AW: OpenMeetings <-> BigBlueButton

[Peter-Otto Weber]

Hello Maxim,

we had the Problem with customers behind a Firewall.
There, only „Standard Browsing“ on 80/443 was open. 5443 was blocked in the 
Firewall.
So they were not able to even get the web interface.

I started to think about this as in Home Office constellations there were less 
or no Problems.

There will be maybe a test with the same user after i switched to 443. This 
will bring the info for accessing the web interface.

UDP still will be problematic.

Maybe „Tunneling in https“ might be possible?
There‘ some products, installing a Client and they even seem to work over a 
Proxy without Firewall Problems.

To make it clear – those Solutions in my opinion are nothing else but trojan 
horses – they have the feature to tunnel but nobody knows what Information is 
going through with closed source software.

It is really a very complex problem but oaybe we can find some Options to solve 
them.

Due to corona everybody is searching for solutions- As more often the closed 
Software with Client is working with less effort they can grab many customers.

e.g. with Microsoft Teams, skype, alfaview, NetMeeting and so on.

I’d really prefer a open source solution

Best wishes
POW
Von: Maxim Solodovnik
Gesendet: Mittwoch, 6. Mai 2020 01:56
An: Openmeetings user-list
Betreff: Re: OpenMeetings <-> BigBlueButton



On Wed, 6 May 2020 at 06:54, Maxim Solodovnik 
mailto:solomax...@gmail.com>> wrote:
Hello Peter,

sorry Rene :(
it is too early here, have to drink some coffee :(


On Wed, 6 May 2020 at 03:24, R. Scholz 
mailto:rene.sch...@abakus-edv-systems.de>> 
wrote:
Hello,

conferences with public authorities I had repeatedly problems to connect them.
I think its possible that the reason is a  restrictive firewall-management.

What do you mean? It is better to configure OM on port 443? Or port 80 (with a 
separate domain/subdomain)
so this people can access without problems?

It is always better to use well-known ports
But I guess your users can access Web-interface, but have issues with 
audio/video, am I right?

If so there is not much can be done :(
OM and KMS can be set-up to use port 443 (we had successful report on this)
TURN main port can be set to be 80

BUT this will not be enough due to TURN requires multiple additional UDP ports 
:(((

This need to be investigated
Better with remote access to the "trouble client" :((


Another question: Have anybody made a test with a chinese university?  Is it 
possible to connect from ther to a OM-server outside China?

We do have Chinese users in JIRA from time to time, but no reports
Chinese Great Firewall is very restrictive, some years ago it block Maven 
central repository ... :(


With best regards,

René









Am 05.05.2020 um 07:58 schrieb Peter-Otto Weber:
I just got in first contact with „bigbluebutton“.

It seems to be very similar to openmeetings but – as i suggested before – has a 
better implementation of video arrangement.

All videos automatically were arranged above the whitboard – i like it.

What i wonder is ,why open meetings needs to use specific https port and 
bigbluebutton does not?

The main problem is with customers having a firewall allowing only 80/443. We 
had scheduled a meeting with customers that had to be canceled due to 
networking / firewall problems.

Using 80/443 like on bigbluebutton would make everything much easier? Is this 
possible?

Best wishes

POW



--
Best regards,
Maxim


--
Best regards,
Maxim

Re: OpenMeeting 5.0.0 M5 (fix TimeZone Canadian)

[Maxim Solodovnik]

we are using this https://tempusdominus.github.io/bootstrap-4/Usage/
datetime picker now
It uses moment.js internally

On Wed, 6 May 2020 at 08:57, seba.wag...@gmail.com 
wrote:

> I don't see a reference to moment.js in our source code repo.
>
> Where is the reference to moment.js ?
>
> Cheers
> Seb
>
> Sebastian Wagner
> https://www.linkedin.com/in/sebastianwagner/
>
> 
> 
>
>
> On Wed, 6 May 2020 at 12:02, Maxim Solodovnik 
> wrote:
>
>> The issue is caused by the limitations of moment.js
>> we have to provide it with more locales some-how, or invent workaround
>> i'll try to check
>>
>> JIRA is reopened
>>
>> On Wed, 6 May 2020 at 03:38, seba.wag...@gmail.com 
>> wrote:
>>
>>> Could you double check the user in the openmeetings database has the
>>> correct time zone ?
>>>
>>> During installation the timezone of the user that does the install is
>>> not always what you expect.
>>>
>>> Can you check the field "om_user.time_zone_id" in the openmeetings
>>> database for the relevant users that show the wrong timezone ?
>>>
>>> It would be surprising if America/Montreal is the only wrong zone.
>>>
>>> Thanks,
>>> Seb
>>>
>>> Sebastian Wagner
>>> https://www.linkedin.com/in/sebastianwagner/
>>>
>>> 
>>> 
>>>
>>>
>>> On Wed, 6 May 2020 at 05:27, Chamberland, Martin <
>>> martin.chamberl...@fadq.qc.ca> wrote:
>>>
 [image: cid:banner1.jpg]



 1) country = Canada

 2) language = French

 3) time zone = America/Montreal



 The time is showing strange  : 20-05-05 20 ‘8’ 00

 With country United State, we can see  05/05/2020  13:20



 *De :* Maxim Solodovnik [mailto:solomax...@gmail.com]
 *Envoyé :* 5 mai 2020 13:18
 *À :* Openmeetings user-list 
 *Objet :* Re: OpenMeeting 5.0.0 M5 (fix TimeZone Canadian)



 Hello Martin,



 could you check if the issue is reproducible on demo-next?

 If so please share

 1) country

 2) language

 3) time zone



 thanks in advance!





 On Wed, 6 May 2020 at 00:14, Chamberland, Martin <
 martin.chamberl...@fadq.qc.ca> wrote:

 [image: cid:image001.jpg@01D622E0.7BC9F4E0]



 Hi there,



 Sorry to tell you that the fix for the issue about Canadian timezone
 add in M5 is not working here.

 We upgrade our version from M4 to M5 and we are still having problem
 creating room/conference.



 Looks like the only country that is not working is ‘Canada’.

 We test 5-8 others country like Japan, Germany, Andorra, Tunisia , all
 working good with  date/time.




 https://issues.apache.org/jira/browse/OPENMEETINGS-2334?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel












 --

 Best regards,
 Maxim

>>>
>>
>> --
>> Best regards,
>> Maxim
>>
>

-- 
Best regards,
Maxim

Re: OpenMeeting 5.0.0 M5 (fix TimeZone Canadian)

[seba.wag...@gmail.com]

I don't see a reference to moment.js in our source code repo.

Where is the reference to moment.js ?

Cheers
Seb

Sebastian Wagner
https://www.linkedin.com/in/sebastianwagner/




On Wed, 6 May 2020 at 12:02, Maxim Solodovnik  wrote:

> The issue is caused by the limitations of moment.js
> we have to provide it with more locales some-how, or invent workaround
> i'll try to check
>
> JIRA is reopened
>
> On Wed, 6 May 2020 at 03:38, seba.wag...@gmail.com 
> wrote:
>
>> Could you double check the user in the openmeetings database has the
>> correct time zone ?
>>
>> During installation the timezone of the user that does the install is not
>> always what you expect.
>>
>> Can you check the field "om_user.time_zone_id" in the openmeetings
>> database for the relevant users that show the wrong timezone ?
>>
>> It would be surprising if America/Montreal is the only wrong zone.
>>
>> Thanks,
>> Seb
>>
>> Sebastian Wagner
>> https://www.linkedin.com/in/sebastianwagner/
>>
>> 
>> 
>>
>>
>> On Wed, 6 May 2020 at 05:27, Chamberland, Martin <
>> martin.chamberl...@fadq.qc.ca> wrote:
>>
>>> [image: cid:banner1.jpg]
>>>
>>>
>>>
>>> 1) country = Canada
>>>
>>> 2) language = French
>>>
>>> 3) time zone = America/Montreal
>>>
>>>
>>>
>>> The time is showing strange  : 20-05-05 20 ‘8’ 00
>>>
>>> With country United State, we can see  05/05/2020  13:20
>>>
>>>
>>>
>>> *De :* Maxim Solodovnik [mailto:solomax...@gmail.com]
>>> *Envoyé :* 5 mai 2020 13:18
>>> *À :* Openmeetings user-list 
>>> *Objet :* Re: OpenMeeting 5.0.0 M5 (fix TimeZone Canadian)
>>>
>>>
>>>
>>> Hello Martin,
>>>
>>>
>>>
>>> could you check if the issue is reproducible on demo-next?
>>>
>>> If so please share
>>>
>>> 1) country
>>>
>>> 2) language
>>>
>>> 3) time zone
>>>
>>>
>>>
>>> thanks in advance!
>>>
>>>
>>>
>>>
>>>
>>> On Wed, 6 May 2020 at 00:14, Chamberland, Martin <
>>> martin.chamberl...@fadq.qc.ca> wrote:
>>>
>>> [image: cid:image001.jpg@01D622E0.7BC9F4E0]
>>>
>>>
>>>
>>> Hi there,
>>>
>>>
>>>
>>> Sorry to tell you that the fix for the issue about Canadian timezone add
>>> in M5 is not working here.
>>>
>>> We upgrade our version from M4 to M5 and we are still having problem
>>> creating room/conference.
>>>
>>>
>>>
>>> Looks like the only country that is not working is ‘Canada’.
>>>
>>> We test 5-8 others country like Japan, Germany, Andorra, Tunisia , all
>>> working good with  date/time.
>>>
>>>
>>>
>>>
>>> https://issues.apache.org/jira/browse/OPENMEETINGS-2334?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> --
>>>
>>> Best regards,
>>> Maxim
>>>
>>
>
> --
> Best regards,
> Maxim
>

Re: OpenMeeting 5.0.0 M5 (fix TimeZone Canadian)

[Maxim Solodovnik]

The issue is caused by the limitations of moment.js
we have to provide it with more locales some-how, or invent workaround
i'll try to check

JIRA is reopened

On Wed, 6 May 2020 at 03:38, seba.wag...@gmail.com 
wrote:

> Could you double check the user in the openmeetings database has the
> correct time zone ?
>
> During installation the timezone of the user that does the install is not
> always what you expect.
>
> Can you check the field "om_user.time_zone_id" in the openmeetings
> database for the relevant users that show the wrong timezone ?
>
> It would be surprising if America/Montreal is the only wrong zone.
>
> Thanks,
> Seb
>
> Sebastian Wagner
> https://www.linkedin.com/in/sebastianwagner/
>
> 
> 
>
>
> On Wed, 6 May 2020 at 05:27, Chamberland, Martin <
> martin.chamberl...@fadq.qc.ca> wrote:
>
>> [image: cid:banner1.jpg]
>>
>>
>>
>> 1) country = Canada
>>
>> 2) language = French
>>
>> 3) time zone = America/Montreal
>>
>>
>>
>> The time is showing strange  : 20-05-05 20 ‘8’ 00
>>
>> With country United State, we can see  05/05/2020  13:20
>>
>>
>>
>> *De :* Maxim Solodovnik [mailto:solomax...@gmail.com]
>> *Envoyé :* 5 mai 2020 13:18
>> *À :* Openmeetings user-list 
>> *Objet :* Re: OpenMeeting 5.0.0 M5 (fix TimeZone Canadian)
>>
>>
>>
>> Hello Martin,
>>
>>
>>
>> could you check if the issue is reproducible on demo-next?
>>
>> If so please share
>>
>> 1) country
>>
>> 2) language
>>
>> 3) time zone
>>
>>
>>
>> thanks in advance!
>>
>>
>>
>>
>>
>> On Wed, 6 May 2020 at 00:14, Chamberland, Martin <
>> martin.chamberl...@fadq.qc.ca> wrote:
>>
>> [image: cid:image001.jpg@01D622E0.7BC9F4E0]
>>
>>
>>
>> Hi there,
>>
>>
>>
>> Sorry to tell you that the fix for the issue about Canadian timezone add
>> in M5 is not working here.
>>
>> We upgrade our version from M4 to M5 and we are still having problem
>> creating room/conference.
>>
>>
>>
>> Looks like the only country that is not working is ‘Canada’.
>>
>> We test 5-8 others country like Japan, Germany, Andorra, Tunisia , all
>> working good with  date/time.
>>
>>
>>
>>
>> https://issues.apache.org/jira/browse/OPENMEETINGS-2334?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> --
>>
>> Best regards,
>> Maxim
>>
>

-- 
Best regards,
Maxim

Re: OpenMeetings <-> BigBlueButton

[Maxim Solodovnik]

On Wed, 6 May 2020 at 06:54, Maxim Solodovnik  wrote:

> Hello Peter,
>

sorry Rene :(
it is too early here, have to drink some coffee :(


>
> On Wed, 6 May 2020 at 03:24, R. Scholz 
> wrote:
>
>> Hello,
>>
>> conferences with public authorities I had repeatedly problems to connect
>> them.
>> I think its possible that the reason is a  restrictive
>> firewall-management.
>>
>> What do you mean? It is better to configure OM on port 443? Or port 80
>> (with a separate domain/subdomain)
>> so this people can access without problems?
>>
>
> It is always better to use well-known ports
> But I guess your users can access Web-interface, but have issues with
> audio/video, am I right?
>
> If so there is not much can be done :(
> OM and KMS can be set-up to use port 443 (we had successful report on this)
> TURN main port can be set to be 80
>
> BUT this will not be enough due to TURN requires multiple additional UDP
> ports :(((
>
> This need to be investigated
> Better with remote access to the "trouble client" :((
>
>
>>
>> Another question: Have anybody made a test with a chinese university?  Is
>> it possible to connect from ther to a OM-server outside China?
>>
>
> We do have Chinese users in JIRA from time to time, but no reports
> Chinese Great Firewall is very restrictive, some years ago it block Maven
> central repository ... :(
>
>
>>
>> With best regards,
>>
>> René
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> Am 05.05.2020 um 07:58 schrieb Peter-Otto Weber:
>>
>> I just got in first contact with „bigbluebutton“.
>>
>>
>>
>> It seems to be very similar to openmeetings but – as i suggested before –
>> has a better implementation of video arrangement.
>>
>>
>>
>> All videos automatically were arranged above the whitboard – i like it.
>>
>>
>>
>> What i wonder is ,why open meetings needs to use specific https port and
>> bigbluebutton does not?
>>
>>
>>
>> The main problem is with customers having a firewall allowing only
>> 80/443. We had scheduled a meeting with customers that had to be canceled
>> due to networking / firewall problems.
>>
>>
>>
>> Using 80/443 like on bigbluebutton would make everything much easier? Is
>> this possible?
>>
>>
>>
>> Best wishes
>>
>>
>>
>> POW
>>
>>
>>
>
> --
> Best regards,
> Maxim
>


-- 
Best regards,
Maxim

Re: OpenMeetings <-> BigBlueButton

[Maxim Solodovnik]

Hello Peter,

On Wed, 6 May 2020 at 03:24, R. Scholz 
wrote:

> Hello,
>
> conferences with public authorities I had repeatedly problems to connect
> them.
> I think its possible that the reason is a  restrictive firewall-management.
>
> What do you mean? It is better to configure OM on port 443? Or port 80
> (with a separate domain/subdomain)
> so this people can access without problems?
>

It is always better to use well-known ports
But I guess your users can access Web-interface, but have issues with
audio/video, am I right?

