnect.
>
>
>
> So probably it is related to the coturn config.
>
>
>
> Is the documentation wrong somehow, mistake between ears or some changes for 
> the newest version?
>
>
>
> I’m very interested in the SIP connection and would like to test this in 
> detail.
>
>
>
>
>
> Kind regards
>
> Gerald
>
>



--
Best regards,
Maxim

AW: openMeeting 5.1 Media Server Disconnected

2020-11-08 Thread Rohrbach, Gerald

Thanks Maxim,

I will give it another try and will try with the installed kms.

Is it is not possible to install KMS on Ubuntu 20.04 server or
just no or bad  experience for this?

On my old OM servers 18.04 is running, but I thought better is a newer version.

Gerald

Von: Maxim Solodovnik [mailto:solomax...@gmail.com]
Gesendet: Sonntag, 8. November 2020 13:30
An: Openmeetings user-list 
Betreff: Re: openMeeting 5.1 Media Server Disconnected

On Sun, 8 Nov 2020 at 17:17, Rohrbach, Gerald 
mailto:g.rohrb...@funkegruppe.de>> wrote:
Maxim,

did this. No difference.

I did a new installation, following the install instruction, to make sure
I did not missed one line...
Second time I did not used coturn and certifactes, for that I used chrome 
instead of firefox.
Firefox does not allows the connection without certificates.

Well,

In your first try there were no TURN server, due to missing parameters
No you have decided not to use it 

I would expect same results ...

The same result, no improvement or change.

If I go into a room, choosed camera etc. I get my video, after 10
> seconds this message, video disappeared
>
> Media Server connection failed, try to reconnect
But it is  not reconnecting.

We have over the last weeks several time reinstalled , restarted, always the 
same issue.
With the none docker kms version we had it working fine, older Version M4.

you should use Ubuntu 18.04 to have "real" (not dockerized) KMS

I´m pretty sure it has to do with our installation.
The folder open 510 is nobody and nogroup.

But log files are all root root. Is this correct?

this most probably because you have started Tomcat as `root`

We will install next week again and use only internal network, but I remember 
we did this, same behaviour.
It`s standard Ubuntu 20.04 server, fresh install.

Where is a good starting point for searching the problem?

I don’t think its related with the new version 5.1.  5.01 we had the same 
issues.
I have the feeling it has to do with the docker kms.

so far I think the problem is caused by absence of TURN server

Regards

Gerald

-Ursprüngliche Nachricht-
Von: Maxim Solodovnik [mailto:solomax...@gmail.com<mailto:solomax...@gmail.com>]
Gesendet: Sonntag, 8. November 2020 02:46
An: Openmeetings user-list 
mailto:user@openmeetings.apache.org>>
Betreff: Re: openMeeting 5.1 Media Server Disconnected

in upcoming 5.1.0 these changes need to be done in `openmeetings.properties` 
file just fill your previous values without quotes :)

