openmeetings-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bart Coninckx <bart.conin...@telenet.be>
Subject Re: LDAP authentication against eDirectory issue
Date Wed, 30 Jan 2013 13:15:12 GMT
Yes, it is running in DEBUG mode.
AD is functional now, so that is OK, thanks to your config file.

Yvan was so kind as to post his config as well. Mine is very simlilar, 
yet does not work.
I'll try some more.

Cheers all,

BC


On 01/30/13 14:11, Stephen Cottham wrote:
>
> Not sure why you are having issues, did you see the response from Yvan 
> Arnaud? Hes using OpenLAD
>
> And you confirmed the time is correct?
>
> Are you running OM in debug mode? This will give you more information 
> as to what's happening when the authentication occurs.
>
> *From:*Bart Coninckx [mailto:bart.coninckx@telenet.be]
> *Sent:* 30 January 2013 13:07
> *To:* user@openmeetings.apache.org
> *Subject:* Re: LDAP authentication against eDirectory issue
>
> Hi Stephen,
>
> that's what I'm doing. I have now three different configs: OpenLDAP, 
> Edirectory and AD (I have all at hand fortunately) and none of them 
> work so far.
>
> For AD I have a different problem than for the other two 
> (administrator can't log on) so I'm investigating that one further 
> now. Would be a regular shame though if I would be forced to use AD, 
> one of my least favorite directories.
>
> BC
>
>
>
> On 01/30/13 14:03, Stephen Cottham wrote:
>
>     If you're still having issues after that then grab the Apache
>     Directory studio here:
>
>     http://directory.apache.org/studio/
>
>     Connect to your LDAP server and confirm the Attribute details are
>     correct for your setup.
>
>     Best Regards
>
>     *From:*Stephen Cottham [mailto:Stephen.Cottham@robertbird.com.au]
>     *Sent:* 30 January 2013 12:56
>     *To:* user@openmeetings.apache.org
>     <mailto:user@openmeetings.apache.org>
>     *Subject:* RE: LDAP authentication against eDirectory issue
>
>     This works for me Against 2003 AD
>
>     ldap_server_type=AD
>
>     ldap_conn_url=ldap://(serverIP):389 <ldap://%28serverIP%29:389>
>
>     ldap_admin_dn=CN:Administrator,OU:Admin Accounts,DC:domain,DC:name
>
>     ldap_passwd=adminpassword
>
>     ldap_search_base= DC:domain,DC:name
>
>     field_user_principal=userPrincipalName
>
>     ldap_auth_type=SIMPLE
>
>     ldap_sync_password_to_om=yes
>
>     ldap_user_attr_lastname=sn
>
>     ldap_user_attr_firstname=givenName
>
>     ldap_user_attr_mail=mail
>
>     ldap_user_attr_street=streetAddress
>
>     ldap_user_attr_additionalname=description
>
>     ldap_user_attr_fax=facsimileTelephoneNumber
>
>     ldap_user_attr_zip=postalCode
>
>     ldap_user_attr_country=co
>
>     ldap_user_attr_town=l
>
>     ldap_user_attr_phone=telephoneNumber
>
>     ldap_use_lower_case=true
>
>     Make sure the time is correct on the OM machine as AD doesn't like
>     too much clock skew.
>
>     Cheers
>
>     *From:*Bart Coninckx [mailto:bart.coninckx@telenet.be]
>     *Sent:* 30 January 2013 12:34
>     *To:* user@openmeetings.apache.org
>     <mailto:user@openmeetings.apache.org>
>     *Subject:* Re: LDAP authentication against eDirectory issue
>
>     Would you mind posting your config file?
>
>     cheers,
>
>     BC
>
>     On 01/30/13 13:01, Stephen Cottham wrote:
>
>         Havant tested OpenLDAP or eDirectory but I can confirm it
>         works fine with Active Directory.
