Hi Sebastian,
Le 31/01/2011 10:47, [email protected] a écrit :
Hi,
thanks Thibault for that detailed log analysis!
You're welcome ;-)
If there are suggestions how to improve the debug or error messages I
am open for discussion on those points.
Yes there are ways to improve this I guess.
Just for the moment I have very limited available time.
I'll try to work again on OM later this year,... this will the the
moment to improve logging ;-)
I would rather prefer doing improvements on the error output then on
writing docs :))
You're right, this must be done first.
The pb with LDAP is that configuring it requires a good knowledge of the
specific Directory Information Tree (DIT) used by the Directory, and of
course this DIT changes with every LDAP directory.
What's more each directory setup has its own parameters (encryption
enabled/disabled/enforced or not, access-lists limitting the DIT views,
referals to delegate a branch to another directory, ...)
This means that only an LDAP admin is really able to give all parameters
to access the directory.
Sebastian
2011/1/31 <[email protected] <mailto:[email protected]>>
Le 31/01/2011 08:19, Garry C a écrit :
Bump......
Just another question, does anyone have a definitive guide to LDAP
setup.
No there is no guide to LDAP setup because there are so much
different LDAP servers, architectures and configurations.
This is especially true when using ActiveDirectory as the LDAP
server.
DEBUG 01-27 17:02:34.278 LdapLoginManagement.java 29665158 189
org.openmeetings.app.ldap.LdapLoginManagement
[NioProcessor-1] -
LdapLoginmanagement.getLdapConfigData
DEBUG 01-27 17:02:34.278 LdapLoginManagement.java 29665158 216
org.openmeetings.app.ldap.LdapLoginManagement
[NioProcessor-1] -
LdapLoginmanagement.readConfig :
/opt/red5/webapps/openmeetings/conf/
om_ldap.cfg
DEBUG 01-27 17:02:34.279 LdapLoginManagement.java 29665159 108
org.openmeetings.app.ldap.LdapLoginManagement
[NioProcessor-1] -
isValidAuthType
==> Ldap setup has been read correctly...
DEBUG 01-27 17:02:34.279 LdapLoginManagement.java 29665159 358
org.openmeetings.app.ldap.LdapLoginManagement
[NioProcessor-1] -
Searching userdata with LDAP Search Filter
:(sAMAccountName=27679)
==> The LDAP search filter is created with the user login name
which is "27679".
I assume that in your ActiveDirecty you expect username to be
numbers.
DEBUG 01-27 17:02:34.279 LdapLoginManagement.java 29665159 366
org.openmeetings.app.ldap.LdapLoginManagement
[NioProcessor-1] -
authenticating admin...
==> Now OM will try to login to AD using the "admin" user and
passwd declared in your ldap OM setup file, in order to look for
the user using the above filter.
Authentification to LDAP - Server start
DEBUG 01-27 17:02:34.289 LdapAuthBase.java 29665169 133
org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] -
loginToLdapServer
ERROR 01-27 17:02:34.295 LdapAuthBase.java 29665175 105
org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] -
Authentification on LDAP Server failed : [LDAP: error code
49 -
80090308: LdapErr: DSID-0C090334, comment:
AcceptSecurityContext
error, data 525, vece]
ERROR 01-27 17:02:34.297 LdapAuthBase.java 29665177 106
org.openmeetings.app.ldap.LdapAuthBase [NioProcessor-1] -
[Authentification on LDAP Server failed]
Authentication using the "admin" account failed
==> double check your Admin user and password.
javax.naming.AuthenticationException: [LDAP: error code 49
- 80090308:
LdapErr: DSID-0C090334, comment: AcceptSecurityContext
error, data
525, vece]
The best way to troubleshoot this is to try to connect to your AD
using an external tool such as ldapExplorer
http://ldaptool.sourceforge.net/
==> When you're able to connect to the AD using your admin
user/passwd, then try to browse the directory and search for your
samAccountName=27679.
If it doesn't work:
* double check you admin user/pass
* try with SSL or TLS security
Please also read:
http://www-01.ibm.com/support/docview.wss?uid=swg21290631
In your case: "data 525" means "user not found"
==> your admin user defined in you LDAP configuration file is wrong.
==> Change
"ldap_admin_dn=CN:test,OU:HPSAccounts,OU:Accounts,OU:Business
Units,DC:ad,DC:ncc,DC:local" to the correct DN
When everything works with "ldapexplorer", then you can get back
to OM LDAP setup.
Thibault
--
You received this message because you are subscribed to the Google
Groups "OpenMeetings User" group.
To post to this group, send email to
[email protected]
<mailto:[email protected]>.
To unsubscribe from this group, send email to
[email protected]
<mailto:openmeetings-user%[email protected]>.
For more options, visit this group at
http://groups.google.com/group/openmeetings-user?hl=en.
--
Sebastian Wagner
http://www.webbase-design.de
http://openmeetings.googlecode.com
http://www.wagner-sebastian.com
[email protected] <mailto:[email protected]>
--
You received this message because you are subscribed to the Google
Groups "OpenMeetings User" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/openmeetings-user?hl=en.
--
You received this message because you are subscribed to the Google Groups
"OpenMeetings User" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/openmeetings-user?hl=en.
