Sorry, My username in ldap directory is TotoA and i've used tOTOa in the OM login screen. See below the logs : ___________________________________________________________ WARN 01-26 14:36:24.997 MainService.java 7904119 338 org.openmeetings.app.remote.MainService [NioProcessor-6] - loginUser: 593ee2b78ee8ca2ff1d2ea44a40d313d tOTOa DEBUG 01-26 14:36:24.997 MainService.java 7904119 349 org.openmeetings.app.remote.MainService [NioProcessor-6] - Ldap Login DEBUG 01-26 14:36:24.999 LdapLoginManagement.java 7904121 238 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-6] - LdapLoginmanagement.doLdapLogin DEBUG 01-26 14:36:24.999 LdapLoginManagement.java 7904121 194 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-6] - LdapLoginmanagement.getLdapConfigData DEBUG 01-26 14:36:24.999 LdapLoginManagement.java 7904121 213 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-6] - LdapLoginmanagement.readConfig : /home/openmeet/red5/webapps/openmeetings/conf/om_XXXXX_ldap.cfg DEBUG 01-26 14:36:25.000 LdapLoginManagement.java 7904122 134 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-6] - isValidAuthType DEBUG 01-26 14:36:25.000 LdapLoginManagement.java 7904122 375 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-6] - Searching userdata with LDAP Search Filter :(uid=tOTOa) DEBUG 01-26 14:36:25.001 LdapAuthBase.java 7904123 84 org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-6] - LdapAuthBase DEBUG 01-26 14:36:25.001 LdapLoginManagement.java 7904123 386 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-6] - authenticating admin... DEBUG 01-26 14:36:25.002 LdapAuthBase.java 7904124 101 org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-6] - authenticateUser DEBUG 01-26 14:36:25.002 LdapAuthBase.java 7904124 117 org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-6] - Authentification to LDAP - Server start DEBUG 01-26 14:36:25.002 LdapAuthBase.java 7904124 151 org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-6] - loginToLdapServer DEBUG 01-26 14:36:25.392 LdapLoginManagement.java 7904514 389 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-6] - Checking server type... DEBUG 01-26 14:36:25.392 LdapLoginManagement.java 7904514 393 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-6] - LDAP server is OpenLDAP DEBUG 01-26 14:36:25.393 LdapLoginManagement.java 7904515 394 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-6] - LDAP search base: OU=xxxxxx,O=xxx DEBUG 01-26 14:36:25.510 LdapAuthBase.java 7904632 101 org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-6] - authenticateUser DEBUG 01-26 14:36:25.511 LdapAuthBase.java 7904633 117 org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-6] - Authentification to LDAP - Server start DEBUG 01-26 14:36:25.511 LdapAuthBase.java 7904633 151 org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-6] - loginToLdapServer ERROR 01-26 14:36:25.826 LdapAuthBase.java 7904948 123 org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-6] - Authentification on LDAP Server failed : [LDAP: error code 34 - Invalid DN Syntax] ERROR 01-26 14:36:25.829 LdapAuthBase.java 7904951 124 org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-6] - [Authentification on LDAP Server failed] javax.naming.InvalidNameException: [LDAP: error code 34 - Invalid DN Syntax] ___________________________________________________________________________ Regards Benoit
