I did network packet capture. With the new code the ldap Bind Request sended by OM is : DN=tOTOa
So of course the ldap server answer invalidSyntax ... A correct Bind Request will be : DN=CN=tOTOa,OU=xxxxxx,O=xxx morever it sends " DN=tOTOa ", but it should be in lowercase (totoa) after your modifications, i guess. Benoit >>> "[email protected]" <[email protected]> 26/01/2012 14:51 >>> Yes, okay but I don#t know how this option should fix that, actually all it does is to make the string "TotoA" (or whatever string) to lowercase and send it to the LDAP server. I cannot instruct the LDAP server to ignore lower/upper case. So this option will be no solution to your problem. Sebastian 2012/1/26 Benoit Vautrin <[email protected]> > Sorry, > My username in ldap directory is TotoA and i've used tOTOa in the OM login > screen. > See below the logs : > > ___________________________________________________________ > WARN 01-26 14:36:24.997 MainService.java 7904119 338 > org.openmeetings.app.remote.MainService [NioProcessor-6] - loginUser: > 593ee2b78ee8ca2ff1d2ea44a40d313d tOTOa > DEBUG 01-26 14:36:24.997 MainService.java 7904119 349 > org.openmeetings.app.remote.MainService [NioProcessor-6] - Ldap Login > DEBUG 01-26 14:36:24.999 LdapLoginManagement.java 7904121 238 > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-6] - > LdapLoginmanagement.doLdapLogin > DEBUG 01-26 14:36:24.999 LdapLoginManagement.java 7904121 194 > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-6] - > LdapLoginmanagement.getLdapConfigData > DEBUG 01-26 14:36:24.999 LdapLoginManagement.java 7904121 213 > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-6] - > LdapLoginmanagement.readConfig : > /home/openmeet/red5/webapps/openmeetings/conf/om_XXXXX_ldap.cfg > DEBUG 01-26 14:36:25.000 LdapLoginManagement.java 7904122 134 > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-6] - > isValidAuthType > DEBUG 01-26 14:36:25.000 LdapLoginManagement.java 7904122 375 > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-6] - Searching > userdata with LDAP Search Filter :(uid=tOTOa) > DEBUG 01-26 14:36:25.001 LdapAuthBase.java 7904123 84 > org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-6] - LdapAuthBase > DEBUG 01-26 14:36:25.001 LdapLoginManagement.java 7904123 386 > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-6] - > authenticating admin... > DEBUG 01-26 14:36:25.002 LdapAuthBase.java 7904124 101 > org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-6] - authenticateUser > DEBUG 01-26 14:36:25.002 LdapAuthBase.java 7904124 117 > org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-6] - > > Authentification to LDAP - Server start > DEBUG 01-26 14:36:25.002 LdapAuthBase.java 7904124 151 > org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-6] - loginToLdapServer > DEBUG 01-26 14:36:25.392 LdapLoginManagement.java 7904514 389 > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-6] - Checking > server type... > DEBUG 01-26 14:36:25.392 LdapLoginManagement.java 7904514 393 > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-6] - LDAP > server is OpenLDAP > DEBUG 01-26 14:36:25.393 LdapLoginManagement.java 7904515 394 > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-6] - LDAP > search base: OU=xxxxxx,O=xxx > DEBUG 01-26 14:36:25.510 LdapAuthBase.java 7904632 101 > org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-6] - authenticateUser > DEBUG 01-26 14:36:25.511 LdapAuthBase.java 7904633 117 > org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-6] - > > Authentification to LDAP - Server start > DEBUG 01-26 14:36:25.511 LdapAuthBase.java 7904633 151 > org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-6] - loginToLdapServer > ERROR 01-26 14:36:25.826 LdapAuthBase.java 7904948 123 > org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-6] - > > Authentification on LDAP Server failed : [LDAP: error code 34 - Invalid DN > Syntax] > ERROR 01-26 14:36:25.829 LdapAuthBase.java 7904951 124 > org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-6] - [Authentification > on LDAP Server failed] > > javax.naming.InvalidNameException: [LDAP: error code 34 - Invalid DN > Syntax] > ___________________________________________________________________________ > > > Regards > > Benoit > > > >>> Le Jeudi 26 Janvier 2012 à 14:30, "[email protected]" < > [email protected]> a écrit dans le message < > cacemia8qjthyh_aft2i1gosvb6yyc3qoftvtyhiqvzhkswg...