On Sun, 8 Nov 2020 at 01:30, Rohrbach, Gerald 
mailto:g.rohrb...@funkegruppe.de>> wrote:
>
> I’ve been using the 5.0.0-M5-SNAPSHOT version quite a while, with LDAP works 
> fine.
>
> That was the traditional setup with kurento local installed.
>
>
>
> As I got a new hardware server now I want to install an actual
> snapshot
>
> apache-openmeetings-5.1.0-SNAPSHOT.tar.gz ( Ubuntu 20.04 server)
>
>
>
> So far I know the steps and used Alvaros documentation. Pretty perfect.
>
> The only issue comes with installing vlc. As I want only commandline version 
> vlc installs the desktop also.
>
> and some powersaving options make it difficult. So I do not install vlc. 
> Maybe a hint for documentation.
>
>
>
> However, the install works fine.
>
> The server is connected direct to internet, official IPV4 address. No Natting 
> at this point.
>
>
>
> I also followed the document installing coturn and letsencrypt certificates.
>
>
>
> sudo nano
> /opt/open501/webapps/openmeetings/WEB-INF/classes/applicationContext.x
> ml
>
> Well, in my applicationContext.xml there is no section.
>
>
>
>
>
> 
>
>  class="org.apache.openmeetings.core.remote.KurentoHandler"
>
> p:kurentoWsUrl="ws://127.0.0.1:/kurento<http://127.0.0.1:/kurento>"
>
> p:checkTimeout="1"
>
> p:watchThreadCount="10"
>
> p:turnUrl="
>
> Public IP of your server
>
> :
>
> 3478
>
> "
>
> p:turnUser="
>
> nobody
>
> :
>
> here the password you choose for kurento in step 6
>
> "
>
> p:turnSecret="
>
> 751c45cae60a2839711a94c8d6bf0089e78b2149ca602fdX
>
> "
>
> p:turnMode="rest"
>
> p:turnTtl="60"
>
> p:objCheckTimeout="200"
>
> p:flowoutTimeout="5"
>
> p:kuid="df992960-e7b0-11ea-9acd-337fb30dd93d"
>
> p:ignoredKuids=""
>
> />
>
>
>
>
>
> That’s at the end the Problem:
>
> If I go into a room, choosed camera etc. I get my video, after 10
> seconds this message, video disappeared
>
> Media Server connection failed, try to reconnect.
>
>
>
> So probably it is related to the coturn config.
>
>
>
> Is the documentation wrong somehow, mistake between ears or some changes for 
> the newest version?
>
>
>
> I’m very interested in the SIP connection and would like to test this in 
> detail.
>
>
>
>
>
> Kind regards
>
> Gerald
>
>

--
Best regards,
Maxim

--
Best regards,
Maxim

AW: openMeeting 5.1 Media Server Disconnected - solved with 18.04

2020-11-10 Thread Rohrbach, Gerald

Maxim,

just to give some feedback.
As we had some issues with 20.04 and docker kms.
Ubuntu 18.04 , Open meetings nearly actual snapshot works fine now.

The hardware server has direct internet connection, IPV4.
It might be related, that we disable IPV6, we do not use it.
I guess a lot´s of people do use 20.04 server, probably without issues.
We were not able to figure the reason out.
If in the same network we had the same disconnects after view seconds,
so I doubt it has to do with misconfigured coturn on the 20.04

However, coturn is installed on 18.04, connection from behind NAT are working 
fine too.
We will try now the SIP stuff.

Regards

Gerald

Von: Maxim Solodovnik [mailto:solomax...@gmail.com]
Gesendet: Sonntag, 8. November 2020 13:30
An: Openmeetings user-list 
Betreff: Re: openMeeting 5.1 Media Server Disconnected

On Sun, 8 Nov 2020 at 17:17, Rohrbach, Gerald 
mailto:g.rohrb...@funkegruppe.de>> wrote:
Maxim,

did this. No difference.

I did a new installation, following the install instruction, to make sure
I did not missed one line...
Second time I did not used coturn and certifactes, for that I used chrome 
instead of firefox.
Firefox does not allows the connection without certificates.

Well,

In your first try there were no TURN server, due to missing parameters
No you have decided not to use it 

I would expect same results ...

The same result, no improvement or change.

If I go into a room, choosed camera etc. I get my video, after 10
> seconds this message, video disappeared
>
> Media Server connection failed, try to reconnect
But it is  not reconnecting.

We have over the last weeks several time reinstalled , restarted, always the 
same issue.
With the none docker kms version we had it working fine, older Version M4.

you should use Ubuntu 18.04 to have "real" (not dockerized) KMS

I´m pretty sure it has to do with our installation.
The folder open 510 is nobody and nogroup.

But log files are all root root. Is this correct?

this most probably because you have started Tomcat as `root`

We will install next week again and use only internal network, but I remember 
we did this, same behaviour.
It`s standard Ubuntu 20.04 server, fresh install.

Where is a good starting point for searching the problem?