>>> Le Jeudi 26 Janvier 2012 à 14:30, "seba.wag...@gmail.com" <seba.wag...@gmail.com> a écrit dans le message <cacemia8qjthyh_aft2i1gosvb6yyc3qoftvtyhiqvzhkswg...@mail.gmail.com> : Hi benoit, what error message do you see? Cause the one you've posted has nothing to do with "Invalid DN Syntax". Sebastian 2012/1/26 Benoit Vautrin <benoit.vaut...@trw.com> Hi, I've ran SVN and ant yesterday evening, re-install Openmeeting from scratch, but i've still exactly the same behaviours. When i try to login without enforce lower/upper case as it is in my ldap directory I see an Invalid DN Syntax error message in logs. Regards. Benoit >>> "seba.wag...@gmail.com" <seba.wag...@gmail.com> 25/01/2012 15:13 >>> *by downloading the nightly build* => Sorry but the Nightly Builds are currently pointing to the wrong SVN (and Apache Infrastructure is not set up yet) You will have to download the code from the SVN by yourself and compile it using ANT. Sebastian 2012/1/25 Benoit Vautrin <benoit.vaut...@trw.com> > Hi, > > I've tested your new code (by downloading the nightly build). I have > added the option in my ldap config file : > ldap_use_lower_case=yes > > When i try to login without enforce lower/upper case as it is in my > ldap directory see below the error : > > > ------------------------------------------------------------------------------------- > WARN 01-25 14:25:03.012 MainService.java 135125 320 > org.openmeetings.app.remote.MainService [NioProcessor-3] - loginUser: > d308a786fd74abf52609b39222d8f8c5 xXXXXXx > DEBUG 01-25 14:25:03.013 MainService.java 135126 331 > org.openmeetings.app.remote.MainService [NioProcessor-3] - Ldap Login > DEBUG 01-25 14:25:03.018 LdapLoginManagement.java 135131 217 > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-3] - > LdapLoginmanagement.doLdapLogin > DEBUG 01-25 14:25:03.019 LdapLoginManagement.java 135132 173 > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-3] - > LdapLoginmanagement.getLdapConfigData > DEBUG 01-25 14:25:03.019 LdapLoginManagement.java 135132 192 > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-3] - > LdapLoginmanagement.readConfig : > /home/openmeet/red5/webapps/openmeetings/conf/om_XXXXX_ldap.cfg > DEBUG 01-25 14:25:03.020 LdapLoginManagement.java 135133 113 > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-3] - > isValidAuthType > DEBUG 01-25 14:25:03.021 LdapLoginManagement.java 135134 348 > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-3] - > Searching userdata with LDAP Search Filter :(uid=xXXXXXx) > DEBUG 01-25 14:25:03.024 LdapAuthBase.java 135137 66 > org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-3] - LdapAuthBase > DEBUG 01-25 14:25:03.024 LdapLoginManagement.java 135137 359 > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-3] - > authenticating admin... > DEBUG 01-25 14:25:03.025 LdapAuthBase.java 135138 83 > org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-3] - > authenticateUser > DEBUG 01-25 14:25:03.026 LdapAuthBase.java 135139 99 > org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-3] - > > Authentification to LDAP - Server start > DEBUG 01-25 14:25:03.026 LdapAuthBase.java 135139 133 > org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-3] - > loginToLdapServer > DEBUG 01-25 14:25:03.871 LdapLoginManagement.java 135984 362 > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-3] - > Checking server type... > DEBUG 01-25 14:25:03.872 LdapLoginManagement.java 135985 366 > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-3] - LDAP > server is OpenLDAP > DEBUG 01-25 14:25:03.872 LdapLoginManagement.java 135985 367 > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-3] - LDAP > search base: OU=XXXXXX,O=XXX > DEBUG 01-25 14:25:04.147 LdapAuthBase.java 136260 83 > org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-3] - > authenticateUser > DEBUG 01-25 14:25:04.147 LdapAuthBase.java 136260 99 > org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-3] - > > Authentification to LDAP - Server start > DEBUG 01-25 14:25:04.147 LdapAuthBase.java 136260 133 > org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-3] - > loginToLdapServer > ERROR 01-25 14:25:05.025 LdapAuthBase.java 137138 105 > org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-3] - > > Authentification on LDAP Server failed : [LDAP: error code 34 - Invalid > DN Syntax] > ERROR 01-25 14:25:05.033 LdapAuthBase.java 137146 106 > org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-3] - > [Authentification on LDAP Server failed] > javax.naming.InvalidNameException: [LDAP: error code 34 - Invalid DN > Syntax] > > ------------------------------------------------------------------------------------------------ > > When i use the exact correct username as it is in my ldap directory i > have an Error message box : "Unknow error. Please report this to the > administrator". > In the log i can see that the ldap authentication is working properly. > I see an other error : > > ----------------------------------------------------------------------------------------------- > DEBUG 01-25 14:41:40.697 Usermanagement.java 1132810 988 > org.openmeetings.app.data.user.Usermanagement [NioProcessor-3] - Added > user-Id null > DEBUG 01-25 14:41:40.698 LdapLoginManagement.java 1132811 678 > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-3] - User > Created! > DEBUG 01-25 14:41:40.699 LdapLoginManagement.java 1132812 684 > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-3] - Adding > user '-111' to organization '1' > DEBUG 01-25 14:41:40.700 Organisationmanagement.java 1132813 493 > org.openmeetings.app.data.user.Organisationmanagement [NioProcessor-3] - > getOrganisation_UserByUserAndOrganisation -111 1 > INFO 01-25 14:41:40.703 UsersDaoImpl.java 1132816 55 > org.openmeetings.app.data.user.dao.UsersDaoImpl [NioProcessor-3] - > [getUser] Info: No USER_ID given > ERROR 01-25 14:41:40.707 Organisationmanagement.java 1132820 485 > org.openmeetings.app.data.user.Organisationmanagement [NioProcessor-3] - > [addUserToOrganisation] > java.lang.NullPointerException: null > > ------------------------------------------------------------------------------------------------ > > Regards > > Benoit > > >>> "Benoit Vautrin" <benoit.vaut...@trw.com> 24/01/2012 14:34 >>> > Hi, > > I've not be able to use SVN yet. I plan to wait the nighly build and > test tomorrow morning ... > > I would like to explain me much better :-( > in my example: > in my ldap server, username = TotoA > if i use " TotoA " in the OM login window, the bind request is correct > " DN=CN=TotoA,ou=users,o=corp " > if i use " totoa" in the login window, the bind request is not correct > " DN=totoa " > > After your modifications this morning, the username will be always in > lowercase (this is that we want), but i guess the result will be the > same... a wrong ldap request without OU=, O= ? > I don't understand what are doing lines 377 to 382 ... Is it possible > if the IF condition(line 379) is not true the ldap request will be > only > DN=user ??? > > But ok, let me test tomorrow morning your new code and i will tell you > that i see on the network interface... > > Thank you very much, > > Benoit > > > >>> "seba.wag...@gmail.com" <seba.wag...@gmail.com> 24/01/2012 14:06 > >>> > Hi Benoit, > > sorry I don't get it now. What version of OpenMeetings are you > testing? > > *when i did a request without respecting uppercase/lowercase* > => Why should TotoA by automatically lowercased' ?! Did you checkout > OpenMeetings SVN version from the Apache Repository testing the new > feature > that I have commited 2 hours ago ? > > Sebastian > > 2012/1/24 Benoit Vautrin <benoit.vaut...@trw.com> > > > Hi Sebastian, > > > > So maybe the problem is somewhere else ... I did some packet network > > capture : > > when i did a request with the exact username (respecting > > uppercase/lowercase) the bind request is " > DN=CN=TotoA,ou=users,o=corp " > > (so it works and i can login) > > when i did a request without respecting uppercase/lowercase the bind > > request is " DN=totoa " and my ldap server answer : InvalidSyntax > (i'm > > not able to login) > > > > Maybe this is something wrong when the ldap request is build ? > (arround > > ligne 377 ???) > > > > > > http://svn.apache.org/viewvc/incubator/openmeetings/trunk/singlewebapp/src/app/org/openmeetings/app/ldap/LdapLoginManagement.java?revision=1235166&view=markup > > > > > > > > Benoit > > > > >>> "seba.wag...