Hello, - stop OM
- add the following line to `$OM_HOME/webapps/openmeetings/WEB-INF/classes/logback-config.xml`: `<logger name="org.apache.directory" level="DEBUG" />` - restart OM - Try to log in using the configured LDAP DB and try to debug the problem by checking the log file. By default, logging is done to the file `$OM_HOME/logs/catalina.out`. More details are here https://github.com/apache/openmeetings/pull/61 please check PR and discussion On Sun, 19 Apr 2020 at 05:03, Julian Weiß <jul...@ch-weiss.de> wrote: > Hey Users, > > I’m new in Openmeetings trying to get the LDAP connection done. I’m using > the same configuration as Mr Kocks has posted. > > I’ve got the Problem, that I can’t get logged in. I always get a wrong > password error, > > Can anyone tell me how to get to the debug mode, so that I can see if > there is any connection between Microsoft LDAP and the Openmeetingsserver? > > Thanks a lot! > > > > *Von: *Maxim Solodovnik <solomax...@gmail.com> > *Antworten an: *"user@openmeetings.apache.org" < > user@openmeetings.apache.org> > *Datum: *Mittwoch, 15. April 2020 um 18:22 > *An: *Openmeetings user-list <user@openmeetings.apache.org> > *Betreff: *Re: Can not use LDAP-Sync with Microsoft Active Directory > > > > really weird > > even if mapping is wrong > > 1) login (after mapping) > > 2) type == LDAP > > 3) domainId > > should remain the same > > wrong but the same > > > > so users shouldn't get duplicated > > don't get how is this possible :( > > > > On Wed, 15 Apr 2020 at 23:09, Mathias Kocks <ko...@labmed.de> wrote: > > With your tip, i dont get any new, same named users. > > I changed the mapping like this and now it is fine. > > > > ldap_server_type=AD > > ldap_conn_host=dc2.labmed.de > > ldap_conn_port=389 > > ldap_conn_secure=false > > ldap_admin_dn=CN=Mathias > Kocks,OU=User,OU=EDV,OU=labmed,DC=labmed,DC=de > > ldap_passwd=SecretPassword > > ldap_search_base=DC=labmed,DC=de > > ldap_search_query=(userprincipalname=%s) > > ldap_search_scope= SUBTREE > > ldap_auth_type=SEARCHANDBIND > > ldap_deref_mode=always > > ldap_userdn_format=%s > > ldap_provisionning=AUTOCREATE > > ldap_use_admin_to_get_attrs=false > > > > ldap_sync_password_to_om=true > > ldap_sync_attr_lastname=sn > > ldap_user_attr_firstname=givenName > > ldap_user_attr_mail=mail > > ldap_user_attr_zip=postalCode > > ldap_user_attr_country=c > > ldap_user_attr_phone=telephoneNumber > > ldap_user_attr_login=samaccountname > > #ldap_use_lower_case=false > > > > > > > > > > Mit freundlichen Grüßen > > > > *Mathias Kocks* > > *Teamleitung IT-Infrastruktur* > > *Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)* > > > > Überörtliche Berufsausübungsgemeinschaft > > *Medizinisches Versorgungszentrum* > > *Dr. Eberhard & Partner Dortmund* > > MVZ-Haus 3: Balkenstr. 12-14 > > 44137 Dortmund, Germany > > > > Tel.: +49 231 9572 7158 > > Fax.: +49 231 9572 18 159 > > E-Mail: ko...@labmed.de > > Web: https://www.labmed.de > > > > *Von:* Rohrbach, Gerald <g.rohrb...@funkegruppe.de> > *Gesendet:* Mittwoch, 15. April 2020 18:04 > *An:* user@openmeetings.apache.org > *Betreff:* AW: Can not use LDAP-Sync with Microsoft Active Directory > > > > Mathias, I don`t think it is fixed really if that are user now. > > > > It should work like this: If a user logs in its checked against AD. Then > OM looks if the user is already in DB. > > If yes, no new record in db is created. > > > > This is a LDAP maping problem, I had the same. . > > > > > > *Von:* Mathias Kocks [mailto:ko...@labmed.de <ko...