openmeetings-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bart Coninckx <bart.conin...@telenet.be>
Subject Re: LDAP authentication against eDirectory issue
Date Wed, 30 Jan 2013 13:07:21 GMT
Hi Stephen,

that's what I'm doing. I have now three different configs: OpenLDAP, 
Edirectory and AD (I have all at hand fortunately) and none of them work 
so far.

For AD I have a different problem than for the other two (administrator 
can't log on) so I'm investigating that one further now. Would be a 
regular shame though if I would be forced to use AD, one of my least 
favorite directories.

BC



On 01/30/13 14:03, Stephen Cottham wrote:
>
> If you're still having issues after that then grab the Apache 
> Directory studio here:
>
> http://directory.apache.org/studio/
>
> Connect to your LDAP server and confirm the Attribute details are 
> correct for your setup.
>
> Best Regards
>
> *From:*Stephen Cottham [mailto:Stephen.Cottham@robertbird.com.au]
> *Sent:* 30 January 2013 12:56
> *To:* user@openmeetings.apache.org
> *Subject:* RE: LDAP authentication against eDirectory issue
>
> This works for me Against 2003 AD
>
> ldap_server_type=AD
>
> ldap_conn_url=ldap://(serverIP):389
>
> ldap_admin_dn=CN:Administrator,OU:Admin Accounts,DC:domain,DC:name
>
> ldap_passwd=adminpassword
>
> ldap_search_base= DC:domain,DC:name
>
> field_user_principal=userPrincipalName
>
> ldap_auth_type=SIMPLE
>
> ldap_sync_password_to_om=yes
>
> ldap_user_attr_lastname=sn
>
> ldap_user_attr_firstname=givenName
>
> ldap_user_attr_mail=mail
>
> ldap_user_attr_street=streetAddress
>
> ldap_user_attr_additionalname=description
>
> ldap_user_attr_fax=facsimileTelephoneNumber
>
> ldap_user_attr_zip=postalCode
>
> ldap_user_attr_country=co
>
> ldap_user_attr_town=l
>
> ldap_user_attr_phone=telephoneNumber
>
> ldap_use_lower_case=true
>
> Make sure the time is correct on the OM machine as AD doesn't like too 
> much clock skew.
>
> Cheers
>
> *From:*Bart Coninckx [mailto:bart.coninckx@telenet.be]
> *Sent:* 30 January 2013 12:34
> *To:* user@openmeetings.apache.org <mailto:user@openmeetings.apache.org>
> *Subject:* Re: LDAP authentication against eDirectory issue
>
> Would you mind posting your config file?
>
> cheers,
>
> BC
>
> On 01/30/13 13:01, Stephen Cottham wrote:
>
>     Havant tested OpenLDAP or eDirectory but I can confirm it works
>     fine with Active Directory.
>
>     *Stephen Cottham**
>     *Group IT Manager (Associate)
>
>     Robert Bird Group
>     Level 5, 333 Ann St
>     Brisbane, Queensland, 4000, Australia
>
>     *Phone: +6173 319 2777 (AUS)*
>
>     *Phone: +44207 633 2880 (UK)*
>
>     *Fax: +6173 319 2799*
>
>     *Mobile: +61400 756 963 (AUS)*
>
>     *Mobile: +447900 918 616 (UK)*
>
>     *Web: **www.robertbird.com* <http://www.robertbird.com/>
>
>     <http://www.robertbird.com.au/>
>
>     This email and any attachments are confidential and may contain
>     legally privileged information or copyright material. Unless
>     expressly stated, confidentiality and/or legal privilege is not
>     intended to be waived by the sending of this email. The contents
>     of this email, including any attachments, are intended solely for
>     the use of the individual or entity to whom they are addressed. If
>     you are not an intended recipient, please contact us immediately
>     by return email and then delete both messages. You may not
>     otherwise read, forward, copy, use or disclose this email or any
>     attachments. Any views expressed in this email are those of the
>     individual sender except where the sender expressly, and with
>     authority, states otherwise. It is your responsibility to check
>     any attachments for viruses or defects before opening or sending
>     them on. None of the sender or its related entities accepts any
>     liability for any consequential damage resulting from this email
>     containing computer viruses.
>
>
>     Disclaimer added by *CodeTwo Exchange Rules*
>     www.codetwo.com <http://www.codetwo.com>
>
>     *From:*Bart Coninckx [mailto:bart.coninckx@telenet.be]
>     *Sent:* 30 January 2013 11:57
>     *To:* user@openmeetings.apache.org
>     <mailto:user@openmeetings.apache.org>
>     *Subject:* Re: LDAP authentication against eDirectory issue
>
>     OK - this thing is driving me crazy. After scavaging the mailing
>     lists for several hours and doing numerous attempts to get it
>     working, nothing seems to help.
>     I suspect something is missing for OM to be able to create the
>     LDAP user in it's local database. While manually inserting a user,
>     I get the question to which user group the user will belong.
>     This membership is not investigated while doing a LDAP search, so
>     the problem might be there.
>
>     Does anyone have any clue on why the logfile reports the LDAP
>     being created successfully, while it not's not? The same problem
