LDAP requirements
ssrJazz
server running Linux for LDAP auth to work?
Trying to config openmeetings v1.9 to talk to an LDAP server (Novell
eDirectory), but i don't see any LDAP packets going out when trying to
login via LDAP.
I know the server can reach the LDAP server just fine. Tried an LDAP
browser app on the server itself.
seba....@gmail.com
I know that LDAP with Novell eDirectory does work from some other
users that are using it.
Sebastian
2011/12/7 ssrJazz <ssr...@gmail.com>:
> --
> You received this message because you are subscribed to the Google Groups "OpenMeetings User" group.
> To post to this group, send email to openmeet...@googlegroups.com.
> To unsubscribe from this group, send email to openmeetings-u...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/openmeetings-user?hl=en.
>
--
Sebastian Wagner
http://www.openmeetings.de
http://www.webbase-design.de
http://www.wagner-sebastian.com
seba....@gmail.com
Jeff Schoby
config in openmeetings administration and checked the check box to
make it active. I do see in the red5 debug messages where it loads
the file, but then gives an error "Error on LdapAuth : 1". And in the
browser window I'm trying to login with I get that dialog where it
wants you to choose an organization, but the picker list is empty.
I've run wireshark on the openmeetings server when trying to login and
no LDAP packets ever go out.
It's like it's not even trying to contact the LDAP server.... or
doesn't have what library it needs to and just fails.
Just got web2project working with ldap with similar config info, so I
know the ldap service works fine. If there's any more info I can
provide that would help, please let me know.
red5 debug:
######################################
WARN 12-07 18:02:05.024 MainService.java 15937469 320
org.openmeetings.app.remote.MainService[NioProcessor-15] - loginUser:
0afb83a4e7432e99a7b6ddf16236473a jas
DEBUG 12-07 18:02:05.024 MainService.java 15937469 331
org.openmeetings.app.remote.MainService [NioProcessor-15] - Ldap Login
DEBUG 12-07 18:02:05.029 LdapLoginManagement.java 15937474 217
org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-15] -
LdapLoginmanagement.doLdapLogin
DEBUG 12-07 18:02:05.029 LdapLoginManagement.java 15937474 173
org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-15] -
LdapLoginmanagement.getLdapConfigData
DEBUG 12-07 18:02:05.029 LdapLoginManagement.java 15937474 192
org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-15] -
LdapLoginmanagement.readConfig :
/home/red5/om19/webapps/openmeetings/conf/om_ldap_edir.cfg
ERROR 12-07 18:02:05.029 LdapLoginManagement.java 15937474 225
org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-15] -
Error on LdapAuth : 1
##############################
from my ldap config file: (server name changed to protect the innocent) :)
################################################################################
ldap_server_type=OpenLDAP
ldap_conn_url=ldap://myldap.server.com
ldap_admin_dn=
ldap_passwd=
ldap_search_base=
field_user_principal=cn
ldap_auth_type=SIMPLE
ldap_sync_password_to_om=no
ldap_user_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=streetAddress
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=co
ldap_user_attr_town=physicalDeliveryOfficeName
ldap_user_attr_phone=telephoneNumber
--
Jeff Schoby
Owner, Sacred Soul Records
http://www.sacredsoulrecords.com/
Mahmut TEKER
I don't know much about LDAP conf and I also have problems with LDAP (
could not make it running :( ) but according to your ldap config file
"ldap_search_base=" part is empty and for me it also should be filled as
far as I know.
Have a nice day,
_Mahmut
seba....@gmail.com
Sebastian
2011/12/8 Mahmut TEKER <teker....@gmail.com>:
Jeff Schoby
with, if you don't have one it starts at the top. Works just fine on
web2project w/o one.
As for the admin_dn and _pass, I'm trying to do an anonymous bind to
my ldap server. I shouldn't need one. Is it not possible to do an
anonymous ldap bind in openmeetings?
-Jeff
--
Jeff Schoby
(I'm an admin) and ldap packets go out and I can authenticate to
openmeetings and it pulls in the account info.
The problem is, I don't have the Home, Recordings, or Rooms menus.
(he's set to 'user')
Not only that, he seems to have a blank organization assigned to him.
If I try to assign him to another organization via user admin, it
doesn't get saved. If I add the user to an organization from the
organizations admin, he ends up with two organizations: a blank one
and the one I just assigned to him.