@gmail.com" <seba.wag...@gmail.com> 24/01/2012 13:38 > > >>> > > So to sum up: > > All the option does is to convert the username to lowercase, > expecting > > your > > ldap server to either ignore the upper/lowercase or actually having > > the > > names really in lowercase in ldap. > > > > Sebastian > > > > 2012/1/24 seba.wag...@gmail.com <seba.wag...@gmail.com> > > > > > No I don't convert anything like that, there is no such > possibility > > I > > > don't get any user from LDAP. > > > All I do is search the LDAP Server for a user, if the > > ldap_use_lower_case > > > is true, the user that searchs the LDAP server is transformed to > > lowercase. > > > OpenMeetings itself will also use the lowercase username > internally > > for > > > that user if that option is set to true. > > > > > > I cannot influence the way the ldap server itself compares the > > strings. > > > Maybe there is an ignoreCase setting in the LDAP server. > > > However, actually OpenMeetings does no string comparisson of Users > > and > > > matches to results, its the other way round: The username is taken > > and an > > > LDAP search is started with that username. > > > Line 353 the ldap_search_base is defined with the specified user > from > > the > > > login. > > > > > > And in > > > > > > > > > http://svn.apache.org/viewvc/incubator/openmeetings/trunk/singlewebapp/src/app/org/openmeetings/app/ldap/LdapAuthBase.java?view=markup > > > > > > > Line 82 you can see how the user+pwd is send to LDAP to > > authentificate. > > > > > > I cannot find any "equals" method that compares LDAP user to > > usernames of > > > OpenMeetings, as there is none. > > > > > > Sebastian > > > > > > > > > 2012/1/24 Benoit Vautrin <benoit.vaut...@trw.com> > > > > > >> Hi Sebastian, > > >> > > >> I'm not a good developer but i try to understand your new code. > If > > the > > >> new param ldap_use_lower_case is added to the config file, you > > convert > > >> in lower case the value fill-in by users in the Openmeetings > login > > >> window ? am i right ? > > >> > > >> But i don't see where you convert also in lower case the answer > of > > the > > >> ldap request (username field only of course) ... To be sure both > > string > > >> will be the same. > > >> Maybe i've not seen it. > > >> > > >> Thank you very much for your quick answers on issues, that's > really > > >> great ! > > >> > > >> Regards. > > >> > > >> Benoit > > >> > > >> >>> "seba.wag...@gmail.com" <seba.wag...@gmail.com> 24/01/2012 > > 09:51 > > >> >>> > > >> I've resolved the issue: > > >> > > >> there is a new param ldap_use_lower_case that you can add in the > > >> config > > >> file. > > >> If the param is true, the username is converted to lowercase > before > > >> validating the username. > > >> This has no effect on how the password is verified. > > >> > > >> > > >> > > > > > > https://issues.apache.org/jira/browse/OPENMEETINGS-27?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel#issue-tabs > > > > > > >> > > >> > > >> Sebastian > > >> > > >> 2012/1/23 Jeff Schoby <ssrj...@gmail.com> > > >> > > >> > LDAP usernames, as I understand it, should be case > insensitive. > > >> > On Jan 23, 2012 3:19 PM, "Norbert Haag" > > <norb...@noahidenations.com> > > >> > wrote: > > >> > > > >> >> Quite frankly I think that this behavior is an not an issue > but > > a > > >> >> feature. Unix system have a strict distinction between caps > and > > >> non-caps > > >> >> for a good reason. So please don't change that "issue" but try > > to > > >> educate > > >> >> users, that ABC does not equal Abc does not equal aBc etc. > > >> >> > > >> >> Cheers > > >> >> > > >> >> -----Ursprüngliche Nachricht----- > > >> >> Von: BBS Technik [mailto:dormiti...