Return-Path: X-Original-To: apmail-openmeetings-user-archive@www.apache.org Delivered-To: apmail-openmeetings-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 5B78BEEE6 for ; Wed, 30 Jan 2013 13:15:41 +0000 (UTC) Received: (qmail 29156 invoked by uid 500); 30 Jan 2013 13:15:41 -0000 Delivered-To: apmail-openmeetings-user-archive@openmeetings.apache.org Received: (qmail 29129 invoked by uid 500); 30 Jan 2013 13:15:41 -0000 Mailing-List: contact user-help@openmeetings.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@openmeetings.apache.org Delivered-To: mailing list user@openmeetings.apache.org Received: (qmail 29119 invoked by uid 99); 30 Jan 2013 13:15:40 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 30 Jan 2013 13:15:40 +0000 X-ASF-Spam-Status: No, hits=2.2 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [195.130.132.50] (HELO jacques.telenet-ops.be) (195.130.132.50) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 30 Jan 2013 13:15:35 +0000 Received: from [192.168.1.20] ([213.224.25.30]) by jacques.telenet-ops.be with bizsmtp id uDFC1k00e0ey1Dx0JDFCk2; Wed, 30 Jan 2013 14:15:13 +0100 Message-ID: <51091CE0.8000902@telenet.be> Date: Wed, 30 Jan 2013 14:15:12 +0100 From: Bart Coninckx User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130105 Thunderbird/17.0.2 MIME-Version: 1.0 To: user@openmeetings.apache.org CC: Stephen Cottham Subject: Re: LDAP authentication against eDirectory issue References: <51081C06.2010400@telenet.be> <51082136.8090706@telenet.be> <5108454A.9020706@telenet.be> <51090A8D.1010309@telenet.be> <51091345.1040003@telenet.be> <51091B09.1090508@telenet.be> In-Reply-To: Content-Type: multipart/alternative; boundary="------------030202010109070302020309" X-Virus-Checked: Checked by ClamAV on apache.org This is a multi-part message in MIME format. --------------030202010109070302020309 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Yes, it is running in DEBUG mode. AD is functional now, so that is OK, thanks to your config file. Yvan was so kind as to post his config as well. Mine is very simlilar, yet does not work. I'll try some more. Cheers all, BC On 01/30/13 14:11, Stephen Cottham wrote: > > Not sure why you are having issues, did you see the response from Yvan > Arnaud? Hes using OpenLAD > > And you confirmed the time is correct? > > Are you running OM in debug mode? This will give you more information > as to what's happening when the authentication occurs. > > *From:*Bart Coninckx [mailto:bart.coninckx@telenet.be] > *Sent:* 30 January 2013 13:07 > *To:* user@openmeetings.apache.org > *Subject:* Re: LDAP authentication against eDirectory issue > > Hi Stephen, > > that's what I'm doing. I have now three different configs: OpenLDAP, > Edirectory and AD (I have all at hand fortunately) and none of them > work so far. > > For AD I have a different problem than for the other two > (administrator can't log on) so I'm investigating that one further > now. Would be a regular shame though if I would be forced to use AD, > one of my least favorite directories. > > BC > > > > On 01/30/13 14:03, Stephen Cottham wrote: > > If you're still having issues after that then grab the Apache > Directory studio here: > > http://directory.apache.org/studio/ > > Connect to your LDAP server and confirm the Attribute details are > correct for your setup. > > Best Regards > > *From:*Stephen Cottham [mailto:Stephen.Cottham@robertbird.com.au] > *Sent:* 30 January 2013 12:56 > *To:* user@openmeetings.apache.org > > *Subject:* RE: LDAP authentication against eDirectory issue > > This works for me Against 2003 AD > > ldap_server_type=AD > > ldap_conn_url=ldap://(serverIP):389 > > ldap_admin_dn=CN:Administrator,OU:Admin Accounts,DC:domain,DC:name > > ldap_passwd=adminpassword > > ldap_search_base= DC:domain,DC:name > > field_user_principal=userPrincipalName > > ldap_auth_type=SIMPLE > > ldap_sync_password_to_om=yes > > ldap_user_attr_lastname=sn > > ldap_user_attr_firstname=givenName > > ldap_user_attr_mail=mail > > ldap_user_attr_street=streetAddress > > ldap_user_attr_additionalname=description > > ldap_user_attr_fax=facsimileTelephoneNumber > > ldap_user_attr_zip=postalCode > > ldap_user_attr_country=co > > ldap_user_attr_town=l > > ldap_user_attr_phone=telephoneNumber > > ldap_use_lower_case=true > > Make sure the time is correct on the OM machine as AD doesn't like > too much clock skew. > > Cheers > > *From:*Bart Coninckx [mailto:bart.coninckx@telenet.be] > *Sent:* 30 January 2013 12:34 > *To:* user@openmeetings.apache.org > > *Subject:* Re: LDAP authentication against eDirectory issue > > Would you mind posting your config file? > > cheers, > > BC > > On 01/30/13 13:01, Stephen Cottham wrote: > > Havant tested OpenLDAP or eDirectory but I can confirm it > works fine with Active