openmeetings-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bart Coninckx <bart.conin...@telenet.be>
Subject Re: LDAP authentication against eDirectory issue
Date Wed, 30 Jan 2013 13:23:58 GMT
This is the weird part for my OpenLDAP config:

Authentification to LDAP - Server start
DEBUG 01-30 14:21:15.187 LdapAuthBase.java 196980 151 
org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-18] - loginToLdapServer
DEBUG 01-30 14:21:15.192 Usermanagement.java 196985 1556 
org.openmeetings.app.data.user.Usermanagement [NioProcessor-18] - 
Usermanagement.getUserByLogin : BC
DEBUG 01-30 14:21:15.200 LdapLoginManagement.java 196993 442 
org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-18] - user 
doesnt exist local -> create new
DEBUG 01-30 14:21:15.201 LdapAuthBase.java 196994 174 
org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-18] - getData
DEBUG 01-30 14:21:15.203 LdapLoginManagement.java 196996 500 
org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-18] - 
Synching Ldap user to OM DB with password
DEBUG 01-30 14:21:15.203 LdapLoginManagement.java 196996 592 
org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-18] - 
LdapLoginmanagement.createUserFromLdapData
DEBUG 01-30 14:21:15.279 LdapLoginManagement.java 197072 727 
org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-18] - User 
Created!
DEBUG 01-30 14:21:15.280 LdapLoginManagement.java 197073 504 
org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-18] - New 
User ID : -13
DEBUG 01-30 14:21:15.281 Sessionmanagement.java 197074 176 
org.openmeetings.app.data.basic.Sessionmanagement [NioProcessor-18] - 
updateUser User: -13 || 1b26bc12842ff7ed55532a7641866e48
DEBUG 01-30 14:21:15.283 Sessionmanagement.java 197076 196 
org.openmeetings.app.data.basic.Sessionmanagement [NioProcessor-18] - 
Found session to update: 1b26bc12842ff7ed55532a7641866e48 userId: -13

the user get's authenticated, is added to the OM database, but when I 
check in Mysql or in OM, it's not there. It's like the DEBUG output 
hides what happened to the write in the OM database when that fails.
I think this is one for the developers ....

BC


On 01/30/13 13:54, Yvan Arnaud wrote:
> Hi,
>
> it works with OpenLDAP too. Here are my settings in om_ldap.cfg file :
>
> ldap_server_type=OpenLDAP
> ldap_conn_url=ldap://myldapserver:389
> ldap_admin_dn=CN:myldapadminuser,DC:mysubdomain,DC:mydomain,DC:fr
> ldap_passwd=myldapadminuserpass
> ldap_search_base=OU:users,DC:mysubdomain,DC:mydomain,DC:fr
> field_user_principal=uid
> ldap_auth_type=SIMPLE
>
> Well, replace of course myldapserver with your own server fqdn.
> Replace also the my... with your own credentials and (sub)domain.
>
> Hope it helps.
> Regards
>
> Yvan Arnaud
>
> Le 30/01/2013 13:34, Bart Coninckx a écrit :
>> Would you mind posting your config file?
>>
>> cheers,
>>
>> BC
>>
>> On 01/30/13 13:01, Stephen Cottham wrote:
>>>
>>> Havant tested OpenLDAP or eDirectory but I can confirm it works fine 
>>> with Active Directory.
>>>
>>> *Stephen Cottham**
>>> *Group IT Manager (Associate)
>>>
>>> Robert Bird Group
>>> Level 5, 333 Ann St
>>> Brisbane, Queensland, 4000, Australia
>>>
>>> *Phone: +6173 319 2777 (AUS)*
>>>
>>> *Phone: +44207 633 2880 (UK)*
>>>
>>> *Fax: +6173 319 2799*
>>>
>>> **
>>>
>>> *Mobile:  +61400 756 963 (AUS)*
>>>
>>> *Mobile: +447900 918 616 (UK)*
>>>
>>> *Web: **www.robertbird.com* <http://www.robertbird.com/>
>>>
>>> <http://www.robertbird.com.au/><http://www.robertbird.com.au/>
>>>
>>> This email and any attachments are confidential and may contain 
>>> legally privileged information or copyright material. Unless 
>>> expressly stated, confidentiality and/or legal privilege is not 
>>> intended to be waived by the sending of this email. The contents of 
>>> this email, including any attachments, are intended solely for the 
>>> use of the individual or entity to whom they are addressed. If you 
>>> are not an intended recipient, please contact us immediately by 
>>> return email and then delete both messages. You may not otherwise 
>>> read, forward, copy, use or disclose this email or any attachments. 
