LDAP login with blank password
146 views
Skip to first unread message
zjeludd
Mar 31, 2011, 7:21:19 AM3/31/11
to OpenMeetings User
Openmeeting configured to use LDAP authentication.
Here are the contents of om_ldap.cfg
>>
ldap_server_type=AD
ldap_conn_url=ldap://medint.local:389
ldap_admin_dn=CN:omadmin,OU:Company,DC:medint,DC:local
ldap_passwd=omadminpassword
ldap_search_base=OU:Company,DC:medint,DC:local
field_user_principal=userPrincipalName
ldap_auth_type=SIMPLE
ldap_sync_password_to_om=yes
ldap_user_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=streetAddress
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=co
ldap_user_attr_town=l
ldap_user_attr_phone=telephoneNumber
<<
First login AD user is successful when you enter the correct login and
password.
The second and subsequent logins are successful when the correct or
blank password.
Tell me please how to disable the insecure login with a blank password
AD user?
Here are the contents of om_ldap.cfg
>>
ldap_server_type=AD
ldap_conn_url=ldap://medint.local:389
ldap_admin_dn=CN:omadmin,OU:Company,DC:medint,DC:local
ldap_passwd=omadminpassword
ldap_search_base=OU:Company,DC:medint,DC:local
field_user_principal=userPrincipalName
ldap_auth_type=SIMPLE
ldap_sync_password_to_om=yes
ldap_user_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=streetAddress
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=co
ldap_user_attr_town=l
ldap_user_attr_phone=telephoneNumber
<<
First login AD user is successful when you enter the correct login and
password.
The second and subsequent logins are successful when the correct or
blank password.
Tell me please how to disable the insecure login with a blank password
AD user?
seba....@gmail.com
Mar 31, 2011, 8:58:48 AM3/31/11
to openmeet...@googlegroups.com, zjeludd
I am pretty sure that
*ldap://medint.local:389*
makes absolutely no sense in your config.
Sebastian
2011/3/31 zjeludd <zje...@gmail.com>:
> --
> You received this message because you are subscribed to the Google Groups "OpenMeetings User" group.
> To post to this group, send email to openmeet...@googlegroups.com.
> To unsubscribe from this group, send email to openmeetings-u...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/openmeetings-user?hl=en.
>
>
--
Sebastian Wagner
http://www.webbase-design.de
http://openmeetings.googlecode.com
http://www.wagner-sebastian.com
seba....@gmail.com
alexander timoshkin
Mar 31, 2011, 9:16:34 AM3/31/11
to OpenMeetings User
Yes, Sebastian, of course, my config:
>>
ldap_server_type=AD
ldap_conn_url=ldap://mail.samara-gorodok.ru:389
ldap_admin_dn=CN:admin,OU:_LDAP_Auth_Test,DC:mail,DC:samara-
gorodok,DC:ru
ldap_passwd=adminpassword
ldap_search_base=OU:IT Service,DC:mail,DC:samara-gorodok,DC:ru
>>
ldap_server_type=AD
ldap_conn_url=ldap://mail.samara-gorodok.ru:389
ldap_admin_dn=CN:admin,OU:_LDAP_Auth_Test,DC:mail,DC:samara-
gorodok,DC:ru
ldap_passwd=adminpassword
ldap_search_base=OU:IT Service,DC:mail,DC:samara-gorodok,DC:ru
field_user_principal=userPrincipalName
ldap_auth_type=SIMPLE
ldap_sync_password_to_om=yes
ldap_user_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=streetAddress
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=co
ldap_user_attr_town=l
ldap_user_attr_phone=telephoneNumber
<<
ad...@samara-gorodok.ru - domain administrator account.ldap_auth_type=SIMPLE
ldap_sync_password_to_om=yes
ldap_user_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=streetAddress
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=co
ldap_user_attr_town=l
ldap_user_attr_phone=telephoneNumber
<<
seba....@gmail.com
Mar 31, 2011, 9:48:41 AM3/31/11
to openmeet...@googlegroups.com, alexander timoshkin
when you type the wrong password will it display a password incorrect
message or not?
message or not?
Otherwise we will start to forbid blank password simply with the next version.