@labmed.de>] > *Gesendet:* Mittwoch, 15. April 2020 17:42 > *An:* user@openmeetings.apache.org > *Betreff:* AW: Can not use LDAP-Sync with Microsoft Active Directory > > > > > > > > But the tip from Gerald worked fine. Now it is fixed. > > Thanks > > > > > > > > Mit freundlichen Grüßen > > > > *Mathias Kocks* > > *Teamleitung IT-Infrastruktur* > > *Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)* > > > > Überörtliche Berufsausübungsgemeinschaft > > *Medizinisches Versorgungszentrum* > > *Dr. Eberhard & Partner Dortmund* > > MVZ-Haus 3: Balkenstr. 12-14 > > 44137 Dortmund, Germany > > > > Tel.: +49 231 9572 7158 > > Fax.: +49 231 9572 18 159 > > E-Mail: ko...@labmed.de > > Web: https://www.labmed.de > > > > *Von:* Maxim Solodovnik <solomax...@gmail.com> > *Gesendet:* Mittwoch, 15. April 2020 17:36 > *An:* Openmeetings user-list <user@openmeetings.apache.org> > *Betreff:* Re: Can not use LDAP-Sync with Microsoft Active Directory > > > > Do you have additional DB entry on each login? > > this shouldn't be possible > > (AFAIR I have test to ensure this is impossible) > > > > On Wed, 15 Apr 2020 at 22:32, Rohrbach, Gerald <g.rohrb...@funkegruppe.de> > wrote: > > LDAP Mapping Problem, depends on > > ldap_userdn_format=userPrincipalName=%s,CN=Users,DC=mydomain,DC=de > > > > ldap_user_attr_login=sAMAccountName > > > > With debug you can analyse. It depends if users login with > userPrinicalName like in our case I use sAMAccountName for storing in db. > > > > > > Gerald > > > > *Von:* Mathias Kocks [mailto:ko...@labmed.de] > *Gesendet:* Mittwoch, 15. April 2020 17:19 > *An:* user@openmeetings.apache.org > *Betreff:* AW: Can not use LDAP-Sync with Microsoft Active Directory > > > > And another problem: > > Every time i log into OpenMeetings, i get a new entry in the user database > with login entry n...@ourdomain.de. > > > > Mit freundlichen Grüßen > > > > *Mathias Kocks* > > *Teamleitung IT-Infrastruktur* > > *Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)* > > > > Überörtliche Berufsausübungsgemeinschaft > > *Medizinisches Versorgungszentrum* > > *Dr. Eberhard & Partner Dortmund* > > MVZ-Haus 3: Balkenstr. 12-14 > > 44137 Dortmund, Germany > > > > Tel.: +49 231 9572 7158 > > Fax.: +49 231 9572 18 159 > > E-Mail: ko...@labmed.de > > Web: https://www.labmed.de > > > > *Von:* Maxim Solodovnik <solomax...@gmail.com> > *Gesendet:* Mittwoch, 15. April 2020 16:58 > *An:* Openmeetings user-list <user@openmeetings.apache.org> > *Betreff:* Re: Can not use LDAP-Sync with Microsoft Active Directory > > > > congrats :) > > > > On Wed, 15 Apr 2020 at 21:53, Rohrbach, Gerald <g.rohrb...@funkegruppe.de> > wrote: > > Under administration you can set the default language to German… > > This helped us. > > > > Gerald > > > > *Von:* Mathias Kocks [mailto:ko...@labmed.de] > *Gesendet:* Mittwoch, 15. April 2020 16:51 > *An:* user@openmeetings.apache.org > *Betreff:* AW: Can not use LDAP-Sync with Microsoft Active Directory > > > > Got it. > > > > This configuration runs with our Active Directory: > > > > ldap_server_type=AD > > ldap_conn_host=dc2.labmed.de > > ldap_conn_port=389 > > ldap_conn_secure=false > > ldap_admin_dn=CN=Some Username with > blanks,OU=User,OU=EDV,OU=labmed,DC=labmed,DC=de > > ldap_passwd=SuperSecretPassword > > ldap_search_base=DC=labmed,DC=de > > ldap_search_query=(userprincipalname=%s) > > ldap_search_scope= SUBTREE > > ldap_auth_type=SEARCHANDBIND > > ldap_deref_mode=never > > ldap_userdn_format=%s > > ldap_provisionning=AUTOCREATE > > ldap_use_admin_to_get_attrs=false > > > > ldap_sync_password_to_om=true > > ldap_sync_attr_lastname=sn > > ldap_user_attr_firstname=givenName > > ldap_user_attr_mail=mail > > ldap_user_attr_zip=postalCode > > ldap_user_attr_country=c > > ldap_user_attr_phone=telephoneNumber > > #ldap_use_lower_case=false > > > > > > > > The only thing that bothers me is, that we do not have an flag for > language in our AD, so every new user in OpenMeetings is english by > default... > > > > > > > > > > > > Mit freundlichen Grüßen > > > > *Mathias Kocks* > > *Teamleitung IT-Infrastruktur* > > *Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)* > > > > Überörtliche Berufsausübungsgemeinschaft > > *Medizinisches Versorgungszentrum* > > *Dr. Eberhard & Partner Dortmund* > > MVZ-Haus 3: Balkenstr. 12-14 > > 44137 Dortmund, Germany > > > > Tel.: +49 231 9572 7158 > > Fax.: +49 231 9572 18 159 > > E-Mail: ko...@labmed.de > > Web: https://www.labmed.de > > > > *Von:* Maxim Solodovnik <solomax...@gmail.com> > *Gesendet:* Mittwoch, 15. April 2020 16:28 > *An:* Openmeetings user-list <user@openmeetings.apache.org> > *Betreff:* Re: Can not use LDAP-Sync with Microsoft Active Directory > > > > will answer here > > > > `%s` mean put passed parameter to this place as string > > full options are here > https://docs.oracle.com/javase/7/docs/api/java/util/Formatter.html > > > > On Wed, 15 Apr 2020 at 19:37, Rohrbach, Gerald <g.rohrb...@funkegruppe.de> > wrote: > > This is working…. > > I would not use an DomainAdmin account for query. It can be a simple > restricted user… > > > > Maxim pointed already to a link, the debug mode is helpful… > > > > > > ldap_conn_host=DESVR-AD01.mydomain.de > > ldap_conn_port=389 > > ldap_conn_secure=false > > > > > ldap_admin_dn=CN=ldapopenmeetings,OU=Users-Service-Accounts,DC=mydomain,DC=de > > > > ldap_passwd=#password# > > ldap_search_base=DC=mydomain,DC=de > > > > ldap_search_query=(userPrincipalName=%s) > > > > ldap_search_scope=SUBTREE > > > > ldap_auth_type=SEARCHANDBIND > > > > ldap_userdn_format=userPrincipalName=%s,CN=Users,DC=mydomain,DC=de > > > > ldap_provisionning=AUTOCREATE > > > > ldap_deref_mode=always > > > > ldap_use_admin_to_get_attrs=true > > ldap_sync_password_to_om=true > > > > ldap_group_mode=NONE > > > > ldap_group_query=(&(memberUid=%s)(objectClass=posixGroup)) > > > > # Ldap user attributes mapping > > # Set the following internal OM user attributes to their corresponding > Ldap-attribute > > ldap_user_attr_login=sAMAccountName > > ldap_user_attr_lastname=sn > > ldap_user_attr_firstname=givenName > > ldap_user_attr_mail=mail > > ldap_user_attr_street=streetAddress > > ldap_user_attr_additionalname=description > > ldap_user_attr_fax=facsimileTelephoneNumber > > ldap_user_attr_zip=postalCode > > ldap_user_attr_country=c > > ldap_user_attr_town=l > > ldap_user_attr_phone=telephoneNumber > > > > ldap_group_attr=memberOf > > > > > > ldap_use_lower_case=false > > > > # Ldap import query, this query should retrieve all LDAP users > > ldap_import_query=(objectClass=inetOrgPerson) > > > > Dortmund is not far away… > > > > Regards > > > > Gerald > > > > *Von:* Mathias Kocks [mailto:ko...