>>> Any views expressed in this email are those of the individual sender 
>>> except where the sender expressly, and with authority, states 
>>> otherwise. It is your responsibility to check any attachments for 
>>> viruses or defects before opening or sending them on. None of the 
>>> sender or its related entities accepts any liability for any 
>>> consequential damage resulting from this email containing computer 
>>> viruses.
>>>
>>>
>>> Disclaimer added by *CodeTwo Exchange Rules*
>>> www.codetwo.com <http://www.codetwo.com>
>>>
>>> *From:*Bart Coninckx [mailto:bart.coninckx@telenet.be]
>>> *Sent:* 30 January 2013 11:57
>>> *To:* user@openmeetings.apache.org
>>> *Subject:* Re: LDAP authentication against eDirectory issue
>>>
>>> OK - this thing is driving me crazy. After scavaging the mailing 
>>> lists for several hours and doing numerous attempts to get it 
>>> working, nothing seems to help.
>>> I suspect something is missing for OM to be able to create the LDAP 
>>> user in it's local database. While manually inserting a user, I get 
>>> the question to which user group the user will belong.
>>> This membership is not investigated while doing a LDAP search, so 
>>> the problem might be there.
>>>
>>> Does anyone have any clue on why the logfile reports the LDAP being 
>>> created successfully, while it not's not? The same problem exists 
>>> for OpenLDAP as for eDirectory, so I'm guessing it's not related to 
>>> the LDAP config.
>>>
>>> Cheers,
>>>
>>> BC
>>>
>>>
>>> On 01/29/13 22:55, Bart Coninckx wrote:
>>>
>>>     Weird - I tried with openldap and I get the same phenomenon.
>>>
>>>     :-s
>>>
>>>
>>>     thx,
>>>
>>>     BC
>>>
>>>     On 01/29/13 20:21, Bart Coninckx wrote:
>>>
>>>         two additions:
>>>
>>>         - I added "ldap_user_attr_language_id=Language" to no avail
>>>         - eDir wants to have the user login name ALWAYS in capitals,
>>>         nomatter how ldap_use_lower_case is defined.
>>>
>>>
>>>         BC
>>>
>>>
>>>
>>>         On 01/29/13 19:59, Bart Coninckx wrote:
>>>
>>>             Hi again,
>>>
>>>             The next step for me was enabling LDAP auth.
>>>             This produces errors however:
>>>
>>>             DEBUG 01-29 19:52:49.161 LdapLoginManagement.java 204230
>>>             242 org.openmeetings.app.ldap.LdapLoginManagement
>>>             [NioProcessor-18] - LdapLoginmanagement.doLdapLogin
>>>             DEBUG 01-29 19:52:49.161 LdapLoginManagement.java 204230
>>>             198 org.openmeetings.app.ldap.LdapLoginManagement
>>>             [NioProcessor-18] - LdapLoginmanagement.getLdapConfigData
>>>             DEBUG 01-29 19:52:49.161 LdapLoginManagement.java 204230
>>>             217 org.openmeetings.app.ldap.LdapLoginManagement
>>>             [NioProcessor-18] - LdapLoginmanagement.readConfig :
>>>             /data/openmeetings/webapps/openmeetings/conf/edir.ldap.cfg
>>>             DEBUG 01-29 19:52:49.162 LdapLoginManagement.java 204231
>>>             138 org.openmeetings.app.ldap.LdapLoginManagement
>>>             [NioProcessor-18] - isValidAuthType
>>>             DEBUG 01-29 19:52:49.162 LdapLoginManagement.java 204231
>>>             382 org.openmeetings.app.ldap.LdapLoginManagement
>>>             [NioProcessor-18] - Searching userdata with LDAP Search
>>>             Filter :(uid=BC)
>>>             DEBUG 01-29 19:52:49.163 LdapAuthBase.java 204232 84
>>>             org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-18]
>>>             - LdapAuthBase
>>>             DEBUG 01-29 19:52:49.163 LdapLoginManagement.java 204232
>>>             393 org.openmeetings.app.ldap.LdapLoginManagement
>>>             [NioProcessor-18] - authenticating admin...
