thanks for helping. I actually did try the sAMAccount... but that also did not work.
Regards, Lars. On Wed, Jun 6, 2018, 19:33 Maxim Solodovnik <solomax...@gmail.com> wrote: > Hello, > > I guess the issue is here: > ldap_search_query=(uid=%s) > > Maybe you need to set: > ldap_search_query=(sAMAccountName=%s) > > I would recommend to set up DirectoryStudio or LDAPEXplorer and check > which search query will work on your server > > On Wed, Jun 6, 2018 at 6:59 PM, Lars Bonnesen <lars.bonne...@gmail.com> > wrote: > > Trying to integrate Openmeeting with 2012R2 AD > > > > > > # > > # Licensed to the Apache Software Foundation (ASF) under one > > # or more contributor license agreements. See the NOTICE file > > # distributed with this work for additional information > > # regarding copyright ownership. The ASF licenses this file > > # to you under the Apache License, Version 2.0 (the > > # "License"); you may not use this file except in compliance > > # with the License. You may obtain a copy of the License at > > # > > # http://www.apache.org/licenses/LICENSE-2.0 > > # > > # Unless required by applicable law or agreed to in writing, > > # software distributed under the License is distributed on an > > # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY > > # KIND, either express or implied. See the License for the > > # specific language governing permissions and limitations > > # under the License. > > # > > #ConfigurationFile for LDAP Auth > > #ConfigKey 'ldap_config_path' must be set in DataBase Configration of OM > and > > point to this file > > #o.becherer,14.01.2009 > > > > #LDAP URL > > # This is the URL used to access your LDAP server. > > # if you want to use "ldaps://" links, please be aware that you need to > > import your CA certificate > > # to a java keystore and add the -Djavax.net.ssl.keyStore, > > -Djavax.net.ssl.keyStorePassword, > > # -Djavax.net.ssl.trustStore and -Djavax.net.ssl.trustStorePassword > > parameters to your > > # JAVA_OPT environment > > ldap_conn_host=192.168.206.12 > > ldap_conn_port=389 > > ldap_conn_secure=false > > > > # Login distinguished name (DN) for Authentication on LDAP Server - keep > > empty if not required > > # Use full qualified LDAP DN > > > ldap_admin_dn=CN=ldap-bruger3,OU=ServiceAccounts,OU=company,DC=ad,DC=company,DC=dk > > > > # Loginpass for Authentication on LDAP Server - keep empty if not > required > > ldap_passwd=XXX > > > > # base to search for userdata(of user, that wants to login) > > ldap_search_base=OU=Brugere,OU=company,DC=ad,DC=company,DC=dk > > > > # Fieldnames (can differ between Ldap servers) > > ldap_search_query=(uid=%s) > > > > # the scope of the search might be: OBJECT, ONELEVEL, SUBTREE > > ldap_search_scope=SUBTREE > > > > # Ldap auth type(NONE, SEARCHANDBIND, SIMPLEBIND) > > # When using SIMPLEBIND a simple bind is performed on the LDAP server to > > check user authentication > > # When using NONE, the Ldap server is not used for authentication > > ldap_auth_type=SEARCHANDBIND > > > > # userDN format, will be used to bind if ldap_auth_type=SIMPLEBIND > > # might be used to get provisionningDn in case ldap_auth_type=NONE > > ldap_userdn_format=uid=%s,OU=Company,DC=medint,DC=local > > > > # Ldap provisioning type(NONE, AUTOCREATE, AUTOUPDATE) > > ldap_provisionning=AUTOCREATE > > > > # Ldap deref mode (never, searching, finding, always) > > ldap_deref_mode=always > > > > # Set this to 'true' if you want to use admin_dn to get user attributes > > # If any other value is set, user_dn will be used > > ldap_use_admin_to_get_attrs=false > > > > # Ldap-password synchronization to OM DB > > # Set this to 'true' if you want OM to synchronize the user > Ldap-password > > to OM's internal DB > > # If you want to disable the feature, set this to any other string. > > # Defautl value is 'true' > > ldap_sync_password_to_om=false > > > > # Ldap group mode (NONE, ATTRIBUTE, QUERY) > > # NONE means group associations will be ignored > > # ATTRIBUTE means group associations will be taken from 'ldap_group_attr' > > attribute (M$ AD mode) > > # QUERY means group associations will be taken as a result of > > 'ldap_group_query' query > > ldap_group_mode=NONE > > > > ldap_group_query=(&(memberUid=%s)(objectClass=posixGroup)) > > > > Login windows reports with red ink "Invalid Password" > > > > Where does Openmeeting log more detailed information? > > > > My om_ldap.cfg looks like this (if anyone can find something weird): > > > > # Ldap user attributes mapping > > # Set the following internal OM user attributes to their corresponding > > Ldap-attribute > > ldap_user_attr_lastname=sn > > ldap_user_attr_firstname=givenName > > ldap_user_attr_mail=mail > > ldap_user_attr_street=streetAddress > > ldap_user_attr_additionalname=description > > ldap_user_attr_fax=facsimileTelephoneNumber > > ldap_user_attr_zip=postalCode > > ldap_user_attr_country=co > > ldap_user_attr_town=l > > ldap_user_attr_phone=telephoneNumber > > ldap_group_attr=memberOf > > > > # optional, only absolute URLs make sense > > #ldap_user_picture_uri=picture_uri > > > > # optional > > # the timezone has to match any timezone available in Java, otherwise the > > timezone defined in the value of > > # the conf_key "default.timezone" in OpenMeetings "configurations" table > > #ldap_user_timezone=timezone > > > > # Ldap ignore upper/lower case, convert all input to lower case > > ldap_use_lower_case=false > > > > > > -- > WBR > Maxim aka solomax >
