Re: LDAP authentication against eDirectory issue

Wed, 30 Jan 2013 03:57:37 -0800

OK - this thing is driving me crazy. After scavaging the mailing lists for several hours and doing numerous attempts to get it working, nothing seems to help. I suspect something is missing for OM to be able to create the LDAP user in it's local database. While manually inserting a user, I get the question to which user group the user will belong. This membership is not investigated while doing a LDAP search, so the problem might be there.
Does anyone have any clue on why the logfile reports the LDAP being created successfully, while it not's not? The same problem exists for OpenLDAP as for eDirectory, so I'm guessing it's not related to the LDAP config. 

Cheers,

BC


On 01/29/13 22:55, Bart Coninckx wrote:

Weird - I tried with openldap and I get the same phenomenon.

:-s


thx,

BC

On 01/29/13 20:21, Bart Coninckx wrote:

two additions:

- I added "ldap_user_attr_language_id=Language" to no avail

- eDir wants to have the user login name ALWAYS in capitals, nomatter 
how ldap_use_lower_case is defined.



BC



On 01/29/13 19:59, Bart Coninckx wrote:

Hi again,

The next step for me was enabling LDAP auth.
This produces errors however:


DEBUG 01-29 19:52:49.161 LdapLoginManagement.java 204230 242 
org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-18] - 
LdapLoginmanagement.doLdapLogin
DEBUG 01-29 19:52:49.161 LdapLoginManagement.java 204230 198 
org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-18] - 
LdapLoginmanagement.getLdapConfigData
DEBUG 01-29 19:52:49.161 LdapLoginManagement.java 204230 217 
org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-18] - 
LdapLoginmanagement.readConfig : 
/data/openmeetings/webapps/openmeetings/conf/edir.ldap.cfg
DEBUG 01-29 19:52:49.162 LdapLoginManagement.java 204231 138 
org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-18] - 
isValidAuthType
DEBUG 01-29 19:52:49.162 LdapLoginManagement.java 204231 382 
org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-18] - 
Searching userdata with LDAP Search Filter :(uid=BC)
DEBUG 01-29 19:52:49.163 LdapAuthBase.java 204232 84 
org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-18] - LdapAuthBase
DEBUG 01-29 19:52:49.163 LdapLoginManagement.java 204232 393 
org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-18] - 
authenticating admin...
DEBUG 01-29 19:52:49.163 LdapAuthBase.java 204232 101 
org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-18] - 
authenticateUser
DEBUG 01-29 19:52:49.163 LdapAuthBase.java 204232 117 
org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-18] -


Authentification to LDAP - Server start

DEBUG 01-29 19:52:49.164 LdapAuthBase.java 204233 151 
org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-18] - 
loginToLdapServer
DEBUG 01-29 19:52:49.167 LdapLoginManagement.java 204236 396 
org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-18] - 
Checking server type...
DEBUG 01-29 19:52:49.168 LdapLoginManagement.java 204237 400 
org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-18] - 
LDAP server is OpenLDAP
DEBUG 01-29 19:52:49.168 LdapLoginManagement.java 204237 401 
org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-18] - 
LDAP search base: OU=tu,O=be
DEBUG 01-29 19:52:49.173 LdapLoginManagement.java 204242 407 
org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-18] - 
Authentication with DN: cn=BC,ou=ICT,OU=tu,O=be
DEBUG 01-29 19:52:49.174 LdapAuthBase.java 204243 101 
org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-18] - 
authenticateUser
DEBUG 01-29 19:52:49.174 LdapAuthBase.java 204243 117 
org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-18] -


Authentification to LDAP - Server start

DEBUG 01-29 19:52:49.174 LdapAuthBase.java 204243 151 
org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-18] - 
loginToLdapServer
DEBUG 01-29 19:52:49.177 Usermanagement.java 204246 1556 
org.openmeetings.app.data.user.Usermanagement [NioProcessor-18] - 
Usermanagement.getUserByLogin : BC
DEBUG 01-29 19:52:49.202 LdapLoginManagement.java 204271 442 
org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-18] - 
user doesnt exist local -> create new
DEBUG 01-29 19:52:49.203 LdapAuthBase.java 204272 174 
org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-18] - getData
DEBUG 01-29 19:52:49.208 LdapLoginManagement.java 204277 495 
org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-18] - 
Synching Ldap user to OM DB with RANDOM password: brghzu36ohpp
DEBUG 01-29 19:52:49.209 LdapLoginManagement.java 204278 592 
org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-18] - 
LdapLoginmanagement.createUserFromLdapData
DEBUG 01-29 19:52:49.305 LdapLoginManagement.java 204374 727 
org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-18] - 
User Created!
DEBUG 01-29 19:52:49.305 LdapLoginManagement.java 204374 504 
org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-18] - 
New User ID : -13
DEBUG 01-29 19:52:49.307 Sessionmanagement.java 204376 176 
org.openmeetings.app.data.basic.Sessionmanagement [NioProcessor-18] 
- updateUser User: -13 || d1b0316797f91a46c08a392d071a790d
DEBUG 01-29 19:52:49.311 Sessionmanagement.java 204380 196 
org.openmeetings.app.data.basic.Sessionmanagement [NioProcessor-18] 
- Found session to update: d1b0316797f91a46c08a392d071a790d userId: -13
DEBUG 01-29 19:52:49.315 Usermanagement.java 204384 1505 
org.openmeetings.app.data.user.Usermanagement [NioProcessor-18] - 
Usermanagement.getUserById
[INFO] [NioProcessor-18] 
org.red5.server.net.rtmp.codec.RTMPProtocolDecoder - Action 
errorservice.getErrorByCode
DEBUG 01-29 19:52:49.627 ErrorService.java 204696 60 
org.openmeetings.app.remote.ErrorService [NioProcessor-18] - 
errorid, language_id: -1|1
DEBUG 01-29 19:52:49.632 ErrorService.java 204701 64 
org.openmeetings.app.remote.ErrorService [NioProcessor-18] - 
eValues.getFieldvalues_id() = 334
DEBUG 01-29 19:52:49.636 ErrorService.java 204705 66 
org.openmeetings.app.remote.ErrorService [NioProcessor-18] - 
eValues.getErrorType() = 
org.openmeetings.app.persistence.beans.basic.ErrorType@32b1a562



As far as I can tell, OM is effectively able to authenticate the 
user and adds it to it's own database.

However, when I check the DB, there's no new user, just the local admin.

This OM 2.0 and this is the config file:

ldap_server_type=OpenLDAP
ldap_conn_url=ldap://cluster2fs.dafra.be:389
ldap_admin_dn=CN:admin,O:be
ldap_passwd=nononono_you_can_not_have_this
ldap_search_base=OU:tu,O:be
field_user_principal=uid
ldap_auth_type=SIMPLE
ldap_use_lower_case=true
#ldap_user_timezone=timezone
ldap_sync_password_to_om=no
ldap_user_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=street
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=co
ldap_user_attr_town=city
ldap_user_attr_phone=telephoneNumber
ldap_user_attr_language=Language

I used this documentation (which is rather brief):
http://incubator.apache.org/openmeetings/LdapAndADS.html



the config file I assembled both from the sample file and a mailing 
post.
I'm able to trace LDAP calls on the eDir server and nothing funny 
happens there. The search is done for the user, without any 
attributes however, so eDir sends them all.


Anyone a small hint?

cheers,

BC

































					Reply via email to