>
>         *Stephen Cottham**
>         *Group IT Manager (Associate)
>
>         Robert Bird Group
>         Level 5, 333 Ann St
>         Brisbane, Queensland, 4000, Australia
>
>         *Phone: +6173 319 2777 (AUS)*
>
>         *Phone: +44207 633 2880 (UK)*
>
>         *Fax: +6173 319 2799*
>
>         *Mobile: +61400 756 963 (AUS)*
>
>         *Mobile: +447900 918 616 (UK)*
>
>         *Web: **www.robertbird.com* <http://www.robertbird.com/>
>
>         <http://www.robertbird.com.au/>
>
>         This email and any attachments are confidential and may
>         contain legally privileged information or copyright material.
>         Unless expressly stated, confidentiality and/or legal
>         privilege is not intended to be waived by the sending of this
>         email. The contents of this email, including any attachments,
>         are intended solely for the use of the individual or entity to
>         whom they are addressed. If you are not an intended recipient,
>         please contact us immediately by return email and then delete
>         both messages. You may not otherwise read, forward, copy, use
>         or disclose this email or any attachments. Any views expressed
>         in this email are those of the individual sender except where
>         the sender expressly, and with authority, states otherwise. It
>         is your responsibility to check any attachments for viruses or
>         defects before opening or sending them on. None of the sender
>         or its related entities accepts any liability for any
>         consequential damage resulting from this email containing
>         computer viruses.
>
>
>         Disclaimer added by *CodeTwo Exchange Rules*
>         www.codetwo.com <http://www.codetwo.com>
>
>         *From:*Bart Coninckx [mailto:bart.coninckx@telenet.be]
>         *Sent:* 30 January 2013 11:57
>         *To:* user@openmeetings.apache.org
>         <mailto:user@openmeetings.apache.org>
>         *Subject:* Re: LDAP authentication against eDirectory issue
>
>         OK - this thing is driving me crazy. After scavaging the
>         mailing lists for several hours and doing numerous attempts to
>         get it working, nothing seems to help.
>         I suspect something is missing for OM to be able to create the
>         LDAP user in it's local database. While manually inserting a
>         user, I get the question to which user group the user will
>         belong.
>         This membership is not investigated while doing a LDAP search,
>         so the problem might be there.
>
>         Does anyone have any clue on why the logfile reports the LDAP
>         being created successfully, while it not's not? The same
>         problem exists for OpenLDAP as for eDirectory, so I'm guessing
>         it's not related to the LDAP config.
>
>         Cheers,
>
>         BC
>
>
>         On 01/29/13 22:55, Bart Coninckx wrote:
>
>             Weird - I tried with openldap and I get the same phenomenon.
>
>             :-s
>
>
>             thx,
>
>             BC
>
>             On 01/29/13 20:21, Bart Coninckx wrote:
>
>                 two additions:
>
>                 - I added "ldap_user_attr_language_id=Language" to no
>                 avail
>                 - eDir wants to have the user login name ALWAYS in
>                 capitals, nomatter how ldap_use_lower_case is defined.
>
>
>                 BC
>
>
>
>                 On 01/29/13 19:59, Bart Coninckx wrote:
>
>                     Hi again,
>
>                     The next step for me was enabling LDAP auth.
>                     This produces errors however:
>
>                     DEBUG 01-29 19:52:49.161 LdapLoginManagement.java
>                     204230 242
>                     org.openmeetings.app.ldap.LdapLoginManagement
>                     [NioProcessor-18] - LdapLoginmanagement.doLdapLogin
>                     DEBUG 01-29 19:52:49.161 LdapLoginManagement.java
>                     204230 198
>                     org.openmeetings.app.ldap.LdapLoginManagement
>                     [NioProcessor-18] -
>                     LdapLoginmanagement.getLdapConfigData
>                     DEBUG 01-29 19:52:49.161 LdapLoginManagement.java
>                     204230 217
>                     org.openmeetings.app.ldap.LdapLoginManagement
>                     [NioProcessor-18] - LdapLoginmanagement.readConfig
>                     :
>                     /data/openmeetings/webapps/openmeetings/conf/edir.ldap.cfg
>                     DEBUG 01-29 19:52:49.162 LdapLoginManagement.java
>                     204231 138
>                     org.openmeetings.app.ldap.LdapLoginManagement
>                     [NioProcessor-18] - isValidAuthType
>                     DEBUG 01-29 19:52:49.162 LdapLoginManagement.java
>                     204231 382
>                     org.openmeetings.app.ldap.LdapLoginManagement
>                     [NioProcessor-18] - Searching userdata with LDAP
>                     Search Filter :(uid=BC)
>                     DEBUG 01-29 19:52:49.163 LdapAuthBase.java 204232
>                     84 org.openmeetings.app.ldap.LdapAuthBase
>                     [NioProcessor-18] - LdapAuthBase
>                     DEBUG 01-29 19:52:49.163 LdapLoginManagement.java
>                     204232 393
>                     org.openmeetings.app.ldap.LdapLoginManagement
>                     [NioProcessor-18] - authenticating admin...
