Hello,
- stop OM
- add the following line to
`$OM_HOME/webapps/openmeetings/WEB-INF/classes/logback-config.xml`:
`<logger name="org.apache.directory" level="DEBUG" />`
- restart OM
- Try to log in using the configured LDAP DB and try to debug the
problem by checking the log file. By default, logging is done to the
file `$OM_HOME/logs/catalina.out`.
More details are here https://github.com/apache/openmeetings/pull/61
please check PR and discussion
On Sun, 19 Apr 2020 at 05:03, Julian Weiß <jul...@ch-weiss.de> wrote:
> Hey Users,
>
> I’m new in Openmeetings trying to get the LDAP connection done. I’m using
> the same configuration as Mr Kocks has posted.
>
> I’ve got the Problem, that I can’t get logged in. I always get a wrong
> password error,
>
> Can anyone tell me how to get to the debug mode, so that I can see if
> there is any connection between Microsoft LDAP and the Openmeetingsserver?
>
> Thanks a lot!
>
>
>
> *Von: *Maxim Solodovnik <solomax...@gmail.com>
> *Antworten an: *"user@openmeetings.apache.org" <
> user@openmeetings.apache.org>
> *Datum: *Mittwoch, 15. April 2020 um 18:22
> *An: *Openmeetings user-list <user@openmeetings.apache.org>
> *Betreff: *Re: Can not use LDAP-Sync with Microsoft Active Directory
>
>
>
> really weird
>
> even if mapping is wrong
>
> 1) login (after mapping)
>
> 2) type == LDAP
>
> 3) domainId
>
> should remain the same
>
> wrong but the same
>
>
>
> so users shouldn't get duplicated
>
> don't get how is this possible :(
>
>
>
> On Wed, 15 Apr 2020 at 23:09, Mathias Kocks <ko...@labmed.de> wrote:
>
> With your tip, i dont get any new, same named users.
>
> I changed the mapping like this and now it is fine.
>
>
>
> ldap_server_type=AD
>
> ldap_conn_host=dc2.labmed.de
>
> ldap_conn_port=389
>
> ldap_conn_secure=false
>
> ldap_admin_dn=CN=Mathias
> Kocks,OU=User,OU=EDV,OU=labmed,DC=labmed,DC=de
>
> ldap_passwd=SecretPassword
>
> ldap_search_base=DC=labmed,DC=de
>
> ldap_search_query=(userprincipalname=%s)
>
> ldap_search_scope= SUBTREE
>
> ldap_auth_type=SEARCHANDBIND
>
> ldap_deref_mode=always
>
> ldap_userdn_format=%s
>
> ldap_provisionning=AUTOCREATE
>
> ldap_use_admin_to_get_attrs=false
>
>
>
> ldap_sync_password_to_om=true
>
> ldap_sync_attr_lastname=sn
>
> ldap_user_attr_firstname=givenName
>
> ldap_user_attr_mail=mail
>
> ldap_user_attr_zip=postalCode
>
> ldap_user_attr_country=c
>
> ldap_user_attr_phone=telephoneNumber
>
> ldap_user_attr_login=samaccountname
>
> #ldap_use_lower_case=false
>
>
>
>
>
>
>
>
>
> Mit freundlichen Grüßen
>
>
>
> *Mathias Kocks*
>
> *Teamleitung IT-Infrastruktur*
>
> *Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)*
>
>
>
> Überörtliche Berufsausübungsgemeinschaft
>
> *Medizinisches Versorgungszentrum*
>
> *Dr. Eberhard & Partner Dortmund*
>
> MVZ-Haus 3: Balkenstr. 12-14
>
> 44137 Dortmund, Germany
>
>
>
> Tel.: +49 231 9572 7158
>
> Fax.: +49 231 9572 18 159
>
> E-Mail: ko...@labmed.de
>
> Web: https://www.labmed.de
>
>
>
> *Von:* Rohrbach, Gerald <g.rohrb...@funkegruppe.de>
> *Gesendet:* Mittwoch, 15. April 2020 18:04
> *An:* user@openmeetings.apache.org
> *Betreff:* AW: Can not use LDAP-Sync with Microsoft Active Directory
>
>
>
> Mathias, I don`t think it is fixed really if that are user now.
>
>
>
> It should work like this: If a user logs in its checked against AD. Then
> OM looks if the user is already in DB.
>
> If yes, no new record in db is created.
>
>
>
> This is a LDAP maping problem, I had the same. .
>
>
>
>
>
> *Von:* Mathias Kocks [mailto:ko...@labmed.de <ko...@labmed.de>]
> *Gesendet:* Mittwoch, 15. April 2020 17:42
> *An:* user@openmeetings.apache.org
> *Betreff:* AW: Can not use LDAP-Sync with Microsoft Active Directory
>
>
>
>
>
>
>
> But the tip from Gerald worked fine. Now it is fixed.