@mail.gmail.com> : > Hi benoit, > > what error message do you see? Cause the one you've posted has nothing to > do with "Invalid DN Syntax". > > Sebastian > > 2012/1/26 Benoit Vautrin <[email protected]> > >> Hi, >> >> I've ran SVN and ant yesterday evening, re-install Openmeeting from >> scratch, but i've still exactly the same behaviours. >> >> When i try to login without enforce lower/upper case as it is in my >> ldap directory I see an Invalid DN Syntax error message in logs. >> >> Regards. >> >> Benoit >> >> >> >>> "[email protected]" <[email protected]> 25/01/2012 15:13 >> >>> >> *by downloading the nightly build* >> => Sorry but the Nightly Builds are currently pointing to the wrong >> SVN >> (and Apache Infrastructure is not set up yet) >> You will have to download the code from the SVN by yourself and compile >> it >> using ANT. >> >> Sebastian >> >> 2012/1/25 Benoit Vautrin <[email protected]> >> >> > Hi, >> > >> > I've tested your new code (by downloading the nightly build). I have >> > added the option in my ldap config file : >> > ldap_use_lower_case=yes >> > >> > When i try to login without enforce lower/upper case as it is in my >> > ldap directory see below the error : >> > >> > >> > >> >> ------------------------------------------------------------------------------------- >> > WARN 01-25 14:25:03.012 MainService.java 135125 320 >> > org.openmeetings.app.remote.MainService [NioProcessor-3] - >> loginUser: >> > d308a786fd74abf52609b39222d8f8c5 xXXXXXx >> > DEBUG 01-25 14:25:03.013 MainService.java 135126 331 >> > org.openmeetings.app.remote.MainService [NioProcessor-3] - Ldap >> Login >> > DEBUG 01-25 14:25:03.018 LdapLoginManagement.java 135131 217 >> > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-3] - >> > LdapLoginmanagement.doLdapLogin >> > DEBUG 01-25 14:25:03.019 LdapLoginManagement.java 135132 173 >> > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-3] - >> > LdapLoginmanagement.getLdapConfigData >> > DEBUG 01-25 14:25:03.019 LdapLoginManagement.java 135132 192 >> > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-3] - >> > LdapLoginmanagement.readConfig : >> > /home/openmeet/red5/webapps/openmeetings/conf/om_XXXXX_ldap.cfg >> > DEBUG 01-25 14:25:03.020 LdapLoginManagement.java 135133 113 >> > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-3] - >> > isValidAuthType >> > DEBUG 01-25 14:25:03.021 LdapLoginManagement.java 135134 348 >> > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-3] - >> > Searching userdata with LDAP Search Filter :(uid=xXXXXXx) >> > DEBUG 01-25 14:25:03.024 LdapAuthBase.java 135137 66 >> > org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-3] - >> LdapAuthBase >> > DEBUG 01-25 14:25:03.024 LdapLoginManagement.java 135137 359 >> > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-3] - >> > authenticating admin... >> > DEBUG 01-25 14:25:03.025 LdapAuthBase.java 135138 83 >> > org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-3] - >> > authenticateUser >> > DEBUG 01-25 14:25:03.026 LdapAuthBase.java 135139 99 >> > org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-3] - >> > >> > Authentification to LDAP - Server start >> > DEBUG 01-25 14:25:03.026 LdapAuthBase.java 135139 133 >> > org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-3] - >> > loginToLdapServer >> > DEBUG 01-25 14:25:03.871 LdapLoginManagement.java 135984 362 >> > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-3] - >> > Checking server type... >> > DEBUG 01-25 14:25:03.872 LdapLoginManagement.java 135985 366 >> > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-3] - >> LDAP >> > server is OpenLDAP >> > DEBUG 01-25 14:25:03.872 LdapLoginManagement.java 135985 367 >> > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-3] - >> LDAP >> > search base: OU=XXXXXX,O=XXX >> > DEBUG 01-25 14:25:04.147 LdapAuthBase.java 136260 83 >> > org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-3] - >> > authenticateUser >> > DEBUG 01-25 14:25:04.147 LdapAuthBase.java 136260 99 >> > org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-3] - >> > >> > Authentification to LDAP - Server start >> > DEBUG 01-25 14:25:04.147 LdapAuthBase.java 136260 133 >> > org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-3] - >> > loginToLdapServer >> > ERROR 01-25 14:25:05.025 