I don’t think its related with the new version 5.1.  5.01 we had the same 
issues.
I have the feeling it has to do with the docker kms.

so far I think the problem is caused by absence of TURN server

Regards

Gerald

-Ursprüngliche Nachricht-
Von: Maxim Solodovnik [mailto:solomax...@gmail.com<mailto:solomax...@gmail.com>]
Gesendet: Sonntag, 8. November 2020 02:46
An: Openmeetings user-list 
mailto:user@openmeetings.apache.org>>
Betreff: Re: openMeeting 5.1 Media Server Disconnected

in upcoming 5.1.0 these changes need to be done in `openmeetings.properties` 
file just fill your previous values without quotes :)

On Sun, 8 Nov 2020 at 01:30, Rohrbach, Gerald 
mailto:g.rohrb...@funkegruppe.de>> wrote:
>
> I’ve been using the 5.0.0-M5-SNAPSHOT version quite a while, with LDAP works 
> fine.
>
> That was the traditional setup with kurento local installed.
>
>
>
> As I got a new hardware server now I want to install an actual
> snapshot
>
> apache-openmeetings-5.1.0-SNAPSHOT.tar.gz ( Ubuntu 20.04 server)
>
>
>
> So far I know the steps and used Alvaros documentation. Pretty perfect.
>
> The only issue comes with installing vlc. As I want only commandline version 
> vlc installs the desktop also.
>
> and some powersaving options make it difficult. So I do not install vlc. 
> Maybe a hint for documentation.
>
>
>
> However, the install works fine.
>
> The server is connected direct to internet, official IPV4 address. No Natting 
> at this point.
>
>
>
> I also followed the document installing coturn and letsencrypt certificates.
>
>
>
> sudo nano
> /opt/open501/webapps/openmeetings/WEB-INF/classes/applicationContext.x
> ml
>
> Well, in my applicationContext.xml there is no section.
>
>
>
>
>
> 
>
>  class="org.apache.openmeetings.core.remote.KurentoHandler"
>
> p:kurentoWsUrl="ws://127.0.0.1:/kurento<http://127.0.0.1:/kurento>"
>
> p:checkTimeout="1"
>
> p:watchThreadCount="10"
>
> p:turnUrl="
>
> Public IP of your server
>
> :
>
> 3478
>
> "
>
> p:turnUser="
>
> nobody
>
> :
>
> here the password you choose for kurento in step 6
>
> "
>
> p:turnSecret="
>
> 751c45cae60a2839711a94c8d6bf0089e78b2149ca602fdX
>
> "
>
> p:turnMode="rest"
>
> p:turnTtl="60"
>
> p:objCheckTimeout="200"
>
> p:flowoutTimeout="5"
>
> p:kuid

AW: openMeeting 5.1 Media Server Disconnected - solved with 18.04

2020-11-10 Thread Rohrbach, Gerald

I hope now more readable.
Thanks for the hint Denis.

Von: Rohrbach, Gerald [mailto:g.rohrb...@funkegruppe.de] 
Gesendet: Mittwoch, 11. November 2020 08:05
An: user@openmeetings.apache.org
Betreff: AW: openMeeting 5.1 Media Server Disconnected - solved with 18.04

Maxim,

just to give some feedback.
As we had some issues with 20.04 and docker kms.
Ubuntu 18.04 , Open meetings nearly actual snapshot works fine now.

The hardware server has direct internet connection, IPV4.
It might be related, that we disable IPV6, we do not use it.
I guess a lot´s of people do use 20.04 server, probably without issues.
We were not able to figure the reason out.
If in the same network we had the same disconnects after view seconds,
so I doubt it has to do with misconfigured coturn on the 20.04

However, coturn is installed on 18.04, connection from behind NAT are working 
fine too.
We will try now the SIP stuff.

Regards

Gerald

Von: Maxim Solodovnik [mailto:solomax...@gmail.com] 
Gesendet: Sonntag, 8. November 2020 13:30
An: Openmeetings user-list 
Betreff: Re: openMeeting 5.1 Media Server Disconnected

On Sun, 8 Nov 2020 at 17:17, Rohrbach, Gerald  wrote:
Maxim,

did this. No difference.