>
> Thanks
>
>
>
>
>
>
>
> Mit freundlichen Grüßen
>
>
>
> *Mathias Kocks*
>
> *Teamleitung IT-Infrastruktur*
>
> *Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)*
>
>
>
> Überörtliche Berufsausübungsgemeinschaft
>
> *Medizinisches Versorgungszentrum*
>
> *Dr. Eberhard & Partner Dortmund*
>
> MVZ-Haus 3: Balkenstr. 12-14
>
> 44137 Dortmund, Germany
>
>
>
> Tel.: +49 231 9572 7158
>
> Fax.: +49 231 9572 18 159
>
> E-Mail: ko...@labmed.de
>
> Web: https://www.labmed.de
>
>
>
> *Von:* Maxim Solodovnik <solomax...@gmail.com>
> *Gesendet:* Mittwoch, 15. April 2020 17:36
> *An:* Openmeetings user-list <user@openmeetings.apache.org>
> *Betreff:* Re: Can not use LDAP-Sync with Microsoft Active Directory
>
>
>
> Do you have additional DB entry on each login?
>
> this shouldn't be possible
>
> (AFAIR I have test to ensure this is impossible)
>
>
>
> On Wed, 15 Apr 2020 at 22:32, Rohrbach, Gerald <g.rohrb...@funkegruppe.de>
> wrote:
>
> LDAP Mapping Problem, depends on
>
> ldap_userdn_format=userPrincipalName=%s,CN=Users,DC=mydomain,DC=de
>
>
>
> ldap_user_attr_login=sAMAccountName
>
>
>
> With debug you can analyse. It depends if users login with
> userPrinicalName like in our case I use sAMAccountName for storing in db.
>
>
>
>
>
> Gerald
>
>
>
> *Von:* Mathias Kocks [mailto:ko...@labmed.de]
> *Gesendet:* Mittwoch, 15. April 2020 17:19
> *An:* user@openmeetings.apache.org
> *Betreff:* AW: Can not use LDAP-Sync with Microsoft Active Directory
>
>
>
> And another problem:
>
> Every time i log into OpenMeetings, i get a new entry in the user database
> with login entry n...@ourdomain.de.
>
>
>
> Mit freundlichen Grüßen
>
>
>
> *Mathias Kocks*
>
> *Teamleitung IT-Infrastruktur*
>
> *Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)*
>
>
>
> Überörtliche Berufsausübungsgemeinschaft
>
> *Medizinisches Versorgungszentrum*
>
> *Dr. Eberhard & Partner Dortmund*
>
> MVZ-Haus 3: Balkenstr. 12-14
>
> 44137 Dortmund, Germany
>
>
>
> Tel.: +49 231 9572 7158
>
> Fax.: +49 231 9572 18 159
>
> E-Mail: ko...@labmed.de
>
> Web: https://www.labmed.de
>
>
>
> *Von:* Maxim Solodovnik <solomax...@gmail.com>
> *Gesendet:* Mittwoch, 15. April 2020 16:58
> *An:* Openmeetings user-list <user@openmeetings.apache.org>
> *Betreff:* Re: Can not use LDAP-Sync with Microsoft Active Directory
>
>
>
> congrats :)
>
>
>
> On Wed, 15 Apr 2020 at 21:53, Rohrbach, Gerald <g.rohrb...@funkegruppe.de>
> wrote:
>
> Under administration you can set the default language to German…
>
> This helped us.
>
>
>
> Gerald
>
>
>
> *Von:* Mathias Kocks [mailto:ko...@labmed.de]
> *Gesendet:* Mittwoch, 15. April 2020 16:51
> *An:* user@openmeetings.apache.org
> *Betreff:* AW: Can not use LDAP-Sync with Microsoft Active Directory
>
>
>
> Got it.
>
>
>
> This configuration runs with our Active Directory:
>
>
>
> ldap_server_type=AD
>
> ldap_conn_host=dc2.labmed.de
>
> ldap_conn_port=389
>
> ldap_conn_secure=false
>
> ldap_admin_dn=CN=Some Username with
> blanks,OU=User,OU=EDV,OU=labmed,DC=labmed,DC=de
>
> ldap_passwd=SuperSecretPassword
>
> ldap_search_base=DC=labmed,DC=de
>
> ldap_search_query=(userprincipalname=%s)
>
> ldap_search_scope= SUBTREE
>
> ldap_auth_type=SEARCHANDBIND
>
> ldap_deref_mode=never
>
> ldap_userdn_format=%s
>
> ldap_provisionning=AUTOCREATE
>
> ldap_use_admin_to_get_attrs=false
>
>
>
> ldap_sync_password_to_om=true
>
> ldap_sync_attr_lastname=sn
>
> ldap_user_attr_firstname=givenName
>
> ldap_user_attr_mail=mail
>
> ldap_user_attr_zip=postalCode
>
> ldap_user_attr_country=c
>
> ldap_user_attr_phone=telephoneNumber
>
> #ldap_use_lower_case=false
>
>
>
>
>
>
>
> The only thing that bothers me is, that we do not have an flag for
> language in our AD, so every new user in OpenMeetings is english by
> default...