If so there is not much can be done :(
OM and KMS can be set-up to use port 443 (we had successful report on this)
TURN main port can be set to be 80

BUT this will not be enough due to TURN requires multiple additional UDP
ports :(((

This need to be investigated
Better with remote access to the "trouble client" :((


>
> Another question: Have anybody made a test with a chinese university?  Is
> it possible to connect from ther to a OM-server outside China?
>

We do have Chinese users in JIRA from time to time, but no reports
Chinese Great Firewall is very restrictive, some years ago it block Maven
central repository ... :(


>
> With best regards,
>
> René
>
>
>
>
>
>
>
>
>
>
> Am 05.05.2020 um 07:58 schrieb Peter-Otto Weber:
>
> I just got in first contact with „bigbluebutton“.
>
>
>
> It seems to be very similar to openmeetings but – as i suggested before –
> has a better implementation of video arrangement.
>
>
>
> All videos automatically were arranged above the whitboard – i like it.
>
>
>
> What i wonder is ,why open meetings needs to use specific https port and
> bigbluebutton does not?
>
>
>
> The main problem is with customers having a firewall allowing only 80/443.
> We had scheduled a meeting with customers that had to be canceled due to
> networking / firewall problems.
>
>
>
> Using 80/443 like on bigbluebutton would make everything much easier? Is
> this possible?
>
>
>
> Best wishes
>
>
>
> POW
>
>
>

-- 
Best regards,
Maxim

Re: Integration problems with Active Directory

[Maxim Solodovnik]

Hello Osvaldo,

On Wed, 6 May 2020 at 02:24, Osvaldo OBA. Benítez Aliaga <
osval198...@gmail.com> wrote:

> I already tried Apache Directory and it worked.
> I really don't know what mistake I'm making.
>

please describe your detailed steps and the results


> El 5/5/2020 a las 10:27, Maxim Solodovnik escribió:
>
> Hello Osvaldo,
>
> grab you favorite LDAp explorer and check:
> 1) you can login with ldap_admin_dn and ldap_passwd
> IF login successful
> While you logged in as ldap_admin_dn
> 2) try to search with base ldap_search_base and query ldap_search_query
> NOTE you need to request `%s` in ldap_search_query with login entered by
> user
>
> If all was successful AND your search returning exactly 1 result
> get back here with results :)
>
> On Tue, 5 May 2020 at 21:05, Osvaldo OBA. Benítez Aliaga <
> osval198...@gmail.com> wrote:
>
>> Already SIMPLEBIND by SEARCHANDBIND but it keeps giving me the same error.
>> El 4/5/2020 a las 22:57, Maxim Solodovnik escribió:
>>
>> Hello Osvaldo,
>>
>> since your users doesn't "fit" into single LDAP DN pattern SIMPLEBIND
>> should be replaced with SEARCHANDBIND
>> In this case your users will be searched using search-base and
>> search-query, then authenticated ...
>>
>> On Tue, 5 May 2020 at 01:16, Osvaldo OBA. Benítez Aliaga <
>> osval198...@gmail.com> wrote:
>>
>>> yes.
>>> I have managed to authenticate well with the user that declared
>>> (support) and authenticate well with the users that are in the same
>>> organizational unit (CN). Now the problem is with users who are in other
>>> organizational units. For example, those in the Domain Users OU
>>>
>>>
>>> El 4/5/2020 a las 12:09, Maxim Solodovnik escribió:
>>> > Have you tested it with LDAP explorer as I suggest?
>>>
>>>
>>
>> --
>> Best regards,
>> Maxim
>>
>>
>
> --
> Best regards,
> Maxim
>
>

-- 
Best regards,
Maxim

Re: OpenMeeting 5.0.0 M5 (fix TimeZone Canadian)

[seba.wag...@gmail.com]

Could you double check the user in the openmeetings database has the
correct time zone ?

During installation the timezone of the user that does the install is not
always what you expect.

Can you check the field "om_user.time_zone_id" in the openmeetings database
for the relevant users that show the wrong timezone ?

It would be surprising if America/Montreal is the only wrong zone.

Thanks,
Seb

Sebastian Wagner
https://www.linkedin.com/in/sebastianwagner/




On Wed, 6 May 2020 at 05:27, Chamberland, Martin <
martin.chamberl...@fadq.qc.ca> wrote:

> [image: cid:banner1.jpg]
>
>
>
> 1) country = Canada
>
> 2) language = French
>
> 3) time zone = America/Montreal
>
>
>
> The time is showing strange  : 20-05-05 20 ‘8’ 00
>
> With country United State, we can see  05/05/2020  13:20
>
>
>
> *De :* Maxim Solodovnik [mailto:solomax...@gmail.com]
> *Envoyé :* 5 mai 2020 13:18
> *À :* Openmeetings user-list 
> *Objet :* Re: OpenMeeting 5.0.0 M5 (fix TimeZone Canadian)
>
>
>
> Hello Martin,
>
>
>
> could you check if the issue is reproducible on demo-next?
>
> If so please share
>
> 1) country
>
> 2) language
>
> 3) time zone
>
>
>
> thanks in advance!
>
>
>
>
>
> On Wed, 6 May 2020 at 00:14, Chamberland, Martin <
> martin.chamberl...@fadq.qc.ca> wrote:
>
> [image: cid:image001.jpg@01D622E0.7BC9F4E0]
>
>
>
> Hi there,
>
>
>
> Sorry to tell you that the fix for the issue about Canadian timezone add
> in M5 is not working here.
>
> We upgrade our version from M4 to M5 and we are still having problem
> creating room/conference.
>
>
>
> Looks like the only country that is not working is ‘Canada’.
>
> We test 5-8 others country like Japan, Germany, Andorra, Tunisia , all
> working good with  date/time.
>
>
>
>
> https://issues.apache.org/jira/browse/OPENMEETINGS-2334?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
>
>
>
>
>
>
>
>
>
>
>
>
> --
>
> Best regards,
> Maxim
>

Re: OpenMeetings <-> BigBlueButton

[R. Scholz]

Hello,

conferences with public authorities I had repeatedly problems to connect 
them.

I think its possible that the reason is a  restrictive firewall-management.

What do you mean? It is better to configure OM on port 443? Or port 80 
(with a separate domain/subdomain)

so this people can access without problems?

Another question: Have anybody made a test with a chinese university?  
Is it possible to connect from ther to a OM-server outside China?


With best regards,

René










Am 05.05.2020 um 07:58 schrieb Peter-Otto Weber:


I just got in first contact with „bigbluebutton“.

It seems to be very similar to openmeetings but – as i suggested 
before – has a better implementation of video arrangement.


All videos automatically were arranged above the whitboard – i like it.

What i wonder is ,why open meetings needs to use specific https port 
and bigbluebutton does not?


The main problem is with customers having a firewall allowing only 
80/443. We had scheduled a meeting with customers that had to be 
canceled due to networking / firewall problems.


Using 80/443 like on bigbluebutton would make everything much easier? 
Is this possible?


Best wishes

POW

Re: Integration problems with Active Directory

[Osvaldo OBA . Benítez Aliaga]

I already tried Apache Directory and it worked.
I really don't know what mistake I'm making.

El 5/5/2020 a las 10:27, Maxim Solodovnik escribió:
> Hello Osvaldo,
>
> grab you favorite LDAp explorer and check:
> 1) you can login with ldap_admin_dn and ldap_passwd
> IF login successful
> While you logged in as ldap_admin_dn
> 2) try to search with base ldap_search_base and query ldap_search_query
> NOTE you need to request `%s` in ldap_search_query with login entered
> by user
>
> If all was successful AND your search returning exactly 1 result
> get back here with results :)
>
> On Tue, 5 May 2020 at 21:05, Osvaldo OBA. Benítez Aliaga
> mailto:osval198...@gmail.com>> wrote:
>
> Already SIMPLEBIND by SEARCHANDBIND but it keeps giving me the
> same error.
>
> El 4/5/2020 a las 22:57, Maxim Solodovnik escribió:
>> Hello Osvaldo,
>>
>> since your users doesn't "fit" into single LDAP DN pattern
>> SIMPLEBIND should be replaced with SEARCHANDBIND
>> In this case your users will be searched using search-base and
>> search-query, then authenticated ...
>>
>> On Tue, 5 May 2020 at 01:16, Osvaldo OBA. Benítez Aliaga
>> mailto:osval198...@gmail.com>> wrote:
>>
>> yes.
>> I have managed to authenticate well with the user that declared
>> (support) and authenticate well with the users that are in
>> the same
>> organizational unit (CN). Now the problem is with users who
>> are in other
>> organizational units. For example, those in the Domain Users OU
>>
>>
>> El 4/5/2020 a las 12:09, Maxim Solodovnik escribió:
>> > Have you tested it with LDAP explorer as I suggest?
>>
>>
>>
>> -- 
>> Best regards,
>> Maxim
>
>
>
> -- 
> Best regards,
> Maxim

AW: OpenMeetings - switch to port 443

[Peter-Otto Weber]

Hmhhh – i cannot find the typo.

Of Course

ADD THIS LINE -->

Is just the intro to what has to be added in this line.

I cannot say if this is the best way to describe it, but it might be 
understandable?

Best wishes

POW

Gesendet von Mail für Windows 10

Von: K. Kamhamea
Gesendet: Dienstag, 5. Mai 2020 19:43
An: user@openmeetings.apache.org
Betreff: Re: OpenMeetings - switch to port 443

Very nice, but please edit this line it contains probably a typo

ADD THIS LINE --> AmbientCapabilities=CAP_NET_BIND_SERVICE

Am Di., 5. Mai 2020 um 19:32 Uhr schrieb Peter-Otto Weber 
mailto:cyber...@hotmail.de>>:
Together with Maxim and Juan (they had the brain and i had the fingers) i was 
able to configure my OpenMeetings m3 to work on Port 443.

The base system follows the guides


·Installation OpenMeetings 5.0.0-M3 on Ubuntu 18.04 LTS.pdf

·Installation SSL certificates and Coturn for OpenMeetings 5.0.0-M3.pdf

The main problems were with firewall and Coturn using „kurento“ as user and not 
„nobody“.

After all it was not so many things to do:

Backup /opt(open503/openmeetings.service
Backup /opt/open503/config/server.xml

Change openmeetings.service

[Service]
Type=forking
ADD THIS LINE --> AmbientCapabilities=CAP_NET_BIND_SERVICE

Change all folders /openmeetings/ to /open503/

Change User=nobody to User = kurento

Copy this file to /etc/systemd/system/openmeetings.service

Change all port 5443 to 443 in server.xml (two places)

Check firewall and open port 443 if not open as in my case 😉  )

Reboot

sudo /etc/init.d/mysql start MariaDB data server
sudo /etc/init.d/kurento-media-server start   Kurento media server
sudo systemctl start openmeetings   openmeetings

There’s still a problem with creating pid file – i will check out later…

Best wishes

POW

Re: OpenMeetings - switch to port 443

[Juan Antonio Moreno Carmona]

Hi

I'm glad to hear that you did it. You can fix the pid file problem as 
follows. Problem is that user kurento can't write PID file to


/var/run/openmeetings.pid

Well, create dir

sudo mkdir /var/run/openmeetings

Grant ownership of the directory just created

sudo chown kurento /var/run/openmeetings

Change file /etc/systemd/system/openmeetings.service line

Environment=CATALINA_PID=/var/run/openmeetings.pid

to

Environment=CATALINA_PID=/var/run/openmeetings/openmeetings.pid

Reload

sudo systemctl daemon-reload

And finally, restart openmeetings

sudo systemctl restart openmeetings

Good luck!

El 5/5/20 a las 19:32, Peter-Otto Weber escribió:


Together with Maxim and Juan (they had the brain and i had the 
fingers) i was able to configure my OpenMeetings m3 to work on Port 443.


The base system follows the guides

  * Installation OpenMeetings 5.0.0-M3 on Ubuntu 18.04 LTS.pdf
  * Installation SSL certificates and Coturn for OpenMeetings 5.0.0-M3.pdf

The main problems were with firewall and Coturn using „kurento“ as 
user and not „nobody“.


After all it was not so many things to do:

Backup /opt(open503/openmeetings.service

Backup /opt/open503/config/server.xml

Change openmeetings.service

[Service]

Type=forking

ADD THIS LINE à AmbientCapabilities=CAP_NET_BIND_SERVICE

Change all folders /openmeetings/ to /open503/

Change User=nobody to User = kurento

Copy this file to /etc/systemd/system/openmeetings.service

Change all port 5443 to 443 in server.xml (two places)

Check firewall and open port 443 if not open as in my case 😉  )

Reboot

sudo /etc/init.d/mysql start MariaDB 
data server


sudo /etc/init.d/kurento-media-server start Kurento media server

sudo systemctl start openmeetings openmeetings

There’s still a problem with creating pid file – i will check out later…

Best wishes

POW

Re: OpenMeetings - switch to port 443

[K. Kamhamea]

Very nice, but please edit this line it contains probably a typo

ADD THIS LINE à AmbientCapabilities=CAP_NET_BIND_SERVICE

Am Di., 5. Mai 2020 um 19:32 Uhr schrieb Peter-Otto Weber <
cyber...@hotmail.de>:

> Together with Maxim and Juan (they had the brain and i had the fingers) i
> was able to configure my OpenMeetings m3 to work on Port 443.
>
>
>
> The base system follows the guides
>
>
>
>- Installation OpenMeetings 5.0.0-M3 on Ubuntu 18.04 LTS.pdf
>- Installation SSL certificates and Coturn for OpenMeetings
>5.0.0-M3.pdf
>
>
>
> The main problems were with firewall and Coturn using „kurento“ as user
> and not „nobody“.
>
>
>
> After all it was not so many things to do:
>
>
>
> Backup /opt(open503/openmeetings.service
>
> Backup /opt/open503/config/server.xml
>
>
>
> Change openmeetings.service
>
>
>
> [Service]
>
> Type=forking
>
> ADD THIS LINE à AmbientCapabilities=CAP_NET_BIND_SERVICE
>
>
>
> Change all folders /openmeetings/ to /open503/
>
>
>
> Change User=nobody to User = kurento
>
>
>
> Copy this file to /etc/systemd/system/openmeetings.service
>
>
>
> Change all port 5443 to 443 in server.xml (two places)
>
>
>
> Check firewall and open port 443 if not open as in my case 😉  )
>
>
>
> Reboot
>
>
>
> sudo /etc/init.d/mysql start MariaDB data
> server
>
> sudo /etc/init.d/kurento-media-server start   Kurento media server
>
> sudo systemctl start openmeetings   openmeetings
>
>
>
> There’s still a problem with creating pid file – i will check out later…
>
>
>
> Best wishes
>
>
>
> POW
>

OpenMeetings - switch to port 443

[Peter-Otto Weber]

Together with Maxim and Juan (they had the brain and i had the fingers) i was 
able to configure my OpenMeetings m3 to work on Port 443.

The base system follows the guides


  *   Installation OpenMeetings 5.0.0-M3 on Ubuntu 18.04 LTS.pdf
  *   Installation SSL certificates and Coturn for OpenMeetings 5.0.0-M3.pdf

The main problems were with firewall and Coturn using „kurento“ as user and not 
„nobody“.