I did a new installation, following the install instruction, to make sure
I did not missed one line...
Second time I did not used coturn and certifactes, for that I used chrome 
instead of firefox.
Firefox does not allows the connection without certificates.

Well,

In your first try there were no TURN server, due to missing parameters
No you have decided not to use it 

I would expect same results ...

The same result, no improvement or change.

If I go into a room, choosed camera etc. I get my video, after 10 
> seconds this message, video disappeared
>
> Media Server connection failed, try to reconnect
But it is  not reconnecting.

We have over the last weeks several time reinstalled , restarted, always the 
same issue.
With the none docker kms version we had it working fine, older Version M4.

you should use Ubuntu 18.04 to have "real" (not dockerized) KMS 

I´m pretty sure it has to do with our installation.
The folder open 510 is nobody and nogroup.

But log files are all root root. Is this correct?

this most probably because you have started Tomcat as `root`

We will install next week again and use only internal network, but I remember 
we did this, same behaviour.
It`s standard Ubuntu 20.04 server, fresh install.

Where is a good starting point for searching the problem?

I don’t think its related with the new version 5.1.  5.01 we had the same 
issues.
I have the feeling it has to do with the docker kms.

so far I think the problem is caused by absence of TURN server

Regards

Gerald

-Ursprüngliche Nachricht-
Von: Maxim Solodovnik [mailto:solomax...@gmail.com] 
Gesendet: Sonntag, 8. November 2020 02:46
An: Openmeetings user-list 
Betreff: Re: openMeeting 5.1 Media Server Disconnected

in upcoming 5.1.0 these changes need to be done in `openmeetings.properties` 
file just fill your previous values without quotes :)

On Sun, 8 Nov 2020 at 01:30, Rohrbach, Gerald  wrote:
>
> I’ve been using the 5.0.0-M5-SNAPSHOT version quite a while, with LDAP works 
> fine.
>
> That was the traditional setup with kurento local installed.
>
>
>
> As I got a new hardware server now I want to install an actual 
> snapshot
>
> apache-openmeetings-5.1.0-SNAPSHOT.tar.gz ( Ubuntu 20.04 server)
>
>
>
> So far I know the steps and used Alvaros documentation. Pretty perfect.
>
> The only issue comes with installing vlc. As I want only commandline version 
> vlc installs the desktop also.
>
> and some powersaving options make it difficult. So I do not install vlc. 
> Maybe a hint for documentation.
>
>
>
> However, the install works fine.
>
> The server is connected direct to internet, official IPV4 address. No Natting 
> at this point.
>
>
>
> I also followed the document installing coturn and letsencrypt certificates.
>
>
>
> sudo nano 
> /opt/open501/webapps/openmeetings/WEB-INF/classes/applicationContext.x
> ml
>
> Well, in my applicationContext.xml there is no section.
>
>
>
>
>
> 
>
>  class="org.apache.openmeetings.core.remote.KurentoHandler"
>
> p:kurentoWsUrl="ws://127.0.0.1:/kurento"
>
> p:checkTimeout="1"
>
> p:watchThreadCount="10"
>
> p:turnUrl="
>
> Public IP of your server
>
> :
>
> 3478
>
> "
>
> p:turnUser="
>
> nobody
>
> :
>
> here the password you choose for kurento in step 6
>
> "
>
> p:turnSecret="
>
> 751c45cae60a2839711a94c8d6bf0089e78b2149ca602fdX
>
> "
>
> p:turnMode="rest"
>
> p:turnTtl="60"
>
> p:objCheckTimeo

AW: Users per room client browser scalability

2020-11-23 Thread Rohrbach, Gerald

Denis,

we have OM and BigBlue Button in use.
BBB is hosted on a provider machine.