>
>
>
>
>
>
>
>
>
>
>
> Mit freundlichen Grüßen
>
>
>
> *Mathias Kocks*
>
> *Teamleitung IT-Infrastruktur*
>
> *Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)*
>
>
>
> Überörtliche Berufsausübungsgemeinschaft
>
> *Medizinisches Versorgungszentrum*
>
> *Dr. Eberhard & Partner Dortmund*
>
> MVZ-Haus 3: Balkenstr. 12-14
>
> 44137 Dortmund, Germany
>
>
>
> Tel.: +49 231 9572 7158
>
> Fax.: +49 231 9572 18 159
>
> E-Mail: ko...@labmed.de
>
> Web: https://www.labmed.de
>
>
>
> *Von:* Maxim Solodovnik <solomax...@gmail.com>
> *Gesendet:* Mittwoch, 15. April 2020 16:28
> *An:* Openmeetings user-list <user@openmeetings.apache.org>
> *Betreff:* Re: Can not use LDAP-Sync with Microsoft Active Directory
>
>
>
> will answer here
>
>
>
> `%s` mean put passed parameter to this place as string
>
> full options are here
> https://docs.oracle.com/javase/7/docs/api/java/util/Formatter.html
>
>
>
> On Wed, 15 Apr 2020 at 19:37, Rohrbach, Gerald <g.rohrb...@funkegruppe.de>
> wrote:
>
> This is working….
>
> I would not use an DomainAdmin account for query. It can be a simple
> restricted user…
>
>
>
> Maxim pointed already to a link, the debug mode is helpful…
>
>
>
>
>
> ldap_conn_host=DESVR-AD01.mydomain.de
>
> ldap_conn_port=389
>
> ldap_conn_secure=false
>
>
>
>
> ldap_admin_dn=CN=ldapopenmeetings,OU=Users-Service-Accounts,DC=mydomain,DC=de
>
>
>
> ldap_passwd=#password#
>
> ldap_search_base=DC=mydomain,DC=de
>
>
>
> ldap_search_query=(userPrincipalName=%s)
>
>
>
> ldap_search_scope=SUBTREE
>
>
>
> ldap_auth_type=SEARCHANDBIND
>
>
>
> ldap_userdn_format=userPrincipalName=%s,CN=Users,DC=mydomain,DC=de
>
>
>
> ldap_provisionning=AUTOCREATE
>
>
>
> ldap_deref_mode=always
>
>
>
> ldap_use_admin_to_get_attrs=true
>
> ldap_sync_password_to_om=true
>
>
>
> ldap_group_mode=NONE
>
>
>
> ldap_group_query=(&(memberUid=%s)(objectClass=posixGroup))
>
>
>
> # Ldap user attributes mapping
>
> # Set the following internal OM user attributes to their corresponding
> Ldap-attribute
>
> ldap_user_attr_login=sAMAccountName
>
> ldap_user_attr_lastname=sn
>
> ldap_user_attr_firstname=givenName
>
> ldap_user_attr_mail=mail
>
> ldap_user_attr_street=streetAddress
>
> ldap_user_attr_additionalname=description
>
> ldap_user_attr_fax=facsimileTelephoneNumber
>
> ldap_user_attr_zip=postalCode
>
> ldap_user_attr_country=c
>
> ldap_user_attr_town=l
>
> ldap_user_attr_phone=telephoneNumber
>
>
>
> ldap_group_attr=memberOf
>
>
>
>
>
> ldap_use_lower_case=false
>
>
>
> # Ldap import query, this query should retrieve all LDAP users
>
> ldap_import_query=(objectClass=inetOrgPerson)
>
>
>
> Dortmund is not far away…
>
>
>
> Regards
>
>
>
> Gerald
>
>
>
> *Von:* Mathias Kocks [mailto:ko...@labmed.de]
> *Gesendet:* Mittwoch, 15. April 2020 14:06
> *An:* user@openmeetings.apache.org
> *Betreff:* Can not use LDAP-Sync with Microsoft Active Directory
>
>
>
> Hello,
>
> i am new to this project and a have a problem with the LDAP-Sync. I even
> can not find any good documentations...
>
>
>
> My problem is, that slapd does not find any user in my AD. I am not even
> shure, if it is searching for real. I found in the mailing list archive
> some example configs, but they does not work for me.