After all it was not so many things to do:

Backup /opt(open503/openmeetings.service
Backup /opt/open503/config/server.xml

Change openmeetings.service

[Service]
Type=forking
ADD THIS LINE --> AmbientCapabilities=CAP_NET_BIND_SERVICE

Change all folders /openmeetings/ to /open503/

Change User=nobody to User = kurento

Copy this file to /etc/systemd/system/openmeetings.service

Change all port 5443 to 443 in server.xml (two places)

Check firewall and open port 443 if not open as in my case 😉  )

Reboot

sudo /etc/init.d/mysql start MariaDB data server
sudo /etc/init.d/kurento-media-server start   Kurento media server
sudo systemctl start openmeetings   openmeetings

There’s still a problem with creating pid file – i will check out later…

Best wishes

POW

RE: OpenMeeting 5.0.0 M5 (fix TimeZone Canadian)

[Chamberland, Martin]

[cid:banner1.jpg]

1) country = Canada
2) language = French
3) time zone = America/Montreal

The time is showing strange  : 20-05-05 20 ‘8’ 00
With country United State, we can see  05/05/2020  13:20

De : Maxim Solodovnik [mailto:solomax...@gmail.com]
Envoyé : 5 mai 2020 13:18
À : Openmeetings user-list 
Objet : Re: OpenMeeting 5.0.0 M5 (fix TimeZone Canadian)

Hello Martin,

could you check if the issue is reproducible on demo-next?
If so please share
1) country
2) language
3) time zone

thanks in advance!


On Wed, 6 May 2020 at 00:14, Chamberland, Martin 
mailto:martin.chamberl...@fadq.qc.ca>> wrote:

[cid:image001.jpg@01D622E0.7BC9F4E0]

Hi there,

Sorry to tell you that the fix for the issue about Canadian timezone add in M5 
is not working here.
We upgrade our version from M4 to M5 and we are still having problem creating 
room/conference.

Looks like the only country that is not working is ‘Canada’.
We test 5-8 others country like Japan, Germany, Andorra, Tunisia , all working 
good with  date/time.

https://issues.apache.org/jira/browse/OPENMEETINGS-2334?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel






--
Best regards,
Maxim

Re: OpenMeeting 5.0.0 M5 (fix TimeZone Canadian)

[Maxim Solodovnik]

Hello Martin,

could you check if the issue is reproducible on demo-next?
If so please share
1) country
2) language
3) time zone

thanks in advance!


On Wed, 6 May 2020 at 00:14, Chamberland, Martin <
martin.chamberl...@fadq.qc.ca> wrote:

>
> Hi there,
>
>
>
> Sorry to tell you that the fix for the issue about Canadian timezone add
> in M5 is not working here.
>
> We upgrade our version from M4 to M5 and we are still having problem
> creating room/conference.
>
>
>
> Looks like the only country that is not working is ‘Canada’.
>
> We test 5-8 others country like Japan, Germany, Andorra, Tunisia , all
> working good with  date/time.
>
>
>
>
> https://issues.apache.org/jira/browse/OPENMEETINGS-2334?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
>
>
>
>
>
>
>
>
>


-- 
Best regards,
Maxim

OpenMeeting 5.0.0 M5 (fix TimeZone Canadian)

[Chamberland, Martin]

[cid:banner1.jpg]

Hi there,

Sorry to tell you that the fix for the issue about Canadian timezone add in M5 
is not working here.
We upgrade our version from M4 to M5 and we are still having problem creating 
room/conference.

Looks like the only country that is not working is 'Canada'.
We test 5-8 others country like Japan, Germany, Andorra, Tunisia , all working 
good with  date/time.

https://issues.apache.org/jira/browse/OPENMEETINGS-2334?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Re: main template location

[Maxim Solodovnik]

On Tue, 5 May 2020 at 23:52, K. Kamhamea  wrote:

> Thank you modifying css was a good advice. I found it in
> $OM_HOME/webapps/openmeetings/css/theme.css
>

This one is auto-generated
It would be better idea to add your changes to `custom.css` 



>
> Am Di., 5. Mai 2020 um 16:22 Uhr schrieb Maxim Solodovnik <
> solomax...@gmail.com>:
>
>> Not sure if HTML template will help you:
>>
>> https://github.com/apache/openmeetings/blob/master/openmeetings-web/src/main/java/org/apache/openmeetings/web/common/HeaderPanel.html#L24
>>
>> I would change CSS
>>
>> https://github.com/apache/openmeetings/blob/master/openmeetings-web/src/main/webapp/css/raw-general.css#L44
>>
>> On Tue, 5 May 2020 at 21:10, K. Kamhamea  wrote:
>>
>>> Sorry I was not precise enough with my question.
>>>
>>> I know where to change the logo, and I also know where to change the
>>> text "OpenMeetings", but having changed both items they don't fil any more,
>>> so I'd like to ajust the template a little bit to give morespace between
>>> them.
>>>
>>> Therefore I'm looking for the html template.
>>>
>>>
>>>
>>> Am Di., 5. Mai 2020 um 15:48 Uhr schrieb Maxim Solodovnik <
>>> solomax...@gmail.com>:
>>>
 It is image

 https://github.com/apache/openmeetings/blob/master/openmeetings-web/src/main/webapp/css/images/logo.svg

 https://github.com/apache/openmeetings/blob/master/openmeetings-web/src/main/webapp/css/images/logo.png

 And text


 (from mobile, sorry for typos)

 On Tue, May 5, 2020, 20:16 K. Kamhamea  wrote:

> Does anyone know where the template is located. I have to ajust it a
> little bit, so my logo and text better fits in.
>
> [image: grafik.png]
>
>
>>
>> --
>> Best regards,
>> Maxim
>>
>

-- 
Best regards,
Maxim

Re: main template location

[K. Kamhamea]

Thank you modifying css was a good advice. I found it in
$OM_HOME/webapps/openmeetings/css/theme.css

Am Di., 5. Mai 2020 um 16:22 Uhr schrieb Maxim Solodovnik <
solomax...@gmail.com>:

> Not sure if HTML template will help you:
>
> https://github.com/apache/openmeetings/blob/master/openmeetings-web/src/main/java/org/apache/openmeetings/web/common/HeaderPanel.html#L24
>
> I would change CSS
>
> https://github.com/apache/openmeetings/blob/master/openmeetings-web/src/main/webapp/css/raw-general.css#L44
>
> On Tue, 5 May 2020 at 21:10, K. Kamhamea  wrote:
>
>> Sorry I was not precise enough with my question.
>>
>> I know where to change the logo, and I also know where to change the text
>> "OpenMeetings", but having changed both items they don't fil any more, so
>> I'd like to ajust the template a little bit to give morespace between them.
>>
>> Therefore I'm looking for the html template.
>>
>>
>>
>> Am Di., 5. Mai 2020 um 15:48 Uhr schrieb Maxim Solodovnik <
>> solomax...@gmail.com>:
>>
>>> It is image
>>>
>>> https://github.com/apache/openmeetings/blob/master/openmeetings-web/src/main/webapp/css/images/logo.svg
>>>
>>> https://github.com/apache/openmeetings/blob/master/openmeetings-web/src/main/webapp/css/images/logo.png
>>>
>>> And text
>>>
>>>
>>> (from mobile, sorry for typos)
>>>
>>> On Tue, May 5, 2020, 20:16 K. Kamhamea  wrote:
>>>
 Does anyone know where the template is located. I have to ajust it a
 little bit, so my logo and text better fits in.

 [image: grafik.png]


>
> --
> Best regards,
> Maxim
>

Re: Integration problems with Active Directory

[Maxim Solodovnik]

great :)

On Tue, 5 May 2020 at 22:35, Ninnig, Alexander <
alexander.nin...@rechnungshof.rlp.de> wrote:

> Ok, so now I don’t get it, because it all seems correct.
>
>
>
> I can use Apache Directory Studio in order to create a bind using
>
> ldap_conn_host=192.168.0.10
>
> ldap_conn_port=389
>
> ldap_admin_dn=CN=openmeetings,CN=Users,DC=domain,DC=intern
>
> ldap_passwd=
>
>
>
> Then I can perform a search in Apache Studio using
>
> ldap_search_base=OU=myfirm,DC=domain,DC=intern
>
> ldap_search_query=(sAMAccountName=%s)
>
>
>
> Which shows me exactly ONE hit.
>
>
>
> So why doesn’t it work then?
>
>
>
>
>
> NOW IT WORKS!
>
> I removed the „Add domain to username“-option.
>
> After that, I was able to login with a testuser.
>
> YES!
>
>
>
>
>
> Best wishes and thanks again!
>
> Alex
>
>
>
> *Von:* Maxim Solodovnik 
> *Gesendet:* Dienstag, 5. Mai 2020 17:01
> *An:* Openmeetings user-list 
> *Betreff:* Re: Integration problems with Active Directory
>
>
>
>
>
>
>
> On Tue, 5 May 2020 at 21:57, Ninnig, Alexander <
> alexander.nin...@rechnungshof.rlp.de> wrote:
>
> Hi Maxim,
>
>
>
> 1) you can login with ldap_admin_dn and ldap_passwd
>
> à yes
>
> While you logged in as ldap_admin_dn
>
> 2) try to search with base ldap_search_base and query ldap_search_query
>
> NOTE you need to request `%s` in ldap_search_query with login entered by
> user
>
> à no result for the attribute „uid“! As I wrote in my own mail, this
> field is empty here. If I search for „sn“ instead of „uid“, I can find
> users.
>
>
>
> Please check my answer your big email :)
>
>
>
>
>
> It seems to me, that the problem is, that the field uid is always empty
> here.
>
> I tried to change ist to sAMAccountName, which is the unique login-name of
> our users, so I configured:
>
>
>
> Yes
>
> most probably this attr should be used for AD
>
>
>
>
>
> ldap_search_query=(sAMAccountName=%s)
>
>
>
> search is done using ldap_search_query and ldap_search_base
>
> there should be unique result ...
>
>
>
> ldap_userdn_format=sAMAccountName=%s,OU=Users,DC=rhrlp,DC=intern [which is
> probably wrong, but hopefully not used, since I use SEARCHANDBIND]
>
> ldap_user_attr_login=sAMAccountName
>
>
>
> But that’s not working either.
>
>
>
> Best regards and thank you very much for all your work,
>
> Alex
>
>
>
> *Von:* Maxim Solodovnik 
> *Gesendet:* Dienstag, 5. Mai 2020 16:27
> *An:* Openmeetings user-list 
> *Betreff:* Re: Integration problems with Active Directory
>
>
>
> Hello Osvaldo,
>
>
>
> grab you favorite LDAp explorer and check:
>
> 1) you can login with ldap_admin_dn and ldap_passwd
>
> IF login successful
>
> While you logged in as ldap_admin_dn
>
> 2) try to search with base ldap_search_base and query ldap_search_query
>
> NOTE you need to request `%s` in ldap_search_query with login entered by
> user
>
>
>
> If all was successful AND your search returning exactly 1 result
>
> get back here with results :)
>
>
>
> On Tue, 5 May 2020 at 21:05, Osvaldo OBA. Benítez Aliaga <
> osval198...@gmail.com> wrote:
>
> Already SIMPLEBIND by SEARCHANDBIND but it keeps giving me the same error.
>
> El 4/5/2020 a las 22:57, Maxim Solodovnik escribió:
>
> Hello Osvaldo,
>
>
>
> since your users doesn't "fit" into single LDAP DN pattern SIMPLEBIND
> should be replaced with SEARCHANDBIND
>
> In this case your users will be searched using search-base and
> search-query, then authenticated ...
>
>
>
> On Tue, 5 May 2020 at 01:16, Osvaldo OBA. Benítez Aliaga <
> osval198...@gmail.com> wrote:
>
> yes.
> I have managed to authenticate well with the user that declared
> (support) and authenticate well with the users that are in the same
> organizational unit (CN). Now the problem is with users who are in other
> organizational units. For example, those in the Domain Users OU
>
>
> El 4/5/2020 a las 12:09, Maxim Solodovnik escribió:
> > Have you tested it with LDAP explorer as I suggest?
>
>
>
>
> --
>
> Best regards,
> Maxim
>
>
>
>
> --
>
> Best regards,
> Maxim
>
>
>
>
> --
>
> Best regards,
> Maxim
>


-- 
Best regards,
Maxim

AW: Integration problems with Active Directory

[Ninnig, Alexander]

Ok, so now I don’t get it, because it all seems correct.

I can use Apache Directory Studio in order to create a bind using
ldap_conn_host=192.168.0.10
ldap_conn_port=389
ldap_admin_dn=CN=openmeetings,CN=Users,DC=domain,DC=intern
ldap_passwd=

Then I can perform a search in Apache Studio using
ldap_search_base=OU=myfirm,DC=domain,DC=intern
ldap_search_query=(sAMAccountName=%s)

Which shows me exactly ONE hit.

So why doesn’t it work then?


NOW IT WORKS!
I removed the „Add domain to username“-option.
After that, I was able to login with a testuser.
YES!


Best wishes and thanks again!
Alex

Von: Maxim Solodovnik 
Gesendet: Dienstag, 5. Mai 2020 17:01
An: Openmeetings user-list 
Betreff: Re: Integration problems with Active Directory



On Tue, 5 May 2020 at 21:57, Ninnig, Alexander 
mailto:alexander.nin...@rechnungshof.rlp.de>>
 wrote:
Hi Maxim,

1) you can login with ldap_admin_dn and ldap_passwd
--> yes
While you logged in as ldap_admin_dn
2) try to search with base ldap_search_base and query ldap_search_query
NOTE you need to request `%s` in ldap_search_query with login entered by user
--> no result for the attribute „uid“! As I wrote in my own mail, this field is 
empty here. If I search for „sn“ instead of „uid“, I can find users.

Please check my answer your big email :)


It seems to me, that the problem is, that the field uid is always empty here.
I tried to change ist to sAMAccountName, which is the unique login-name of our 
users, so I configured:

Yes
most probably this attr should be used for AD


ldap_search_query=(sAMAccountName=%s)

search is done using ldap_search_query and ldap_search_base
there should be unique result ...

ldap_userdn_format=sAMAccountName=%s,OU=Users,DC=rhrlp,DC=intern [which is 
probably wrong, but hopefully not used, since I use SEARCHANDBIND]
ldap_user_attr_login=sAMAccountName

But that’s not working either.

Best regards and thank you very much for all your work,
Alex

Von: Maxim Solodovnik mailto:solomax...@gmail.com>>
Gesendet: Dienstag, 5. Mai 2020 16:27
An: Openmeetings user-list 
mailto:user@openmeetings.apache.org>>
Betreff: Re: Integration problems with Active Directory

Hello Osvaldo,

grab you favorite LDAp explorer and check:
1) you can login with ldap_admin_dn and ldap_passwd
IF login successful
While you logged in as ldap_admin_dn
2) try to search with base ldap_search_base and query ldap_search_query
NOTE you need to request `%s` in ldap_search_query with login entered by user

If all was successful AND your search returning exactly 1 result
get back here with results :)

On Tue, 5 May 2020 at 21:05, Osvaldo OBA. Benítez Aliaga 
mailto:osval198...@gmail.com>> wrote:

Already SIMPLEBIND by SEARCHANDBIND but it keeps giving me the same error.
El 4/5/2020 a las 22:57, Maxim Solodovnik escribió:
Hello Osvaldo,

since your users doesn't "fit" into single LDAP DN pattern SIMPLEBIND should be 
replaced with SEARCHANDBIND
In this case your users will be searched using search-base and search-query, 
then authenticated ...

