Not sure why you are having issues, did you see the response from Yvan Arnaud? Hes using OpenLAD
And you confirmed the time is correct? Are you running OM in debug mode? This will give you more information as to what's happening when the authentication occurs. From: Bart Coninckx [mailto:bart.conin...@telenet.be] Sent: 30 January 2013 13:07 To: user@openmeetings.apache.org Subject: Re: LDAP authentication against eDirectory issue Hi Stephen, that's what I'm doing. I have now three different configs: OpenLDAP, Edirectory and AD (I have all at hand fortunately) and none of them work so far. For AD I have a different problem than for the other two (administrator can't log on) so I'm investigating that one further now. Would be a regular shame though if I would be forced to use AD, one of my least favorite directories. BC On 01/30/13 14:03, Stephen Cottham wrote: If you're still having issues after that then grab the Apache Directory studio here: http://directory.apache.org/studio/ Connect to your LDAP server and confirm the Attribute details are correct for your setup. Best Regards From: Stephen Cottham [mailto:stephen.cott...@robertbird.com.au] Sent: 30 January 2013 12:56 To: user@openmeetings.apache.org Subject: RE: LDAP authentication against eDirectory issue This works for me Against 2003 AD ldap_server_type=AD ldap_conn_url=ldap://(serverIP):389 ldap_admin_dn=CN:Administrator,OU:Admin Accounts,DC:domain,DC:name ldap_passwd=adminpassword ldap_search_base= DC:domain,DC:name field_user_principal=userPrincipalName ldap_auth_type=SIMPLE ldap_sync_password_to_om=yes ldap_user_attr_lastname=sn ldap_user_attr_firstname=givenName ldap_user_attr_mail=mail ldap_user_attr_street=streetAddress ldap_user_attr_additionalname=description ldap_user_attr_fax=facsimileTelephoneNumber ldap_user_attr_zip=postalCode ldap_user_attr_country=co ldap_user_attr_town=l ldap_user_attr_phone=telephoneNumber ldap_use_lower_case=true Make sure the time is correct on the OM machine as AD doesn't like too much clock skew. Cheers From: Bart Coninckx [mailto:bart.conin...@telenet.be] Sent: 30 January 2013 12:34 To: user@openmeetings.apache.org Subject: Re: LDAP authentication against eDirectory issue Would you mind posting your config file? cheers, BC On 01/30/13 13:01, Stephen Cottham wrote: Havant tested OpenLDAP or eDirectory but I can confirm it works fine with Active Directory. Stephen Cottham Group IT Manager (Associate) Robert Bird Group Level 5, 333 Ann St Brisbane, Queensland, 4000, Australia Phone: +6173 319 2777 (AUS) Phone: +44207 633 2880 (UK) Fax: +6173 319 2799 Mobile: +61400 756 963 (AUS) Mobile: +447900 918 616 (UK) Web: www.robertbird.com <http://www.robertbird.com/> <http://www.robertbird.com.au/> This email and any attachments are confidential and may contain legally privileged information or copyright material. Unless expressly stated, confidentiality and/or legal privilege is not intended to be waived by the sending of this email. The contents of this email, including any attachments, are intended solely for the use of the individual or entity to whom they are addressed. If you are not an intended recipient, please contact us immediately by return email and then delete both messages. You may not otherwise read, forward, copy, use or disclose this email or any attachments. Any views expressed in this email are those of the individual sender except where the sender expressly, and with authority, states otherwise. It is your responsibility to check any attachments for viruses or defects before opening or sending them on. None of the sender or its related entities accepts any liability for any consequential damage resulting from this email containing computer viruses. Disclaimer added by CodeTwo Exchange Rules www.codetwo.com From: Bart Coninckx [mailto:bart.conin...