Got it.
This configuration runs with our Active Directory:
ldap_server_type=AD
ldap_conn_host=dc2.labmed.de
ldap_conn_port=389
ldap_conn_secure=false
ldap_admin_dn=CN=Some Username with
blanks,OU=User,OU=EDV,OU=labmed,DC=labmed,DC=de
ldap_passwd=SuperSecretPassword
ldap_search_base=DC=labmed,DC=de
ldap_search_query=(userprincipalname=%s)
ldap_search_scope= SUBTREE
ldap_auth_type=SEARCHANDBIND
ldap_deref_mode=never
ldap_userdn_format=%s
ldap_provisionning=AUTOCREATE
ldap_use_admin_to_get_attrs=false
ldap_sync_password_to_om=true
ldap_sync_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_zip=postalCode
ldap_user_attr_country=c
ldap_user_attr_phone=telephoneNumber
#ldap_use_lower_case=false
The only thing that bothers me is, that we do not have an flag for language in
our AD, so every new user in OpenMeetings is english by default...
Mit freundlichen Grüßen
Mathias Kocks
Teamleitung IT-Infrastruktur
Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)
Überörtliche Berufsausübungsgemeinschaft
Medizinisches Versorgungszentrum
Dr. Eberhard & Partner Dortmund
MVZ-Haus 3: Balkenstr. 12-14
44137 Dortmund, Germany
Tel.: +49 231 9572 7158
Fax.: +49 231 9572 18 159
E-Mail: ko...@labmed.de<mailto:ko...@labmed.de>
Web: https://www.labmed.de<https://www.labmed.de/>
Von: Maxim Solodovnik <solomax...@gmail.com>
Gesendet: Mittwoch, 15. April 2020 16:28
An: Openmeetings user-list <user@openmeetings.apache.org>
Betreff: Re: Can not use LDAP-Sync with Microsoft Active Directory
will answer here
`%s` mean put passed parameter to this place as string
full options are here
https://docs.oracle.com/javase/7/docs/api/java/util/Formatter.html
On Wed, 15 Apr 2020 at 19:37, Rohrbach, Gerald
<g.rohrb...@funkegruppe.de<mailto:g.rohrb...@funkegruppe.de>> wrote:
This is working….
I would not use an DomainAdmin account for query. It can be a simple restricted
user…
Maxim pointed already to a link, the debug mode is helpful…
ldap_conn_host=DESVR-AD01.mydomain.de<http://DESVR-AD01.mydomain.de>
ldap_conn_port=389
ldap_conn_secure=false
ldap_admin_dn=CN=ldapopenmeetings,OU=Users-Service-Accounts,DC=mydomain,DC=de
ldap_passwd=#password#
ldap_search_base=DC=mydomain,DC=de
ldap_search_query=(userPrincipalName=%s)
ldap_search_scope=SUBTREE
ldap_auth_type=SEARCHANDBIND
ldap_userdn_format=userPrincipalName=%s,CN=Users,DC=mydomain,DC=de
ldap_provisionning=AUTOCREATE
ldap_deref_mode=always
ldap_use_admin_to_get_attrs=true
ldap_sync_password_to_om=true
ldap_group_mode=NONE
ldap_group_query=(&(memberUid=%s)(objectClass=posixGroup))
# Ldap user attributes mapping
# Set the following internal OM user attributes to their corresponding
Ldap-attribute
ldap_user_attr_login=sAMAccountName
ldap_user_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=streetAddress
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=c
ldap_user_attr_town=l
ldap_user_attr_phone=telephoneNumber
ldap_group_attr=memberOf
ldap_use_lower_case=false
# Ldap import query, this query should retrieve all LDAP users
ldap_import_query=(objectClass=inetOrgPerson)
Dortmund is not far away…
Regards
Gerald
Von: Mathias Kocks [mailto:ko...@labmed.de<mailto:ko...@labmed.de>]
Gesendet: Mittwoch, 15. April 2020 14:06
An: user@openmeetings.apache.org<mailto:user@openmeetings.apache.org>
Betreff: Can not use LDAP-Sync with Microsoft Active Directory
Hello,
i am new to this project and a have a problem with the LDAP-Sync. I even can
not find any good documentations...