Sebastian
2011/3/31 alexander timoshkin <zje...@gmail.com>:
alexander timoshkin
Mar 31, 2011, 10:34:26 AM3/31/11
to OpenMeetings User
On 31 мар, 17:48, "seba.wag...@gmail.com" <seba.wag...@gmail.com>
wrote:
password".
Login is successful only with the correct, or a blank password.
In the "openmeetings.log", if you have a blank (correct) password, it
displays the following:
DEBUG 03-31 18:16:27.497 LdapAuthBase.java 11521724 83
org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] -
authenticateUser
DEBUG 03-31 18:16:27.497 LdapAuthBase.java 11521724 99
org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] -
Authentification to LDAP - Server start
DEBUG 03-31 18:16:27.497 LdapAuthBase.java 11521724 133
org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] -
loginToLdapServer
DEBUG 03-31 18:16:27.825 Usermanagement.java 11522052 1526
org.openmeetings.app.data.user.Usermanagement [NioProcessor-1] -
Usermanagement.getUserByLogin : t...@mail.samara-gorodok.ru
DEBUG 03-31 18:16:27.825 LdapLoginManagement.java 11522052 509
org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - User
already exists -> Update of current passwd
DEBUG 03-31 18:16:27.825 Sessionmanagement.java 11522052 233
org.openmeetings.app.data.basic.Sessionmanagement [NioProcessor-1] -
updateUser User: 2 || 56f53bf4c4c01d85cd72d6cf61c6b875
If you have wrong password:
DEBUG 03-31 18:24:27.780 LdapAuthBase.java 12002007 83
org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] -
authenticateUser
DEBUG 03-31 18:24:27.780 LdapAuthBase.java 12002007 99
org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] -
Authentification to LDAP - Server start
DEBUG 03-31 18:24:27.780 LdapAuthBase.java 12002007 133
org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] -
loginToLdapServer
ERROR 03-31 18:24:29.405 LdapAuthBase.java 12003632 105
org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] -
Authentification on LDAP Server failed : [LDAP: error code 49 -
80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext
error, data 52e, vece ]
ERROR 03-31 18:24:29.405 LdapAuthBase.java 12003632 106
org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] -
[Authentification on LDAP Server failed]
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308:
LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data
52e, vece ]
wrote:
> when you type the wrong password will it display a password incorrect
> message or not?
>
Yes, if you type the wrong password, a window pops up "Invalid
> message or not?
>
password".
Login is successful only with the correct, or a blank password.
In the "openmeetings.log", if you have a blank (correct) password, it
displays the following:
DEBUG 03-31 18:16:27.497 LdapAuthBase.java 11521724 83
org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] -
authenticateUser
DEBUG 03-31 18:16:27.497 LdapAuthBase.java 11521724 99
org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] -
Authentification to LDAP - Server start
DEBUG 03-31 18:16:27.497 LdapAuthBase.java 11521724 133
org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] -
loginToLdapServer
DEBUG 03-31 18:16:27.825 Usermanagement.java 11522052 1526
org.openmeetings.app.data.user.Usermanagement [NioProcessor-1] -
Usermanagement.getUserByLogin : t...@mail.samara-gorodok.ru
DEBUG 03-31 18:16:27.825 LdapLoginManagement.java 11522052 509
org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-1] - User
already exists -> Update of current passwd
DEBUG 03-31 18:16:27.825 Sessionmanagement.java 11522052 233
org.openmeetings.app.data.basic.Sessionmanagement [NioProcessor-1] -
updateUser User: 2 || 56f53bf4c4c01d85cd72d6cf61c6b875
If you have wrong password:
DEBUG 03-31 18:24:27.780 LdapAuthBase.java 12002007 83
org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] -
authenticateUser
DEBUG 03-31 18:24:27.780 LdapAuthBase.java 12002007 99
org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] -
Authentification to LDAP - Server start
DEBUG 03-31 18:24:27.780 LdapAuthBase.java 12002007 133
org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] -
loginToLdapServer
ERROR 03-31 18:24:29.405 LdapAuthBase.java 12003632 105
org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] -
Authentification on LDAP Server failed : [LDAP: error code 49 -
80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext
error, data 52e, vece ]
ERROR 03-31 18:24:29.405 LdapAuthBase.java 12003632 106
org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] -
[Authentification on LDAP Server failed]
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308:
LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data
52e, vece ]
Florian Feicht
Mar 31, 2011, 10:44:15 AM3/31/11
to openmeet...@googlegroups.com
Hello,
I have fixed this issue already I can send you the neccesary code.
