Hallo Holger, *do we have to use userPrincipalName as the login name?* => I think you can configure a custom fieldname_user_principal for the search fo the user. The result of the search is used to simulate the user in OpenMeetings. For the auth itself, I think this custom fieldname is only available if you are using OpenLDAP as ldap_server_type in your config.
I don't know if either this modification to be able to auth in ADS with custom fieldname for user_principle makes no sense or if we just never had the request to make it available. But to fill the user-values you can define a custom principle_filedname and also which attributes to sync with from your LDAP, compare those sample files: http://code.google.com/p/openmeetings/source/browse/trunk/singlewebapp/WebContent/conf/sample_openldap_om_ldap.cfg http://code.google.com/p/openmeetings/source/browse/trunk/singlewebapp/WebContent/conf/om_ldap.cfg *Another question: am I correct in saying that all the LDAP login does is authenticate the user, check for existence in the local database and if it’s the first login, create a local user profile from the AD fields?* + checks the password of course. + updates the user record with some of the basic new values. * I was hoping I could probably use group memberships to assign room membership or privileges – I guess that’s currently not possible then?* => As the nature of those LDAP/ADS Servers is that their struture is different for each company we did not make any kind of additional things. It would be not that hard to write some add-ons based on what is available currently, but its qutie hard to provide a general configuration possibility that fits for everybody. So this task would require some basic code modification in the auth mechanism. Sebastian 2011/10/18 Holger Rabbach (ICT) <holger.rabb...@om.org> > Hi,**** > > ** ** > > Got the RTMPS stuff working (note: doesn’t work in Chrome for some reason), > now on to LDAP/AD integration. First of all, do we have to use > userPrincipalName as the login name? We have a problem there, as for legacy > reasons we have different domains in that field, depending on when the > account was created. We try not to use that field anywhere for that reason. > **** > > Another question: am I correct in saying that all the LDAP login does is > authenticate the user, check for existence in the local database and if it’s > the first login, create a local user profile from the AD fields? I was > hoping I could probably use group memberships to assign room membership or > privileges – I guess that’s currently not possible then?**** > > Thanks again for all the work and the helpful responses here – I’m just > trying to get a feel for what can and can’t be done right now, so I can make > informed recommendations for how this great piece of software can be > integrated into our existing infrastructure.**** > > ** ** > > Best regards,**** > > Holger**** > > ** ** > > [image: Description: holger-rabbach]**** > > ** ** > > ------------------------------ > OM International Limited - Unit B Clifford Court, Cooper Way - Carlisle CA3 > 0JG - United Kingdom > Charity reg no: 1112655 - Company reg no: 5649412 (England and Wales) > > -- > You received this message because you are subscribed to the Google Groups > "OpenMeetings User" group. > To post to this group, send email to openmeetings-user@googlegroups.com. > To unsubscribe from this group, send email to > openmeetings-user+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/openmeetings-user?hl=en. > -- Sebastian Wagner http://www.openmeetings.de http://www.webbase-design.de http://www.wagner-sebastian.com seba.wag...@gmail.com -- You received this message because you are subscribed to the Google Groups "OpenMeetings User" group. To post to this group, send email to openmeetings-user@googlegroups.com. To unsubscribe from this group, send email to openmeetings-user+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/openmeetings-user?hl=en.
<<image001.jpg>>