Directory. > > *Stephen Cottham** > *Group IT Manager (Associate) > > Robert Bird Group > Level 5, 333 Ann St > Brisbane, Queensland, 4000, Australia > > *Phone: +6173 319 2777 (AUS)* > > *Phone: +44207 633 2880 (UK)* > > *Fax: +6173 319 2799* > > *Mobile: +61400 756 963 (AUS)* > > *Mobile: +447900 918 616 (UK)* > > *Web: **www.robertbird.com* > > > > This email and any attachments are confidential and may > contain legally privileged information or copyright material. > Unless expressly stated, confidentiality and/or legal > privilege is not intended to be waived by the sending of this > email. The contents of this email, including any attachments, > are intended solely for the use of the individual or entity to > whom they are addressed. If you are not an intended recipient, > please contact us immediately by return email and then delete > both messages. You may not otherwise read, forward, copy, use > or disclose this email or any attachments. Any views expressed > in this email are those of the individual sender except where > the sender expressly, and with authority, states otherwise. It > is your responsibility to check any attachments for viruses or > defects before opening or sending them on. None of the sender > or its related entities accepts any liability for any > consequential damage resulting from this email containing > computer viruses. > > > Disclaimer added by *CodeTwo Exchange Rules* > www.codetwo.com > > *From:*Bart Coninckx [mailto:bart.coninckx@telenet.be] > *Sent:* 30 January 2013 11:57 > *To:* user@openmeetings.apache.org > > *Subject:* Re: LDAP authentication against eDirectory issue > > OK - this thing is driving me crazy. After scavaging the > mailing lists for several hours and doing numerous attempts to > get it working, nothing seems to help. > I suspect something is missing for OM to be able to create the > LDAP user in it's local database. While manually inserting a > user, I get the question to which user group the user will > belong. > This membership is not investigated while doing a LDAP search, > so the problem might be there. > > Does anyone have any clue on why the logfile reports the LDAP > being created successfully, while it not's not? The same > problem exists for OpenLDAP as for eDirectory, so I'm guessing > it's not related to the LDAP config. > > Cheers, > > BC > > > On 01/29/13 22:55, Bart Coninckx wrote: > > Weird - I tried with openldap and I get the same phenomenon. > > :-s > > > thx, > > BC > > On 01/29/13 20:21, Bart Coninckx wrote: > > two additions: > > - I added "ldap_user_attr_language_id=Language" to no > avail > - eDir wants to have the user login name ALWAYS in > capitals, nomatter how ldap_use_lower_case is defined. > > > BC > > > > On 01/29/13 19:59, Bart Coninckx wrote: > > Hi again, > > The next step for me was enabling LDAP auth. > This produces errors however: > > DEBUG 01-29 19:52:49.161 LdapLoginManagement.java > 204230 242 > org.openmeetings.app.ldap.LdapLoginManagement > [NioProcessor-18] - LdapLoginmanagement.doLdapLogin > DEBUG 01-29 19:52:49.161 LdapLoginManagement.java > 204230 198 > org.openmeetings.app.ldap.LdapLoginManagement > [NioProcessor-18] - > LdapLoginmanagement.getLdapConfigData > DEBUG 01-29 19:52:49.161 LdapLoginManagement.java > 204230 217 > org.openmeetings.app.ldap.LdapLoginManagement > [NioProcessor-18] - LdapLoginmanagement.readConfig > : > /data/openmeetings/webapps/openmeetings/conf/edir.ldap.cfg > DEBUG 01-29 19:52:49.162 LdapLoginManagement.java > 204231 138 > org.openmeetings.app.ldap.LdapLoginManagement > [NioProcessor-18] - isValidAuthType > DEBUG 01-29 19:52:49.162 LdapLoginManagement.java > 204231 382 > org.openmeetings.app.ldap.LdapLoginManagement > [NioProcessor-18] - Searching userdata with LDAP > Search Filter :(uid=BC) > DEBUG 01-29 19:52:49.163 LdapAuthBase.java 204232 > 84 org.openmeetings.app.ldap.LdapAuthBase > [NioProcessor-18] - LdapAuthBase > DEBUG 01-29 19:52:49.163 LdapLoginManagement.java > 204232 393 > org.openmeetings.app.ldap.LdapLoginManagement > [NioProcessor-18] - authenticating admin... > DEBUG 01-29 19:52:49.163 LdapAuthBase.java 204232 > 101 org.openmeetings.app.ldap.LdapAuthBase > [NioProcessor-18] - authenticateUser > DEBUG 01-29 19:52:49.163 LdapAuthBase.java 204232 > 117 org.openmeetings.app.ldap.LdapAuthBase > [NioProcessor-18] - > > Authentification to LDAP - Server start > DEBUG 01-29 19:52:49.164 LdapAuthBase.java 204233 > 151 org.openmeetings.app.ldap.LdapAuthBase > [NioProcessor-18] - loginToLdapServer > DEBUG 01-29 19:52:49.167 LdapLoginManagement.java > 204236 396 > org.openmeetings.app.ldap.LdapLoginManagement > [NioProcessor-18] - Checking server type... > DEBUG 01-29 19:52:49.168 LdapLoginManagement.java > 204237 400 > org.openmeetings.app.ldap.LdapLoginManagement > [NioProcessor-18] - LDAP server is