LdapAuthBase.java 137138 105 >> > org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-3] - >> > >> > Authentification on LDAP Server failed : [LDAP: error code 34 - >> Invalid >> > DN Syntax] >> > ERROR 01-25 14:25:05.033 LdapAuthBase.java 137146 106 >> > org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-3] - >> > [Authentification on LDAP Server failed] >> > javax.naming.InvalidNameException: [LDAP: error code 34 - Invalid DN >> > Syntax] >> > >> > >> >> ------------------------------------------------------------------------------------------------ >> > >> > When i use the exact correct username as it is in my ldap directory >> i >> > have an Error message box : "Unknow error. Please report this to the >> > administrator". >> > In the log i can see that the ldap authentication is working >> properly. >> > I see an other error : >> > >> > >> >> ----------------------------------------------------------------------------------------------- >> > DEBUG 01-25 14:41:40.697 Usermanagement.java 1132810 988 >> > org.openmeetings.app.data.user.Usermanagement [NioProcessor-3] - >> Added >> > user-Id null >> > DEBUG 01-25 14:41:40.698 LdapLoginManagement.java 1132811 678 >> > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-3] - >> User >> > Created! >> > DEBUG 01-25 14:41:40.699 LdapLoginManagement.java 1132812 684 >> > org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-3] - >> Adding >> > user '-111' to organization '1' >> > DEBUG 01-25 14:41:40.700 Organisationmanagement.java 1132813 493 >> > org.openmeetings.app.data.user.Organisationmanagement >> [NioProcessor-3] - >> > getOrganisation_UserByUserAndOrganisation -111 1 >> > INFO 01-25 14:41:40.703 UsersDaoImpl.java 1132816 55 >> > org.openmeetings.app.data.user.dao.UsersDaoImpl [NioProcessor-3] - >> > [getUser] Info: No USER_ID given >> > ERROR 01-25 14:41:40.707 Organisationmanagement.java 1132820 485 >> > org.openmeetings.app.data.user.Organisationmanagement >> [NioProcessor-3] - >> > [addUserToOrganisation] >> > java.lang.NullPointerException: null >> > >> > >> >> ------------------------------------------------------------------------------------------------ >> > >> > Regards >> > >> > Benoit >> > >> > >>> "Benoit Vautrin" <[email protected]> 24/01/2012 14:34 >>> >> > Hi, >> > >> > I've not be able to use SVN yet. I plan to wait the nighly build and >> > test tomorrow morning ... >> > >> > I would like to explain me much better :-( >> > in my example: >> > in my ldap server, username = TotoA >> > if i use " TotoA " in the OM login window, the bind request is >> correct >> > " DN=CN=TotoA,ou=users,o=corp " >> > if i use " totoa" in the login window, the bind request is not >> correct >> > " DN=totoa " >> > >> > After your modifications this morning, the username will be always >> in >> > lowercase (this is that we want), but i guess the result will be the >> > same... a wrong ldap request without OU=, O= ? >> > I don't understand what are doing lines 377 to 382 ... Is it >> possible >> > if the IF condition(line 379) is not true the ldap request will be >> > only >> > DN=user ??? >> > >> > But ok, let me test tomorrow morning your new code and i will tell >> you >> > that i see on the network interface... >> > >> > Thank you very much, >> > >> > Benoit >> > >> > >> > >>> "[email protected]" <[email protected]> 24/01/2012 14:06 >> > >>> >> > Hi Benoit, >> > >> > sorry I don't get it now. What version of OpenMeetings are you >> > testing? >> > >> > *when i did a request without respecting uppercase/lowercase* >> > => Why should TotoA by automatically lowercased' ?! Did you checkout >> > OpenMeetings SVN version from the Apache Repository testing the new >> > feature >> > that I have commited 2 hours ago ? >> > >> > Sebastian >> > >> > 2012/1/24 Benoit Vautrin <[email protected]> >> > >> > > Hi Sebastian, >> > > >> > > So maybe the problem is somewhere else ... I did some packet >> network >> > > capture : >> > > when i did a request with the exact username (respecting >> > > uppercase/lowercase) the bind request is " >> > DN=CN=TotoA,ou=users,o=corp " >> > > (so it works and i can login) >> > > when i did a request without respecting uppercase/lowercase the >> bind >> > > request is " DN=totoa " and my ldap server answer : InvalidSyntax >> > (i'm >> > > not able to login) >> > > >> > > Maybe this is something wrong when the ldap request