Hi benoit, what error message do you see? Cause the one you've posted has nothing to do with "Invalid DN Syntax".
Sebastian 2012/1/26 Benoit Vautrin <benoit.vaut...@trw.com> > Hi, > > I've ran SVN and ant yesterday evening, re-install Openmeeting from > scratch, but i've still exactly the same behaviours. > > When i try to login without enforce lower/upper case as it is in my > ldap directory I see an Invalid DN Syntax error message in logs. > > Regards. > > Benoit > > > >>> "seba.wag...@gmail.com" <seba.wag...@gmail.com> 25/01/2012 15:13 > >>> > *by downloading the nightly build* > => Sorry but the Nightly Builds are currently pointing to the wrong > SVN > (and Apache Infrastructure is not set up yet) > You will have to download the code from the SVN by yourself and compile > it > using ANT. > > Sebastian > > 2012/1/25 Benoit Vautrin <benoit.vaut...@trw.com> > > > Hi, > > > > I've tested your new code (by downloading the nightly build). I have > > added the option in my ldap config file : > > ldap_use_lower_case=yes > > > > When i try to login without enforce lower/upper case as it is in my > > ldap directory see below the error : > > > > > > > > ------------------------------------------------------------------------------------- > > WARN 01-25 14:25:03.012 MainService.java 135125 320 > > org.openmeetings.app.remote.MainService [NioProcessor-3] - > loginUser: > > d308a786fd74abf52609b39222d8f8c5 xXXXXXx > > DEBUG 01-25 14:25:03.013 MainService.java 135126 331 > > org.openmeetings.app.remote.MainService [NioProcessor-3] - Ldap > Login > > DEBUG 01-25 14:25:03.018 LdapLoginManagement.java 135131 217 > > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-3] - > > LdapLoginmanagement.doLdapLogin > > DEBUG 01-25 14:25:03.019 LdapLoginManagement.java 135132 173 > > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-3] - > > LdapLoginmanagement.getLdapConfigData > > DEBUG 01-25 14:25:03.019 LdapLoginManagement.java 135132 192 > > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-3] - > > LdapLoginmanagement.readConfig : > > /home/openmeet/red5/webapps/openmeetings/conf/om_XXXXX_ldap.cfg > > DEBUG 01-25 14:25:03.020 LdapLoginManagement.java 135133 113 > > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-3] - > > isValidAuthType > > DEBUG 01-25 14:25:03.021 LdapLoginManagement.java 135134 348 > > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-3] - > > Searching userdata with LDAP Search Filter :(uid=xXXXXXx) > > DEBUG 01-25 14:25:03.024 LdapAuthBase.java 135137 66 > > org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-3] - > LdapAuthBase > > DEBUG 01-25 14:25:03.024 LdapLoginManagement.java 135137 359 > > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-3] - > > authenticating admin... > > DEBUG 01-25 14:25:03.025 LdapAuthBase.java 135138 83 > > org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-3] - > > authenticateUser > > DEBUG 01-25 14:25:03.026 LdapAuthBase.java 135139 99 > > org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-3] - > > > > Authentification to LDAP - Server start > > DEBUG 01-25 14:25:03.026 LdapAuthBase.java 135139 133 > > org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-3] - > > loginToLdapServer > > DEBUG 01-25 14:25:03.871 LdapLoginManagement.java 135984 362 > > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-3] - > > Checking server type... > > DEBUG 01-25 14:25:03.872 LdapLoginManagement.java 135985 366 > > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-3] - > LDAP > > server is OpenLDAP > > DEBUG 01-25 14:25:03.872 LdapLoginManagement.java 135985 367 > > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-3] - > LDAP > > search base: OU=XXXXXX,O=XXX > > DEBUG 01-25 14:25:04.147 LdapAuthBase.java 136260 83 > > org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-3] - > > authenticateUser > > DEBUG 01-25 14:25:04.147 LdapAuthBase.java 136260 99 > > org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-3] - > > > > Authentification to LDAP - Server start > > DEBUG 01-25 14:25:04.147 LdapAuthBase.java 136260 133 > > org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-3] - > > loginToLdapServer > > ERROR 01-25 14:25:05.025 LdapAuthBase.java 