OpenLDAP > DEBUG 01-29 19:52:49.168 LdapLoginManagement.java > 204237 401 > org.openmeetings.app.ldap.LdapLoginManagement > [NioProcessor-18] - LDAP search base: OU=tu,O=be > DEBUG 01-29 19:52:49.173 LdapLoginManagement.java > 204242 407 > org.openmeetings.app.ldap.LdapLoginManagement > [NioProcessor-18] - Authentication with DN: > cn=BC,ou=ICT,OU=tu,O=be > DEBUG 01-29 19:52:49.174 LdapAuthBase.java 204243 > 101 org.openmeetings.app.ldap.LdapAuthBase > [NioProcessor-18] - authenticateUser > DEBUG 01-29 19:52:49.174 LdapAuthBase.java 204243 > 117 org.openmeetings.app.ldap.LdapAuthBase > [NioProcessor-18] - > > Authentification to LDAP - Server start > DEBUG 01-29 19:52:49.174 LdapAuthBase.java 204243 > 151 org.openmeetings.app.ldap.LdapAuthBase > [NioProcessor-18] - loginToLdapServer > DEBUG 01-29 19:52:49.177 Usermanagement.java > 204246 1556 > org.openmeetings.app.data.user.Usermanagement > [NioProcessor-18] - Usermanagement.getUserByLogin : BC > DEBUG 01-29 19:52:49.202 LdapLoginManagement.java > 204271 442 > org.openmeetings.app.ldap.LdapLoginManagement > [NioProcessor-18] - user doesnt exist local -> > create new > DEBUG 01-29 19:52:49.203 LdapAuthBase.java 204272 > 174 org.openmeetings.app.ldap.LdapAuthBase > [NioProcessor-18] - getData > DEBUG 01-29 19:52:49.208 LdapLoginManagement.java > 204277 495 > org.openmeetings.app.ldap.LdapLoginManagement > [NioProcessor-18] - Synching Ldap user to OM DB > with RANDOM password: brghzu36ohpp > DEBUG 01-29 19:52:49.209 LdapLoginManagement.java > 204278 592 > org.openmeetings.app.ldap.LdapLoginManagement > [NioProcessor-18] - > LdapLoginmanagement.createUserFromLdapData > DEBUG 01-29 19:52:49.305 LdapLoginManagement.java > 204374 727 > org.openmeetings.app.ldap.LdapLoginManagement > [NioProcessor-18] - User Created! > DEBUG 01-29 19:52:49.305 LdapLoginManagement.java > 204374 504 > org.openmeetings.app.ldap.LdapLoginManagement > [NioProcessor-18] - New User ID : -13 > DEBUG 01-29 19:52:49.307 Sessionmanagement.java > 204376 176 > org.openmeetings.app.data.basic.Sessionmanagement > [NioProcessor-18] - updateUser User: -13 || > d1b0316797f91a46c08a392d071a790d > DEBUG 01-29 19:52:49.311 Sessionmanagement.java > 204380 196 > org.openmeetings.app.data.basic.Sessionmanagement > [NioProcessor-18] - Found session to update: > d1b0316797f91a46c08a392d071a790d userId: -13 > DEBUG 01-29 19:52:49.315 Usermanagement.java > 204384 1505 > org.openmeetings.app.data.user.Usermanagement > [NioProcessor-18] - Usermanagement.getUserById > [INFO] [NioProcessor-18] > org.red5.server.net.rtmp.codec.RTMPProtocolDecoder > - Action errorservice.getErrorByCode > DEBUG 01-29 19:52:49.627 ErrorService.java 204696 > 60 org.openmeetings.app.remote.ErrorService > [NioProcessor-18] - errorid, language_id: -1|1 > DEBUG 01-29 19:52:49.632 ErrorService.java 204701 > 64 org.openmeetings.app.remote.ErrorService > [NioProcessor-18] - eValues.getFieldvalues_id() = 334 > DEBUG 01-29 19:52:49.636 ErrorService.java 204705 > 66 org.openmeetings.app.remote.ErrorService > [NioProcessor-18] - eValues.getErrorType() = > org.openmeetings.app.persistence.beans.basic.ErrorType@32b1a562 > > > As far as I can tell, OM is effectively able to > authenticate the user and adds it to it's own > database. > However, when I check the DB, there's no new user, > just the local admin. > > This OM 2.0 and this is the config file: > > ldap_server_type=OpenLDAP > ldap_conn_url=ldap://cluster2fs.dafra.be:389 > ldap_admin_dn=CN:admin,O:be > ldap_passwd=nononono_you_can_not_have_this > ldap_search_base=OU:tu,O:be > field_user_principal=uid > ldap_auth_type=SIMPLE > ldap_use_lower_case=true > #ldap_user_timezone=timezone > ldap_sync_password_to_om=no > ldap_user_attr_lastname=sn > ldap_user_attr_firstname=givenName > ldap_user_attr_mail=mail > ldap_user_attr_street=street > ldap_user_attr_additionalname=description > ldap_user_attr_fax=facsimileTelephoneNumber > ldap_user_attr_zip=postalCode > ldap_user_attr_country=co > ldap_user_attr_town=city > ldap_user_attr_phone=telephoneNumber > ldap_user_attr_language=Language > > I used this documentation (which is rather brief): > http://incubator.apache.org/openmeetings/LdapAndADS.html > > > the config file I assembled both from the sample > file and a mailing post. > I'm able to trace LDAP calls on the eDir server > and nothing funny happens there. The search is > done for the user, without any attributes however, > so eDir sends them all. > > Anyone a small hint? > > cheers, > > BC > > > > > --------------030202010109070302020309 Content-Type: multipart/related; boundary="------------080706020608040909000604" --------------080706020608040909000604 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit
Yes, it is running in DEBUG mode.
AD is functional now, so that is OK, thanks to your config file.