Do you need the code?
Best regards,
Flo
alexander timoshkin
Mar 31, 2011, 12:32:12 PM3/31/11
to OpenMeetings User
On 31 мар, 18:44, Florian Feicht <feicht....@googlemail.com> wrote:
> Hello,
> I have fixed this issue already I can send you the neccesary code.
> Do you need the code?
> Best regards,
> Flo
Yes, Florian, I'll be very grateful for this code. This annoying
> Hello,
> I have fixed this issue already I can send you the neccesary code.
> Do you need the code?
> Best regards,
> Flo
problem prevents OpenMeetings run in production.
Florian Feicht
Mar 31, 2011, 1:50:49 PM3/31/11
to openmeet...@googlegroups.com
Okay, but you to have to wait until monday, because im currently out of office.
Is this enough for you?
Do you know how to create a new build with changed source code?
I have another question. Have you already tested ldap authentitcation
with samaacountname?
Because this doesn't work for me too.
Is this enough for you?
Do you know how to create a new build with changed source code?
I have another question. Have you already tested ldap authentitcation
with samaacountname?
Because this doesn't work for me too.
Best Regards,
2011/3/31 alexander timoshkin <zje...@gmail.com>:
alexander timoshkin
Mar 31, 2011, 2:28:19 PM3/31/11
to OpenMeetings User
Yes, of course, is quite satisfied with me.
I am not a developer, but I think that having your code, I can
eventually create a new build, I'm interested. But a small hint about
used for this software, I can not hurt.
No, I have not tested the ldap authentitcation with samaacountname.
Thanks again for your help in solving the problem.
I am not a developer, but I think that having your code, I can
eventually create a new build, I'm interested. But a small hint about
used for this software, I can not hurt.
No, I have not tested the ldap authentitcation with samaacountname.
Thanks again for your help in solving the problem.
Shayro Mendez
Apr 1, 2011, 1:25:47 PM4/1/11
to openmeet...@googlegroups.com
Hce siglo que vengo reportando estos dos problemas manga de forrosssss , y nadie me da pelota tanto en el foro en ingles como en el foro en español
1) I have another question. Have you already tested ldap authentitcation
with samaacountname?
Because this doesn't work for me too.
2)The second and subsequent logins are successful when the correct or
blank password.
I have reported thi two issueds since everrrrr you fuckin morrons!!! i reported in the inglish and in the spanish forumm you pricks
1) I have another question. Have you already tested ldap authentitcation
with samaacountname?
Because this doesn't work for me too.
2)The second and subsequent logins are successful when the correct or
blank password.
This annoying
problem prevents OpenMeetings run in production in a intranet
1) I have another question. Have you already tested ldap authentitcation
with samaacountname?
Because this doesn't work for me too.
blank password.
I have reported thi two issueds since everrrrr you fuckin morrons!!! i reported in the inglish and in the spanish forumm you pricks
1) I have another question. Have you already tested ldap authentitcation
with samaacountname?
Because this doesn't work for me too.
blank password.
This annoying
problem prevents OpenMeetings run in production in a intranet
2011/3/31 alexander timoshkin <zje...@gmail.com>
seba....@gmail.com
Apr 1, 2011, 1:49:34 PM4/1/11
to openmeet...@googlegroups.com, Shayro Mendez
Shayro,
nothing prevents you from picking the source code, change 2 lines of
code and la voila empty passwords would not be accepted as login at
all.
If there are other problems you should try to explain them in clear
(and hopefully a bit non-offending) phrases ;).
Sebastian
2011/4/1 Shayro Mendez <shayro...@gmail.com>:
--
sana b
Nov 4, 2011, 3:47:11 PM11/4/11
to openmeet...@googlegroups.com
Hi
Could you plz send me the necessary code or settings for LDAp.
I am using Appache directory Server or Open LDAP
Regards
San
Could you plz send me the necessary code or settings for LDAp.
I am using Appache directory Server or Open LDAP
Regards
San
Reply all
Reply to author
Forward
0 new messages