OM we have on internal VL, with LDAP connection.
Also we have a physical server with 12 Core 2Ghz and 32G since some days.
If I will find some time, we will do an stress test. We have some employees in 
home offices…

I was also surprised, that BBB shows much more users, but using the same 
technology.
The key probably is, that BBB is for presenting by default, my understanding.
With OM you have a conference with all, what end’s in a lots of streams.

We are a production company, so conference is okay for us in 99% of cases.
But our engineers do some online trainings sometimes, and the number of 
listeners can be more then 100.

Maybe I did not got all the features and settings for OM.
But I would think in a class room mode with many people there should be only
the teacher presenting his video and audio. There ,( that’s my opinion) is no 
need that
every listener can talk to all by default  and show his video by default.
Yes, it´s not like sitting in the same room…

However, still my favourite is OM.
I learned a lot about this technology in the last 8 months and OM has moved 
forward really.
For internal use with LDAP it’s simple.

This forum is really active and the installation documents are nearly perfect.

I will let you know, when a stress test is done.
Maybe we have in Germany only virtual Christmas parties….
So a good time for stress tests.


Gerald.



Von: Denis Noctor [mailto:denisnoc...@gmail.com]
Gesendet: Montag, 23. November 2020 07:58
An: user@openmeetings.apache.org
Betreff: Re: Users per room client browser scalability

Hi there everyone,

My sincerest apologies for only getting back to you now. As I had mentioned in 
my previous email that I was going through a personal issue and it took longer 
than I had anticipated to get back in touch.

However, as mentioned before, I have been keeping up to date by reading all the 
emails in the forum over the last few weeks... and some direct emails also.

I also apologize for the length of the email... so maybe you should grab a 
coffee.

As mentioned in my previous email, I set up 10 devices to connect to Room 7 on 
the OM demo server - all of which where running the latest version of Chrome. 3 
machines running Windows 10, 1 running Windows 8, 4 running Windows 7, 2 Amazon 
Fires (set up to run Chrome) with varying degrees of ram (2, 4, 8 and 12 gigs)

The results are as follows:
After logging in around 8.22pm (Mexico time), 12th November (OpenMeetings - 
Next, 5.1.0-SNAPSHOT, Revision: db7be4b, Build date: 2020-11-09T14:57:23Z , I 
gradually added other devices to the room. I got to 8. There was a little but 
of a time lapse... in the sense that I would move from one computer to 
another... and could still see myself in one feed after I had move to another. 
It is important to note that 2 of the computers (older HP's) have a slight 
webcam issue... (I think there is a fauly cable... sometimes works sometimes 
doesn't - but audio/mic was working fine).

When I added 2 the last two devices, things started to break down. The audio 
quality was clearly reduced... there was a lot of crackling sounds... and some 
of the users video pods disappeared from some of the devices´screens or 
"empty" video pods filled some screens... on some devices but were viewable 
on others. Some users appeared to be disconnected, though they could continue 
to view the whiteboards... but had their audio and video disconnected (icons in 
orange)... when they tried to reconnect... they couldn't... they clicked on the 
audio / vid icons but with no effect... refreshing the screen sometimes seemed 
to correct this.

While 8 users seemed to be able to connect okay... there was a little bit of a 
time delay. As you can understand, I don't have headphones and microphones for 
each and every computer... so I spaced them around my house... when I talked... 
I could hear my voice being repeated... (I am not referring to echo 
feedback) there was a slight time delay by a couple of seconds on some of 
the devices... moving from device to device. However, with just 5 users in a 
room, this was not really an issue.

From time to time users experienced other users being disconnected or whereby 
they could see the "empty video pod" with the green border flashing on and off 
as someone spoke but again no audio or video being received but it was 
possible to see the same users on other devices.

Users would try to "refresh" the page... again only having access to 4 - 5 
users on the page and not necessarily seeing the moderator. I finished 
testing around 9.50pm.

Some additional observations:

Based on some of the emails over the last few weeks. It appears to be that one 
OM instance can only deal with 3 simultaneous rooms with 5 users approx in each 
room (using audio and video)... and based on the above maybe a little more, but 
at a stretch. This appears to boil down to limitati

AW: Users per room client browser scalability

2020-11-24 Thread Rohrbach, Gerald

Denis, Maxim,

yes in BBB ist´written that there are 3 Kurento Media Servers.