My problem is, that slapd does not find any user in my AD. I am not even shure,
if it is searching for real. I found in the mailing list archive some example
configs, but they does not work for me.
I found this one:
#LDAP URL
ldap_conn_host=LDAP_server.Company.com<http://LDAP_server.Company.com>
ldap_conn_port=636
ldap_conn_secure=true
# Login distinguished name (DN) for Authentication on LDAP Server
# Use full qualified LDAP DN
ldap_admin_dn=CN=ldapauth,OU=Users,DC=Company,DC=com
# Loginpass for Authentication on LDAP Server
ldap_passwd=ldapauthpasswd
# base to search for userdata(of user, that wants to login)
ldap_search_base=OU=Users,DC=Company,DC=com
#ldap_search_base=DC=Company,DC=com
# Fieldnames (can differ between Ldap servers)
ldap_search_query=(&(objectCategory=person)(objectClass=person)(sAMAccountName=%1$s))
#ldap_search_query=(sAMAccountName=%s)
#ldap_search_query=(CN=%s)
# the scope of the search might be: OBJECT, ONELEVEL, SUBTREE
ldap_search_scope=SUBTREE
# Ldap auth type(NONE, SEARCHANDBIND, SIMPLEBIND)
ldap_auth_type=SEARCHANDBIND
# userDN format, will be used to bind if ldap_auth_type=SIMPLEBIND
ldap_userdn_format=sAMAccountName=%s,OU=Users,DC=beuth-hochschule.de<http://beuth-hochschule.de>,DC=com
#ldap_userdn_format=sAMAccountName=%s,DC=Company,DC=com
#ldap_userdn_format=CN=%s,OU=Users,DC=Company,DC=com
#ldap_userdn_format=CN=%s,DC=Company,DC=com
# Ldap-password synchronization to OM DB
ldap_sync_password_to_om=false
# Ldap user attributes mapping
# Set the following internal OM user attributes to their corresponding
Ldap-attribute
ldap_user_attr_lastname=sn
But even after i changed it to my AD and tried several changes, no users were
found.
My actual config:
ldap_server_type=AD
ldap_conn_host=dc2.labmed.de<http://dc2.labmed.de>
ldap_conn_port=389
ldap_conn_secure=false
ldap_admin_dn=CN=Administrator,CN=Users,DC=labmed,DC=de
ldap_passwd=SuperSecretPassword
ldap_search_base=OU=labmed,DC=labmed,DC=de
#ldap_search_query=(&(objectCategory=*)(objectClass=*)(sAMAccountName=%s))
ldap_search_query=(sAMAccountName=%s)
ldap_search_scope= SUBTREE
ldap_auth_type=SEARCHANDBIND
ldap_deref_mode=never
ldap_userdn_format=sAMAccountName=%s,DC=labmed,DC=de
ldap_provisionning=NONE
ldap_use_admin_to_get_attrs=true
ldap_sync_password_to_om=false
ldap_sync_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=streetAddress
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=co
ldap_user_attr_town=l
ldap_user_attr_phone=telephoneNumber
ldap_use_lower_case=false
It is the second day by now were i am bursting by happyness....
Mit freundlichen Grüßen
Mathias Kocks
Teamleitung IT-Infrastruktur
Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)
Überörtliche Berufsausübungsgemeinschaft
Medizinisches Versorgungszentrum
Dr. Eberhard & Partner Dortmund
MVZ-Haus 3: Balkenstr. 12-14
44137 Dortmund, Germany
Tel.: +49 231 9572 7158
Fax.: +49 231 9572 18 159
E-Mail: ko...@labmed.de<mailto:ko...@labmed.de>
Web: https://www.labmed.de<https://www.labmed.de/>
--
Best regards,
Maxim