is build ? >> > (arround >> > > ligne 377 ???) >> > > >> > > >> > >> > >> >> http://svn.apache.org/viewvc/incubator/openmeetings/trunk/singlewebapp/src/app/org/openmeetings/app/ldap/LdapLoginManagement.java?revision=1235166&view=markup >> >> > >> > >> > > >> > > >> > > Benoit >> > > >> > > >>> "[email protected]" <[email protected]> 24/01/2012 >> 13:38 >> > > >>> >> > > So to sum up: >> > > All the option does is to convert the username to lowercase, >> > expecting >> > > your >> > > ldap server to either ignore the upper/lowercase or actually >> having >> > > the >> > > names really in lowercase in ldap. >> > > >> > > Sebastian >> > > >> > > 2012/1/24 [email protected] <[email protected]> >> > > >> > > > No I don't convert anything like that, there is no such >> > possibility >> > > I >> > > > don't get any user from LDAP. >> > > > All I do is search the LDAP Server for a user, if the >> > > ldap_use_lower_case >> > > > is true, the user that searchs the LDAP server is transformed to >> > > lowercase. >> > > > OpenMeetings itself will also use the lowercase username >> > internally >> > > for >> > > > that user if that option is set to true. >> > > > >> > > > I cannot influence the way the ldap server itself compares the >> > > strings. >> > > > Maybe there is an ignoreCase setting in the LDAP server. >> > > > However, actually OpenMeetings does no string comparisson of >> Users >> > > and >> > > > matches to results, its the other way round: The username is >> taken >> > > and an >> > > > LDAP search is started with that username. >> > > > Line 353 the ldap_search_base is defined with the specified user >> > from >> > > the >> > > > login. >> > > > >> > > > And in >> > > > >> > > >> > > >> > >> > >> >> http://svn.apache.org/viewvc/incubator/openmeetings/trunk/singlewebapp/src/app/org/openmeetings/app/ldap/LdapAuthBase.java?view=markup >> >> > >> > >> > > >> > > > Line 82 you can see how the user+pwd is send to LDAP to >> > > authentificate. >> > > > >> > > > I cannot find any "equals" method that compares LDAP user to >> > > usernames of >> > > > OpenMeetings, as there is none. >> > > > >> > > > Sebastian >> > > > >> > > > >> > > > 2012/1/24 Benoit Vautrin <[email protected]> >> > > > >> > > >> Hi Sebastian, >> > > >> >> > > >> I'm not a good developer but i try to understand your new code. >> > If >> > > the >> > > >> new param ldap_use_lower_case is added to the config file, you >> > > convert >> > > >> in lower case the value fill-in by users in the Openmeetings >> > login >> > > >> window ? am i right ? >> > > >> >> > > >> But i don't see where you convert also in lower case the answer >> > of >> > > the >> > > >> ldap request (username field only of course) ... To be sure >> both >> > > string >> > > >> will be the same. >> > > >> Maybe i've not seen it. >> > > >> >> > > >> Thank you very much for your quick answers on issues, that's >> > really >> > > >> great ! >> > > >> >> > > >> Regards. >> > > >> >> > > >> Benoit >> > > >> >> > > >> >>> "[email protected]" <[email protected]> 24/01/2012 >> > > 09:51 >> > > >> >>> >> > > >> I've resolved the issue: >> > > >> >> > > >> there is a new param ldap_use_lower_case that you can add in >> the >> > > >> config >> > > >> file. >> > > >> If the param is true, the username is converted to lowercase >> > before >> > > >> validating the username. >> > > >> This has no effect on how the password is verified. >> > > >> >> > > >> >> > > >> >> > > >> > > >> > >> > >> >> https://issues.apache.org/jira/browse/OPENMEETINGS-27?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel#issue-tabs >> >> > >> > >> > > >> > > >> >> > > >> >> > > >> Sebastian >> > > >> >> > > >> 2012/1/23 Jeff Schoby <[email protected]> >> > > >> >> > > >> > LDAP usernames, as I understand it, should be case >> > insensitive. >> > > >> > On Jan 23, 2012 3:19 PM, "Norbert Haag" >> > > <[email protected]> >> > > >> > wrote: >> > > >> > >> > > >> >> Quite frankly I think that this behavior is an not an issue >> > but >> > > a >> > > >> >> feature. Unix system have a strict distinction between caps >> > and >> > > >> non-caps >> > > >> >> for a good reason. So please don't change that "issue" but >> try >> > > to >> > > >> educate >> > > >> >> users, that ABC does not equal Abc does not equal aBc etc. >> > > >> >> >> > > >> >> Cheers >> > > >> >> >> > > >> >> -----Ursprüngliche