>
> I found this one:
>
>
>
> #LDAP URL
>
> ldap_conn_host=LDAP_server.Company.com
>
> ldap_conn_port=636
>
> ldap_conn_secure=true
>
>
>
> # Login distinguished name (DN) for Authentication on LDAP Server
>
> # Use full qualified LDAP DN
>
> ldap_admin_dn=CN=ldapauth,OU=Users,DC=Company,DC=com
>
>
>
> # Loginpass for Authentication on LDAP Server
>
> ldap_passwd=ldapauthpasswd
>
>
>
> # base to search for userdata(of user, that wants to login)
>
> ldap_search_base=OU=Users,DC=Company,DC=com
>
> #ldap_search_base=DC=Company,DC=com
>
>
>
> # Fieldnames (can differ between Ldap servers)
>
>
> ldap_search_query=(&(objectCategory=person)(objectClass=person)(sAMAccountName=%1$s))
>
> #ldap_search_query=(sAMAccountName=%s)
>
> #ldap_search_query=(CN=%s)
>
>
>
> # the scope of the search might be: OBJECT, ONELEVEL, SUBTREE
>
> ldap_search_scope=SUBTREE
>
>
>
> # Ldap auth type(NONE, SEARCHANDBIND, SIMPLEBIND)
>
> ldap_auth_type=SEARCHANDBIND
>
>
>
> # userDN format, will be used to bind if ldap_auth_type=SIMPLEBIND
>
> ldap_userdn_format=sAMAccountName=%s,OU=Users,DC=beuth-hochschule.de
> ,DC=com
>
> #ldap_userdn_format=sAMAccountName=%s,DC=Company,DC=com
>
> #ldap_userdn_format=CN=%s,OU=Users,DC=Company,DC=com
>
> #ldap_userdn_format=CN=%s,DC=Company,DC=com
>
>
>
> # Ldap-password synchronization to OM DB
>
> ldap_sync_password_to_om=false
>
>
>
> # Ldap user attributes mapping
>
> # Set the following internal OM user attributes to their corresponding
>
> Ldap-attribute
>
> ldap_user_attr_lastname=sn
>
>
>
> But even after i changed it to my AD and tried several changes, no users
> were found.
>
>
>
> My actual config:
>
>
>
> ldap_server_type=AD
>
> ldap_conn_host=dc2.labmed.de
>
> ldap_conn_port=389
>
> ldap_conn_secure=false
>
> ldap_admin_dn=CN=Administrator,CN=Users,DC=labmed,DC=de
>
> ldap_passwd=SuperSecretPassword
>
> ldap_search_base=OU=labmed,DC=labmed,DC=de
>
> #ldap_search_query=(&(objectCategory=*)(objectClass=*)(sAMAccountName=%s))
>
> ldap_search_query=(sAMAccountName=%s)
>
> ldap_search_scope= SUBTREE
>
> ldap_auth_type=SEARCHANDBIND
>
> ldap_deref_mode=never
>
> ldap_userdn_format=sAMAccountName=%s,DC=labmed,DC=de
>
> ldap_provisionning=NONE
>
> ldap_use_admin_to_get_attrs=true
>
> ldap_sync_password_to_om=false
>
> ldap_sync_attr_lastname=sn
>
> ldap_user_attr_firstname=givenName
>
> ldap_user_attr_mail=mail
>
> ldap_user_attr_street=streetAddress
>
> ldap_user_attr_additionalname=description
>
> ldap_user_attr_fax=facsimileTelephoneNumber
>
> ldap_user_attr_zip=postalCode
>
> ldap_user_attr_country=co
>
> ldap_user_attr_town=l
>
> ldap_user_attr_phone=telephoneNumber
>
> ldap_use_lower_case=false
>
>
>
>
>
> It is the second day by now were i am bursting by happyness....
>
>
>
>
>
>
>
> Mit freundlichen Grüßen
>
>
>
> *Mathias Kocks*
>
> *Teamleitung IT-Infrastruktur*
>
> *Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)*
>
>
>
> Überörtliche Berufsausübungsgemeinschaft
>
> *Medizinisches Versorgungszentrum*
>
> *Dr. Eberhard & Partner Dortmund*
>
> MVZ-Haus 3: Balkenstr. 12-14
>
> 44137 Dortmund, Germany
>
>
>
> Tel.: +49 231 9572 7158
>
> Fax.: +49 231 9572 18 159
>
> E-Mail: ko...@labmed.de
>
> Web: https://www.labmed.de
>
>
>
>
>
>
> --
>
> Best regards,
> Maxim
>
>
>
>
> --
>
> Best regards,
> Maxim
>
>
>
>
> --
>
> Best regards,
> Maxim
>
>
>
>
> --
>
> Best regards,
> Maxim
>
--
Best regards,
Maxim
