John, Thanks for the quick reply. I tried updating ldap_admin_dn to actually be a DN, as well as changing the field_user_principal and ldap_server_type. No change at all. I then tried changing the admin_dn to the DN of my user (with domain admin privs) and the password to my password (which doesn't contain a #), no change. Tried changing ldap_search_base to the OU where all of the accounts (well, most of them, including mine) are located, still no change.
Any other thoughts? Is there a way to enable a more-verbose logging for this? Thanks, Jason On 09/09/2013 01:54 PM, John Tran wrote: Jason - A couple of things is wrong in your ldap config. ldap_admin_dn= (wrong format, it should be something like CN:LDAP_account,OU:MYORG,DC:example,DC:int) ldap_search_base= (your setting should be ok, mine is narowed down to the OU where the user accounts are located) field_user_principal= (this should be "userPrincipalName") ldap_server_type= (this should be "AD") -john- On Mon, Sep 9, 2013 at 10:40 AM, Antman, Jason (CMG-Atlanta) <jason.ant...@coxinc.com<mailto:jason.ant...@coxinc.com>> wrote: Hello, I've just installed OpenMeetings 2.1.1 on a CentOS 6 host for testing. Everything seems to work fine with local auth, but then I attempted to enable LDAP authentication to an Active Directory backend. As far as I can tell, the bind is working, but I seem to be getting back invalid password errors. I have dozens of other applications authing against this same AD instance, and I copy/pasted the username and password, so I know all of that is right. I thought it may have something to do with the bind user having a "#" in the password, but that doesn't seem to be the case, since the bind looks to be successful. I've tried setting ldap_server_type to both "AD" and "OpenLDAP" (per some old mailing list threads) but nothing seems to change with that. Does anyone else have AD auth working right? I'm attaching (slightly anonymized versions of) my om_ldap.cfg and openmeetings.log (I was unable to find instructions for how to turn on debug logging for the current version; the only document that Google turned up was http://code.google.com/p/openmeetings/wiki/Logging which points to a file that doesn't exist). I've tried my plain username with both a domain prefix (domain\username) and without. With the domain prefix I get a "Username not found" error, and without the prefix I get "Invalid password" (confirmed by the AcceptSecurityContext error 525) This implies to me (am I wrong): 1) bind to AD is successful 2) without the domain prefix is the correct format 3) The account can at least be found Thanks in advance for any help, and many thanks for all the effort that went in to a project that might finally free me (a desktop Linux user) from incompatible or proprietary conference software. -Jason Antman -- jt ________________________________ John Tran Northern California, CA findingj...@gmail.com<mailto:findingj...@gmail.com> ICQ IM: 27741710 AOL IM: find1ngj0hn Yahoo! IM: findingj0hn MSN IM: findingj...@hotmail.com<mailto:findingj...@hotmail.com> -- Jason Antman | Systems Engineer | CMGdigital jason.ant...@coxinc.com<mailto:jason.ant...@coxinc.com> | p: 678-645-4155