137138 105 > > org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-3] - > > > > Authentification on LDAP Server failed : [LDAP: error code 34 - > Invalid > > DN Syntax] > > ERROR 01-25 14:25:05.033 LdapAuthBase.java 137146 106 > > org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-3] - > > [Authentification on LDAP Server failed] > > javax.naming.InvalidNameException: [LDAP: error code 34 - Invalid DN > > Syntax] > > > > > > ------------------------------------------------------------------------------------------------ > > > > When i use the exact correct username as it is in my ldap directory > i > > have an Error message box : "Unknow error. Please report this to the > > administrator". > > In the log i can see that the ldap authentication is working > properly. > > I see an other error : > > > > > > ----------------------------------------------------------------------------------------------- > > DEBUG 01-25 14:41:40.697 Usermanagement.java 1132810 988 > > org.openmeetings.app.data.user.Usermanagement [NioProcessor-3] - > Added > > user-Id null > > DEBUG 01-25 14:41:40.698 LdapLoginManagement.java 1132811 678 > > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-3] - > User > > Created! > > DEBUG 01-25 14:41:40.699 LdapLoginManagement.java 1132812 684 > > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-3] - > Adding > > user '-111' to organization '1' > > DEBUG 01-25 14:41:40.700 Organisationmanagement.java 1132813 493 > > org.openmeetings.app.data.user.Organisationmanagement > [NioProcessor-3] - > > getOrganisation_UserByUserAndOrganisation -111 1 > > INFO 01-25 14:41:40.703 UsersDaoImpl.java 1132816 55 > > org.openmeetings.app.data.user.dao.UsersDaoImpl [NioProcessor-3] - > > [getUser] Info: No USER_ID given > > ERROR 01-25 14:41:40.707 Organisationmanagement.java 1132820 485 > > org.openmeetings.app.data.user.Organisationmanagement > [NioProcessor-3] - > > [addUserToOrganisation] > > java.lang.NullPointerException: null > > > > > > ------------------------------------------------------------------------------------------------ > > > > Regards > > > > Benoit > > > > >>> "Benoit Vautrin" <benoit.vaut...@trw.com> 24/01/2012 14:34 >>> > > Hi, > > > > I've not be able to use SVN yet. I plan to wait the nighly build and > > test tomorrow morning ... > > > > I would like to explain me much better :-( > > in my example: > > in my ldap server, username = TotoA > > if i use " TotoA " in the OM login window, the bind request is > correct > > " DN=CN=TotoA,ou=users,o=corp " > > if i use " totoa" in the login window, the bind request is not > correct > > " DN=totoa " > > > > After your modifications this morning, the username will be always > in > > lowercase (this is that we want), but i guess the result will be the > > same... a wrong ldap request without OU=, O= ? > > I don't understand what are doing lines 377 to 382 ... Is it > possible > > if the IF condition(line 379) is not true the ldap request will be > > only > > DN=user ??? > > > > But ok, let me test tomorrow morning your new code and i will tell > you > > that i see on the network interface... > > > > Thank you very much, > > > > Benoit > > > > > > >>> "seba.wag...@gmail.com" <seba.wag...@gmail.com> 24/01/2012 14:06 > > >>> > > Hi Benoit, > > > > sorry I don't get it now. What version of OpenMeetings are you > > testing? > > > > *when i did a request without respecting uppercase/lowercase* > > => Why should TotoA by automatically lowercased' ?! Did you checkout > > OpenMeetings SVN version from the Apache Repository testing the new > > feature > > that I have commited 2 hours ago ? > > > > Sebastian > > > > 2012/1/24 Benoit Vautrin <benoit.vaut...@trw.com> > > > > > Hi Sebastian, > > > > > > So maybe the problem is somewhere else ... I did some packet > network > > > capture : > > > when i did a request with the exact username (respecting > > > uppercase/lowercase) the bind request is " > > DN=CN=TotoA,ou=users,o=corp " > > > (so it works and i can login) > > > when i did a request without respecting uppercase/lowercase the > bind > > > request is " DN=totoa " and my ldap server answer : InvalidSyntax > > (i'm > > > not able to login) > > > > > > Maybe this is something wrong when the ldap request is build ? > > (arround > > > ligne 377 ???) > > > > > > > > > > > > http://svn.apache.org/viewvc/incubator/openmeetings/trunk/singlewebapp/src/app/org/openmeetings/app/ldap/LdapLoginManagement.java?revision=1235166&view=markup > > > > > > > > > > > > > > Benoit > > > > > > >>> "seba.wag...