Nachricht----- >> > > >> >> Von: BBS Technik [mailto:[email protected]] >> > > >> >> Gesendet: Montag, 23. Januar 2012 17:30 >> > > >> >> An: [email protected] >> > > >> >> Betreff: Re: Username in ldap authentication is case >> sensitive >> > > >> >> >> > > >> >> Hi, >> > > >> >> I did also run onto this problem and I would be happy when >> > this >> > > >> issue >> > > >> >> could be resolved. >> > > >> >> In the moment we have to instruct our users, but we often >> > have >> > > >> >> helpdesk-requests. >> > > >> >> >> > > >> >> Greetings >> > > >> >> Ed >> > > >> >> >> > > >> >> -------- Original-Nachricht -------- >> > > >> >> > Datum: Mon, 23 Jan 2012 10:08:19 +0100 >> > > >> >> > Von: "Benoit Vautrin" <[email protected]> >> > > >> >> > An: [email protected] >> > > >> >> > Betreff: Username in ldap authentication is case sensitive >> > > >> >> >> > > >> >> > Hi guys, >> > > >> >> > >> > > >> >> > I would like to know if some of you have already run onto >> > this >> > > >> problem : >> > > >> >> > Authentication using OpenLDAP option check the exact >> > > 'username' >> > > >> string >> > > >> >> > between ldap answer and the username field in >> authentication >> > > >> message >> > > >> >> box. So, >> > > >> >> > for example, if your ldap username attribute contains >> > "TotoA" >> > > and >> > > >> user >> > > >> >> key >> > > >> >> > in "totoa", application returns : Invalid Username. >> > > >> >> > >> > > >> >> > I think most of authentication systems are case sensitive >> > only >> > > >> for >> > > >> >> > password, not on the username. >> > > >> >> > >> > > >> >> > The code checking for ldap authentication in Openmeetings >> is >> > > there >> > > >> : >> > > >> >> > >> > > >> >> >> > > >> >> > > >> >> > > >> > > >> > >> > >> >> http://svn.apache.org/viewvc/incubator/openmeetings/trunk/singlewebapp/src/app/org/openmeetings/app/ldap/LdapLoginManagement.java >> >> > >> > >> > > >> > > >> >> > > >> >> > >> > > >> >> > Sebastian has proposed this solution : >> > > >> >> > "we could add an option "ignoreUpperLowerCase" to the ldap >> > > >> >> configuration. >> > > >> >> > Making it generally "ignore" would need verification on >> ADS, >> > > >> OpenLDAP et >> > > >> >> > cetera how they behave regarding upper/lowercase." >> > > >> >> > I've opened this ticket : >> > > >> >> > https://issues.apache.org/jira/browse/OPENMEETINGS-27 >> > > >> >> > Please vote for it if you are interested to change the way >> > > >> username is >> > > >> >> > manage. >> > > >> >> > >> > > >> >> > Have a nice day. >> > > >> >> > >> > > >> >> > Benoit >> > > >> >> > >> > > >> >> >> > > >> >> -- >> > > >> >> Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir >> > > >> >> belohnen Sie mit bis zu 50,- Euro! >> > > >> https://freundschaftswerbung.gmx.de >> > > >> >> >> > > >> >> >> > > >> >> > > >> >> > > >> -- >> > > >> Sebastian Wagner >> > > >> http://www.openmeetings.de >> > > >> http://incubator.apache.org/openmeetings/ >> > > >> http://www.webbase-design.de >> > > >> http://www.wagner-sebastian.com >> > > >> [email protected] >> > > >> >> > > > >> > > > >> > > > >> > > > -- >> > > > Sebastian Wagner >> > > > http://www.openmeetings.de >> > > > http://incubator.apache.org/openmeetings/ >> > > > http://www.webbase-design.de >> > > > http://www.wagner-sebastian.com >> > > > [email protected] >> > > > >> > > >> > > >> > > >> > > -- >> > > Sebastian Wagner >> > > http://www.openmeetings.de >> > > http://incubator.apache.org/openmeetings/ >> > > http://www.webbase-design.de >> > > http://www.wagner-sebastian.com >> > > [email protected] >> > > >> > >> > >> > >> > -- >> > Sebastian Wagner >> > http://www.openmeetings.de >> > http://incubator.apache.org/openmeetings/ >> > http://www.webbase-design.de >> > http://www.wagner-sebastian.com >> > [email protected] >> > >> >> >> >> -- >> Sebastian Wagner >> http://www.openmeetings.de >> http://incubator.apache.org/openmeetings/ >> http://www.webbase-design.de >> http://www.wagner-sebastian.com >> [email protected] >> > > > > -- > Sebastian Wagner > http://www.openmeetings.de > http://incubator.apache.org/openmeetings/ > http://www.webbase-design.de > http://www.wagner-sebastian.com > [email protected] > -- Sebastian Wagner http://www.openmeetings.de http://incubator.apache.org/openmeetings/ http://www.webbase-design.de http://www.wagner-sebastian.com [email protected]
