Hey, This config works for me on a 2003 domain.
You will need to change CN= openmeetinguser ==> A user in your AD OU= someou ==> The OU the user above lives in DC= yourdomain ==> Your windows domain DC=internal ==> Whatever your 2003 domain ends with ldap_search_base=DC:yourdomain,DC:internal ==> This is where OM will search for the users to authenticate, I have done the whole forest but it could be something like this ldap_search_base=OU:users,DC:yourdomain,DC:internal Workign Config: ldap_server_type=AD ldap_conn_url=ldap://servername:389 ldap_admin_dn=CN:openmeetinguser,OU:someou,DC:yourdomain,DC:internal ldap_passwd=yourpassword ldap_search_base=DC:yourdomain,DC:internal field_user_principal=userPrincipalName ldap_auth_type=SIMPLE ldap_use_lower_case=true ldap_sync_password_to_om=no ldap_user_attr_lastname=sn ldap_user_attr_firstname=givenName ldap_user_attr_mail=mail ldap_user_attr_street=streetAddress ldap_user_attr_additionalname=description ldap_user_attr_fax=facsimileTelephoneNumber ldap_user_attr_zip=postalCode ldap_user_attr_country=co ldap_user_attr_town=l ldap_user_attr_phone=telephoneNumber A good tool is Apache Directory studio to get your ldap queries to working before testing, with version 2 make sure you have ldap_use_lower_case=true. Cheers Stephen Cottham Group IT Manager (Associate) Robert Bird Group Level 5, 333 Ann St Brisbane, Queensland, 4000, Australia Phone: +6173 319 2777 (AUS) Phone: +44207 592 8000 (UK) Fax: +6173 319 2799 Mobile: +61400 756 963 (AUS) Mobile: +447900 918 616 (UK) Web: www.robertbird.com This email and any attachments are confidential and may contain legally privileged information or copyright material. Unless expressly stated, confidentiality and/or legal privilege is not intended to be waived by the sending of this email. The contents of this email, including any attachments, are intended solely for the use of the individual or entity to whom they are addressed. If you are not an intended recipient, please contact us immediately by return email and then delete both messages. You may not otherwise read, forward, copy, use or disclose this email or any attachments. Any views expressed in this email are those of the individual sender except where the sender expressly, and with authority, states otherwise. It is your responsibility to check any attachments for viruses or defects before opening or sending them on. None of the sender or its related entities accepts any liability for any consequential damage resulting from this email containing computer viruses. Disclaimer added by CodeTwo Exchange Rules http://www.codetwo.com -----Original Message----- From: Xavier COUDIN [mailto:xavier.cou...@ac-nantes.fr] Sent: Friday, 4 May 2012 5:01 PM To: openmeetings-user@incubator.apache.org Subject: interface om with active-directory ? hello, I am just installing (and discovering) openmeetings and tying to interface it active-directory. It seems that I can not getit working. - sometime the user who wants to log-in is completely accepted, even if it does not exist at all in the AD (config file does not exist) - sometimes I get a message "invalid password" (config is ldap_auth_type=SIMPLE) - sometimes I get a message "username not found" (config is ldap_auth_type=NONE) one question : what status (in the AD) must have the user indicated in the line "ldap_admin_dn" ? domain-admin ? or simple domain-user can be enough ? another question: when authentication against AD, how do I manage the organizaton wich the user should belong to ? (as, of course, before the first connexion, this user is not known at all by the application, so he even does not exist in the local DB). best regards, -- Xavier COUDIN - coordinateur informatique Lycée Pays-de-Retz, 44210 Pornic, tel 02 40 82 40 19 poste 167 Lycée Pro Albert Chassagne, 44560 Paimboeuf, tel 02 40 27 51 72 gsm 06 80 28 40 53
