Your log is hard to read due to formatting issues :(( Googling `DSID-0C090442` results something about "searching between forests" which I don't understand :(
Admin->LDAP has setting "Add domain to user name" Do you have it checked? (domain to add should be specified) What is your LDAP provider? Is it ADS? To make logging more verbose you can 1) stop OM 2) add following line to logback-config.xml <logger name="org.apache.directory" level="DEBUG" /> 3) restart OM According to my previous experience SEARCHANDBIND might work better On Mon, 30 Mar 2020 at 16:31, Rohrbach, Gerald <g.rohrb...@funkegruppe.de> wrote: > Also having LDAP issues: > > > > It seems not to work. > > > > Below is the om_ldap.cfg, that is used in the config file: > > > > ^[[39mDEBUG^[[0;39m 03-30 08:42:26.213 ^[[36mo.a.o.s.q.s.ReminderJob:93 > [Bean#0_Worker-3]^[[0;39m - Rss disabled by Admin > > ^[[39mDEBUG^[[0;39m > 03-30 08:52:26.214 ^[[36mo.a.o.s.q.s.ReminderJob:93 > [Bean#0_Worker-8]^[[0;39m - Rss disabled by > Admin > > ^[[39mDEBUG^[[0;39m > 03-30 09:02:26.214 ^[[36mo.a.o.s.q.s.ReminderJob:93 > [Bean#0_Worker-5]^[[0;39m - Rss disabled by > Admin > ^[[39mDEBUG^[[0;39m > 03-30 09:11:36.412 ^[[36mo.a.o.d.d.s.LdapConfigDao:69 > [io-5443-exec-10]^[[0;39m - > getActiveLdapConfigs > ^[[39mDEBUG^[[0;39m 03-30 09:11:36.517 > ^[[36mo.a.o.d.d.s.LdapConfigDao:69 [nio-5443-exec-2]^[[0;39m - > getActiveLdapConfigs > ^[[39mDEBUG^[[0;39m 03-30 09:12:13.115 > ^[[36mo.a.o.c.l.LdapLoginManager:172 [nio-5443-exec-2]^[[0;39m - > LdapLoginmanager.doLdapLogin > ^[[1;31mERROR^[[0;39m 03-30 09:12:13.129 > ^[[36mo.a.o.c.l.LdapLoginManager:226 [nio-5443-exec-2]^[[0;39m - Not > authenticated. > org.apache.directory.api.ldap.model.exception.LdapAuthenticationException: > 80090308: LdapErr: DSID-0C090442, comment: AcceptSecurityContext error, > data 52e, > v3839^@ > at > org.apache.directory.api.ldap.model.message.ResultCodeEnum.processResponse(ResultCodeEnum.java:1995) > > > > > > > What does the LdapLogin Manager message means, was the query user not able > to connect or was the end user password wrong. > > How I can make visible, what the query for the user ist. > > It should be in the form u...@domain.de , maybe the mapping is just wrong. > > > > > > > > > > > > This is the modified > > ldap_conn_host=DESVR-DC01.firma.de > > ldap_conn_port=389 > > ldap_conn_secure=false > > > > # Login distinguished name (DN) for Authentication on LDAP Server - keep > empty if not required > > # Use full qualified LDAP DN > > ldap_admin_dn=CN=ldapopenmeetings,OU=Users-Service-Accounts,DC=firma,DC=de > > > > # Loginpass for Authentication on LDAP Server - keep empty if not required > > ldap_passwd=#password# > > > > # base to search for userdata(of user, that wants to login) > > ldap_search_base=CN=Users,DC=firma,DC=de > > > > # Fieldnames (can differ between Ldap servers) > > ldap_search_query=(uid=%s) > > > > # the scope of the search might be: OBJECT, ONELEVEL, SUBTREE > > ldap_search_scope=SUBTREE > > > > # Ldap auth type(NONE, SEARCHANDBIND, SIMPLEBIND) > > # When using SIMPLEBIND a simple bind is performed on the LDAP server to > check user authentication > > # When using NONE, the Ldap server is not used for authentication > > ldap_auth_type=SIMPLEBIND > > > > # userDN format, will be used to bind if ldap_auth_type=SIMPLEBIND > > # might be used to get provisionningDn in case ldap_auth_type=NONE > > ldap_userdn_format=uid=%s,CN=Users,DC=firma,DC=de > > > > # Ldap provisioning type(NONE, AUTOCREATE, AUTOUPDATE) > > ldap_provisionning=AUTOCREATE > > > > # Ldap deref mode (never, searching, finding, always) > > ldap_deref_mode=always > > ldap_use_admin_to_get_attrs=true > > > > # Ldap-password synchronization to OM DB > > # Set this to 'true' if you want OM to synchronize the user Ldap-password > to OM's internal DB > > # If you want to disable the feature, set this to any other string. > > # Defautl value is 'true' > > ldap_sync_password_to_om=false > > > > # Ldap group mode (NONE, ATTRIBUTE, QUERY) > > # NONE means group associations will be ignored > > # ATTRIBUTE means group associations will be taken from 'ldap_group_attr' > attribute (M$ AD mode) > > # QUERY means group associations will be taken as a result of > 'ldap_group_query' query > > ldap_group_mode=NONE > > > > ldap_group_query=(&(memberUid=%s)(objectClass=posixGroup)) > > > > # Ldap user attributes mapping > > # Set the following internal OM user attributes to their corresponding > Ldap-attribute > > > > ldap_user_attr_login=uid > > ldap_user_attr_lastname=sn > > ldap_user_attr_firstname=givenName > > ldap_user_attr_mail=mail > > ldap_user_attr_street=streetAddress > > ldap_user_attr_additionalname=description > > ldap_user_attr_fax=facsimileTelephoneNumber > > ldap_user_attr_zip=postalCode > > ldap_user_attr_country=co > > ldap_user_attr_town=l > > ldap_user_attr_phone=telephoneNumber > > # optional attribute for user picture > > #ldap_user_attr_picture= > > ldap_group_attr=memberOf > > > > # optional, absolute URL will be used as user picture if > #ldap_user_attr_picture will be empty > > #ldap_user_picture_uri=picture_uri > > > > # optional > > # the timezone has to match any timezone available in Java, otherwise the > timezone defined in the value of > > # the conf_key "default.timezone" in OpenMeetings "configurations" table > > #ldap_user_timezone=timezone > > > > # Ldap ignore upper/lower case, convert all input to lower case > > ldap_use_lower_case=false > > > > # Ldap import query, this query should retrieve all LDAP users > > ldap_import_query=(objectClass=inetOrgPerson) > -- WBR Maxim aka solomax