Jeff Schoby
#######################################
ldap_server_type=OpenLDAP
ldap_conn_url=ldap://myldap.server.com
ldap_admin_dn=cn:jas,ou:IS,o:Columbia
ldap_passwd=mypassword
ldap_search_base=o:Columbia
field_user_principal=cn
ldap_auth_type=SIMPLE
ldap_sync_password_to_om=no
ldap_user_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=streetAddress
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=co
ldap_user_attr_town=physicalDeliveryOfficeName
ldap_user_attr_phone=telephoneNumber
I can login as user 'jas' just fine, but trying to login as any other
eDirectory user (e.g.: faxadmin) results in:
############################################################################################
Authentification to LDAP - Server start
DEBUG 12-08 13:28:24.567 LdapAuthBase.java 85917012 133
org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-3] - log
inToLdapServer
DEBUG 12-08 13:28:24.574 LdapLoginManagement.java 85917019 362
org.openmeetings.app.ldap.LdapLoginManagement [NioProc
essor-3] - Checking server type...
DEBUG 12-08 13:28:24.574 LdapLoginManagement.java 85917019 366
org.openmeetings.app.ldap.LdapLoginManagement [NioProc
essor-3] - LDAP server is OpenLDAP
DEBUG 12-08 13:28:24.575 LdapLoginManagement.java 85917020 367
org.openmeetings.app.ldap.LdapLoginManagement [NioProc
essor-3] - LDAP search base: o=Columbia
DEBUG 12-08 13:28:24.578 LdapAuthBase.java 85917023 83
org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-3] - auth
enticateUser
DEBUG 12-08 13:28:24.578 LdapAuthBase.java 85917023 99
org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-3] -
Authentification to LDAP - Server start
DEBUG 12-08 13:28:24.578 LdapAuthBase.java 85917023 133
org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-3] - log
inToLdapServer
ERROR 12-08 13:28:24.582 LdapAuthBase.java 85917027 105
org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-3] -
Authentification on LDAP Server failed : [LDAP: error code 34 -
Invalid DN Syntax]
ERROR 12-08 13:28:24.584 LdapAuthBase.java 85917029 106
org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-3] - [Au
thentification on LDAP Server failed]
javax.naming.InvalidNameException: [LDAP: error code 34 - Invalid DN Syntax]
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2973)
~[na:1.6.0_22]
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2780)
~[na:1.6.0_22]
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2694) ~[na:1.6.0_22]
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:306) ~[na:1.6.0_22]
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193)
~[na:1.6.0_22]
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211)
~[na:1.6.0_22]
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)
~[na:1.6.0_22]
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)
~[na:1.6.0_22]
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
~[na:1.6.0_22]
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:305)
~[na:1.6.0_22]
at javax.naming.InitialContext.init(InitialContext.java:240)
~[na:1.6.0_22]
at javax.naming.InitialContext.<init>(InitialContext.java:214)
~[na:1.6.0_22]
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:99)
~[na:1.6.0_22]
at org.openmeetings.app.ldap.LdapAuthBase.authenticateUser(LdapAuthBase.java:103)
~[openmeetings.jar:na]
at org.openmeetings.app.ldap.LdapLoginManagement.doLdapLogin(LdapLoginManagement.java:376)
[openmeetings.jar:
na]
at org.openmeetings.app.remote.MainService.loginUser(MainService.java:346)
[openmeetings.jar:na]
at sun.reflect.GeneratedMethodAccessor372.invoke(Unknown
Source) ~[na:na]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[na:1.6.0_22]
at java.lang.reflect.Method.invoke(Method.java:616) ~[na:1.6.0_22]
at org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:199)
[red5.jar:na]
at org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:116)
[red5.jar:na]
at org.red5.server.net.rtmp.RTMPHandler.invokeCall(RTMPHandler.java:160)
[red5.jar:na]
at org.red5.server.net.rtmp.RTMPHandler.onInvoke(RTMPHandler.java:406)
[red5.jar:na]
at org.red5.server.net.rtmp.BaseRTMPHandler.messageReceived(BaseRTMPHandler.java:134)
[red5.jar:na]
at org.red5.server.net.rtmp.RTMPMinaIoHandler.messageReceived(RTMPMinaIoHandler.java:207)
[red5.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java
:716) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:43
4) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
[mina-core
-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.jav
a:796) [mina-core-2.0.4.jar:na]
pooh@jazz:~> more open.txt
Authentification to LDAP - Server start
DEBUG 12-08 13:28:24.567 LdapAuthBase.java 85917012 133
org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-3] -
loginToLdapServer
DEBUG 12-08 13:28:24.574 LdapLoginManagement.java 85917019 362
org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-3] -
Checking server typ
e...