@labmed.de] > *Gesendet:* Mittwoch, 15. April 2020 14:06 > *An:* user@openmeetings.apache.org > *Betreff:* Can not use LDAP-Sync with Microsoft Active Directory > > > > Hello, > > i am new to this project and a have a problem with the LDAP-Sync. I even > can not find any good documentations... > > > > My problem is, that slapd does not find any user in my AD. I am not even > shure, if it is searching for real. I found in the mailing list archive > some example configs, but they does not work for me. > > I found this one: > > > > #LDAP URL > > ldap_conn_host=LDAP_server.Company.com > > ldap_conn_port=636 > > ldap_conn_secure=true > > > > # Login distinguished name (DN) for Authentication on LDAP Server > > # Use full qualified LDAP DN > > ldap_admin_dn=CN=ldapauth,OU=Users,DC=Company,DC=com > > > > # Loginpass for Authentication on LDAP Server > > ldap_passwd=ldapauthpasswd > > > > # base to search for userdata(of user, that wants to login) > > ldap_search_base=OU=Users,DC=Company,DC=com > > #ldap_search_base=DC=Company,DC=com > > > > # Fieldnames (can differ between Ldap servers) > > > ldap_search_query=(&(objectCategory=person)(objectClass=person)(sAMAccountName=%1$s)) > > #ldap_search_query=(sAMAccountName=%s) > > #ldap_search_query=(CN=%s) > > > > # the scope of the search might be: OBJECT, ONELEVEL, SUBTREE > > ldap_search_scope=SUBTREE > > > > # Ldap auth type(NONE, SEARCHANDBIND, SIMPLEBIND) > > ldap_auth_type=SEARCHANDBIND > > > > # userDN format, will be used to bind if ldap_auth_type=SIMPLEBIND > > ldap_userdn_format=sAMAccountName=%s,OU=Users,DC=beuth-hochschule.de > ,DC=com > > #ldap_userdn_format=sAMAccountName=%s,DC=Company,DC=com > > #ldap_userdn_format=CN=%s,OU=Users,DC=Company,DC=com > > #ldap_userdn_format=CN=%s,DC=Company,DC=com > > > > # Ldap-password synchronization to OM DB > > ldap_sync_password_to_om=false > > > > # Ldap user attributes mapping > > # Set the following internal OM user attributes to their corresponding > > Ldap-attribute > > ldap_user_attr_lastname=sn > > > > But even after i changed it to my AD and tried several changes, no users > were found. > > > > My actual config: > > > > ldap_server_type=AD > > ldap_conn_host=dc2.labmed.de > > ldap_conn_port=389 > > ldap_conn_secure=false > > ldap_admin_dn=CN=Administrator,CN=Users,DC=labmed,DC=de > > ldap_passwd=SuperSecretPassword > > ldap_search_base=OU=labmed,DC=labmed,DC=de > > #ldap_search_query=(&(objectCategory=*)(objectClass=*)(sAMAccountName=%s)) > > ldap_search_query=(sAMAccountName=%s) > > ldap_search_scope= SUBTREE > > ldap_auth_type=SEARCHANDBIND > > ldap_deref_mode=never > > ldap_userdn_format=sAMAccountName=%s,DC=labmed,DC=de > > ldap_provisionning=NONE > > ldap_use_admin_to_get_attrs=true > > ldap_sync_password_to_om=false > > ldap_sync_attr_lastname=sn > > ldap_user_attr_firstname=givenName > > ldap_user_attr_mail=mail > > ldap_user_attr_street=streetAddress > > ldap_user_attr_additionalname=description > > ldap_user_attr_fax=facsimileTelephoneNumber > > ldap_user_attr_zip=postalCode > > ldap_user_attr_country=co > > ldap_user_attr_town=l > > ldap_user_attr_phone=telephoneNumber > > ldap_use_lower_case=false > > > > > > It is the second day by now were i am bursting by happyness.... > > > > > > > > Mit freundlichen Grüßen > > > > *Mathias Kocks* > > *Teamleitung IT-Infrastruktur* > > *Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)* > > > > Überörtliche Berufsausübungsgemeinschaft > > *Medizinisches Versorgungszentrum* > > *Dr. Eberhard & Partner Dortmund* > > MVZ-Haus 3: Balkenstr. 12-14 > > 44137 Dortmund, Germany > > > > Tel.: +49 231 9572 7158 > > Fax.: +49 231 9572 18 159 > > E-Mail: ko...@labmed.de > > Web: https://www.labmed.de > > > > > > > -- > > Best regards, > Maxim > > > > > -- > > Best regards, > Maxim > > > > > -- > > Best regards, > Maxim > > > > > -- > > Best regards, > Maxim > -- Best regards, Maxim