@gmail.com" <seba.wag...@gmail.com> 24/01/2012 > 13:38 > > > >>> > > > So to sum up: > > > All the option does is to convert the username to lowercase, > > expecting > > > your > > > ldap server to either ignore the upper/lowercase or actually > having > > > the > > > names really in lowercase in ldap. > > > > > > Sebastian > > > > > > 2012/1/24 seba.wag...@gmail.com <seba.wag...@gmail.com> > > > > > > > No I don't convert anything like that, there is no such > > possibility > > > I > > > > don't get any user from LDAP. > > > > All I do is search the LDAP Server for a user, if the > > > ldap_use_lower_case > > > > is true, the user that searchs the LDAP server is transformed to > > > lowercase. > > > > OpenMeetings itself will also use the lowercase username > > internally > > > for > > > > that user if that option is set to true. > > > > > > > > I cannot influence the way the ldap server itself compares the > > > strings. > > > > Maybe there is an ignoreCase setting in the LDAP server. > > > > However, actually OpenMeetings does no string comparisson of > Users > > > and > > > > matches to results, its the other way round: The username is > taken > > > and an > > > > LDAP search is started with that username. > > > > Line 353 the ldap_search_base is defined with the specified user > > from > > > the > > > > login. > > > > > > > > And in > > > > > > > > > > > > > > > > http://svn.apache.org/viewvc/incubator/openmeetings/trunk/singlewebapp/src/app/org/openmeetings/app/ldap/LdapAuthBase.java?view=markup > > > > > > > > > > > > Line 82 you can see how the user+pwd is send to LDAP to > > > authentificate. > > > > > > > > I cannot find any "equals" method that compares LDAP user to > > > usernames of > > > > OpenMeetings, as there is none. > > > > > > > > Sebastian > > > > > > > > > > > > 2012/1/24 Benoit Vautrin <benoit.vaut...@trw.com> > > > > > > > >> Hi Sebastian, > > > >> > > > >> I'm not a good developer but i try to understand your new code. > > If > > > the > > > >> new param ldap_use_lower_case is added to the config file, you > > > convert > > > >> in lower case the value fill-in by users in the Openmeetings > > login > > > >> window ? am i right ? > > > >> > > > >> But i don't see where you convert also in lower case the answer > > of > > > the > > > >> ldap request (username field only of course) ... To be sure > both > > > string > > > >> will be the same. > > > >> Maybe i've not seen it. > > > >> > > > >> Thank you very much for your quick answers on issues, that's > > really > > > >> great ! > > > >> > > > >> Regards. > > > >> > > > >> Benoit > > > >> > > > >> >>> "seba.wag...@gmail.com" <seba.wag...@gmail.com> 24/01/2012 > > > 09:51 > > > >> >>> > > > >> I've resolved the issue: > > > >> > > > >> there is a new param ldap_use_lower_case that you can add in > the > > > >> config > > > >> file. > > > >> If the param is true, the username is converted to lowercase > > before > > > >> validating the username. > > > >> This has no effect on how the password is verified. > > > >> > > > >> > > > >> > > > > > > > > > > > > https://issues.apache.org/jira/browse/OPENMEETINGS-27?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel#issue-tabs > > > > > > > > > > > >> > > > >> > > > >> Sebastian > > > >> > > > >> 2012/1/23 Jeff Schoby <ssrj...@gmail.com> > > > >> > > > >> > LDAP usernames, as I understand it, should be case > > insensitive. > > > >> > On Jan 23, 2012 3:19 PM, "Norbert Haag" > > > <norb...@noahidenations.com> > > > >> > wrote: > > > >> > > > > >> >> Quite frankly I think that this behavior is an not an issue > > but > > > a > > > >> >> feature. Unix system have a strict distinction between caps > > and > > > >> non-caps > > > >> >> for a good reason. So please don't change that "issue" but > try > > > to > > > >> educate > > > >> >> users, that ABC does not equal Abc does not equal aBc etc. > > > >> >> > > > >> >> Cheers > > > >> >> > > > >> >> -----Ursprüngliche Nachricht----- > > > >> >> Von: BBS Technik [mailto:dormiti...