@gmx.de] > > >> >> Gesendet: Montag, 23. Januar 2012 17:30 > > >> >> An: openmeetings-user@incubator.apache.org > > >> >> Betreff: Re: Username in ldap authentication is case sensitive > > >> >> > > >> >> Hi, > > >> >> I did also run onto this problem and I would be happy when > this > > >> issue > > >> >> could be resolved. > > >> >> In the moment we have to instruct our users, but we often > have > > >> >> helpdesk-requests. > > >> >> > > >> >> Greetings > > >> >> Ed > > >> >> > > >> >> -------- Original-Nachricht -------- > > >> >> > Datum: Mon, 23 Jan 2012 10:08:19 +0100 > > >> >> > Von: "Benoit Vautrin" <benoit.vaut...@trw.com> > > >> >> > An: openmeetings-user@incubator.apache.org > > >> >> > Betreff: Username in ldap authentication is case sensitive > > >> >> > > >> >> > Hi guys, > > >> >> > > > >> >> > I would like to know if some of you have already run onto > this > > >> problem : > > >> >> > Authentication using OpenLDAP option check the exact > > 'username' > > >> string > > >> >> > between ldap answer and the username field in authentication > > >> message > > >> >> box. So, > > >> >> > for example, if your ldap username attribute contains > "TotoA" > > and > > >> user > > >> >> key > > >> >> > in "totoa", application returns : Invalid Username. > > >> >> > > > >> >> > I think most of authentication systems are case sensitive > only > > >> for > > >> >> > password, not on the username. > > >> >> > > > >> >> > The code checking for ldap authentication in Openmeetings is > > there > > >> : > > >> >> > > > >> >> > > >> > > >> > > > > > > http://svn.apache.org/viewvc/incubator/openmeetings/trunk/singlewebapp/src/app/org/openmeetings/app/ldap/LdapLoginManagement.java > > > > > > >> > > >> >> > > > >> >> > Sebastian has proposed this solution : > > >> >> > "we could add an option "ignoreUpperLowerCase" to the ldap > > >> >> configuration. > > >> >> > Making it generally "ignore" would need verification on ADS, > > >> OpenLDAP et > > >> >> > cetera how they behave regarding upper/lowercase." > > >> >> > I've opened this ticket : > > >> >> > https://issues.apache.org/jira/browse/OPENMEETINGS-27 > > >> >> > Please vote for it if you are interested to change the way > > >> username is > > >> >> > manage. > > >> >> > > > >> >> > Have a nice day. > > >> >> > > > >> >> > Benoit > > >> >> > > > >> >> > > >> >> -- > > >> >> Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir > > >> >> belohnen Sie mit bis zu 50,- Euro! > > >> https://freundschaftswerbung.gmx.de > > >> >> > > >> >> > > >> > > >> > > >> -- > > >> Sebastian Wagner > > >> http://www.openmeetings.de > > >> http://incubator.apache.org/openmeetings/ > > >> http://www.webbase-design.de > > >> http://www.wagner-sebastian.com > > >> seba.wag...@gmail.com > > >> > > > > > > > > > > > > -- > > > Sebastian Wagner > > > http://www.openmeetings.de > > > http://incubator.apache.org/openmeetings/ > > > http://www.webbase-design.de > > > http://www.wagner-sebastian.com > > > seba.wag...@gmail.com > > > > > > > > > > > -- > > Sebastian Wagner > > http://www.openmeetings.de > > http://incubator.apache.org/openmeetings/ > > http://www.webbase-design.de > > http://www.wagner-sebastian.com > > seba.wag...@gmail.com > > > > > > -- > Sebastian Wagner > http://www.openmeetings.de > http://incubator.apache.org/openmeetings/ > http://www.webbase-design.de > http://www.wagner-sebastian.com > seba.wag...@gmail.com > -- Sebastian Wagner http://www.openmeetings.de http://incubator.apache.org/openmeetings/ http://www.webbase-design.de http://www.wagner-sebastian.com seba.wag...@gmail.com -- Sebastian Wagner http://www.openmeetings.de http://incubator.apache.org/openmeetings/ http://www.webbase-design.de http://www.wagner-sebastian.com seba.wag...@gmail.com