>     exists for OpenLDAP as for eDirectory, so I'm guessing it's not
>     related to the LDAP config.
>
>     Cheers,
>
>     BC
>
>
>     On 01/29/13 22:55, Bart Coninckx wrote:
>
>         Weird - I tried with openldap and I get the same phenomenon.
>
>         :-s
>
>
>         thx,
>
>         BC
>
>         On 01/29/13 20:21, Bart Coninckx wrote:
>
>             two additions:
>
>             - I added "ldap_user_attr_language_id=Language" to no avail
>             - eDir wants to have the user login name ALWAYS in
>             capitals, nomatter how ldap_use_lower_case is defined.
>
>
>             BC
>
>
>
>             On 01/29/13 19:59, Bart Coninckx wrote:
>
>                 Hi again,
>
>                 The next step for me was enabling LDAP auth.
>                 This produces errors however:
>
>                 DEBUG 01-29 19:52:49.161 LdapLoginManagement.java
>                 204230 242
>                 org.openmeetings.app.ldap.LdapLoginManagement
>                 [NioProcessor-18] - LdapLoginmanagement.doLdapLogin
>                 DEBUG 01-29 19:52:49.161 LdapLoginManagement.java
>                 204230 198
>                 org.openmeetings.app.ldap.LdapLoginManagement
>                 [NioProcessor-18] - LdapLoginmanagement.getLdapConfigData
>                 DEBUG 01-29 19:52:49.161 LdapLoginManagement.java
>                 204230 217
>                 org.openmeetings.app.ldap.LdapLoginManagement
>                 [NioProcessor-18] - LdapLoginmanagement.readConfig :
>                 /data/openmeetings/webapps/openmeetings/conf/edir.ldap.cfg
>                 DEBUG 01-29 19:52:49.162 LdapLoginManagement.java
>                 204231 138
>                 org.openmeetings.app.ldap.LdapLoginManagement
>                 [NioProcessor-18] - isValidAuthType
>                 DEBUG 01-29 19:52:49.162 LdapLoginManagement.java
>                 204231 382
>                 org.openmeetings.app.ldap.LdapLoginManagement
>                 [NioProcessor-18] - Searching userdata with LDAP
>                 Search Filter :(uid=BC)
>                 DEBUG 01-29 19:52:49.163 LdapAuthBase.java 204232 84
>                 org.openmeetings.app.ldap.LdapAuthBase
>                 [NioProcessor-18] - LdapAuthBase
>                 DEBUG 01-29 19:52:49.163 LdapLoginManagement.java
>                 204232 393
>                 org.openmeetings.app.ldap.LdapLoginManagement
>                 [NioProcessor-18] - authenticating admin...
>                 DEBUG 01-29 19:52:49.163 LdapAuthBase.java 204232 101
>                 org.openmeetings.app.ldap.LdapAuthBase
>                 [NioProcessor-18] - authenticateUser
>                 DEBUG 01-29 19:52:49.163 LdapAuthBase.java 204232 117
>                 org.openmeetings.app.ldap.LdapAuthBase
>                 [NioProcessor-18] -
>
>                 Authentification to LDAP - Server start
>                 DEBUG 01-29 19:52:49.164 LdapAuthBase.java 204233 151
>                 org.openmeetings.app.ldap.LdapAuthBase
>                 [NioProcessor-18] - loginToLdapServer
>                 DEBUG 01-29 19:52:49.167 LdapLoginManagement.java
>                 204236 396
>                 org.openmeetings.app.ldap.LdapLoginManagement
>                 [NioProcessor-18] - Checking server type...
>                 DEBUG 01-29 19:52:49.168 LdapLoginManagement.java
>                 204237 400
>                 org.openmeetings.app.ldap.LdapLoginManagement
>                 [NioProcessor-18] - LDAP server is OpenLDAP
>                 DEBUG 01-29 19:52:49.168 LdapLoginManagement.java
>                 204237 401
>                 org.openmeetings.app.ldap.LdapLoginManagement
>                 [NioProcessor-18] - LDAP search base: OU=tu,O=be
>                 DEBUG 01-29 19:52:49.173 LdapLoginManagement.java
>                 204242 407
>                 org.openmeetings.app.ldap.LdapLoginManagement
>                 [NioProcessor-18] - Authentication with DN:
>                 cn=BC,ou=ICT,OU=tu,O=be
>                 DEBUG 01-29 19:52:49.174 LdapAuthBase.java 204243 101
>                 org.openmeetings.app.ldap.LdapAuthBase
>                 [NioProcessor-18] - authenticateUser
>                 DEBUG 01-29 19:52:49.174 LdapAuthBase.java 204243 117
>                 org.openmeetings.app.ldap.LdapAuthBase
>                 [NioProcessor-18] -
>
>                 Authentification to LDAP - Server start
>                 DEBUG 01-29 19:52:49.174 LdapAuthBase.java 204243 151
>                 org.openmeetings.app.ldap.LdapAuthBase
>                 [NioProcessor-18] - loginToLdapServer
>                 DEBUG 01-29 19:52:49.177 Usermanagement.java 204246
>                 1556 org.openmeetings.app.data.user.Usermanagement
>                 [NioProcessor-18] - Usermanagement.getUserByLogin : BC
>                 DEBUG 01-29 19:52:49.202 LdapLoginManagement.java
>                 204271 442