DEBUG 12-08 13:28:24.574 LdapLoginManagement.java 85917019 366
org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-3] - LDAP
server is Open
LDAP
DEBUG 12-08 13:28:24.575 LdapLoginManagement.java 85917020 367
org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-3] - LDAP
search base: o
=Columbia
DEBUG 12-08 13:28:24.578 LdapAuthBase.java 85917023 83
org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-3] -
authenticateUser
DEBUG 12-08 13:28:24.578 LdapAuthBase.java 85917023 99
org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-3] -
Authentification to LDAP - Server start
DEBUG 12-08 13:28:24.578 LdapAuthBase.java 85917023 133
org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-3] -
loginToLdapServer
ERROR 12-08 13:28:24.582 LdapAuthBase.java 85917027 105
org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-3] -
Authentification on LDAP Server failed : [LDAP: error code 34 -
Invalid DN Syntax]
ERROR 12-08 13:28:24.584 LdapAuthBase.java 85917029 106
org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-3] -
[Authentification on LDAP Server
failed]
javax.naming.InvalidNameException: [LDAP: error code 34 - Invalid DN Syntax]
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2973)
~[na:1.6.0_22]
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2780)
~[na:1.6.0_22]
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2694) ~[na:1.6.0_22]
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:306) ~[na:1.6.0_22]
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193)
~[na:1.6.0_22]
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211)
~[na:1.6.0_22]
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)
~[na:1.6.0_22]
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)
~[na:1.6.0_22]
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
~[na:1.6.0_22]
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:305)
~[na:1.6.0_22]
at javax.naming.InitialContext.init(InitialContext.java:240)
~[na:1.6.0_22]
at javax.naming.InitialContext.<init>(InitialContext.java:214)
~[na:1.6.0_22]
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:99)
~[na:1.6.0_22]
at org.openmeetings.app.ldap.LdapAuthBase.authenticateUser(LdapAuthBase.java:103)
~[openmeetings.jar:na]
at org.openmeetings.app.ldap.LdapLoginManagement.doLdapLogin(LdapLoginManagement.java:376)
[openmeetings.jar:na]
at org.openmeetings.app.remote.MainService.loginUser(MainService.java:346)
[openmeetings.jar:na]
at sun.reflect.GeneratedMethodAccessor372.invoke(Unknown
Source) ~[na:na]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[na:1.6.0_22]
at java.lang.reflect.Method.invoke(Method.java:616) ~[na:1.6.0_22]
at org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:199)
[red5.jar:na]
at org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:116)
[red5.jar:na]
at org.red5.server.net.rtmp.RTMPHandler.invokeCall(RTMPHandler.java:160)
[red5.jar:na]
at org.red5.server.net.rtmp.RTMPHandler.onInvoke(RTMPHandler.java:406)
[red5.jar:na]
at org.red5.server.net.rtmp.BaseRTMPHandler.messageReceived(BaseRTMPHandler.java:134)
[red5.jar:na]
at org.red5.server.net.rtmp.RTMPMinaIoHandler.messageReceived(RTMPMinaIoHandler.java:207)
[red5.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:716)
[mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
[mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
[mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796)
[mina-core-2.0.4.jar:na
]
at org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:427)
[mina-core-2.0.4.jar:na]
at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:245)
[mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
[mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
[mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796)
[mina-core-2.0.4.jar:na
]
at org.red5.server.net.rtmpe.RTMPEIoFilter.messageReceived(RTMPEIoFilter.java:125)
[red5.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
[mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
[mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796)
[mina-core-2.0.4.jar:na
]
at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119)
[mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
[mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:426)
[mina-core-2.0.4.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:715)
[mina-core-2.0.4.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:668)
[mina-core-2.0.4.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:657)
[mina-core-2.0.4.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPollingIoProcessor.java:68)
[mina-core-2.0.4.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1141)
[mina-core-2.0.4.jar:na]
at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
[mina-core-2.0.4.jar:na]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
[na:1.6.0_22]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
[na:1.6.0_22]
at java.lang.Thread.run(Thread.java:679) [na:1.6.0_22]
ERROR 12-08 13:28:24.585 LdapLoginManagement.java 85917030 377
org.openmeetings.app.ldap.LdapLoginManagement [NioProcessor-3] -
faxadmin not authenticated.
###############################################################################
To make matters more confusing, when I login as 'jas' and it does the
simple bind to authenticate me, the LDAP packet for the bind request
that gets sent uses a valid DN:
info field from wiresharek: bindRequest(1) "cn=JAS,ou=IS,o=Columbia" simple
But if I try to login as faxadmin (or any other user), it doesn't it
just uses the cn in the request:
info field from wireshark: bindRequest(1) "FaxAdmin" simple
I -do- see that the search for FaxAdmin is done and that returns
successfully. It knows that faxadmin's DN is
cn=FaxAdmin,ou=IS,o=Columbia - but why doesn't it use that when trying
to authenticate? For that matter, why does 'jas' work and get sent
with the entire DN and not faxadmin?
-Jeff
I don't understand
Jeff Schoby
> To make matters more confusing, when I login as 'jas' and it does the
> simple bind to authenticate me, the LDAP packet for the bind request
> that gets sent uses a valid DN:
Even -more- confusing: if I login as 'jas' it sends the DN correctly.
If I login as 'JAS' it doesn't. This behavior is only exhibited with
my ldap (eDir) account....and I'm the only person who has successfully
been able to login at all.