Yvan was so kind as to post his config as well. Mine is very simlilar, yet does not work.
I'll try some more.

Cheers all,

BC


On 01/30/13 14:11, Stephen Cottham wrote:

Not sure why you are having issues, did you see the response from Yvan Arnaud? Hes using OpenLAD

 

And you confirmed the time is correct?

 

Are you running OM in debug mode? This will give you more information as to what’s happening when the authentication occurs.

 

 

 

 

From: Bart Coninckx [mailto:bart.coninckx@telenet.be]
Sent: 30 January 2013 13:07
To: user@openmeetings.apache.org
Subject: Re: LDAP authentication against eDirectory issue

 

Hi Stephen,

that's what I'm doing. I have now three different configs: OpenLDAP, Edirectory and AD (I have all at hand fortunately) and none of them work so far.

For AD I have a different problem than for the other two (administrator can't log on) so I'm investigating that one further now. Would be a regular shame though if I would be forced to use AD, one of my least favorite directories.

BC



On 01/30/13 14:03, Stephen Cottham wrote:

If you’re still having issues after that then grab the Apache Directory studio here:

 

http://directory.apache.org/studio/

 

Connect to your LDAP server and confirm the Attribute details are correct for your setup.

 

Best Regards

 

 

From: Stephen Cottham [mailto:Stephen.Cottham@robertbird.com.au]
Sent: 30 January 2013 12:56
To: user@openmeetings.apache.org
Subject: RE: LDAP authentication against eDirectory issue

 

This works for me Against 2003 AD

 

ldap_server_type=AD

ldap_conn_url=ldap://(serverIP):389

ldap_admin_dn=CN:Administrator,OU:Admin Accounts,DC:domain,DC:name

ldap_passwd=adminpassword

ldap_search_base= DC:domain,DC:name

field_user_principal=userPrincipalName

ldap_auth_type=SIMPLE

ldap_sync_password_to_om=yes

ldap_user_attr_lastname=sn

ldap_user_attr_firstname=givenName

ldap_user_attr_mail=mail

ldap_user_attr_street=streetAddress

ldap_user_attr_additionalname=description

ldap_user_attr_fax=facsimileTelephoneNumber

ldap_user_attr_zip=postalCode

ldap_user_attr_country=co

ldap_user_attr_town=l

ldap_user_attr_phone=telephoneNumber

ldap_use_lower_case=true

 

Make sure the time is correct on the OM machine as AD doesn’t like too much clock skew.

 

Cheers

 

 

 

From: Bart Coninckx [mailto:bart.coninckx@telenet.be]
Sent: 30 January 2013 12:34
To: user@openmeetings.apache.org
Subject: Re: LDAP authentication against eDirectory issue

 

Would you mind posting your config file?

cheers,

BC

On 01/30/13 13:01, Stephen Cottham wrote:

Havant tested OpenLDAP or eDirectory but I can confirm it works fine with Active Directory.

 

Stephen Cottham
Group IT Manager (Associate)

Robert Bird Group
Level 5, 333 Ann St
Brisbane, Queensland, 4000, Australia

Phone: +6173 319 2777 (AUS)

Phone: +44207 633 2880 (UK)

Fax: +6173 319 2799

 

Mobile:  +61400 756 963 (AUS)

Mobile:  +447900 918 616 (UK)

Web: www.robertbird.com



This email and any attachments are confidential and may contain legally privileged information or copyright material. Unless expressly stated, confidentiality and/or legal privilege is not intended to be waived by the sending of this email. The contents of this email, including any attachments, are intended solely for the use of the individual or entity to whom they are addressed. If you are not an intended recipient, please contact us immediately by return email and then delete both messages. You may not otherwise read, forward, copy, use or disclose this email or any attachments. Any views expressed in this email are those of the individual sender except where the sender expressly, and with authority, states otherwise. It is your responsibility to check any attachments for viruses or defects before opening or sending them on. None of the sender or its related entities accepts any liability for any consequential damage resulting from this email containing computer viruses.