But  reading details, it´s not clustered or load balanced.
Each server is dedicated for an media type.
I do not know, how this can be established in OM.

But maybe this is not that complex. However the traffic needs to be redirected
somehow, or for each media type a own port is needed.

Probably a clustering is much more complex. NGINX is good for balancing maybe,
I think also for udp traffic. But clustering and balancing can only work for 
one room, so I guess
It won´t help if one room has much users. The setup will be very complex, error 
searching really difficult.


Gerald






Von: Denis Noctor [mailto:denisnoc...@gmail.com]
Gesendet: Montag, 23. November 2020 22:44
An: user@openmeetings.apache.org
Betreff: Re: Users per room client browser scalability

Thanks for that Maxim.

I came across this...

https://docs.bigbluebutton.org/2.2/customize.html

(scroll down to "Run three parallel Kurento media servers").

This appears to suggest that 3 KMS (audio, video and screesharing) processes on 
one server. Maybe this could bring us one step further?

All the best.

Denis


On Mon, Nov 23, 2020 at 9:31 AM Maxim Solodovnik 
mailto:solomax...@gmail.com>> wrote:
I just have fixed "refresh" button
So audio/video stream can be "refreshed" without page reload
both user-list and video-pod buttons are works according to my tests

On Mon, 23 Nov 2020 at 17:08, Peter Dähn mailto:da...@vcrp.de>> 
wrote:
Hi there,

this might be because BBB uses 3+ KMS servers clustered
(I was unable to find direct link regarding it ...)

as far as I know, they use freeswitch for audio and kms just for the video 
streams...

BR Peter

Am 23.11.20 um 10:53 schrieb Denis Noctor:
Thanks a lot Maxim. I am happy to help in anyway for future tests.
Sent from my iPhone

On Nov 23, 2020, at 3:43 AM, Maxim Solodovnik 
mailto:solomax...@gmail.com>> wrote:
Thanks for very detailed report Denis

couple of thoughts inline:

On Mon, 23 Nov 2020 at 13:59, Denis Noctor 
mailto:denisnoc...@gmail.com>> wrote:
Hi there everyone,

My sincerest apologies for only getting back to you now. As I had mentioned in 
my previous email that I was going through a personal issue and it took longer 
than I had anticipated to get back in touch.

However, as mentioned before, I have been keeping up to date by reading all the 
emails in the forum over the last few weeks... and some direct emails also.

I also apologize for the length of the email... so maybe you should grab a 
coffee.

As mentioned in my previous email, I set up 10 devices to connect to Room 7 on 
the OM demo server - all of which where running the latest version of Chrome. 3 
machines running Windows 10, 1 running Windows 8, 4 running Windows 7, 2 Amazon 
Fires (set up to run Chrome) with varying degrees of ram (2, 4, 8 and 12 gigs)

The results are as follows:
After logging in around 8.22pm (Mexico time), 12th November (OpenMeetings - 
Next, 5.1.0-SNAPSHOT, Revision: db7be4b, Build date: 2020-11-09T14:57:23Z , I 
gradually added other devices to the room. I got to 8. There was a little but 
of a time lapse... in the sense that I would move from one computer to 
another... and could still see myself in one feed after I had move to another. 
It is important to note that 2 of the computers (older HP's) have a slight 
webcam issue... (I think there is a fauly cable... sometimes works sometimes 
doesn't - but audio/mic was working fine).

When I added 2 the last two devices, things started to break down. The audio 
quality was clearly reduced... there was a lot of crackling sounds... and some 
of the users video pods disappeared from some of the devices´screens or 
"empty" video pods filled some screens... on some devices but were viewable 
on others. Some users appeared to be disconnected, though they could continue 
to view the whiteboards... but had their audio and video disconnected (icons in 
orange)... when they tried to reconnect... they couldn't... they clicked on the 
audio / vid icons but with no effect... refreshing the screen sometimes seemed 
to correct this.

