openmeetings-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vieri <rentor...@yahoo.com>
Subject Re: SOAP and LDAP authentication
Date Fri, 03 Aug 2012 11:54:28 GMT
Thanks.
I understand the general picture now.


--- On Fri, 8/3/12, Maxim Solodovnik <solomax666@gmail.com> wrote:

> Actually you can do the following:
> login as generic user to OM.
> Query details of user, you would like to send hash to, from
> LDAP
> generate hash with above details
> send it to the user
> 
> I'm afraid LDAP login should be _before_ user can get hash
> like LDAP login
> to your CMS, then after user is login successfully he can
> get his/her hash
> generated.
> 
> On Fri, Aug 3, 2012 at 5:57 PM, Vieri <rentorbuy@yahoo.com>
> wrote:
> 
> > So basically, I need to use a "generic" admin local
> user to login and then
> > generate hashes for room access.
> >
> > If I want to "impersonate" some other user, I would
> need to call
> >
> > setUserObjectAndGenerateRoomHash
> >
> > as suggested by Maxim.
> >
> > No LDAP authentication at all.
> >
> > Thanks,
> >
> > Vieri
> >
> > --- On Fri, 8/3/12, seba.wagner@gmail.com
> <seba.wagner@gmail.com>
> wrote:
> >
> > > Hallo Vieri,
> > >
> > > login into the SOAP/REST API with an LDAP user is
> a
> > > conceptional
> > > misunderstanding.
> > >
> > > You would _never_ login anybody using the
> SOAP/REST api to
> > > actually enter a
> > > conference room.
> > > Login via SOAP/REST makes only sense with an Admin
> (or user
> > > level
> > > SOAP/REST).
> > > After you've logged in using SOAP/REST you can
> create
> > > conference rooms or
> > > HASHs to directly enter a conference room.
> > > So the SOAP/REST API is to realize integration
> into websites
> > > or any other
> > > 3th party system.
> > > You will not actually "Login" via SOAP with any
> user, only
> > > with the admin
> > > to simulate other users by for example create
> HASHs
> > >
> > > Sebastian
> > >
> > > 2012/8/3 Vieri <rentorbuy@yahoo.com>
> > >
> > > > Hi,
> > > >
> > > > I configured an LDAP authentication module
> in
> > > OpenMeetings so that when a
> > > > user logs in he/she must select a "domain"
> (local or
> > > LDAP).
> > > > This works fine on the web UI.
> > > >
> > > > However, when accessing via SOAP I use the
> UserService
> > > method: loginUser (
> > > > String SID , String username , String
> userpass ) but
> > > the domain can't be
> > > > specified.
> > > > So LDAP user authentication via SOAP fails
> while
> > > "local" user
> > > > authentication via SOAP succeeds.
> > > >
> > > > The information was taken from:
> > > > http://incubator.apache.org/openmeetings/UserService.html#loginUser
> > > >
> > > > The older (obsolete) site contains more
> information
> > > (!):
> > > > http://code.google.com/p/openmeetings/wiki/SoapMethods#loginUser
> > > >
> > > > It states "Username from OpenMeetings, the
> user has to
> > > have Admin-rights".
> > > > That makes sense although I suppose that a
> "moderator"
> > > level should be
> > > > enough.
> > > >
> > > > On a fresh OpenMeetings install, LDAP users
> don't
> > > appear in the "User
> > > > management" tool in the web UI until they
> have logged
> > > in at least once.
> > > > So I logged in once with an LDAP user and
> then logged
> > > in as a local admin
> > > > and changed the LDAP user's level to
> "admin".
> > > >
> > > > Still, the SOAP login request with the LDAP
> user
> > > fails.
> > > >
> > > > getErrorByCode yields "Invalid password"
> (-11).
> > > >
> > > > Using OM 2.0 from ASF.
> > > >
> > > > Any suggestions?
> > > > What debug info whould you require?
> > > > Or is LDAP/AD authentication unsupported via
> SOAP?
> > > >
> > > > Thanks,
> > > >
> > > > Vieri
> > > >
> > > >
> > >
> > >
> > > --
> > > Sebastian Wagner
> > > https://twitter.com/#!/dead_lock
> > > http://www.openmeetings.de
> > > http://www.webbase-design.de
> > > http://www.wagner-sebastian.com
> > > seba.wagner@gmail.com
> > >
> >
> 
> 
> 
> -- 
> WBR
> Maxim aka solomax
> 

Mime
View raw message