>                     DEBUG 01-29 19:52:49.163 LdapAuthBase.java 204232
>                     101 org.openmeetings.app.ldap.LdapAuthBase
>                     [NioProcessor-18] - authenticateUser
>                     DEBUG 01-29 19:52:49.163 LdapAuthBase.java 204232
>                     117 org.openmeetings.app.ldap.LdapAuthBase
>                     [NioProcessor-18] -
>
>                     Authentification to LDAP - Server start
>                     DEBUG 01-29 19:52:49.164 LdapAuthBase.java 204233
>                     151 org.openmeetings.app.ldap.LdapAuthBase
>                     [NioProcessor-18] - loginToLdapServer
>                     DEBUG 01-29 19:52:49.167 LdapLoginManagement.java
>                     204236 396
>                     org.openmeetings.app.ldap.LdapLoginManagement
>                     [NioProcessor-18] - Checking server type...
>                     DEBUG 01-29 19:52:49.168 LdapLoginManagement.java
>                     204237 400
>                     org.openmeetings.app.ldap.LdapLoginManagement
>                     [NioProcessor-18] - LDAP server is OpenLDAP
>                     DEBUG 01-29 19:52:49.168 LdapLoginManagement.java
>                     204237 401
>                     org.openmeetings.app.ldap.LdapLoginManagement
>                     [NioProcessor-18] - LDAP search base: OU=tu,O=be
>                     DEBUG 01-29 19:52:49.173 LdapLoginManagement.java
>                     204242 407
>                     org.openmeetings.app.ldap.LdapLoginManagement
>                     [NioProcessor-18] - Authentication with DN:
>                     cn=BC,ou=ICT,OU=tu,O=be
>                     DEBUG 01-29 19:52:49.174 LdapAuthBase.java 204243
>                     101 org.openmeetings.app.ldap.LdapAuthBase
>                     [NioProcessor-18] - authenticateUser
>                     DEBUG 01-29 19:52:49.174 LdapAuthBase.java 204243
>                     117 org.openmeetings.app.ldap.LdapAuthBase
>                     [NioProcessor-18] -
>
>                     Authentification to LDAP - Server start
>                     DEBUG 01-29 19:52:49.174 LdapAuthBase.java 204243
>                     151 org.openmeetings.app.ldap.LdapAuthBase
>                     [NioProcessor-18] - loginToLdapServer
>                     DEBUG 01-29 19:52:49.177 Usermanagement.java
>                     204246 1556
>                     org.openmeetings.app.data.user.Usermanagement
>                     [NioProcessor-18] - Usermanagement.getUserByLogin : BC
>                     DEBUG 01-29 19:52:49.202 LdapLoginManagement.java
>                     204271 442
>                     org.openmeetings.app.ldap.LdapLoginManagement
>                     [NioProcessor-18] - user doesnt exist local ->
>                     create new
>                     DEBUG 01-29 19:52:49.203 LdapAuthBase.java 204272
>                     174 org.openmeetings.app.ldap.LdapAuthBase
>                     [NioProcessor-18] - getData
>                     DEBUG 01-29 19:52:49.208 LdapLoginManagement.java
>                     204277 495
>                     org.openmeetings.app.ldap.LdapLoginManagement
>                     [NioProcessor-18] - Synching Ldap user to OM DB
>                     with RANDOM password: brghzu36ohpp
>                     DEBUG 01-29 19:52:49.209 LdapLoginManagement.java
>                     204278 592
>                     org.openmeetings.app.ldap.LdapLoginManagement
>                     [NioProcessor-18] -
>                     LdapLoginmanagement.createUserFromLdapData
>                     DEBUG 01-29 19:52:49.305 LdapLoginManagement.java
>                     204374 727
>                     org.openmeetings.app.ldap.LdapLoginManagement
>                     [NioProcessor-18] - User Created!