On Tue, 5 May 2020 at 01:16, Osvaldo OBA. Benítez Aliaga 
mailto:osval198...@gmail.com>> wrote:
yes.
I have managed to authenticate well with the user that declared
(support) and authenticate well with the users that are in the same
organizational unit (CN). Now the problem is with users who are in other
organizational units. For example, those in the Domain Users OU


El 4/5/2020 a las 12:09, Maxim Solodovnik escribió:
> Have you tested it with LDAP explorer as I suggest?


--
Best regards,
Maxim


--
Best regards,
Maxim


--
Best regards,
Maxim

Re: Integration problems with Active Directory

[Maxim Solodovnik]

On Tue, 5 May 2020 at 21:57, Ninnig, Alexander <
alexander.nin...@rechnungshof.rlp.de> wrote:

> Hi Maxim,
>
>
>
> 1) you can login with ldap_admin_dn and ldap_passwd
>
> à yes
>
> While you logged in as ldap_admin_dn
>
> 2) try to search with base ldap_search_base and query ldap_search_query
>
> NOTE you need to request `%s` in ldap_search_query with login entered by
> user
>
> à no result for the attribute „uid“! As I wrote in my own mail, this
> field is empty here. If I search for „sn“ instead of „uid“, I can find
> users.
>

Please check my answer your big email :)


>
>
> It seems to me, that the problem is, that the field uid is always empty
> here.
>
> I tried to change ist to sAMAccountName, which is the unique login-name of
> our users, so I configured:
>

Yes
most probably this attr should be used for AD


>
>
> ldap_search_query=(sAMAccountName=%s)
>

search is done using ldap_search_query and ldap_search_base
there should be unique result ...


> ldap_userdn_format=sAMAccountName=%s,OU=Users,DC=rhrlp,DC=intern [which is
> probably wrong, but hopefully not used, since I use SEARCHANDBIND]
>
> ldap_user_attr_login=sAMAccountName
>
>
>
> But that’s not working either.
>
>
>
> Best regards and thank you very much for all your work,
>
> Alex
>
>
>
> *Von:* Maxim Solodovnik 
> *Gesendet:* Dienstag, 5. Mai 2020 16:27
> *An:* Openmeetings user-list 
> *Betreff:* Re: Integration problems with Active Directory
>
>
>
> Hello Osvaldo,
>
>
>
> grab you favorite LDAp explorer and check:
>
> 1) you can login with ldap_admin_dn and ldap_passwd
>
> IF login successful
>
> While you logged in as ldap_admin_dn
>
> 2) try to search with base ldap_search_base and query ldap_search_query
>
> NOTE you need to request `%s` in ldap_search_query with login entered by
> user
>
>
>
> If all was successful AND your search returning exactly 1 result
>
> get back here with results :)
>
>
>
> On Tue, 5 May 2020 at 21:05, Osvaldo OBA. Benítez Aliaga <
> osval198...@gmail.com> wrote:
>
> Already SIMPLEBIND by SEARCHANDBIND but it keeps giving me the same error.
>
> El 4/5/2020 a las 22:57, Maxim Solodovnik escribió:
>
> Hello Osvaldo,
>
>
>
> since your users doesn't "fit" into single LDAP DN pattern SIMPLEBIND
> should be replaced with SEARCHANDBIND
>
> In this case your users will be searched using search-base and
> search-query, then authenticated ...
>
>
>
> On Tue, 5 May 2020 at 01:16, Osvaldo OBA. Benítez Aliaga <
> osval198...@gmail.com> wrote:
>
> yes.
> I have managed to authenticate well with the user that declared
> (support) and authenticate well with the users that are in the same
> organizational unit (CN). Now the problem is with users who are in other
> organizational units. For example, those in the Domain Users OU
>
>
> El 4/5/2020 a las 12:09, Maxim Solodovnik escribió:
> > Have you tested it with LDAP explorer as I suggest?
>
>
>
>
> --
>
> Best regards,
> Maxim
>
>
>
>
> --
>
> Best regards,
> Maxim
>


-- 
Best regards,
Maxim

AW: Integration problems with Active Directory

[Ninnig, Alexander]

Hi Maxim,

1) you can login with ldap_admin_dn and ldap_passwd
--> yes
While you logged in as ldap_admin_dn
2) try to search with base ldap_search_base and query ldap_search_query
NOTE you need to request `%s` in ldap_search_query with login entered by user
--> no result for the attribute „uid“! As I wrote in my own mail, this field is 
empty here. If I search for „sn“ instead of „uid“, I can find users.

It seems to me, that the problem is, that the field uid is always empty here.
I tried to change ist to sAMAccountName, which is the unique login-name of our 
users, so I configured:

ldap_search_query=(sAMAccountName=%s)
ldap_userdn_format=sAMAccountName=%s,OU=Users,DC=rhrlp,DC=intern [which is 
probably wrong, but hopefully not used, since I use SEARCHANDBIND]
ldap_user_attr_login=sAMAccountName

But that’s not working either.

Best regards and thank you very much for all your work,
Alex

Von: Maxim Solodovnik 
Gesendet: Dienstag, 5. Mai 2020 16:27
An: Openmeetings user-list 
Betreff: Re: Integration problems with Active Directory

Hello Osvaldo,

grab you favorite LDAp explorer and check:
1) you can login with ldap_admin_dn and ldap_passwd
IF login successful
While you logged in as ldap_admin_dn
2) try to search with base ldap_search_base and query ldap_search_query
NOTE you need to request `%s` in ldap_search_query with login entered by user

If all was successful AND your search returning exactly 1 result
get back here with results :)

On Tue, 5 May 2020 at 21:05, Osvaldo OBA. Benítez Aliaga 
mailto:osval198...@gmail.com>> wrote:

Already SIMPLEBIND by SEARCHANDBIND but it keeps giving me the same error.
El 4/5/2020 a las 22:57, Maxim Solodovnik escribió:
Hello Osvaldo,

since your users doesn't "fit" into single LDAP DN pattern SIMPLEBIND should be 
replaced with SEARCHANDBIND
In this case your users will be searched using search-base and search-query, 
then authenticated ...

On Tue, 5 May 2020 at 01:16, Osvaldo OBA. Benítez Aliaga 
mailto:osval198...@gmail.com>> wrote:
yes.
I have managed to authenticate well with the user that declared
(support) and authenticate well with the users that are in the same
organizational unit (CN). Now the problem is with users who are in other
organizational units. For example, those in the Domain Users OU


El 4/5/2020 a las 12:09, Maxim Solodovnik escribió:
> Have you tested it with LDAP explorer as I suggest?


--
Best regards,
Maxim


--
Best regards,
Maxim

Re: Integration problems with Active Directory

[Maxim Solodovnik]

Hello Alexander,

On Tue, 5 May 2020 at 21:06, Ninnig, Alexander <
alexander.nin...@rechnungshof.rlp.de> wrote:

> Hi,
>
> I'm new and I don't know the etiquette: If I have a problem with Active
> Directory-Integration as well - do I start a new "thread" by sending an
> email with a new subject, or should I respond to this existing one?
>
> In case responding to an existierung one is right, I would like to
> describe the problem:
>

It is OK to use existing mail thread if topic match :))


>
> Right now, if I try to authenticate as domain-user, I don't get a
> login-error (like: wrong username or password), but an internal error page
> instead (the browser tab shows "Internal Error" pretty fast, it takes a few
> more seconds until the page is openend (
> https://myopenmeetingsserver:5443/openmeetings/wicket/bookmarkable/org.apache.wicket.markup.html.pages.InternalErrorPage).
> Is this supposed to happen? As far as I remember, this was different in
> OpenMeetings 3 (I tried LDAP before with OM3, but the login was always
> denied, saying user oder password was wrong - the login kinda wiggled a few
> times, sort of like shaking it's head).
>

This is not good
What in the logs? (openmeetings.log)


>
> Question 1: is there something wrong with my OpenMeetings-installation? Or
> is this just the behaviour caused by a wrong om_ldap.conf?
> --> I figured this one out! The sample-om_ldap.conf was in
> /opt/open504/webapps/openmeetings/data/conf/, but the LDAP-configuration
> said, the file should be in /opt/open504/webapps/openmeetings/conf [no
> DATA], after I copied/moved the conf, I got the regular "wrong
> username/wrong password"-message. So ist still not working, but there's no
> internal error anymore.
>

It is corrected here
https://openmeetings.apache.org/LdapAndADS.html#2-an-ldap-config-file
 Good to know there is no internal error


>
> Question 2: I still can't login using AD-credentials, no matter if I use
> username, username@domain.intern oder usern...@publicdomain.de. I add
> some info on my environment and my configuration, since I'm not sure, I
> understand all of it. Can someone have a look and help me with this?
>

I'll try


>
> Here is my scenario:
> OpenMeeting 5.04 on Ubuntu Server 18.04 (English), NOT a domain member
> Active Directory on Windows Server 2012 R2
>
> Here is my configuration (this file is also set in OpenMeetings in
> LDAP-configuration; I tried with and without "add Domain to username"):
> ldap_conn_host=192.168.0.10
> ldap_conn_port=389
> ldap_conn_secure=false
> ldap_admin_dn=CN=openmeetings,CN=Users,DC=domain,DC=intern
> ldap_passwd=SomeSuperPassword
> ldap_search_base=OU=myfirm,DC=domain,DC=intern
>
> --> so far, I can use these infos in order to get an ldap-bind (using
> Apache Directory Studio), THAT works.
> --> The om-ldap-user is NOT in the same OU as my users, that is
> intentionally, since there are no restricting group-policies on "Users",
> but on "myfirm".
> --> After creating an ldap-bind in Apache Directory Studio, I can also use
> this search-base, so that works too.
>

thanks for doing initial investigation :)


>
> ldap_search_query=(uid=%s)
> --> I left this unchanged, this means, OpenMeetings searches my AD for the
> entered string, right?
>

this means IF ldap_auth_type=SEARCHANDBIND and bind with ldap_admin_dn
ldap_passwd was successful
OM will do the search for user DN using "admin" user, ldap_search_base and
ldap_search_query substituting %s with user entered login

then IF exactly one record found
it will try to bind using DN found and password entered


>
> ldap_search_scopes=SUBTREE
> --> I changed that to SUBTREE, since i have more OUs below "myfirm" (such
> as "users", "computers", "servers" and so on)
>

sounds right


>
> ldap_auth_type=SEARCHANDBIND
> --> I tried SEARCHANDBIND as well as SIMPLEBIND. Wrong username/password
> keeps showing, no matter the ldap_auth_type. Can I also use NONE instead?
>

SIMPLEBIND will use ldap_userdn_format, substitute user entered login in
place of %s and will try to bind


>
> ldap_userdn_format=uid=%s,OU=myfirm,DC=domain,DC=intern
> --> this is the parameter I don't understand. Is this how the DN of the
> useraccout, creating the ldap-bind, is created? But why is this necessary?
> I thought, I already told openmeetings what account to use (namely
> ldap_admin_dn=CN=openmeetings,CN=Users,DC=domain,DC=intern). Since a lot of
> my users are in different OUs, I cannot supply ONE string, that matches
> all. In order to get a syntax that fits everyone, I would rather use an
> ldap-attribute like "userPrincipalName" (that's always:
> logonname@myfirm.intern). If I use SEARCHANDBIND and/or
> ldap_use_admin_to_get_attrs=true, can I just ignore this setting? Or is
> this the username-syntax OpenMeetings uses in order to check if the
> password is right? In that case, I would have to provide a DN-string, that
> would fit every user, which is not possible, when users are in different
> OUs.
>

hopefull i have answe

Re: Integration problems with Active Directory

[Maxim Solodovnik]

Hello Osvaldo,

grab you favorite LDAp explorer and check:
1) you can login with ldap_admin_dn and ldap_passwd
IF login successful
While you logged in as ldap_admin_dn
2) try to search with base ldap_search_base and query ldap_search_query
NOTE you need to request `%s` in ldap_search_query with login entered by
user

If all was successful AND your search returning exactly 1 result
get back here with results :)

On Tue, 5 May 2020 at 21:05, Osvaldo OBA. Benítez Aliaga <
osval198...@gmail.com> wrote:

> Already SIMPLEBIND by SEARCHANDBIND but it keeps giving me the same error.
> El 4/5/2020 a las 22:57, Maxim Solodovnik escribió:
>
> Hello Osvaldo,
>
> since your users doesn't "fit" into single LDAP DN pattern SIMPLEBIND
> should be replaced with SEARCHANDBIND
> In this case your users will be searched using search-base and
> search-query, then authenticated ...
>
> On Tue, 5 May 2020 at 01:16, Osvaldo OBA. Benítez Aliaga <
> osval198...@gmail.com> wrote:
>
>> yes.
>> I have managed to authenticate well with the user that declared
>> (support) and authenticate well with the users that are in the same
>> organizational unit (CN). Now the problem is with users who are in other
>> organizational units. For example, those in the Domain Users OU
>>
>>
>> El 4/5/2020 a las 12:09, Maxim Solodovnik escribió:
>> > Have you tested it with LDAP explorer as I suggest?
>>
>>
>
> --
> Best regards,
> Maxim
>
>

-- 
Best regards,
Maxim

Re: main template location

[Maxim Solodovnik]

Not sure if HTML template will help you:
https://github.com/apache/openmeetings/blob/master/openmeetings-web/src/main/java/org/apache/openmeetings/web/common/HeaderPanel.html#L24

I would change CSS
https://github.com/apache/openmeetings/blob/master/openmeetings-web/src/main/webapp/css/raw-general.css#L44

On Tue, 5 May 2020 at 21:10, K. Kamhamea  wrote:

> Sorry I was not precise enough with my question.
>
> I know where to change the logo, and I also know where to change the text
> "OpenMeetings", but having changed both items they don't fil any more, so
> I'd like to ajust the template a little bit to give morespace between them.
>
> Therefore I'm looking for the html template.
>
>
>
> Am Di., 5. Mai 2020 um 15:48 Uhr schrieb Maxim Solodovnik <
> solomax...@gmail.com>:
>
>> It is image
>>
>> https://github.com/apache/openmeetings/blob/master/openmeetings-web/src/main/webapp/css/images/logo.svg
>>
>> https://github.com/apache/openmeetings/blob/master/openmeetings-web/src/main/webapp/css/images/logo.png
>>
>> And text
>>
>>
>> (from mobile, sorry for typos)
>>
>> On Tue, May 5, 2020, 20:16 K. Kamhamea  wrote:
>>
>>> Does anyone know where the template is located. I have to ajust it a
>>> little bit, so my logo and text better fits in.
>>>
>>> [image: grafik.png]
>>>
>>>

-- 
Best regards,
Maxim

Re: AW: Integration problems with Active Directory

[Osvaldo OBA . Benítez Aliaga]

The most logical thing is that you follow the thread.