While 8 users seemed to be able to connect okay... there was a little bit of a 
time delay. As you can understand, I don't have headphones and microphones for 
each and every computer... so I spaced them around my house... when I talked... 
I could hear my voice being repeated... (I am not referring to echo 
feedback) there was a slight time delay by a couple of seconds on some of 
the devices... moving from device to device. However, with just 5 users in a 
room, this was not really an issue.

From time to time users experienced other users being disconnected or whereby 
they could see the "empty video pod" with the green border flashing on and off 
as someone spoke but again no audio or video being received but it was 
possible to see the same users on other devices.

Users would try to "refresh" the page... again only having access to 4

AW: AW: Users per room client browser scalability

2020-11-25 Thread Rohrbach, Gerald

Maxim,

Yes,  that was the idea. So if in the config would be the possibility to have 3 
KMS , one for each stream type this will reduce the load per kms.
For a small installation it would be 3 time the same KMS, to keep it simple.
KMS as docker, probably is the ideal solution.

A full featured cluster with balancer would be a perfect solution, very 
scalable.
But probably this is only for really large environments. I searched for some 
existing open source solutions,
So far no luck. For another project we used nginx. But this was just internal, 
so no natting and udp involved.


Gerald



Von: Maxim Solodovnik [mailto:solomax...@gmail.com]
Gesendet: Mittwoch, 25. November 2020 09:04
An: Openmeetings user-list 
Betreff: Re: AW: Users per room client browser scalability

Just a guess: if audio and video are 2 different dreams having them on 
different KMS servers will reduce the number of streams handled by KMS node

full feature cluster can handle more streams without any efforts from OM side 
(theoretically)

On Wed, 25 Nov 2020 at 00:19, dww 
mailto:dwort...@mykolab.com>> wrote:
What would be the actual difference between this versus 3 existing KMS servers 
each in its own docker container or other clustering mechanism?
Dennis

On Tue, 2020-11-24 at 08:52 +, Rohrbach, Gerald wrote:
Denis, Maxim,

yes in BBB ist´written that there are 3 Kurento Media Servers.

But  reading details, it´s not clustered or load balanced.
Each server is dedicated for an media type.
I do not know, how this can be established in OM.

But maybe this is not that complex. However the traffic needs to be redirected
somehow, or for each media type a own port is needed.

Probably a clustering is much more complex. NGINX is good for balancing maybe,
I think also for udp traffic. But clustering and balancing can only work for 
one room, so I guess
It won´t help if one room has much users. The setup will be very complex, error 
searching really difficult.


Gerald






Von: Denis Noctor [mailto:denisnoc...@gmail.com<mailto:denisnoc...@gmail.com>]
Gesendet: Montag, 23. November 2020 22:44
An: user@openmeetings.apache.org<mailto:user@openmeetings.apache.org>
Betreff: Re: Users per room client browser scalability

Thanks for that Maxim.

I came across this...

https://docs.bigbluebutton.org/2.2/customize.html

(scroll down to "Run three parallel Kurento media servers").

This appears to suggest that 3 KMS (audio, video and screesharing) processes on 
one server. Maybe this could bring us one step further?

All the best.

Denis

On Mon, Nov 23, 2020 at 9:31 AM Maxim Solodovnik 
mailto:solomax...@gmail.com>> wrote:
I just have fixed "refresh" button
So audio/video stream can be "refreshed" without page reload
both user-list and video-pod buttons are works according to my tests

On Mon, 23 Nov 2020 at 17:08, Peter Dähn mailto:da...@vcrp.de>> 
wrote:
Hi there,

this might be because BBB uses 3+ KMS servers clustered
(I was unable to find direct link regarding it ...)

as far as I know, they use freeswitch for audio and kms just for the video 
streams...

