Thanks a lot Sebastion about the advice. I already played with different sintax on the username and I also tried changing the parameter I mean using other AD fields instead sAMAccountName but I always got the same error. I was checking some literature and seems that teh LDAP V2 protocol works using binding with the username and password but in the LDAP V3 the bind is doing using an anonymous account and then a serach on the LDAP Tree for the CN once is found the LDAP retreive all the information about the user and then is when the validation happen. Now, I don't know whitch LDAP version are you using but seems that the problem is that. I tried with a LDAP browser and when I try to retreive any info from the LDAP server using a user account the server reject the connection and the error is INvalid Credentials but that does not happen using the admin account of course. I changed the protocol version and when I perform a query to the LDAP structure I saw the anonymous binding and then the query. I don't know if this help you.
http://msdn.microsoft.com/en-us/library/aa366092(v=VS.85).aspx Regards Jorge On Tue, Oct 26, 2010 at 4:10 PM, smoeker <[email protected]> wrote: > hey, >using others > i just took a look into your log and found Authentification on LDAP > Server failed : [LDAP: error code 49 - 80090308: LdapErr: > DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece ] > > this indicates that AD isnt lucky about your credentials - so, if you > are sure your passwords are ok, u could consider playing around with > different syntax of your usernames, such as > > [email protected] .... > > hope that helps > > (since your admin can do a bind, it doesn't seem to be a prinicipal > configuration error....) > > > see ya > > Smoeker > > > On 26 Okt., 16:07, Jorge De Vega <[email protected]> wrote: >> Hi Olli and Sebastian: >> >> Please find the logs here >> >> Regards >> Jorge >> >> On Tue, Oct 26, 2010 at 2:55 PM, Jorge De Vega <[email protected]> >> wrote: >> >> > Hi Olli and Sebastian: >> >> > Thanks a lot for your answer. >> >> > I am attaching some screen shots and the openmeeting log file, please >> > let me know if you need anything else. >> >> > Regards >> > Jorge >> >> > On Tue, Oct 26, 2010 at 12:45 PM, smoeker <[email protected]> wrote: >> >> hola. >> >> >> indeed, the latest versions of OM have one - in my opinion - >> >> unneccessary bind, but as i tested it against active directory, it >> >> worked well... >> >> >> -> seems as if you have problems with accountnames of youor users... >> >> -> could you post relevant parts of the openmeetings.log /console >> >> output to check ldap err code? >> >> >> see ya >> >> >> Olli >> >> >> On 26 Okt., 12:20, "[email protected]" <[email protected]> >> >> wrote: >> >>> Hi Jorge, >> >> >>> we have to check that, maybe Oliver has something to contribute to this >> >>> thread? >> >> >>> Sebastian >> >> >>> 2010/10/22 jdevega <[email protected]> >> >> >>> > Hi All: >> >> >>> > I have the latest release of OM running in a DEBIAN machine, I am >> >>> > authenticating the users using a Windows 2003 Server with AD. I was >> >>> > having problem authenticating the users and I put an sniffer to check >> >>> > what happen. As per the sniffer capture seems that the OM is trying to >> >>> > do a bind to the LDAP server to authenticate the user instead of >> >>> > retrieve the user info. I tested with a LDAP navigator and with the >> >>> > Windows Admin user account I am able to bind to the LDAP server but >> >>> > not with the regular user. In the same way I am able to loging to the >> >>> > OM using the Windows Admin account but no with the regular user as the >> >>> > bind fail. Can you tell me if I am doing something wrong? >> >> >>> > Here is the ldap.cfg >> >> >>> > #ConfigurationFile for LDAP Auth >> >>> > #specify the LDAP Server type >> >>> > ldap_server_type=AD >> >> >>> > #LDAP URL >> >>> > ldap_conn_url=ldap://172.16.118.110:389 >> >> >>> > #Login distinguished name (DN) for Authentification on LDAP Server - >> >>> > keep emtpy if not requiered >> >> >>> > ldap_admin_dn=CN:admin,OU:Services_Accounts,OU:Compay,DC:ad,DC:company,DC:com >> >> >>> > #Loginpass for Authentification on LDAP Server - keep emtpy if not >> >>> > requiered >> >>> > ldap_passwd=************* >> >> >>> > #base to search for userdata(of user, that wants to login >> >>> > ldap_search_base=OU:Users,OU:Compay,DC:ad,DC:company,DC:com >> >> >>> > # Fieldnames (can differ between Ldap servers) >> >>> > field_user_principal=sAMAccountName >> >> >>> > # Ldap auth type(SIMPLE,NONE) >> >>> > ldap_auth_type=SIMPLE >> >> >>> > # Ldap-password synchronization to OM DB >> >>> > # Set this to 'yes' if you want OM to synchronize the user Ldap- >> >>> > password to OM$ >> >>> > # This enables local login of users if the ldap server is offline. >> >>> > # If you want to disable the feature, set this to 'no'. >> >>> > # Defautl value is 'yes' >> >>> > ldap_sync_password_to_om=no >> >> >>> > Regards and Thanks >> >>> > Jorge >> >> >>> > -- >> >>> > You received this message because you are subscribed to the Google >> >>> > Groups >> >>> > "OpenMeetings User" group. >> >>> > To post to this group, send email to >> >>> > [email protected]. >> >>> > To unsubscribe from this group, send email to >> >>> > [email protected]<openmeetings-user%[email protected]> >> >>> > . >> >>> > For more options, visit this group at >> >>> >http://groups.google.com/group/openmeetings-user?hl=en. >> >> >>> -- >> >>> Sebastian >> >>> Wagnerhttp://www.webbase-design.dehttp://openmeetings.googlecode.comhttp://... >> >>> [email protected] >> >> >> -- >> >> You received this message because you are subscribed to the Google Groups >> >> "OpenMeetings User" group. >> >> To post to this group, send email to [email protected]. >> >> To unsubscribe from this group, send email to >> >> [email protected]. >> >> For more options, visit this group >> >> athttp://groups.google.com/group/openmeetings-user?hl=en. >> >> >> >> logs.rar >> 12KAnzeigenHerunterladen > > -- > You received this message because you are subscribed to the Google Groups > "OpenMeetings User" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/openmeetings-user?hl=en. > > -- You received this message because you are subscribed to the Google Groups "OpenMeetings User" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/openmeetings-user?hl=en.