>>>             DEBUG 01-29 19:52:49.163 LdapAuthBase.java 204232 101
>>>             org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-18]
>>>             - authenticateUser
>>>             DEBUG 01-29 19:52:49.163 LdapAuthBase.java 204232 117
>>>             org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-18] -
>>>
>>>             Authentification to LDAP - Server start
>>>             DEBUG 01-29 19:52:49.164 LdapAuthBase.java 204233 151
>>>             org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-18]
>>>             - loginToLdapServer
>>>             DEBUG 01-29 19:52:49.167 LdapLoginManagement.java 204236
>>>             396 org.openmeetings.app.ldap.LdapLoginManagement
>>>             [NioProcessor-18] - Checking server type...
>>>             DEBUG 01-29 19:52:49.168 LdapLoginManagement.java 204237
>>>             400 org.openmeetings.app.ldap.LdapLoginManagement
>>>             [NioProcessor-18] - LDAP server is OpenLDAP
>>>             DEBUG 01-29 19:52:49.168 LdapLoginManagement.java 204237
>>>             401 org.openmeetings.app.ldap.LdapLoginManagement
>>>             [NioProcessor-18] - LDAP search base: OU=tu,O=be
>>>             DEBUG 01-29 19:52:49.173 LdapLoginManagement.java 204242
>>>             407 org.openmeetings.app.ldap.LdapLoginManagement
>>>             [NioProcessor-18] - Authentication with DN:
>>>             cn=BC,ou=ICT,OU=tu,O=be
>>>             DEBUG 01-29 19:52:49.174 LdapAuthBase.java 204243 101
>>>             org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-18]
>>>             - authenticateUser
>>>             DEBUG 01-29 19:52:49.174 LdapAuthBase.java 204243 117
>>>             org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-18] -
>>>
>>>             Authentification to LDAP - Server start
>>>             DEBUG 01-29 19:52:49.174 LdapAuthBase.java 204243 151
>>>             org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-18]
>>>             - loginToLdapServer
>>>             DEBUG 01-29 19:52:49.177 Usermanagement.java 204246 1556
>>>             org.openmeetings.app.data.user.Usermanagement
>>>             [NioProcessor-18] - Usermanagement.getUserByLogin : BC
>>>             DEBUG 01-29 19:52:49.202 LdapLoginManagement.java 204271
>>>             442 org.openmeetings.app.ldap.LdapLoginManagement
>>>             [NioProcessor-18] - user doesnt exist local -> create new
>>>             DEBUG 01-29 19:52:49.203 LdapAuthBase.java 204272 174
>>>             org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-18]
>>>             - getData
>>>             DEBUG 01-29 19:52:49.208 LdapLoginManagement.java 204277
>>>             495 org.openmeetings.app.ldap.LdapLoginManagement
>>>             [NioProcessor-18] - Synching Ldap user to OM DB with
>>>             RANDOM password: brghzu36ohpp
>>>             DEBUG 01-29 19:52:49.209 LdapLoginManagement.java 204278
>>>             592 org.openmeetings.app.ldap.LdapLoginManagement
>>>             [NioProcessor-18] -
>>>             LdapLoginmanagement.createUserFromLdapData
>>>             DEBUG 01-29 19:52:49.305 LdapLoginManagement.java 204374
>>>             727 org.openmeetings.app.ldap.LdapLoginManagement
>>>             [NioProcessor-18] - User Created!