@gmx.de] > > > >> >> Gesendet: Montag, 23. Januar 2012 17:30 > > > >> >> An: openmeetings-user@incubator.apache.org > > > >> >> Betreff: Re: Username in ldap authentication is case > sensitive > > > >> >> > > > >> >> Hi, > > > >> >> I did also run onto this problem and I would be happy when > > this > > > >> issue > > > >> >> could be resolved. > > > >> >> In the moment we have to instruct our users, but we often > > have > > > >> >> helpdesk-requests. > > > >> >> > > > >> >> Greetings > > > >> >> Ed > > > >> >> > > > >> >> -------- Original-Nachricht -------- > > > >> >> > Datum: Mon, 23 Jan 2012 10:08:19 +0100 > > > >> >> > Von: "Benoit Vautrin" <benoit.vaut...@trw.com> > > > >> >> > An: openmeetings-user@incubator.apache.org > > > >> >> > Betreff: Username in ldap authentication is case sensitive > > > >> >> > > > >> >> > Hi guys, > > > >> >> > > > > >> >> > I would like to know if some of you have already run onto > > this > > > >> problem : > > > >> >> > Authentication using OpenLDAP option check the exact > > > 'username' > > > >> string > > > >> >> > between ldap answer and the username field in > authentication > > > >> message > > > >> >> box. So, > > > >> >> > for example, if your ldap username attribute contains > > "TotoA" > > > and > > > >> user > > > >> >> key > > > >> >> > in "totoa", application returns : Invalid Username. > > > >> >> > > > > >> >> > I think most of authentication systems are case sensitive > > only > > > >> for > > > >> >> > password, not on the username. > > > >> >> > > > > >> >> > The code checking for ldap authentication in Openmeetings > is > > > there > > > >> : > > > >> >> > > > > >> >> > > > >> > > > >> > > > > > > > > > > > > http://svn.apache.org/viewvc/incubator/openmeetings/trunk/singlewebapp/src/app/org/openmeetings/app/ldap/LdapLoginManagement.java > > > > > > > > > > > >> > > > >> >> > > > > >> >> > Sebastian has proposed this solution : > > > >> >> > "we could add an option "ignoreUpperLowerCase" to the ldap > > > >> >> configuration. > > > >> >> > Making it generally "ignore" would need verification on > ADS, > > > >> OpenLDAP et > > > >> >> > cetera how they behave regarding upper/lowercase." > > > >> >> > I've opened this ticket : > > > >> >> > https://issues.apache.org/jira/browse/OPENMEETINGS-27 > > > >> >> > Please vote for it if you are interested to change the way > > > >> username is > > > >> >> > manage. > > > >> >> > > > > >> >> > Have a nice day. > > > >> >> > > > > >> >> > Benoit > > > >> >> > > > > >> >> > > > >> >> -- > > > >> >> Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir > > > >> >> belohnen Sie mit bis zu 50,- Euro! > > > >> https://freundschaftswerbung.gmx.de > > > >> >> > > > >> >> > > > >> > > > >> > > > >> -- > > > >> Sebastian Wagner > > > >> http://www.openmeetings.de > > > >> http://incubator.apache.org/openmeetings/ > > > >> http://www.webbase-design.de > > > >> http://www.wagner-sebastian.com > > > >> seba.wag...@gmail.com > > > >> > > > > > > > > > > > > > > > > -- > > > > Sebastian Wagner > > > > http://www.openmeetings.de > > > > http://incubator.apache.org/openmeetings/ > > > > http://www.webbase-design.de > > > > http://www.wagner-sebastian.com > > > > seba.wag...@gmail.com > > > > > > > > > > > > > > > > -- > > > Sebastian Wagner > > > http://www.openmeetings.de > > > http://incubator.apache.org/openmeetings/ > > > http://www.webbase-design.de > > > http://www.wagner-sebastian.com > > > seba.wag...@gmail.com > > > > > > > > > > > -- > > Sebastian Wagner > > http://www.openmeetings.de > > http://incubator.apache.org/openmeetings/ > > http://www.webbase-design.de > > http://www.wagner-sebastian.com > > seba.wag...@gmail.com > > > > > > -- > Sebastian Wagner > http://www.openmeetings.de > http://incubator.apache.org/openmeetings/ > http://www.webbase-design.de > http://www.wagner-sebastian.com > seba.wag...@gmail.com > -- Sebastian Wagner http://www.openmeetings.de http://incubator.apache.org/openmeetings/ http://www.webbase-design.de http://www.wagner-sebastian.com seba.wag...@gmail.com