Disclaimer added by CodeTwo Exchange Rules
www.codetwo.com

 

From: Bart Coninckx [mailto:bart.coninckx@telenet.be]
Sent: 30 January 2013 11:57
To: user@openmeetings.apache.org
Subject: Re: LDAP authentication against eDirectory issue

 

OK - this thing is driving me crazy. After scavaging the mailing lists for several hours and doing numerous attempts to get it working, nothing seems to help.
I suspect something is missing for OM to be able to create the LDAP user in it's local database. While manually inserting a user, I get the question to which user group the user will belong.
This membership is not investigated while doing a LDAP search, so the problem might be there.

Does anyone have any clue on why the logfile reports the LDAP being created successfully, while it not's not? The same problem exists for OpenLDAP as for eDirectory, so I'm guessing it's not related to the LDAP config.

Cheers,

BC


On 01/29/13 22:55, Bart Coninckx wrote:

Weird - I tried with openldap and I get the same phenomenon.

:-s


thx,

BC

On 01/29/13 20:21, Bart Coninckx wrote:

two additions:

- I added "ldap_user_attr_language_id=Language" to no avail
- eDir wants to have the user login name ALWAYS in capitals, nomatter how ldap_use_lower_case is defined.


BC



On 01/29/13 19:59, Bart Coninckx wrote:

Hi again,

The next step for me was enabling LDAP auth.
This produces errors however:

DEBUG 01-29 19:52:49.161 LdapLoginManagement.java 204230 242 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-18] - LdapLoginmanagement.doLdapLogin
DEBUG 01-29 19:52:49.161 LdapLoginManagement.java 204230 198 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-18] - LdapLoginmanagement.getLdapConfigData
DEBUG 01-29 19:52:49.161 LdapLoginManagement.java 204230 217 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-18] - LdapLoginmanagement.readConfig : /data/openmeetings/webapps/openmeetings/conf/edir.ldap.cfg
DEBUG 01-29 19:52:49.162 LdapLoginManagement.java 204231 138 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-18] - isValidAuthType
DEBUG 01-29 19:52:49.162 LdapLoginManagement.java 204231 382 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-18] - Searching userdata with LDAP Search Filter :(uid=BC)
DEBUG 01-29 19:52:49.163 LdapAuthBase.java 204232 84 org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-18] - LdapAuthBase
DEBUG 01-29 19:52:49.163 LdapLoginManagement.java 204232 393 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-18] - authenticating admin...
DEBUG 01-29 19:52:49.163 LdapAuthBase.java 204232 101 org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-18] - authenticateUser
DEBUG 01-29 19:52:49.163 LdapAuthBase.java 204232 117 org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-18] -

Authentification to LDAP - Server start
DEBUG 01-29 19:52:49.164 LdapAuthBase.java 204233 151 org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-18] - loginToLdapServer
DEBUG 01-29 19:52:49.167 LdapLoginManagement.java 204236 396 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-18] - Checking server type...
DEBUG 01-29 19:52:49.168 LdapLoginManagement.java 204237 400 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-18] - LDAP server is OpenLDAP
DEBUG 01-29 19:52:49.168 LdapLoginManagement.java 204237 401 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-18] - LDAP search base: OU=tu,O=be
DEBUG 01-29 19:52:49.173 LdapLoginManagement.java 204242 407 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-18] - Authentication with DN: cn=BC,ou=ICT,OU=tu,O=be
DEBUG 01-29 19:52:49.174 LdapAuthBase.java 204243 101 org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-18] - authenticateUser
DEBUG 01-29 19:52:49.174 LdapAuthBase.java 204243 117 org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-18] -