>                     DEBUG 01-29 19:52:49.305 LdapLoginManagement.java
>                     204374 504
>                     org.openmeetings.app.ldap.LdapLoginManagement
>                     [NioProcessor-18] - New User ID : -13
>                     DEBUG 01-29 19:52:49.307 Sessionmanagement.java
>                     204376 176
>                     org.openmeetings.app.data.basic.Sessionmanagement
>                     [NioProcessor-18] - updateUser User: -13 ||
>                     d1b0316797f91a46c08a392d071a790d
>                     DEBUG 01-29 19:52:49.311 Sessionmanagement.java
>                     204380 196
>                     org.openmeetings.app.data.basic.Sessionmanagement
>                     [NioProcessor-18] - Found session to update:
>                     d1b0316797f91a46c08a392d071a790d userId: -13
>                     DEBUG 01-29 19:52:49.315 Usermanagement.java
>                     204384 1505
>                     org.openmeetings.app.data.user.Usermanagement
>                     [NioProcessor-18] - Usermanagement.getUserById
>                     [INFO] [NioProcessor-18]
>                     org.red5.server.net.rtmp.codec.RTMPProtocolDecoder
>                     - Action errorservice.getErrorByCode
>                     DEBUG 01-29 19:52:49.627 ErrorService.java 204696
>                     60 org.openmeetings.app.remote.ErrorService
>                     [NioProcessor-18] - errorid, language_id: -1|1
>                     DEBUG 01-29 19:52:49.632 ErrorService.java 204701
>                     64 org.openmeetings.app.remote.ErrorService
>                     [NioProcessor-18] - eValues.getFieldvalues_id() = 334
>                     DEBUG 01-29 19:52:49.636 ErrorService.java 204705
>                     66 org.openmeetings.app.remote.ErrorService
>                     [NioProcessor-18] - eValues.getErrorType() =
>                     org.openmeetings.app.persistence.beans.basic.ErrorType@32b1a562
>                     <mailto:org.openmeetings.app.persistence.beans.basic.ErrorType@32b1a562>
>
>                     As far as I can tell, OM is effectively able to
>                     authenticate the user and adds it to it's own
>                     database.
>                     However, when I check the DB, there's no new user,
>                     just the local admin.
>
>                     This OM 2.0 and this is the config file:
>
>                     ldap_server_type=OpenLDAP
>                     ldap_conn_url=ldap://cluster2fs.dafra.be:389
>                     ldap_admin_dn=CN:admin,O:be
>                     ldap_passwd=nononono_you_can_not_have_this
>                     ldap_search_base=OU:tu,O:be
>                     field_user_principal=uid
>                     ldap_auth_type=SIMPLE
>                     ldap_use_lower_case=true
>                     #ldap_user_timezone=timezone
>                     ldap_sync_password_to_om=no
>                     ldap_user_attr_lastname=sn
>                     ldap_user_attr_firstname=givenName
>                     ldap_user_attr_mail=mail
>                     ldap_user_attr_street=street
>                     ldap_user_attr_additionalname=description
>                     ldap_user_attr_fax=facsimileTelephoneNumber
>                     ldap_user_attr_zip=postalCode
>                     ldap_user_attr_country=co
>                     ldap_user_attr_town=city
>                     ldap_user_attr_phone=telephoneNumber
>                     ldap_user_attr_language=Language
>
>                     I used this documentation (which is rather brief):
>                     http://incubator.apache.org/openmeetings/LdapAndADS.html
>
>
>                     the config file I assembled both from the sample
>                     file and a mailing post.
>                     I'm able to trace LDAP calls on the eDir server
>                     and nothing funny happens there. The search is
>                     done for the user, without any attributes however,
>                     so eDir sends them all.
>
>                     Anyone a small hint?
>
>                     cheers,
>
>                     BC
>
>
>
>
>


Mime
View raw message