BR Peter
Am 23.11.20 um 10:53 schrieb Denis Noctor:
Thanks a lot Maxim. I am happy to help in anyway for future tests.
Sent from my iPhone

On Nov 23, 2020, at 3:43 AM, Maxim Solodovnik 
mailto:solomax...@gmail.com>> wrote:
Thanks for very detailed report Denis

couple of thoughts inline:

On Mon, 23 Nov 2020 at 13:59, Denis Noctor 
mailto:denisnoc...@gmail.com>> wrote:
Hi there everyone,

My sincerest apologies for only getting back to you now. As I had mentioned in 
my previous email that I was going through a personal issue and it took longer 
than I had anticipated to get back in touch.

However, as mentioned before, I have been keeping up to date by reading all the 
emails in the forum over the last few weeks... and some direct emails also.

I also apologize for the length of the email... so maybe you should grab a 
coffee.

As mentioned in my previous email, I set up 10 devices to connect to Room 7 on 
the OM demo server - all of which where running the latest version of Chrome. 3 
machines running Windows 10, 1 running Windows 8, 4 running Windows 7, 2 Amazon 
Fires (set up to run Chrome) with varying degrees of ram (2, 4, 8 and 12 gigs)

The results are as follows:
After logging in around 8.22pm (Mexico time), 12th November (OpenMeetings - 
Next, 5.1.0-SNAPSHOT, Revision: db7be4b, Build date: 2020-11-09T14:57:23Z , I 
gradually added other devices to the room. I got to 8. There was a little but 
of a time lapse... in the sense that I would move from one computer to 
another... and could still see myself in one feed after I had move to another. 
It is important to note that 2 of the computers (older HP's) have a slight 
webcam issue... (I think there is a fauly cable... sometimes works sometimes 
doesn't - but audio/mic was working fine).

When I added 2 the last two devices, things started to

AW: TURN server (coturn) why?

2020-12-16 Thread Rohrbach, Gerald

That’s also understanding Maxim.

If client and OM are in the same network no coturn is needed. ( Must not be the 
same IP range, we do have in each building different IP ranges in use, 
everything is routed on the core switch.

In our case one external OM has external public IP.
Physical machine.

But clients in real live are at home, that means
a home router with NAT is between.
So coturn is needed.
I have tested a lot with this, we do have an internal
OM server and and external.
We are not using the docker KMS, but I think
that should work also.
As our sytems are pretty stable we do not touch.

Gerald

Von: Maxim Solodovnik [mailto:solomax...@gmail.com]
Gesendet: Mittwoch, 16. Dezember 2020 09:16
An: Openmeetings user-list 
Betreff: Re: TURN server (coturn) why?

On Wed, 16 Dec 2020 at 12:50, K. Kamhamea 
mailto:kamha...@googlemail.com>> wrote:
In summary two conclusions can be drawn, right?
1. There is no need to use courn if your server uses a unique public IP.

this is false assumption
According to my tests
since WebRTC is P2P
The client IP should be accessible to KMS

So TURN is not necessary as long as the server AND all client IP addresses are 
public
And there are no routers FW etc. in the middle 

2. You can run a OM Server in a private network with only one public IP using 
coturn.
--- That's cool !!!
And probably it is even necessary to use coturn if your OM server resides on a 
cloud that doesn't provide such a service.

Thank You so much for the link.
K

Am Di., 15. Dez. 2020 um 22:43 Uhr schrieb Ali Alhaidary 
mailto:ali.alhaid...@the5stars.org>>:
https://www.callstats.io/blog/2017/10/26/webrtc-product-turn-server

On 12/15/20 5:05 PM, K. Kamhamea wrote:
> I wonder why we need a coturn anyway?
>
> 1. SSL certificates can be installed without it
> 2. The server URL can be written without port number (meaning it can
> be accessed by the default 433 port) without turn server installed
> the simple iptables command does the trick
>
> iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port
> 5443
>
> and changing server.xml to the default port doesn't work anyway (with
> or without turn server)
>
> It think better avoid turn server as it may slow down the
> communication further.

--
Best regards,
Maxim

62 matches

Mail list logo