Authentification to LDAP - Server start
DEBUG 01-29 19:52:49.174 LdapAuthBase.java 204243 151 org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-18] - loginToLdapServer
DEBUG 01-29 19:52:49.177 Usermanagement.java 204246 1556 org.openmeetings.app.data.user.Usermanagement [NioProcessor-18] - Usermanagement.getUserByLogin : BC
DEBUG 01-29 19:52:49.202 LdapLoginManagement.java 204271 442 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-18] - user doesnt exist local -> create new
DEBUG 01-29 19:52:49.203 LdapAuthBase.java 204272 174 org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-18] - getData
DEBUG 01-29 19:52:49.208 LdapLoginManagement.java 204277 495 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-18] - Synching Ldap user to OM DB with RANDOM password: brghzu36ohpp
DEBUG 01-29 19:52:49.209 LdapLoginManagement.java 204278 592 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-18] - LdapLoginmanagement.createUserFromLdapData
DEBUG 01-29 19:52:49.305 LdapLoginManagement.java 204374 727 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-18] - User Created!
DEBUG 01-29 19:52:49.305 LdapLoginManagement.java 204374 504 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-18] - New User ID : -13
DEBUG 01-29 19:52:49.307 Sessionmanagement.java 204376 176 org.openmeetings.app.data.basic.Sessionmanagement [NioProcessor-18] - updateUser User: -13 || d1b0316797f91a46c08a392d071a790d
DEBUG 01-29 19:52:49.311 Sessionmanagement.java 204380 196 org.openmeetings.app.data.basic.Sessionmanagement [NioProcessor-18] - Found session to update: d1b0316797f91a46c08a392d071a790d userId: -13
DEBUG 01-29 19:52:49.315 Usermanagement.java 204384 1505 org.openmeetings.app.data.user.Usermanagement [NioProcessor-18] - Usermanagement.getUserById
[INFO] [NioProcessor-18] org.red5.server.net.rtmp.codec.RTMPProtocolDecoder - Action errorservice.getErrorByCode
DEBUG 01-29 19:52:49.627 ErrorService.java 204696 60 org.openmeetings.app.remote.ErrorService [NioProcessor-18] - errorid, language_id: -1|1
DEBUG 01-29 19:52:49.632 ErrorService.java 204701 64 org.openmeetings.app.remote.ErrorService [NioProcessor-18] - eValues.getFieldvalues_id() = 334
DEBUG 01-29 19:52:49.636 ErrorService.java 204705 66 org.openmeetings.app.remote.ErrorService [NioProcessor-18] - eValues.getErrorType() = org.openmeetings.app.persistence.beans.basic.ErrorType@32b1a562

As far as I can tell, OM is effectively able to authenticate the user and adds it to it's own database.
However, when I check the DB, there's no new user, just the local admin.

This OM 2.0 and this is the config file:

ldap_server_type=OpenLDAP
ldap_conn_url=ldap://cluster2fs.dafra.be:389
ldap_admin_dn=CN:admin,O:be
ldap_passwd=nononono_you_can_not_have_this
ldap_search_base=OU:tu,O:be
field_user_principal=uid
ldap_auth_type=SIMPLE
ldap_use_lower_case=true
#ldap_user_timezone=timezone
ldap_sync_password_to_om=no
ldap_user_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=street
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=co
ldap_user_attr_town=city
ldap_user_attr_phone=telephoneNumber
ldap_user_attr_language=Language

I used this documentation (which is rather brief):
http://incubator.apache.org/openmeetings/LdapAndADS.html


the config file I assembled both from the sample file and a mailing post.
I'm able to trace LDAP calls on the eDir server and nothing funny happens there. The search is done for the user, without any attributes however, so eDir sends them all.

Anyone a small hint?

cheers,

BC





 

 

 

 

 