El 5/5/2020 a las 10:06, Ninnig, Alexander escribió:
> Hi,
>
> I'm new and I don't know the etiquette: If I have a problem with Active 
> Directory-Integration as well - do I start a new "thread" by sending an email 
> with a new subject, or should I respond to this existing one?
>
> In case responding to an existierung one is right, I would like to describe 
> the problem:
>
> Right now, if I try to authenticate as domain-user, I don't get a login-error 
> (like: wrong username or password), but an internal error page instead (the 
> browser tab shows "Internal Error" pretty fast, it takes a few more seconds 
> until the page is openend 
> (https://myopenmeetingsserver:5443/openmeetings/wicket/bookmarkable/org.apache.wicket.markup.html.pages.InternalErrorPage).
>  Is this supposed to happen? As far as I remember, this was different in 
> OpenMeetings 3 (I tried LDAP before with OM3, but the login was always 
> denied, saying user oder password was wrong - the login kinda wiggled a few 
> times, sort of like shaking it's head).
>
> Question 1: is there something wrong with my OpenMeetings-installation? Or is 
> this just the behaviour caused by a wrong om_ldap.conf?
> --> I figured this one out! The sample-om_ldap.conf was in 
> /opt/open504/webapps/openmeetings/data/conf/, but the LDAP-configuration 
> said, the file should be in /opt/open504/webapps/openmeetings/conf [no DATA], 
> after I copied/moved the conf, I got the regular "wrong username/wrong 
> password"-message. So ist still not working, but there's no internal error 
> anymore.
>
> Question 2: I still can't login using AD-credentials, no matter if I use 
> username, username@domain.intern oder usern...@publicdomain.de. I add some 
> info on my environment and my configuration, since I'm not sure, I understand 
> all of it. Can someone have a look and help me with this?
>
> Here is my scenario:
> OpenMeeting 5.04 on Ubuntu Server 18.04 (English), NOT a domain member
> Active Directory on Windows Server 2012 R2
>
> Here is my configuration (this file is also set in OpenMeetings in 
> LDAP-configuration; I tried with and without "add Domain to username"):
> ldap_conn_host=192.168.0.10
> ldap_conn_port=389
> ldap_conn_secure=false
> ldap_admin_dn=CN=openmeetings,CN=Users,DC=domain,DC=intern
> ldap_passwd=SomeSuperPassword
> ldap_search_base=OU=myfirm,DC=domain,DC=intern
>
> --> so far, I can use these infos in order to get an ldap-bind (using Apache 
> Directory Studio), THAT works.
> --> The om-ldap-user is NOT in the same OU as my users, that is 
> intentionally, since there are no restricting group-policies on "Users", but 
> on "myfirm".
> --> After creating an ldap-bind in Apache Directory Studio, I can also use 
> this search-base, so that works too.
>
> ldap_search_query=(uid=%s)
> --> I left this unchanged, this means, OpenMeetings searches my AD for the 
> entered string, right?
>
> ldap_search_scopes=SUBTREE
> --> I changed that to SUBTREE, since i have more OUs below "myfirm" (such as 
> "users", "computers", "servers" and so on)
>
> ldap_auth_type=SEARCHANDBIND
> --> I tried SEARCHANDBIND as well as SIMPLEBIND. Wrong username/password 
> keeps showing, no matter the ldap_auth_type. Can I also use NONE instead?
>
> ldap_userdn_format=uid=%s,OU=myfirm,DC=domain,DC=intern
> --> this is the parameter I don't understand. Is this how the DN of the 
> useraccout, creating the ldap-bind, is created? But why is this necessary? I 
> thought, I already told openmeetings what account to use (namely 
> ldap_admin_dn=CN=openmeetings,CN=Users,DC=domain,DC=intern). Since a lot of 
> my users are in different OUs, I cannot supply ONE string, that matches all. 
> In order to get a syntax that fits everyone, I would rather use an 
> ldap-attribute like "userPrincipalName" (that's always: 
> logonname@myfirm.intern). If I use SEARCHANDBIND and/or 
> ldap_use_admin_to_get_attrs=true, can I just ignore this setting? Or is this 
> the username-syntax OpenMeetings uses in order to check if the password is 
> right? In that case, I would have to provide a DN-string, that would fit 
> every user, which is not possible, when users are in different OUs.
>
> ldap_use_admin_to_get_attrs=true
> --> that means, the aforementioned ldap_admin_dsn is used in order to search 
> the AD, right?
>
> (...)
>
> ldap_user_attr_login=uid
> --> is this an attribute used by OpenMeetings? That is not an attribute used 
> in my Active Directory. It is always empty/not set! If this is supposed to be 
> the loginname, should I change this to userPrincipalName 
> (loginname@domain.intern) or sAMAccountName (loginname) instead? All the 
> other attributes (sn, givenName, etc.) are used and filled.
>
>
>
> Best regards,
> Alex
>
> -Ursprüngliche Nachricht-
> Von: Maxim Solodovnik  
> Gesendet: Dienstag, 5. Mai 2020 04:57
> An: Openmeetings user-list 
> Betreff: Re: Integration problems with Active Directory
>
> Hello Osvaldo

Re: AW: AW: OpenMeetings <-> BigBlueButton

[Maxim Solodovnik]

if you prefer user kurento please change the script
i prefer nobody/nogroup to gave attacker less options on success

you can leave group unchanged in the script

On Tue, 5 May 2020 at 20:57, Peter-Otto Weber  wrote:

> Sorry maxim but following the guid for SSL there was a
>
>
>
> sudo chown -R kurento /opt/open503
>
>
>
> so kurento ist he owner.
>
>
>
> I guess i need to change from User= nobody to User=kurento???
>
>
>
> What about „Group=nogroup?
>
>
>
> Best wishes and both hands tot he wheel 😉
>
>
>
> POW
>
>
>
> *Von:* Maxim Solodovnik 
> *Gesendet:* Dienstag, 5. Mai 2020 15:54
> *An:* Openmeetings user-list 
> *Betreff:* Re: AW: AW: OpenMeetings <-> BigBlueButton
>
>
>
> This script expects om folder belongs to nobody
>
>
>
> Search nobody ...
>
>
>
> (from mobile, sorry for typos)
>
>
>
> On Tue, May 5, 2020, 20:40 Peter-Otto Weber  wrote:
>
> Tested
>
>
>
> sudo cp a-simple-file.txt logs/catalina.out
>
>
>
> and this worked. So „root“ hast he right to create the file.
>
>
>
> Who in this situation (starting service) is trying to create the log
>
>
>
> Best wishes
>
>
>
> POW
>
>
>
> *Von:* Juan Antonio Moreno Carmona 
> *Gesendet:* Dienstag, 5. Mai 2020 14:33
> *An:* user@openmeetings.apache.org
> *Betreff:* Re: AW: AW: OpenMeetings <-> BigBlueButton
>
>
>
> HI again.
>
> By the way, what operating system or distribution are you using for the
> server?
>
> Regards.
>
> El 5/5/20 a las 14:02, Peter-Otto Weber escribió:
>
> Hello Juan and Maxim,
>
>
>
> i tested doing this:
>
>
>
> created backup oft he two files
>
> added AmbientCapabilities=CAP_NET_BIND_SERVICE to openmeetings.service
>
> changed 5443 to 443 in server.xml
>
>
>
> (There’s another line with port 5443 – shouldn’t this be changed also?)
>
>
>
> rebooted the server
>
>
>
> than login
>
>
>
> sudo /etc/init.d/mysql start
>
> sudo /etc/init.d/tomcat3 start
>
>
>
> waiting about 1 minute
>
>
>
> No access to openmeetings on 443 or 5443?
>
>
>
> Used sudo netstat -plnt to see if port 443 is in use – could not find it.
>
>
>
> Than copying back the changed files, reboot, start services and everything
> is back on port 5443.
>
>
>
> Using netstat -plnt i can only see java but on tcp6 localhost :::5443 i
> can not see on what port openmeetings is listening???
>
>
>
> Your last hints regarding openmeetings.service did not hit my brain at the
> right position – i do not understand???
>
>
>
> Best wishes
>
>
>
> POW
>
>
>
> *Von:* Maxim Solodovnik  
> *Gesendet:* Dienstag, 5. Mai 2020 13:13
> *An:* Openmeetings user-list 
> 
> *Betreff:* Re: AW: OpenMeetings <-> BigBlueButton
>
>
>
> instructions are in the script:
>
>
> https://github.com/apache/openmeetings/blob/master/openmeetings-server/src/main/assembly/scripts/openmeetings.service#L15
>
>
>
> don't forget to update the paths :)
>
>
>
> On Tue, 5 May 2020 at 18:10, Juan Antonio Moreno Carmona 
> wrote:
>
> Hi again.
>
> I forgot to warn that you must use the file openmeetings.service to manage
> openmeetings for this to work. That is, you have copied the file
> openmeetings.service to /etc/systemd /system and you start, stop, restart
> openmeetings with:
>
> sudo systemctl start openmeetings
>
> sudo systemctl stop openmeetings
>
> sudo systemctl restart openmeetings
>
> Regards.
>
> El 5/5/20 a las 13:04, Peter-Otto Weber escribió:
>
> Thx Juan – i will give it a try.
>
>
>
> Maybe it helps to get more acceptance with my business users.
>
>
>
> Best wishes
>
>
>
> POW
>
>
>
> *Von:* Juan Antonio Moreno Carmona  
> *Gesendet:* Dienstag, 5. Mai 2020 12:45
> *An:* user@openmeetings.apache.org
> *Betreff:* Re: OpenMeetings <-> BigBlueButton
>
>
>
> Hi all.
>
> As Maxim has already said, on *nix systems the use of ports below 1024 is
> restricted to the root user. So, you have two options, one is to run
> openmeetings as root user and then you can configure to use port 443 or run
> openmeetings as another user (openmeetings, nobody, etc.) and use a port
> above 1024 (usually 8443). Well, this It is not the whole truth, you can
> really use a user other than root and configure openmeetings to run on port
> 443. There are several ways to achieve this and you can see some of them in
>
>
> https://superuser.com/questions/710253/allow-non-root-process-to-bind-to-port-80-and-443
>
> I tell you how I get it. I use the file openmeetings.service that comes
> with the openmeetings distribution with some minor modifications. You can
> see that lines 23-24 contain the following:
>
> [Service]
> Type=forking
>
> Okay, add one more line just below so it looks like this
>
> [Service]
> Type=forking
> AmbientCapabilities=CAP_NET_BIND_SERVICE
>
> Then edit server.xml file and change
>
> 
> to
>
> 
> Restart openmeetings and visit https://yourdomain.com/openmeetings
>
> Regards.
>
> El 5/5/20 a las 8:35, Maxim Solodovnik escribió:
>
>
>
>
>
> On Tue, 5 May 2020 at 13:29, Peter-Otto Weber  wrote:
>
> Hello Maxim,
>
>
>
> sometimes your answers are a bit „cryptic“ for dummies like me 😊
>
>
>
> What do y

Re: main template location

[K. Kamhamea]

Sorry I was not precise enough with my question.

I know where to change the logo, and I also know where to change the text
"OpenMeetings", but having changed both items they don't fil any more, so
I'd like to ajust the template a little bit to give morespace between them.

Therefore I'm looking for the html template.



Am Di., 5. Mai 2020 um 15:48 Uhr schrieb Maxim Solodovnik <
solomax...@gmail.com>:

> It is image
>
> https://github.com/apache/openmeetings/blob/master/openmeetings-web/src/main/webapp/css/images/logo.svg
>
> https://github.com/apache/openmeetings/blob/master/openmeetings-web/src/main/webapp/css/images/logo.png
>
> And text
>
>
> (from mobile, sorry for typos)
>
> On Tue, May 5, 2020, 20:16 K. Kamhamea  wrote:
>
>> Does anyone know where the template is located. I have to ajust it a
>> little bit, so my logo and text better fits in.
>>
>> [image: grafik.png]
>>
>>

AW: Integration problems with Active Directory

[Ninnig, Alexander]

Hi,

I'm new and I don't know the etiquette: If I have a problem with Active 
Directory-Integration as well - do I start a new "thread" by sending an email 
with a new subject, or should I respond to this existing one?

In case responding to an existierung one is right, I would like to describe the 
problem:

Right now, if I try to authenticate as domain-user, I don't get a login-error 
(like: wrong username or password), but an internal error page instead (the 
browser tab shows "Internal Error" pretty fast, it takes a few more seconds 
until the page is openend 
(https://myopenmeetingsserver:5443/openmeetings/wicket/bookmarkable/org.apache.wicket.markup.html.pages.InternalErrorPage).
 Is this supposed to happen? As far as I remember, this was different in 
OpenMeetings 3 (I tried LDAP before with OM3, but the login was always denied, 
saying user oder password was wrong - the login kinda wiggled a few times, sort 
of like shaking it's head).

Question 1: is there something wrong with my OpenMeetings-installation? Or is 
this just the behaviour caused by a wrong om_ldap.conf?
--> I figured this one out! The sample-om_ldap.conf was in 
/opt/open504/webapps/openmeetings/data/conf/, but the LDAP-configuration said, 
the file should be in /opt/open504/webapps/openmeetings/conf [no DATA], after I 
copied/moved the conf, I got the regular "wrong username/wrong 
password"-message. So ist still not working, but there's no internal error 
anymore.

Question 2: I still can't login using AD-credentials, no matter if I use 
username, username@domain.intern oder usern...@publicdomain.de. I add some info 
on my environment and my configuration, since I'm not sure, I understand all of 
it. Can someone have a look and help me with this?

Here is my scenario:
OpenMeeting 5.04 on Ubuntu Server 18.04 (English), NOT a domain member
Active Directory on Windows Server 2012 R2

Here is my configuration (this file is also set in OpenMeetings in 
LDAP-configuration; I tried with and without "add Domain to username"):
ldap_conn_host=192.168.0.10
ldap_conn_port=389
ldap_conn_secure=false
ldap_admin_dn=CN=openmeetings,CN=Users,DC=domain,DC=intern
ldap_passwd=SomeSuperPassword
ldap_search_base=OU=myfirm,DC=domain,DC=intern

--> so far, I can use these infos in order to get an ldap-bind (using Apache 
Directory Studio), THAT works.
--> The om-ldap-user is NOT in the same OU as my users, that is intentionally, 
since there are no restricting group-policies on "Users", but on "myfirm".
--> After creating an ldap-bind in Apache Directory Studio, I can also use this 
search-base, so that works too.

ldap_search_query=(uid=%s)
--> I left this unchanged, this means, OpenMeetings searches my AD for the 
entered string, right?

ldap_search_scopes=SUBTREE
--> I changed that to SUBTREE, since i have more OUs below "myfirm" (such as 
"users", "computers", "servers" and so on)

ldap_auth_type=SEARCHANDBIND
--> I tried SEARCHANDBIND as well as SIMPLEBIND. Wrong username/password keeps 
showing, no matter the ldap_auth_type. Can I also use NONE instead?

ldap_userdn_format=uid=%s,OU=myfirm,DC=domain,DC=intern
--> this is the parameter I don't understand. Is this how the DN of the 
useraccout, creating the ldap-bind, is created? But why is this necessary? I 
thought, I already told openmeetings what account to use (namely 
ldap_admin_dn=CN=openmeetings,CN=Users,DC=domain,DC=intern). Since a lot of my 
users are in different OUs, I cannot supply ONE string, that matches all. In 
order to get a syntax that fits everyone, I would rather use an ldap-attribute 
like "userPrincipalName" (that's always: logonname@myfirm.intern). If I use 
SEARCHANDBIND and/or ldap_use_admin_to_get_attrs=true, can I just ignore this 
setting? Or is this the username-syntax OpenMeetings uses in order to check if 
the password is right? In that case, I would have to provide a DN-string, that 
would fit every user, which is not possible, when users are in different OUs.

ldap_use_admin_to_get_attrs=true
--> that means, the aforementioned ldap_admin_dsn is used in order to search 
the AD, right?