@telenet.be] Sent: 30 January 2013 11:57 To: user@openmeetings.apache.org Subject: Re: LDAP authentication against eDirectory issue OK - this thing is driving me crazy. After scavaging the mailing lists for several hours and doing numerous attempts to get it working, nothing seems to help. I suspect something is missing for OM to be able to create the LDAP user in it's local database. While manually inserting a user, I get the question to which user group the user will belong. This membership is not investigated while doing a LDAP search, so the problem might be there. Does anyone have any clue on why the logfile reports the LDAP being created successfully, while it not's not? The same problem exists for OpenLDAP as for eDirectory, so I'm guessing it's not related to the LDAP config. Cheers, BC On 01/29/13 22:55, Bart Coninckx wrote: Weird - I tried with openldap and I get the same phenomenon. :-s thx, BC On 01/29/13 20:21, Bart Coninckx wrote: two additions: - I added "ldap_user_attr_language_id=Language" to no avail - eDir wants to have the user login name ALWAYS in capitals, nomatter how ldap_use_lower_case is defined. BC On 01/29/13 19:59, Bart Coninckx wrote: Hi again, The next step for me was enabling LDAP auth. This produces errors however: DEBUG 01-29 19:52:49.161 LdapLoginManagement.java 204230 242 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-18] - LdapLoginmanagement.doLdapLogin DEBUG 01-29 19:52:49.161 LdapLoginManagement.java 204230 198 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-18] - LdapLoginmanagement.getLdapConfigData DEBUG 01-29 19:52:49.161 LdapLoginManagement.java 204230 217 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-18] - LdapLoginmanagement.readConfig : /data/openmeetings/webapps/openmeetings/conf/edir.ldap.cfg DEBUG 01-29 19:52:49.162 LdapLoginManagement.java 204231 138 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-18] - isValidAuthType DEBUG 01-29 19:52:49.162 LdapLoginManagement.java 204231 382 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-18] - Searching userdata with LDAP Search Filter :(uid=BC) DEBUG 01-29 19:52:49.163 LdapAuthBase.java 204232 84 org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-18] - LdapAuthBase DEBUG 01-29 19:52:49.163 LdapLoginManagement.java 204232 393 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-18] - authenticating admin... DEBUG 01-29 19:52:49.163 LdapAuthBase.java 204232 101 org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-18] - authenticateUser DEBUG 01-29 19:52:49.163 LdapAuthBase.java 204232 117 org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-18] - Authentification to LDAP - Server start DEBUG 01-29 19:52:49.164 LdapAuthBase.java 204233 151 org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-18] - loginToLdapServer DEBUG 01-29 19:52:49.167 LdapLoginManagement.java 204236 396 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-18] - Checking server type... DEBUG 01-29 19:52:49.168 LdapLoginManagement.java 204237 400 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-18] - LDAP server is OpenLDAP DEBUG 01-29 19:52:49.168 LdapLoginManagement.java 204237 401 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-18] - LDAP search base: OU=tu,O=be DEBUG 01-29 19:52:49.173 LdapLoginManagement.java 204242 407 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-18] - Authentication with DN: cn=BC,ou=ICT,OU=tu,O=be DEBUG 01-29 19:52:49.174 LdapAuthBase.java 204243 101 org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-18] - authenticateUser DEBUG 01-29 19:52:49.174 LdapAuthBase.java 204243 117 org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-18] - Authentification to LDAP - Server start DEBUG 01-29 19:52:49.174 LdapAuthBase.java 204243 151 org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-18] - loginToLdapServer DEBUG 01-29 19:52:49.177 Usermanagement.java 204246 1556 org.openmeetings.app.data.user.Usermanagement [NioProcessor-18] - Usermanagement.getUserByLogin : BC DEBUG 01-29 19:52:49.202 LdapLoginManagement.java 204271 442 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-18] - user doesnt exist local -> create new DEBUG 01-29 19:52:49.203 LdapAuthBase.java 204272 174 org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-18] - getData DEBUG 01-29 19:52:49.208 LdapLoginManagement.java 204277 495 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-18] - Synching Ldap user to OM DB with RANDOM password: brghzu36ohpp DEBUG 01-29 19:52:49.209 LdapLoginManagement.java 