--------------080706020608040909000604 Content-Type: image/gif Content-Transfer-Encoding: base64 Content-ID: R0lGODlhXQA9APcaACxWp6q22HaPxJWm0P///83S5sEMPIecylR1trG72gA1lrjA3EdrsmqG vzdfq72Or7/M5RNDnsNgheXq9B5Mogo9mr2ox9nh8KCv1AU5mLzD3kBmr+zw9/T2+k5wtF99 uwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAEAABoALAAAAABdAD0AAAj/ADUIHEiwoMGD CBMqXMiwocOHECNKnEixosWLGDNq3Mixo8ePIEOKRAjBQ4GRKCUWcKDAw4WUMBleAKCgpocJ MXMavMCyZk0GL3XqLEDTp0+XQmNeQOAAwQYKFYwywJl05MoKAD4cKHABA4KoLYNW/cjTqAIK AiYQKNAgg4KpYz0SNeuTwgICa2kijauxLF2fFQrgncASLt+LK/+abYCXwAUKLakenuhXsU8H HRofsCl28sPKlmtiblwA7E3Pn4uG9imgsWPInFHL7FkXNt0PmUlHMIpAsuydLCt4GADhwgQO CxogYFAhAoABuRtjoIug82+Bfil4EDBAsGsOBQpE/2/MQbXR09ex0zaaAbfr940vbLCM/vfM 0Ajgc+jA4UKABmDRZ91hHDSwmgIHvCcABQDYdiAG1xUwX2gReIfXdAf6lEEDA04m4Wr5kWfe ag10kB52E1qGgWsDZJhBaycO9KFlFFzQWAfrKSaAiTHKmOJfIeK1gFuW7dhjQaDRNYBrm/31 Io9HEjTjXxXchVcHHtC1IZRREpSkURFYSQAHTdb0IgFdIpSYYmE2NoFtJaaZ0JeArYjXfXHK mdCaOuZWwAe+6XkQnT4xIJgEBjywn6B75mhWBBYYIKkEDxQQKKPqWQboBYhOmmh4mErpqAJG anDjlZmFKuWPCuSpqkNrbv/5akSJuTrrQwWUeuuuvPbq66/ABtvBBMSiedACEECU6rDEmkjA AgNwgFAHA0BnagcFJLBoRxhs4AEDGHA50AEHPMTBihoMEAEFFPSmwQEAXCpQBwAwYOIFH3jw AQILeDSAB+catgAGQR2AwQIBSKsBBwGgywEECyyQKwInbXYAgANoAK20BUB80gQHO7CBiQ2k xcFxGnQAQQInMUywQFylDAF/EGOgcEEY3HQAAtL+24AH/R7gQAMMCJByAyVnfIEHHmBQkgMQ bpYAvAFosOCwDLAbAE8ROFABAxqUhBOx0k7AAAMLcCDABz+/JEC5FzTQHwMf5Ashzt468NIF hnb/cIDRB3jQgXwXQLABBAVMJd9JGvyH5mZQ6W11BMM6EAEGIF8OwdcaJIBAygJ4APcGJy3A gLR/Ww33B+BtcEGBnxfEVgcfJKBBATxrzLPBGkwAdAIANFD3BEsrHMAHj2eAHABGC0A5YQ7g dAAFJwGwQdiCp3zAB727OwD3jXP/tgZxY4vbu2Dj3bjgZlcMuL0F3GS4xC8lrjAGyL+rQADq NmA1BcMCQPQ0gIEKEOctY2KAtb5HPnctYANqGZ8AjJYAwUnoJAgAH0G8kjIEJCtnDThcuobG gHJ1QAAImODgche2DRxgAgOoALsckKzpDWsDECQfA5wTAQTci24hXB1OXU6IgJ/hBAIOCB1u 5FM3D9iuIIPDi6UEgjDBkK8AAUibQDiQgADMTGXGQo62CgcBCOBkLTMjHwQU5h/EWZF8A1vA S1TGI+RsTSBrwUB41vKBBSTgAuIKlozOV5CAAAA7 --------------080706020608040909000604 Content-Type: image/png Content-Transfer-Encoding: base64 Content-ID: iVBORw0KGgoAAAANSUhEUgAAAYEAAAAtCAIAAADHkkBSAAAAAXNSR0IArs4c6QAAAAlwSFlz AAAOxAAADsQBlSsOGwAACYdJREFUeF7tnT9vGkkUwHfvK9gSKbFc2JGQ8gGsk0BOgeUmBSe5 hyJRUoJcOi4jKBM5BfSRYiluLFPEAuni7hrLlg4XFlsaBX8GbmZ2Z3f+7s4s4JCbhyhsdmbe e7/35vFm9g/+bDbz4AUEgAAQ+EUE/vhFckEsEAACQAATWFAOeuztfe4FgBQIAAEgYEnAX8Ba 7K7lf+kQuc3BUbtsqQE0BwJAwGUC8+ag4Gpv43ufIVjtvruor7mMFGwHAkDAgsBcOWh45leu FcKaB7P2loUS0BQIAAFnCcyxH/TYu38+mx0Nmiy8F4PZ0WzfGzoLFAwHAkDAisBcdZDnDVvH lXArKHmhNPQKNoWsvACNgYC7BOaqg/bkBIRIXld8OEfmbkSB5UDAjkDeOig5F6aTB+fI7DwB rYGAmwRy1UHZCQjB7FSOW7At5GZUgdVAwJxAjhwU9Kb7aOMZv991q7KoQnccHj3av78KzFWB lkAACDhIIO9azPOkK4NYenCVkIOxBCYDgTwE8uUg1ekwWTqcIMvjEegDBNwiYJ2DUssfmR0U RG7FE1gLBGwJWOUgs/IHCiJbJ0B7IOAwAYscFFz1gp16WYaVec/qXa+3XoebyBwOMzAdCGgJ WJwXKyoTkAnbLUhAJpigDRBwkYBFDnIRD9gMBIDAkgn4zfeeeMMXI5LcAR/0Pm80JgtRxPji