>                 org.openmeetings.app.ldap.LdapLoginManagement
>                 [NioProcessor-18] - user doesnt exist local -> create new
>                 DEBUG 01-29 19:52:49.203 LdapAuthBase.java 204272 174
>                 org.openmeetings.app.ldap.LdapAuthBase
>                 [NioProcessor-18] - getData
>                 DEBUG 01-29 19:52:49.208 LdapLoginManagement.java
>                 204277 495
>                 org.openmeetings.app.ldap.LdapLoginManagement
>                 [NioProcessor-18] - Synching Ldap user to OM DB with
>                 RANDOM password: brghzu36ohpp
>                 DEBUG 01-29 19:52:49.209 LdapLoginManagement.java
>                 204278 592
>                 org.openmeetings.app.ldap.LdapLoginManagement
>                 [NioProcessor-18] -
>                 LdapLoginmanagement.createUserFromLdapData
>                 DEBUG 01-29 19:52:49.305 LdapLoginManagement.java
>                 204374 727
>                 org.openmeetings.app.ldap.LdapLoginManagement
>                 [NioProcessor-18] - User Created!
>                 DEBUG 01-29 19:52:49.305 LdapLoginManagement.java
>                 204374 504
>                 org.openmeetings.app.ldap.LdapLoginManagement
>                 [NioProcessor-18] - New User ID : -13
>                 DEBUG 01-29 19:52:49.307 Sessionmanagement.java 204376
>                 176 org.openmeetings.app.data.basic.Sessionmanagement
>                 [NioProcessor-18] - updateUser User: -13 ||
>                 d1b0316797f91a46c08a392d071a790d
>                 DEBUG 01-29 19:52:49.311 Sessionmanagement.java 204380
>                 196 org.openmeetings.app.data.basic.Sessionmanagement
>                 [NioProcessor-18] - Found session to update:
>                 d1b0316797f91a46c08a392d071a790d userId: -13
>                 DEBUG 01-29 19:52:49.315 Usermanagement.java 204384
>                 1505 org.openmeetings.app.data.user.Usermanagement
>                 [NioProcessor-18] - Usermanagement.getUserById
>                 [INFO] [NioProcessor-18]
>                 org.red5.server.net.rtmp.codec.RTMPProtocolDecoder -
>                 Action errorservice.getErrorByCode
>                 DEBUG 01-29 19:52:49.627 ErrorService.java 204696 60
>                 org.openmeetings.app.remote.ErrorService
>                 [NioProcessor-18] - errorid, language_id: -1|1
>                 DEBUG 01-29 19:52:49.632 ErrorService.java 204701 64
>                 org.openmeetings.app.remote.ErrorService
>                 [NioProcessor-18] - eValues.getFieldvalues_id() = 334
>                 DEBUG 01-29 19:52:49.636 ErrorService.java 204705 66
>                 org.openmeetings.app.remote.ErrorService
>                 [NioProcessor-18] - eValues.getErrorType() =
>                 org.openmeetings.app.persistence.beans.basic.ErrorType@32b1a562
>                 <mailto:org.openmeetings.app.persistence.beans.basic.ErrorType@32b1a562>
>
>                 As far as I can tell, OM is effectively able to
>                 authenticate the user and adds it to it's own database.
>                 However, when I check the DB, there's no new user,
>                 just the local admin.
>
>                 This OM 2.0 and this is the config file:
>
>                 ldap_server_type=OpenLDAP
>                 ldap_conn_url=ldap://cluster2fs.dafra.be:389
>                 ldap_admin_dn=CN:admin,O:be
>                 ldap_passwd=nononono_you_can_not_have_this
>                 ldap_search_base=OU:tu,O:be
>                 field_user_principal=uid
>                 ldap_auth_type=SIMPLE
>                 ldap_use_lower_case=true
>                 #ldap_user_timezone=timezone
>                 ldap_sync_password_to_om=no
>                 ldap_user_attr_lastname=sn
>                 ldap_user_attr_firstname=givenName
>                 ldap_user_attr_mail=mail
>                 ldap_user_attr_street=street
>                 ldap_user_attr_additionalname=description
>                 ldap_user_attr_fax=facsimileTelephoneNumber
>                 ldap_user_attr_zip=postalCode
>                 ldap_user_attr_country=co
>                 ldap_user_attr_town=city
>                 ldap_user_attr_phone=telephoneNumber
>                 ldap_user_attr_language=Language
>
>                 I used this documentation (which is rather brief):
>                 http://incubator.apache.org/openmeetings/LdapAndADS.html
>
>
>                 the config file I assembled both from the sample file
>                 and a mailing post.
>                 I'm able to trace LDAP calls on the eDir server and
>                 nothing funny happens there. The search is done for
>                 the user, without any attributes however, so eDir
>                 sends them all.
>
>                 Anyone a small hint?
>
>                 cheers,
>
>                 BC
>
>
>
>


Mime
View raw message