Hello Lars, were you able to check all parameters using DirectoryStudio or LDAPEXplorer?
Can you check if your user can be found using ldap_search_base=OU=Brugere,OU=company,DC=ad,DC=company,DC=dk AND ldap_search_query=(uid=%s) On Tue, Jun 12, 2018 at 7:07 PM Lars Bonnesen <lars.bonne...@gmail.com> wrote: > > thanks for helping. > > I actually did try the sAMAccount... but that also did not work. > > Regards, Lars. > > On Wed, Jun 6, 2018, 19:33 Maxim Solodovnik <solomax...@gmail.com> wrote: >> >> Hello, >> >> I guess the issue is here: >> ldap_search_query=(uid=%s) >> >> Maybe you need to set: >> ldap_search_query=(sAMAccountName=%s) >> >> I would recommend to set up DirectoryStudio or LDAPEXplorer and check >> which search query will work on your server >> >> On Wed, Jun 6, 2018 at 6:59 PM, Lars Bonnesen <lars.bonne...@gmail.com> >> wrote: >> > Trying to integrate Openmeeting with 2012R2 AD >> > >> > >> > # >> > # Licensed to the Apache Software Foundation (ASF) under one >> > # or more contributor license agreements. See the NOTICE file >> > # distributed with this work for additional information >> > # regarding copyright ownership. The ASF licenses this file >> > # to you under the Apache License, Version 2.0 (the >> > # "License"); you may not use this file except in compliance >> > # with the License. You may obtain a copy of the License at >> > # >> > # http://www.apache.org/licenses/LICENSE-2.0 >> > # >> > # Unless required by applicable law or agreed to in writing, >> > # software distributed under the License is distributed on an >> > # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY >> > # KIND, either express or implied. See the License for the >> > # specific language governing permissions and limitations >> > # under the License. >> > # >> > #ConfigurationFile for LDAP Auth >> > #ConfigKey 'ldap_config_path' must be set in DataBase Configration of OM >> > and >> > point to this file >> > #o.becherer,14.01.2009 >> > >> > #LDAP URL >> > # This is the URL used to access your LDAP server. >> > # if you want to use "ldaps://" links, please be aware that you need to >> > import your CA certificate >> > # to a java keystore and add the -Djavax.net.ssl.keyStore, >> > -Djavax.net.ssl.keyStorePassword, >> > # -Djavax.net.ssl.trustStore and -Djavax.net.ssl.trustStorePassword >> > parameters to your >> > # JAVA_OPT environment >> > ldap_conn_host=192.168.206.12 >> > ldap_conn_port=389 >> > ldap_conn_secure=false >> > >> > # Login distinguished name (DN) for Authentication on LDAP Server - keep >> > empty if not required >> > # Use full qualified LDAP DN >> > ldap_admin_dn=CN=ldap-bruger3,OU=ServiceAccounts,OU=company,DC=ad,DC=company,DC=dk >> > >> > # Loginpass for Authentication on LDAP Server - keep empty if not required >> > ldap_passwd=XXX >> > >> > # base to search for userdata(of user, that wants to login) >> > ldap_search_base=OU=Brugere,OU=company,DC=ad,DC=company,DC=dk >> > >> > # Fieldnames (can differ between Ldap servers) >> > ldap_search_query=(uid=%s) >> > >> > # the scope of the search might be: OBJECT, ONELEVEL, SUBTREE >> > ldap_search_scope=SUBTREE >> > >> > # Ldap auth type(NONE, SEARCHANDBIND, SIMPLEBIND) >> > # When using SIMPLEBIND a simple bind is performed on the LDAP server to >> > check user authentication >> > # When using NONE, the Ldap server is not used for authentication >> > ldap_auth_type=SEARCHANDBIND >> > >> > # userDN format, will be used to bind if ldap_auth_type=SIMPLEBIND >> > # might be used to get provisionningDn in case ldap_auth_type=NONE >> > ldap_userdn_format=uid=%s,OU=Company,DC=medint,DC=local >> > >> > # Ldap provisioning type(NONE, AUTOCREATE, AUTOUPDATE) >> > ldap_provisionning=AUTOCREATE >> > >> > # Ldap deref mode (never, searching, finding, always) >> > ldap_deref_mode=always >> > >> > # Set this to 'true' if you want to use admin_dn to get user attributes >> > # If any other value is set, user_dn will be used >> > ldap_use_admin_to_get_attrs=false >> > >> > # Ldap-password synchronization to OM DB >> > # Set this to 'true' if you want OM to synchronize the user Ldap-password >> > to OM's internal DB >> > # If you want to disable the feature, set this to any other string. >> > # Defautl value is 'true' >> > ldap_sync_password_to_om=false >> > >> > # Ldap group mode (NONE, ATTRIBUTE, QUERY) >> > # NONE means group associations will be ignored >> > # ATTRIBUTE means group associations will be taken from 'ldap_group_attr' >> > attribute (M$ AD mode) >> > # QUERY means group associations will be taken as a result of >> > 'ldap_group_query' query >> > ldap_group_mode=NONE >> > >> > ldap_group_query=(&(memberUid=%s)(objectClass=posixGroup)) >> > >> > Login windows reports with red ink "Invalid Password" >> > >> > Where does Openmeeting log more detailed information? >> > >> > My om_ldap.cfg looks like this (if anyone can find something weird): >> > >> > # Ldap user attributes mapping >> > # Set the following internal OM user attributes to their corresponding >> > Ldap-attribute >> > ldap_user_attr_lastname=sn >> > ldap_user_attr_firstname=givenName >> > ldap_user_attr_mail=mail >> > ldap_user_attr_street=streetAddress >> > ldap_user_attr_additionalname=description >> > ldap_user_attr_fax=facsimileTelephoneNumber >> > ldap_user_attr_zip=postalCode >> > ldap_user_attr_country=co >> > ldap_user_attr_town=l >> > ldap_user_attr_phone=telephoneNumber >> > ldap_group_attr=memberOf >> > >> > # optional, only absolute URLs make sense >> > #ldap_user_picture_uri=picture_uri >> > >> > # optional >> > # the timezone has to match any timezone available in Java, otherwise the >> > timezone defined in the value of >> > # the conf_key "default.timezone" in OpenMeetings "configurations" table >> > #ldap_user_timezone=timezone >> > >> > # Ldap ignore upper/lower case, convert all input to lower case >> > ldap_use_lower_case=false >> > >> >> >> >> -- >> WBR >> Maxim aka solomax -- WBR Maxim aka solomax