afRQtK/eyet6cSFilz3IPNrO03fZdj3B+Bbm0+3I/8f5VgvDl+mGFVCDqYPILe/J+wDfD9/5 4vvHi0pAGpSIwjGSEr5/h0urF/PQSJTZ93qPywwveezFaJ5b57lMHp5Vbl+OcXwu+45oLSWq /1wYUyHMNbKlXxYgi7FljtFoDkIXN7OuRSNGj0a0NCxnc1Qf4fQ3fnlbWf37XdfqF79LgSa4 4/fV3AvuH6q17ScpizMpZTbIOQs8b3kjyyotVtYco9EcNDm9ZL+T0YhhTUSqoSd7Fbdr1cko 4OShXBuWSLhqQFcn0YrJ36M3gqBHqYUfkk+49pLm8VEf39yflGC0JCHpvBcNmNQpnIg45cfd PzaYR0nyCiQDsiVeuLztNz76Puo7aXySJBobste7k3XGOrTuqPXoxGWY2VnNIzOJVgIHJQTc ptWj/NHglElISWd15DjSgJqMnMV/01xmmT88i/sSe6OqWfZaDFkTBjrTZBpiGPD6H/tDTaiQ B9rEdb1Q6mb5nakm+KhmA1kf4Xoftc6kiaOrXHR2iZNFBEJ9yk8xrHj6lESPgH7vefH7pDtG z5e2fA2+MSOwoyn+bg7kwafd6nv6efw3+oMogwav/iBKjZoeqx5uWe1O2c8H3R9jbXsiF6v6 LVZh3D3xmiNyIB4cDyt9mIjGImaRbkx3qm0oglOYHZCzHXUn+islphhODUmkEM6iIUhnammi Uqwnp5XEQakS+ZAVykrsplid0KMmsxwYWeMf1djFkh/jvllek/mIYROxSsQJPiL/KpDOGJeh MdWOw+pFlGaDZhii5n6PHSSEHDNCWoSn+iia2vHECWUxoRsJ0dslxlgMBPVkJiwzxaJJp57C 1Cj+vNiksZGkcJLLDVZG5VfMLtJR+Df/cEXjOmr4d6P/Yr+ctB+eXzcPd0gFvrXfZIu1td1a QRi3XN8JtO1xWzzaIF5yPl6eet234TNn2cEL9MP1bemOXCSCKINrh8vTSXNffGStpPDU8+IB dRwUEvWGU0MSLOgTeQRk0fX5MGqsWsXEXWQOrM4shEL3JDQffchJPD0V3KQbQUmADsVUwXrz M70m8xFq/FjczmESUbKP0sKAmiG3IVERuSYz7E1EeEzIZZpGIkHjI6qNYuJIiirtUk4WsSs/ xUwUzv5tHzkrkSSV1Plq0OV2mIxMl3LoQR942MqDsC11f4ufARJWttEDG+lyjO6Ub73telHq bF0p2icKPqKjzGs6YhZQxe1Cf4RmjvLFiogXOKh7QdqfwCJEhTNDUdEgfRwjKeX9F51zpO3d eadQ2035lQFzDjpLJv3+Qqxe2yxF+V2P0URbIz553JLdRxkV2d2kFsqQQ61E0/7By3mzWkGc OFZamWCP1OPHNfBFzuuDyPky3z8bZhiy1VY/30PsFu1Jz4S9XhyU9BBOahf1aWvje4lsYI+7 UR1UrL8O97OrnZtT8vtCcV2W+gsf6Ms82XsKRpPq9rrOGkbEgP6MmqJKQnuKksLaMVPJyeOw SUQ4qnyCiueVnzc7/w6D6W2zknqJgwUHjc6FalXAns/q+EsixXwTbdPpxUZgcaXNxf4GjDIq rGZ71FgVcuiQaNrP6ER25kmSSaMiThwbtUywK8cz8EXOHBSJu65kFUR4q//whY21XFv8Zf4h 2Xtu9aa3XrhYw0UvbhpctcIz3MX1kvfs8JBvz+VIXIV2KnHeJP/iSgG9UosFXsRmMdQQwaVF fjA6pSWVqLA+SRc3n+krLy99HP4oWsAqAePl2Ic3NyVpwci3ljlYZ5BaLQV7Ii3dZI9ZievN N/KakRew17iFf2aUZuhPo6LxKQwqoe6mySXV71Ejdcjhg0amyZbgCOEnTqa1XAM1dgmIMMVU CrfQ+Qd+h2e+HGRnR57W5Vfj2s1GeNqr8rC9i9bw6HnV6N+voxKpg4rrXlSOfvHQXo/QPsoX 1P311+PuA+mOi7ig/lf3NizoUF/9N4kggppRbh+UQtFvfpbinaNUBTgC5T+JdHJeLJDYpI/D HVX9vBIZD8Vrv/+M3V9TuqBoyCHFf7u8m3jsSb/IZGHtQNf77Epcb76Rtmn0qLiNmxp3PYpB eKa7LGTePmhGq4SvqCpX1FkGg4hRzapmHmBsryqqVfmJY2Au20SNPXFodGoYlW/sFBtiInxs bEuCM66TzlDU6IpV9jJr4+ukLQlBcyBgROApLwt+SllGxq9ooznqIKMEhJY5nxZ0n8eKEgS1 gABLIL6ux/84OszcpgF2npevDjIvZ4R7zcw7gnOAABBwgoBtHRSedWqXzeCQy1vNmkIrIAAE nCRgmoOq4e2CxtkHwdT9Gr2TnMFoIAAE1AQychB6dkd4AcJFfH2wEUl8y0xFe77GaAhoBASA gAsEVDmIeYhHW7wXIZNJeMOe9CP0mf2gARAAAk4SsHietJN8wGggAASWS8B0P2i5WsDoQAAI uEoAcpCrnge7gcBqEIActBp+AC2AgKsEIAe56nmwGwisBgHIQavhB9ACCLhKAHKQq54Hu4HA ahCAHLQafgAtgICrBCAHuep5sBsIrAaB/wADOlZQOx6ooAAAAABJRU5ErkJggg== --------------080706020608040909000604-- --------------030202010109070302020309--