>>>             DEBUG 01-29 19:52:49.305 LdapLoginManagement.java 204374
>>>             504 org.openmeetings.app.ldap.LdapLoginManagement
>>>             [NioProcessor-18] - New User ID : -13
>>>             DEBUG 01-29 19:52:49.307 Sessionmanagement.java 204376
>>>             176 org.openmeetings.app.data.basic.Sessionmanagement
>>>             [NioProcessor-18] - updateUser User: -13 ||
>>>             d1b0316797f91a46c08a392d071a790d
>>>             DEBUG 01-29 19:52:49.311 Sessionmanagement.java 204380
>>>             196 org.openmeetings.app.data.basic.Sessionmanagement
>>>             [NioProcessor-18] - Found session to update:
>>>             d1b0316797f91a46c08a392d071a790d userId: -13
>>>             DEBUG 01-29 19:52:49.315 Usermanagement.java 204384 1505
>>>             org.openmeetings.app.data.user.Usermanagement
>>>             [NioProcessor-18] - Usermanagement.getUserById
>>>             [INFO] [NioProcessor-18]
>>>             org.red5.server.net.rtmp.codec.RTMPProtocolDecoder -
>>>             Action errorservice.getErrorByCode
>>>             DEBUG 01-29 19:52:49.627 ErrorService.java 204696 60
>>>             org.openmeetings.app.remote.ErrorService
>>>             [NioProcessor-18] - errorid, language_id: -1|1
>>>             DEBUG 01-29 19:52:49.632 ErrorService.java 204701 64
>>>             org.openmeetings.app.remote.ErrorService
>>>             [NioProcessor-18] - eValues.getFieldvalues_id() = 334
>>>             DEBUG 01-29 19:52:49.636 ErrorService.java 204705 66
>>>             org.openmeetings.app.remote.ErrorService
>>>             [NioProcessor-18] - eValues.getErrorType() =
>>>             org.openmeetings.app.persistence.beans.basic.ErrorType@32b1a562
>>>             <mailto:org.openmeetings.app.persistence.beans.basic.ErrorType@32b1a562>
>>>
>>>             As far as I can tell, OM is effectively able to
>>>             authenticate the user and adds it to it's own database.
>>>             However, when I check the DB, there's no new user, just
>>>             the local admin.
>>>
>>>             This OM 2.0 and this is the config file:
>>>
>>>             ldap_server_type=OpenLDAP
>>>             ldap_conn_url=ldap://cluster2fs.dafra.be:389
>>>             ldap_admin_dn=CN:admin,O:be
>>>             ldap_passwd=nononono_you_can_not_have_this
>>>             ldap_search_base=OU:tu,O:be
>>>             field_user_principal=uid
>>>             ldap_auth_type=SIMPLE
>>>             ldap_use_lower_case=true
>>>             #ldap_user_timezone=timezone
>>>             ldap_sync_password_to_om=no
>>>             ldap_user_attr_lastname=sn
>>>             ldap_user_attr_firstname=givenName
>>>             ldap_user_attr_mail=mail
>>>             ldap_user_attr_street=street
>>>             ldap_user_attr_additionalname=description
>>>             ldap_user_attr_fax=facsimileTelephoneNumber
>>>             ldap_user_attr_zip=postalCode
>>>             ldap_user_attr_country=co
>>>             ldap_user_attr_town=city
>>>             ldap_user_attr_phone=telephoneNumber
>>>             ldap_user_attr_language=Language
>>>
>>>             I used this documentation (which is rather brief):
>>>             http://incubator.apache.org/openmeetings/LdapAndADS.html
>>>
>>>
>>>             the config file I assembled both from the sample file
>>>             and a mailing post.
>>>             I'm able to trace LDAP calls on the eDir server and
>>>             nothing funny happens there. The search is done for the
>>>             user, without any attributes however, so eDir sends them
>>>             all.
>>>
>>>             Anyone a small hint?
>>>
>>>             cheers,
>>>
>>>             BC
>>>
>>>
>>>
>>>
>>
>
>


Mime
View raw message