(...)

ldap_user_attr_login=uid
--> is this an attribute used by OpenMeetings? That is not an attribute used in 
my Active Directory. It is always empty/not set! If this is supposed to be the 
loginname, should I change this to userPrincipalName (loginname@domain.intern) 
or sAMAccountName (loginname) instead? All the other attributes (sn, givenName, 
etc.) are used and filled.



Best regards,
Alex

-Ursprüngliche Nachricht-
Von: Maxim Solodovnik  
Gesendet: Dienstag, 5. Mai 2020 04:57
An: Openmeetings user-list 
Betreff: Re: Integration problems with Active Directory

Hello Osvaldo,

since your users doesn't "fit" into single LDAP DN pattern SIMPLEBIND should be 
replaced with SEARCHANDBIND In this case your users will be searched using 
search-base and search-query, then authenticated ...

On Tue, 5 May 2020 at 01:16, Osvaldo OBA. Benítez Aliaga mailto:osval198...@gmail.com>

Re: Integration problems with Active Directory

[Osvaldo OBA . Benítez Aliaga]

Already SIMPLEBIND by SEARCHANDBIND but it keeps giving me the same error.

El 4/5/2020 a las 22:57, Maxim Solodovnik escribió:
> Hello Osvaldo,
>
> since your users doesn't "fit" into single LDAP DN pattern SIMPLEBIND
> should be replaced with SEARCHANDBIND
> In this case your users will be searched using search-base and
> search-query, then authenticated ...
>
> On Tue, 5 May 2020 at 01:16, Osvaldo OBA. Benítez Aliaga
> mailto:osval198...@gmail.com>> wrote:
>
> yes.
> I have managed to authenticate well with the user that declared
> (support) and authenticate well with the users that are in the same
> organizational unit (CN). Now the problem is with users who are in
> other
> organizational units. For example, those in the Domain Users OU
>
>
> El 4/5/2020 a las 12:09, Maxim Solodovnik escribió:
> > Have you tested it with LDAP explorer as I suggest?
>
>
>
> -- 
> Best regards,
> Maxim

AW: AW: AW: OpenMeetings <-> BigBlueButton

[Peter-Otto Weber]

Sorry maxim but following the guid for SSL there was a

sudo chown -R kurento /opt/open503

so kurento ist he owner.

I guess i need to change from User= nobody to User=kurento???

What about „Group=nogroup?

Best wishes and both hands tot he wheel 😉

POW

Von: Maxim Solodovnik 
Gesendet: Dienstag, 5. Mai 2020 15:54
An: Openmeetings user-list 
Betreff: Re: AW: AW: OpenMeetings <-> BigBlueButton

This script expects om folder belongs to nobody

Search nobody ...

(from mobile, sorry for typos)

On Tue, May 5, 2020, 20:40 Peter-Otto Weber 
mailto:cyber...@hotmail.de>> wrote:
Tested

sudo cp a-simple-file.txt logs/catalina.out

and this worked. So „root“ hast he right to create the file.

Who in this situation (starting service) is trying to create the log

Best wishes

POW

Von: Juan Antonio Moreno Carmona mailto:jam...@gmail.com>>
Gesendet: Dienstag, 5. Mai 2020 14:33
An: user@openmeetings.apache.org
Betreff: Re: AW: AW: OpenMeetings <-> BigBlueButton


HI again.

By the way, what operating system or distribution are you using for the server?

Regards.
El 5/5/20 a las 14:02, Peter-Otto Weber escribió:
Hello Juan and Maxim,

i tested doing this:

created backup oft he two files
added AmbientCapabilities=CAP_NET_BIND_SERVICE to openmeetings.service
changed 5443 to 443 in server.xml

(There’s another line with port 5443 – shouldn’t this be changed also?)

rebooted the server

than login

sudo /etc/init.d/mysql start
sudo /etc/init.d/tomcat3 start

waiting about 1 minute

No access to openmeetings on 443 or 5443?

Used sudo netstat -plnt to see if port 443 is in use – could not find it.

Than copying back the changed files, reboot, start services and everything is 
back on port 5443.

Using netstat -plnt i can only see java but on tcp6 localhost :::5443 i can not 
see on what port openmeetings is listening???

Your last hints regarding openmeetings.service did not hit my brain at the 
right position – i do not understand???

Best wishes

POW

Von: Maxim Solodovnik 
Gesendet: Dienstag, 5. Mai 2020 13:13
An: Openmeetings user-list 

Betreff: Re: AW: OpenMeetings <-> BigBlueButton

instructions are in the script:
https://github.com/apache/openmeetings/blob/master/openmeetings-server/src/main/assembly/scripts/openmeetings.service#L15

don't forget to update the paths :)

On Tue, 5 May 2020 at 18:10, Juan Antonio Moreno Carmona 
mailto:jam...@gmail.com>> wrote:

Hi again.

I forgot to warn that you must use the file openmeetings.service to manage 
openmeetings for this to work. That is, you have copied the file 
openmeetings.service to /etc/systemd /system and you start, stop, restart 
openmeetings with:

sudo systemctl start openmeetings

sudo systemctl stop openmeetings

sudo systemctl restart openmeetings

Regards.
El 5/5/20 a las 13:04, Peter-Otto Weber escribió:
Thx Juan – i will give it a try.

Maybe it helps to get more acceptance with my business users.

Best wishes

POW

Von: Juan Antonio Moreno Carmona 
Gesendet: Dienstag, 5. Mai 2020 12:45
An: user@openmeetings.apache.org
Betreff: Re: OpenMeetings <-> BigBlueButton


Hi all.

As Maxim has already said, on *nix systems the use of ports below 1024 is 
restricted to the root user. So, you have two options, one is to run 
openmeetings as root user and then you can configure to use port 443 or run 
openmeetings as another user (openmeetings, nobody, etc.) and use a port above 
1024 (usually 8443). Well, this It is not the whole truth, you can really use a 
user other than root and configure openmeetings to run on port 443. There are 
several ways to achieve this and you can see some of them in

https://superuser.com/questions/710253/allow-non-root-process-to-bind-to-port-80-and-443

I tell you how I get it. I use the file openmeetings.service that comes with 
the openmeetings distribution with some minor modifications. You can see that 
lines 23-24 contain the following:

[Service]
Type=forking

Okay, add one more line just below so it looks like this

[Service]
Type=forking
AmbientCapabilities=CAP_NET_BIND_SERVICE

Then edit server.xml file and change

https://yourdomain.com/openmeetings

Regards.
El 5/5/20 a las 8:35, Maxim Solodovnik escribió:


On Tue, 5 May 2020 at 13:29, Peter-Otto Weber 
mailto:cyber...@hotmail.de>> wrote:
Hello Maxim,

sometimes your answers are a bit „cryptic“ for dummies like me 😊

What do you mean with „privileged on *nix“. What can happen if i use a 
„privileged“ web Port?

Special privileges are required to use ports <=1024 on *nix systems (MacOS, 
Ubuntu, Fedora etc.)

To do it secure way you need to create special user and grant  it with special 
permission
Or use front-end proxy


I find 5443 one time in config. So i just change this to 443 and reboot?

https://github.com/apache/openmeetings/blob/master/openmeetings-server/src/main/assembly/conf/server.xml#L

Re: AW: AW: OpenMeetings <-> BigBlueButton

[Maxim Solodovnik]

This script expects om folder belongs to nobody

Search nobody ...

(from mobile, sorry for typos)

On Tue, May 5, 2020, 20:40 Peter-Otto Weber  wrote:

> Tested
>
>
>
> sudo cp a-simple-file.txt logs/catalina.out
>
>
>
> and this worked. So „root“ hast he right to create the file.
>
>
>
> Who in this situation (starting service) is trying to create the log
>
>
>
> Best wishes
>
>
>
> POW
>
>
>
> *Von:* Juan Antonio Moreno Carmona 
> *Gesendet:* Dienstag, 5. Mai 2020 14:33
> *An:* user@openmeetings.apache.org
> *Betreff:* Re: AW: AW: OpenMeetings <-> BigBlueButton
>
>
>
> HI again.
>
> By the way, what operating system or distribution are you using for the
> server?
>
> Regards.
>
> El 5/5/20 a las 14:02, Peter-Otto Weber escribió:
>
> Hello Juan and Maxim,
>
>
>
> i tested doing this:
>
>
>
> created backup oft he two files
>
> added AmbientCapabilities=CAP_NET_BIND_SERVICE to openmeetings.service
>
> changed 5443 to 443 in server.xml
>
>
>
> (There’s another line with port 5443 – shouldn’t this be changed also?)
>
>
>
> rebooted the server
>
>
>
> than login
>
>
>
> sudo /etc/init.d/mysql start
>
> sudo /etc/init.d/tomcat3 start
>
>
>
> waiting about 1 minute
>
>
>
> No access to openmeetings on 443 or 5443?
>
>
>
> Used sudo netstat -plnt to see if port 443 is in use – could not find it.
>
>
>
> Than copying back the changed files, reboot, start services and everything
> is back on port 5443.
>
>
>
> Using netstat -plnt i can only see java but on tcp6 localhost :::5443 i
> can not see on what port openmeetings is listening???
>
>
>
> Your last hints regarding openmeetings.service did not hit my brain at the
> right position – i do not understand???
>
>
>
> Best wishes
>
>
>
> POW
>
>
>
> *Von:* Maxim Solodovnik  
> *Gesendet:* Dienstag, 5. Mai 2020 13:13
> *An:* Openmeetings user-list 
> 
> *Betreff:* Re: AW: OpenMeetings <-> BigBlueButton
>
>
>
> instructions are in the script:
>
>
> https://github.com/apache/openmeetings/blob/master/openmeetings-server/src/main/assembly/scripts/openmeetings.service#L15
>
>
>
> don't forget to update the paths :)
>
>
>
> On Tue, 5 May 2020 at 18:10, Juan Antonio Moreno Carmona 
> wrote:
>
> Hi again.
>
> I forgot to warn that you must use the file openmeetings.service to manage
> openmeetings for this to work. That is, you have copied the file
> openmeetings.service to /etc/systemd /system and you start, stop, restart
> openmeetings with:
>
> sudo systemctl start openmeetings
>
> sudo systemctl stop openmeetings
>
> sudo systemctl restart openmeetings
>
> Regards.
>
> El 5/5/20 a las 13:04, Peter-Otto Weber escribió:
>
> Thx Juan – i will give it a try.
>
>
>
> Maybe it helps to get more acceptance with my business users.
>
>
>
> Best wishes
>
>
>
> POW
>
>
>
> *Von:* Juan Antonio Moreno Carmona  
> *Gesendet:* Dienstag, 5. Mai 2020 12:45
> *An:* user@openmeetings.apache.org
> *Betreff:* Re: OpenMeetings <-> BigBlueButton
>
>
>
> Hi all.
>
> As Maxim has already said, on *nix systems the use of ports below 1024 is
> restricted to the root user. So, you have two options, one is to run
> openmeetings as root user and then you can configure to use port 443 or run
> openmeetings as another user (openmeetings, nobody, etc.) and use a port
> above 1024 (usually 8443). Well, this It is not the whole truth, you can
> really use a user other than root and configure openmeetings to run on port
> 443. There are several ways to achieve this and you can see some of them in
>
>
> https://superuser.com/questions/710253/allow-non-root-process-to-bind-to-port-80-and-443
>
> I tell you how I get it. I use the file openmeetings.service that comes
> with the openmeetings distribution with some minor modifications. You can
> see that lines 23-24 contain the following:
>
> [Service]
> Type=forking
>
> Okay, add one more line just below so it looks like this
>
> [Service]
> Type=forking
> AmbientCapabilities=CAP_NET_BIND_SERVICE
>
> Then edit server.xml file and change
>
> 
> to
>
> 
> Restart openmeetings and visit https://yourdomain.com/openmeetings
>
> Regards.
>
> El 5/5/20 a las 8:35, Maxim Solodovnik escribió:
>
>
>
>
>
> On Tue, 5 May 2020 at 13:29, Peter-Otto Weber  wrote:
>
> Hello Maxim,
>
>
>
> sometimes your answers are a bit „cryptic“ for dummies like me 😊
>
>
>
> What do you mean with „privileged on *nix“. What can happen if i use a
> „privileged“ web Port?
>
>
>
> Special privileges are required to use ports <=1024 on *nix systems
> (MacOS, Ubuntu, Fedora etc.)
>
>
>
> To do it secure way you need to create special user and grant  it with
> special permission
>
> Or use front-end proxy
>
>
>
>
>
> I find 5443 one time in config. So i just change this to 443 and reboot?
>
>
>
>
> https://github.com/apache/openmeetings/blob/master/openmeetings-server/src/main/assembly/conf/server.xml#L57
>
>
> https://github.com/apache/openmeetings/blob/master/openmeetings-server/src/main/assembly/conf/server.xml#L73
>
>
>
> and restart OM
>
>
>
>
>
> Best wishes for having long nights w

Re: main template location

[Maxim Solodovnik]

It is image
https://github.com/apache/openmeetings/blob/master/openmeetings-web/src/main/webapp/css/images/logo.svg
https://github.com/apache/openmeetings/blob/master/openmeetings-web/src/main/webapp/css/images/logo.png

And text


(from mobile, sorry for typos)

On Tue, May 5, 2020, 20:16 K. Kamhamea  wrote:

> Does anyone know where the template is located. I have to ajust it a
> little bit, so my logo and text better fits in.
>
> [image: grafik.png]
>
>

Re: Update M3 -> M4

[Maxim Solodovnik]

Good to know it is not om issue :)

(from mobile, sorry for typos)

On Tue, May 5, 2020, 20:14 K. Kamhamea  wrote:

> I got it running again. LibreOffice is working with OM now.
>
> But I not just purged LO but also removed everything reminding LO from my
> GUI Package Manager (After purging there left a lot)
>
> Am Mo., 4. Mai 2020 um 22:31 Uhr schrieb seba.wag...@gmail.com <
> seba.wag...@gmail.com>:
>
>> After upgrading to M5 I can see this exception in the log file:
>> ERROR 05-05 08:24:52.302 o.a.o.c.c.DocumentConverter:109 [Thread-74] -
>> doJodConvert
>> java.lang.NullPointerException: null
>> at
>> org.jodconverter.local.office.LocalOfficeUtils.validateOfficeHome(LocalOfficeUtils.java:339)
>> at
>> org.jodconverter.local.office.LocalOfficeManager$Builder.build(LocalOfficeManager.java:169)
>> at
>> org.apache.openmeetings.core.converter.DocumentConverter.createOfficeManager(DocumentConverter.java:85)
>> at
>> org.apache.openmeetings.core.converter.DocumentConverter.doJodConvert(DocumentConverter.java:106)
>> at
>> org.apache.openmeetings.core.converter.DocumentConverter.convertPDF(DocumentConverter.java:68)
>> at
>> org.apache.openmeetings.core.data.file.FileProcessor.processFile(FileProcessor.java:116)
>> at
>> org.apache.openmeetings.core.data.file.FileProcessor.processFile(FileProcessor.java:91)
>> at
>> org.apache.openmeetings.core.data.file.Wicket_Proxy_FileProcessor$$FastClassByCGLIB$$6d986e8f.invoke()
>> at net.sf.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
>> at
>> org.apache.wicket.proxy.LazyInitProxyFactory$AbstractCGLibInterceptor.intercept(LazyInitProxyFactory.java:364)
>> at
>> org.apache.openmeetings.core.data.file.Wicket_Proxy_FileProcessor$$EnhancerByCGLIB$$d310c632.processFile()
>> at
>> org.apache.openmeetings.web.room.sidebar.UploadDialog.convertAll(UploadDialog.java:261)
>> at
>> org.apache.openmeetings.web.room.sidebar.UploadDialog$7.lambda$onSubmit$0(UploadDialog.java:210)
>> at
>> org.apache.openmeetings.web.util.ThreadHelper.lambda$startRunnable$0(ThreadHelper.java:40)
>> at java.base/java.lang.Thread.run(Thread.java:834)
>>
>> I thikn it happend after I upgrade OSX and libreoffice got purged from my
>> system.
>> So JOD Converter can't find the path anymore.
>>
>> Those are the paths for unix it tries (unless you overwrite it via the OM
>> Config custom path):
>>
>> https://github.com/sbraconnier/jodconverter/blob/master/jodconverter-local/src/main/java/org/jodconverter/local/office/LocalOfficeUtils.java#L115
>>
>>
>> Thanks,
>> Sebastian
>>
>>
>>
>>
>> Sebastian Wagner
>> https://www.linkedin.com/in/sebastianwagner/
>>
>> 
>> 
>>
>>
>> On Tue, 5 May 2020 at 06:32, K. Kamhamea  wrote:
>>
>>> Thank you. After that no OM service any more on that computer  :-)))
>>>
>>> I'll probably re-install everything tomorrow.
>>> Good night K.
>>>
>>> Am Mo., 4. Mai 2020 um 19:32 Uhr schrieb Maxim Solodovnik <
>>> solomax...@gmail.com>:
>>>


 On Tue, 5 May 2020 at 00:20, K. Kamhamea 
 wrote:

> > Are you installing to desktop or server?
> the computer is both a desktop and a server
>
> >What in the logs?
> INFO  05-04 19:13:09.697 o.j.l.o.OfficeProcess:434 [officeprocess-0] -
> Started process; pid: 4629
> ERROR 05-04 19:13:11.241 o.j.l.o.VerboseProcess:84 [Thread-191] -
> LibreOffice 6.4 - Fatal Error: Die Anwendung kann nicht gestartet werden.
> ERROR 05-04 19:13:11.242 o.j.l.o.VerboseProcess:84 [Thread-191] -
> Extension Manager: exception in synchronize
> INFO  05-04 19:13:11.297 o.j.c.o.AbstractOfficeManagerPool:156
> [Thread-183] - Stopping the office manager pool...
> INFO  05-04 19:13:11.299 o.j.l.o.OfficeProcessManager:313 [Thread-183]
> - Submitting task 'Stop' and waiting...
> INFO  05-04 19:13:11.303 o.j.l.o.OfficeProcess:240 [officeprocess-0] -
> Trying to forcibly terminate process:
> 'host=127.0.0.1,port=2002,tcpNoDelay=1'; pid: 4629
> INFO  05-04 19:13:11.312 o.j.l.o.OfficeProcessManager:204
> [officeprocess-0] - Process terminated with code 77
> INFO  05-04 19:13:11.313 o.j.l.o.OfficeProcessManager:121
> [officeprocess-0] - Process exited with code 77
> INFO  05-04 19:13:11.319 o.j.c.o.AbstractOfficeManagerPool:174
> [Thread-183] - Office manager stopped
> ERROR 05-04 19:13:11.322 o.a.o.c.c.DocumentConverter:109 [Thread-183]
> - doJodConvert
> org.jodconverter.core.office.OfficeException: Office process died with
> exit code 77
>
> Fatal Error: Die Anwendung kann nicht gestartet werden. -> Fatal
> Error: the application could not be started
>
>  > What OS on your server?
> Ubuntu 18.04
>
> BTW I just installed the whole server on a naked machine, with no
> pre-installed M3 and all works perfectly.
>

 I doubt have M3 can

AW: AW: AW: OpenMeetings <-> BigBlueButton

[Peter-Otto Weber]

Tested

sudo cp a-simple-file.txt logs/catalina.out

and this worked. So „root“ hast he right to create the file.

Who in this situation (starting service) is trying to create the log

Best wishes

POW

Von: Juan Antonio Moreno Carmona 
Gesendet: Dienstag, 5. Mai 2020 14:33
An: user@openmeetings.apache.org
Betreff: Re: AW: AW: OpenMeetings <-> BigBlueButton


HI again.

By the way, what operating system or distribution are you using for the server?

Regards.
El 5/5/20 a las 14:02, Peter-Otto Weber escribió:
Hello Juan and Maxim,

i tested doing this:

created backup oft he two files
added AmbientCapabilities=CAP_NET_BIND_SERVICE to openmeetings.service
changed 5443 to 443 in server.xml

(There’s another line with port 5443 – shouldn’t this be changed also?)

rebooted the server

than login

sudo /etc/init.d/mysql start
sudo /etc/init.d/tomcat3 start

waiting about 1 minute

No access to openmeetings on 443 or 5443?

Used sudo netstat -plnt to see if port 443 is in use – could not find it.

Than copying back the changed files, reboot, start services and everything is 
back on port 5443.

Using netstat -plnt i can only see java but on tcp6 localhost :::5443 i can not 
see on what port openmeetings is listening???

Your last hints regarding openmeetings.service did not hit my brain at the 
right position – i do not understand???

Best wishes

POW

Von: Maxim Solodovnik 
Gesendet: Dienstag, 5. Mai 2020 13:13
An: Openmeetings user-list 

Betreff: Re: AW: OpenMeetings <-> BigBlueButton

instructions are in the script:
https://github.com/apache/openmeetings/blob/master/openmeetings-server/src/main/assembly/scripts/openmeetings.service#L15

don't forget to update the paths :)

On Tue, 5 May 2020 at 18:10, Juan Antonio Moreno Carmona 
mailto:jam...@gmail.com>> wrote:

Hi again.

I forgot to warn that you must use the file openmeetings.service to manage 
openmeetings for this to work. That is, you have copied the file 
openmeetings.service to /etc/systemd /system and you start, stop, restart 
openmeetings with:

sudo systemctl start openmeetings

sudo systemctl stop openmeetings

sudo systemctl restart openmeetings

Regards.
El 5/5/20 a las 13:04, Peter-Otto Weber escribió:
Thx Juan – i will give it a try.

Maybe it helps to get more acceptance with my business users.

Best wishes

POW

Von: Juan Antonio Moreno Carmona 
Gesendet: Dienstag, 5. Mai 2020 12:45
An: user@openmeetings.apache.org
Betreff: Re: OpenMeetings <-> BigBlueButton


Hi all.

As Maxim has already said, on *nix systems the use of ports below 1024 is 
restricted to the root user. So, you have two options, one is to run 
openmeetings as root user and then you can configure to use port 443 or run 
openmeetings as another user (openmeetings, nobody, etc.) and use a port above 
1024 (usually 8443). Well, this It is not the whole truth, you can really use a 
user other than root and configure openmeetings to run on port 443. There are 
several ways to achieve this and you can see some of them in

https://superuser.com/questions/710253/allow-non-root-process-to-bind-to-port-80-and-443

I tell you how I get it. I use the file openmeetings.service that comes with 
the openmeetings distribution with some minor modifications. You can see that 
lines 23-24 contain the following:

[Service]
Type=forking

Okay, add one more line just below so it looks like this

[Service]
Type=forking
AmbientCapabilities=CAP_NET_BIND_SERVICE

Then edit server.xml file and change

https://yourdomain.com/openmeetings

Regards.
El 5/5/20 a las 8:35, Maxim Solodovnik escribió:


On Tue, 5 May 2020 at 13:29, Peter-Otto Weber 
mailto:cyber...@hotmail.de>> wrote:
Hello Maxim,

sometimes your answers are a bit „cryptic“ for dummies like me 😊

What do you mean with „privileged on *nix“. What can happen if i use a 
„privileged“ web Port?

Special privileges are required to use ports <=1024 on *nix systems (MacOS, 
Ubuntu, Fedora etc.)

To do it secure way you need to create special user and grant  it with special 
permission
Or use front-end proxy


I find 5443 one time in config. So i just change this to 443 and reboot?

https://github.com/apache/openmeetings/blob/master/openmeetings-server/src/main/assembly/conf/server.xml#L57
https://github.com/apache/openmeetings/blob/master/openmeetings-server/src/main/assembly/conf/server.xml#L73

and restart OM


Best wishes for having long nights with growing up daughter…
POW

Von: Maxim Solodovnik mailto:solomax...@gmail.com>>
Gesendet: Dienstag, 5. Mai 2020 08:12
An: Openmeetings user-list 
mailto:user@openmeetings.apache.org>>
Betreff: Re: OpenMeetings <-> BigBlueButton



On Tue, 5 May 2020 at 13:08, Rohrbach, Gerald 
mailto:g.rohrb...@funkegruppe.de>> wrote:
Peter,

good question. I mean not if Maxim is sleeping ever…

Yes, I think it’s an important hint to use a standard port.
In business environments it´s a 

AW: AW: AW: OpenMeetings <-> BigBlueButton

[Peter-Otto Weber]

Well – one step after the other…

I guess there’s now a problem with access rights.

Starting the service brings an error:

-- Unit openmeetings.service has begun starting up.
Mai 05 15:25:39 meetings startup.sh[2804]: touch: cannot touch 
'/opt/open503/logs/catalina.out': Permission denied
Mai 05 15:25:39 meetings startup.sh[2804]: /opt/open503/bin/catalina.sh: 467: 
/opt/open503/bin/catalina.sh: cannot create /opt/open503/logs/catalina.out: 
Permission denied
Mai 05 15:25:39 meetings systemd[1]: openmeetings.service: Control process 
exited, code=exited status=2
Mai 05 15:25:39 meetings systemd[1]: openmeetings.service: Failed with result 
'exit-code'.
Mai 05 15:25:39 meetings systemd[1]: Failed to start Apache OpenMeetings server.
-- Subject: Unit openmeetings.service has failed

Checking the driectore the rights on logs looks like this:

drwxr-xr-x 2 kurento loggedinuser   4096 Mai  5 15:25 logs

i guess i need to change the rights to something like

drwxrwxr-x 2 kurento root

Or do i have to use chown to make „root“ the owner

What about the other directories and files???

Best wishes

POW

Von: Juan Antonio Moreno Carmona 
Gesendet: Dienstag, 5. Mai 2020 14:33
An: user@openmeetings.apache.org
Betreff: Re: AW: AW: OpenMeetings <-> BigBlueButton


HI again.

By the way, what operating system or distribution are you using for the server?

Regards.
El 5/5/20 a las 14:02, Peter-Otto Weber escribió:
Hello Juan and Maxim,

i tested doing this:

created backup oft he two files
added AmbientCapabilities=CAP_NET_BIND_SERVICE to openmeetings.service
changed 5443 to 443 in server.xml

(There’s another line with port 5443 – shouldn’t this be changed also?)

rebooted the server

than login

sudo /etc/init.d/mysql start
sudo /etc/init.d/tomcat3 start

waiting about 1 minute

No access to openmeetings on 443 or 5443?

Used sudo netstat -plnt to see if port 443 is in use – could not find it.

Than copying back the changed files, reboot, start services and everything is 
back on port 5443.

Using netstat -plnt i can only see java but on tcp6 localhost :::5443 i can not 
see on what port openmeetings is listening???

Your last hints regarding openmeetings.service did not hit my brain at the 
right position – i do not understand???

Best wishes

POW

Von: Maxim Solodovnik 
Gesendet: Dienstag, 5. Mai 2020 13:13
An: Openmeetings user-list 

Betreff: Re: AW: OpenMeetings <-> BigBlueButton

instructions are in the script:
https://github.com/apache/openmeetings/blob/master/openmeetings-server/src/main/assembly/scripts/openmeetings.service#L15

don't forget to update the paths :)

On Tue, 5 May 2020 at 18:10, Juan Antonio Moreno Carmona 
mailto:jam...@gmail.com>> wrote:

Hi again.

I forgot to warn that you must use the file openmeetings.service to manage 
openmeetings for this to work. That is, you have copied the file 
openmeetings.service to /etc/systemd /system and you start, stop, restart 
openmeetings with:

sudo systemctl start openmeetings

sudo systemctl stop openmeetings

sudo systemctl restart openmeetings

Regards.
El 5/5/20 a las 13:04, Peter-Otto Weber escribió:
Thx Juan – i will give it a try.

Maybe it helps to get more acceptance with my business users.

Best wishes

POW

Von: Juan Antonio Moreno Carmona 
Gesendet: Dienstag, 5. Mai 2020 12:45
An: user@openmeetings.apache.org
Betreff: Re: OpenMeetings <-> BigBlueButton


Hi all.

As Maxim has already said, on *nix systems the use of ports below 1024 is 
restricted to the root user. So, you have two options, one is to run 
openmeetings as root user and then you can configure to use port 443 or run 
openmeetings as another user (openmeetings, nobody, etc.) and use a port above 
1024 (usually 8443). Well, this It is not the whole truth, you can really use a 
user other than root and configure openmeetings to run on port 443. There are 
several ways to achieve this and you can see some of them in

https://superuser.com/questions/710253/allow-non-root-process-to-bind-to-port-80-and-443

I tell you how I get it. I use the file openmeetings.service that comes with 
the openmeetings distribution with some minor modifications. You can see that 
lines 23-24 contain the following:

[Service]
Type=forking

Okay, add one more line just below so it looks like this

[Service]
Type=forking
AmbientCapabilities=CAP_NET_BIND_SERVICE

Then edit server.xml file and change

https://yourdomain.com/openmeetings

Regards.
El 5/5/20 a las 8:35, Maxim Solodovnik escribió:


On Tue, 5 May 2020 at 13:29, Peter-Otto Weber 
mailto:cyber...@hotmail.de>> wrote:
Hello Maxim,

sometimes your answers are a bit „cryptic“ for dummies like me 😊

What do you mean with „privileged on *nix“. What can happen if i use a 
„privileged“ web Port?

Special privileges are required to use ports <=1024 on *nix systems (MacOS, 
Ubuntu, Fedora etc.)

To do it secure way you need

main template location

[K. Kamhamea]

Does anyone know where the template is located. I have to ajust it a little
bit, so my logo and text better fits in.

[image: grafik.png]

Re: Update M3 -> M4

[K. Kamhamea]

I got it running again. LibreOffice is working with OM now.