204278 592 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-18] - LdapLoginmanagement.createUserFromLdapData DEBUG 01-29 19:52:49.305 LdapLoginManagement.java 204374 727 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-18] - User Created! DEBUG 01-29 19:52:49.305 LdapLoginManagement.java 204374 504 org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-18] - New User ID : -13 DEBUG 01-29 19:52:49.307 Sessionmanagement.java 204376 176 org.openmeetings.app.data.basic.Sessionmanagement [NioProcessor-18] - updateUser User: -13 || d1b0316797f91a46c08a392d071a790d DEBUG 01-29 19:52:49.311 Sessionmanagement.java 204380 196 org.openmeetings.app.data.basic.Sessionmanagement [NioProcessor-18] - Found session to update: d1b0316797f91a46c08a392d071a790d userId: -13 DEBUG 01-29 19:52:49.315 Usermanagement.java 204384 1505 org.openmeetings.app.data.user.Usermanagement [NioProcessor-18] - Usermanagement.getUserById [INFO] [NioProcessor-18] org.red5.server.net.rtmp.codec.RTMPProtocolDecoder - Action errorservice.getErrorByCode DEBUG 01-29 19:52:49.627 ErrorService.java 204696 60 org.openmeetings.app.remote.ErrorService [NioProcessor-18] - errorid, language_id: -1|1 DEBUG 01-29 19:52:49.632 ErrorService.java 204701 64 org.openmeetings.app.remote.ErrorService [NioProcessor-18] - eValues.getFieldvalues_id() = 334 DEBUG 01-29 19:52:49.636 ErrorService.java 204705 66 org.openmeetings.app.remote.ErrorService [NioProcessor-18] - eValues.getErrorType() = org.openmeetings.app.persistence.beans.basic.ErrorType@32b1a562 As far as I can tell, OM is effectively able to authenticate the user and adds it to it's own database. However, when I check the DB, there's no new user, just the local admin. This OM 2.0 and this is the config file: ldap_server_type=OpenLDAP ldap_conn_url= ldap://cluster2fs.dafra.be:389 ldap_admin_dn=CN:admin,O:be ldap_passwd=nononono_you_can_not_have_this ldap_search_base=OU:tu,O:be field_user_principal=uid ldap_auth_type=SIMPLE ldap_use_lower_case=true #ldap_user_timezone=timezone ldap_sync_password_to_om=no ldap_user_attr_lastname=sn ldap_user_attr_firstname=givenName ldap_user_attr_mail=mail ldap_user_attr_street=street ldap_user_attr_additionalname=description ldap_user_attr_fax=facsimileTelephoneNumber ldap_user_attr_zip=postalCode ldap_user_attr_country=co ldap_user_attr_town=city ldap_user_attr_phone=telephoneNumber ldap_user_attr_language=Language I used this documentation (which is rather brief): http://incubator.apache.org/openmeetings/LdapAndADS.html the config file I assembled both from the sample file and a mailing post. I'm able to trace LDAP calls on the eDir server and nothing funny happens there. The search is done for the user, without any attributes however, so eDir sends them all. Anyone a small hint? cheers, BC Stephen Cottham Group IT Manager (Associate) Robert Bird Group Level 5, 333 Ann St Brisbane, Queensland, 4000, Australia Phone: +6173 319 2777 (AUS) Phone: +44207 633 2880 (UK) Fax: +6173 319 2799 Mobile: +61400 756 963 (AUS) Mobile: +447900 918 616 (UK) Web: www.robertbird.com This email and any attachments are confidential and may contain legally privileged information or copyright material. Unless expressly stated, confidentiality and/or legal privilege is not intended to be waived by the sending of this email. The contents of this email, including any attachments, are intended solely for the use of the individual or entity to whom they are addressed. If you are not an intended recipient, please contact us immediately by return email and then delete both messages. You may not otherwise read, forward, copy, use or disclose this email or any attachments. Any views expressed in this email are those of the individual sender except where the sender expressly, and with authority, states otherwise. It is your responsibility to check any attachments for viruses or defects before opening or sending them on. None of the sender or its related entities accepts any liability for any consequential damage resulting from this email containing computer viruses. Disclaimer added by CodeTwo Exchange Rules http://www.codetwo.com
<<image001.gif>>
<<image002.png>>