But I not just purged LO but also removed everything reminding LO from my
GUI Package Manager (After purging there left a lot)

Am Mo., 4. Mai 2020 um 22:31 Uhr schrieb seba.wag...@gmail.com <
seba.wag...@gmail.com>:

> After upgrading to M5 I can see this exception in the log file:
> ERROR 05-05 08:24:52.302 o.a.o.c.c.DocumentConverter:109 [Thread-74] -
> doJodConvert
> java.lang.NullPointerException: null
> at
> org.jodconverter.local.office.LocalOfficeUtils.validateOfficeHome(LocalOfficeUtils.java:339)
> at
> org.jodconverter.local.office.LocalOfficeManager$Builder.build(LocalOfficeManager.java:169)
> at
> org.apache.openmeetings.core.converter.DocumentConverter.createOfficeManager(DocumentConverter.java:85)
> at
> org.apache.openmeetings.core.converter.DocumentConverter.doJodConvert(DocumentConverter.java:106)
> at
> org.apache.openmeetings.core.converter.DocumentConverter.convertPDF(DocumentConverter.java:68)
> at
> org.apache.openmeetings.core.data.file.FileProcessor.processFile(FileProcessor.java:116)
> at
> org.apache.openmeetings.core.data.file.FileProcessor.processFile(FileProcessor.java:91)
> at
> org.apache.openmeetings.core.data.file.Wicket_Proxy_FileProcessor$$FastClassByCGLIB$$6d986e8f.invoke()
> at net.sf.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
> at
> org.apache.wicket.proxy.LazyInitProxyFactory$AbstractCGLibInterceptor.intercept(LazyInitProxyFactory.java:364)
> at
> org.apache.openmeetings.core.data.file.Wicket_Proxy_FileProcessor$$EnhancerByCGLIB$$d310c632.processFile()
> at
> org.apache.openmeetings.web.room.sidebar.UploadDialog.convertAll(UploadDialog.java:261)
> at
> org.apache.openmeetings.web.room.sidebar.UploadDialog$7.lambda$onSubmit$0(UploadDialog.java:210)
> at
> org.apache.openmeetings.web.util.ThreadHelper.lambda$startRunnable$0(ThreadHelper.java:40)
> at java.base/java.lang.Thread.run(Thread.java:834)
>
> I thikn it happend after I upgrade OSX and libreoffice got purged from my
> system.
> So JOD Converter can't find the path anymore.
>
> Those are the paths for unix it tries (unless you overwrite it via the OM
> Config custom path):
>
> https://github.com/sbraconnier/jodconverter/blob/master/jodconverter-local/src/main/java/org/jodconverter/local/office/LocalOfficeUtils.java#L115
>
>
> Thanks,
> Sebastian
>
>
>
>
> Sebastian Wagner
> https://www.linkedin.com/in/sebastianwagner/
>
> 
> 
>
>
> On Tue, 5 May 2020 at 06:32, K. Kamhamea  wrote:
>
>> Thank you. After that no OM service any more on that computer  :-)))
>>
>> I'll probably re-install everything tomorrow.
>> Good night K.
>>
>> Am Mo., 4. Mai 2020 um 19:32 Uhr schrieb Maxim Solodovnik <
>> solomax...@gmail.com>:
>>
>>>
>>>
>>> On Tue, 5 May 2020 at 00:20, K. Kamhamea 
>>> wrote:
>>>
 > Are you installing to desktop or server?
 the computer is both a desktop and a server

 >What in the logs?
 INFO  05-04 19:13:09.697 o.j.l.o.OfficeProcess:434 [officeprocess-0] -
 Started process; pid: 4629
 ERROR 05-04 19:13:11.241 o.j.l.o.VerboseProcess:84 [Thread-191] -
 LibreOffice 6.4 - Fatal Error: Die Anwendung kann nicht gestartet werden.
 ERROR 05-04 19:13:11.242 o.j.l.o.VerboseProcess:84 [Thread-191] -
 Extension Manager: exception in synchronize
 INFO  05-04 19:13:11.297 o.j.c.o.AbstractOfficeManagerPool:156
 [Thread-183] - Stopping the office manager pool...
 INFO  05-04 19:13:11.299 o.j.l.o.OfficeProcessManager:313 [Thread-183]
 - Submitting task 'Stop' and waiting...
 INFO  05-04 19:13:11.303 o.j.l.o.OfficeProcess:240 [officeprocess-0] -
 Trying to forcibly terminate process:
 'host=127.0.0.1,port=2002,tcpNoDelay=1'; pid: 4629
 INFO  05-04 19:13:11.312 o.j.l.o.OfficeProcessManager:204
 [officeprocess-0] - Process terminated with code 77
 INFO  05-04 19:13:11.313 o.j.l.o.OfficeProcessManager:121
 [officeprocess-0] - Process exited with code 77
 INFO  05-04 19:13:11.319 o.j.c.o.AbstractOfficeManagerPool:174
 [Thread-183] - Office manager stopped
 ERROR 05-04 19:13:11.322 o.a.o.c.c.DocumentConverter:109 [Thread-183] -
 doJodConvert
 org.jodconverter.core.office.OfficeException: Office process died with
 exit code 77

 Fatal Error: Die Anwendung kann nicht gestartet werden. -> Fatal Error:
 the application could not be started

  > What OS on your server?
 Ubuntu 18.04

 BTW I just installed the whole server on a naked machine, with no
 pre-installed M3 and all works perfectly.

>>>
>>> I doubt have M3 can damage LibreOffice
>>> I would say some libarary was broken
>>> It is usually checked with starting office process from command line
>>>
>>> most probably apt remove with purge can help here
>>>
>>>

 Best K.

 Am Mo., 4. 

AW: AW: AW: OpenMeetings <-> BigBlueButton

[Peter-Otto Weber]

I’ll give it a try.

It’s ubuntu 18.04 LTS with om M3

Best wishes

POW

Von: Juan Antonio Moreno Carmona 
Gesendet: Dienstag, 5. Mai 2020 14:33
An: user@openmeetings.apache.org
Betreff: Re: AW: AW: OpenMeetings <-> BigBlueButton


HI again.

By the way, what operating system or distribution are you using for the server?

Regards.
El 5/5/20 a las 14:02, Peter-Otto Weber escribió:
Hello Juan and Maxim,

i tested doing this:

created backup oft he two files
added AmbientCapabilities=CAP_NET_BIND_SERVICE to openmeetings.service
changed 5443 to 443 in server.xml

(There’s another line with port 5443 – shouldn’t this be changed also?)

rebooted the server

than login

sudo /etc/init.d/mysql start
sudo /etc/init.d/tomcat3 start

waiting about 1 minute

No access to openmeetings on 443 or 5443?

Used sudo netstat -plnt to see if port 443 is in use – could not find it.

Than copying back the changed files, reboot, start services and everything is 
back on port 5443.

Using netstat -plnt i can only see java but on tcp6 localhost :::5443 i can not 
see on what port openmeetings is listening???

Your last hints regarding openmeetings.service did not hit my brain at the 
right position – i do not understand???

Best wishes

POW

Von: Maxim Solodovnik 
Gesendet: Dienstag, 5. Mai 2020 13:13
An: Openmeetings user-list 

Betreff: Re: AW: OpenMeetings <-> BigBlueButton

instructions are in the script:
https://github.com/apache/openmeetings/blob/master/openmeetings-server/src/main/assembly/scripts/openmeetings.service#L15

don't forget to update the paths :)

On Tue, 5 May 2020 at 18:10, Juan Antonio Moreno Carmona 
mailto:jam...@gmail.com>> wrote:

Hi again.

I forgot to warn that you must use the file openmeetings.service to manage 
openmeetings for this to work. That is, you have copied the file 
openmeetings.service to /etc/systemd /system and you start, stop, restart 
openmeetings with:

sudo systemctl start openmeetings

sudo systemctl stop openmeetings

sudo systemctl restart openmeetings

Regards.
El 5/5/20 a las 13:04, Peter-Otto Weber escribió:
Thx Juan – i will give it a try.

Maybe it helps to get more acceptance with my business users.

Best wishes

POW

Von: Juan Antonio Moreno Carmona 
Gesendet: Dienstag, 5. Mai 2020 12:45
An: user@openmeetings.apache.org
Betreff: Re: OpenMeetings <-> BigBlueButton


Hi all.

As Maxim has already said, on *nix systems the use of ports below 1024 is 
restricted to the root user. So, you have two options, one is to run 
openmeetings as root user and then you can configure to use port 443 or run 
openmeetings as another user (openmeetings, nobody, etc.) and use a port above 
1024 (usually 8443). Well, this It is not the whole truth, you can really use a 
user other than root and configure openmeetings to run on port 443. There are 
several ways to achieve this and you can see some of them in

https://superuser.com/questions/710253/allow-non-root-process-to-bind-to-port-80-and-443

I tell you how I get it. I use the file openmeetings.service that comes with 
the openmeetings distribution with some minor modifications. You can see that 
lines 23-24 contain the following:

[Service]
Type=forking

Okay, add one more line just below so it looks like this

[Service]
Type=forking
AmbientCapabilities=CAP_NET_BIND_SERVICE

Then edit server.xml file and change

https://yourdomain.com/openmeetings

Regards.
El 5/5/20 a las 8:35, Maxim Solodovnik escribió:


On Tue, 5 May 2020 at 13:29, Peter-Otto Weber 
mailto:cyber...@hotmail.de>> wrote:
Hello Maxim,

sometimes your answers are a bit „cryptic“ for dummies like me 😊

What do you mean with „privileged on *nix“. What can happen if i use a 
„privileged“ web Port?

Special privileges are required to use ports <=1024 on *nix systems (MacOS, 
Ubuntu, Fedora etc.)

To do it secure way you need to create special user and grant  it with special 
permission
Or use front-end proxy


I find 5443 one time in config. So i just change this to 443 and reboot?

https://github.com/apache/openmeetings/blob/master/openmeetings-server/src/main/assembly/conf/server.xml#L57
https://github.com/apache/openmeetings/blob/master/openmeetings-server/src/main/assembly/conf/server.xml#L73

and restart OM


Best wishes for having long nights with growing up daughter…
POW

Von: Maxim Solodovnik mailto:solomax...@gmail.com>>
Gesendet: Dienstag, 5. Mai 2020 08:12
An: Openmeetings user-list 
mailto:user@openmeetings.apache.org>>
Betreff: Re: OpenMeetings <-> BigBlueButton



On Tue, 5 May 2020 at 13:08, Rohrbach, Gerald 
mailto:g.rohrb...@funkegruppe.de>> wrote:
Peter,

good question. I mean not if Maxim is sleeping ever…

Yes, I think it’s an important hint to use a standard port.
In business environments it´s a problem with special ports.

Maxim, where we have to configure this?

it depends on your configuration
for Tomcat stand-alone config
 

Re: AW: AW: OpenMeetings <-> BigBlueButton

[Juan Antonio Moreno Carmona]

HI again.

By the way, what operating system or distribution are you using for the 
server?


Regards.

El 5/5/20 a las 14:02, Peter-Otto Weber escribió:


Hello Juan and Maxim,

i tested doing this:

created backup oft he two files

added AmbientCapabilities=CAP_NET_BIND_SERVICE to openmeetings.service

changed 5443 to 443 in server.xml

(There’s another line with port 5443 – shouldn’t this be changed 
also?)


rebooted the server

than login

sudo /etc/init.d/mysql start

sudo /etc/init.d/tomcat3 start

waiting about 1 minute

No access to openmeetings on 443 or 5443?

Used sudo netstat -plnt to see if port 443 is in use – could not find it.

Than copying back the changed files, reboot, start services and 
everything is back on port 5443.


Using netstat -plnt i can only see java but on tcp6 localhost :::5443 
i can not see on what port openmeetings is listening???


Your last hints regarding openmeetings.service did not hit my brain at 
the right position – i do not understand???


Best wishes

POW

*Von:* Maxim Solodovnik 
*Gesendet:* Dienstag, 5. Mai 2020 13:13
*An:* Openmeetings user-list 
*Betreff:* Re: AW: OpenMeetings <-> BigBlueButton

instructions are in the script:

https://github.com/apache/openmeetings/blob/master/openmeetings-server/src/main/assembly/scripts/openmeetings.service#L15

don't forget to update the paths :)

On Tue, 5 May 2020 at 18:10, Juan Antonio Moreno Carmona 
mailto:jam...@gmail.com>> wrote:


Hi again.

I forgot to warn that you must use the file openmeetings.service
to manage openmeetings for this to work. That is, you have copied
the file openmeetings.service to /etc/systemd /system and you
start, stop, restart openmeetings with:

sudo systemctl start openmeetings

sudo systemctl stop openmeetings

sudo systemctl restart openmeetings

Regards.

El 5/5/20 a las 13:04, Peter-Otto Weber escribió:

Thx Juan – i will give it a try.

Maybe it helps to get more acceptance with my business users.

Best wishes

POW

*Von:* Juan Antonio Moreno Carmona 

*Gesendet:* Dienstag, 5. Mai 2020 12:45
*An:* user@openmeetings.apache.org

*Betreff:* Re: OpenMeetings <-> BigBlueButton

Hi all.

As Maxim has already said, on *nix systems the use of ports
below 1024 is restricted to the root user. So, you have two
options, one is to run openmeetings as root user and then you
can configure to use port 443 or run openmeetings as another
user (openmeetings, nobody, etc.) and use a port above 1024
(usually 8443). Well, this It is not the whole truth, you can
really use a user other than root and configure openmeetings
to run on port 443. There are several ways to achieve this and
you can see some of them in


https://superuser.com/questions/710253/allow-non-root-process-to-bind-to-port-80-and-443

I tell you how I get it. I use the file openmeetings.service
that comes with the openmeetings distribution with some minor
modifications. You can see that lines 23-24 contain the following:

[Service]
Type=forking

Okay, add one more line just below so it looks like this

[Service]
Type=forking
AmbientCapabilities=CAP_NET_BIND_SERVICE

Then edit server.xml file and change

https://yourdomain.com/openmeetings


Regards.

El 5/5/20 a las 8:35, Maxim Solodovnik escribió:

On Tue, 5 May 2020 at 13:29, Peter-Otto Weber
mailto:cyber...@hotmail.de>> wrote:

Hello Maxim,

sometimes your answers are a bit „cryptic“ for dummies
like me 😊

What do you mean with „privileged on *nix“. What can
happen if i use a „privileged“ web Port?

Special privileges are required to use ports <=1024 on
*nix systems (MacOS, Ubuntu, Fedora etc.)

To do it secure way you need to create special user and
grant  it with special permission

Or use front-end proxy

I find 5443 one time in config. So i just change this
to 443 and reboot?


https://github.com/apache/openmeetings/blob/master/openmeetings-server/src/main/assembly/conf/server.xml#L57


https://github.com/apache/openmeetings/blob/master/openmeetings-server/src/main/assembly/conf/server.xml#L73

and restart OM

Best wishes for having long nights with growing up
daughter…

POW

*Von:* Maxim Solodovnik mailto:solomax...@gmail.com>>
*Gesendet:* Dienstag, 5. Mai 2020 08:12
*An:* Openmeetings user-list
mailto:user@openmeetings.apac

Re: AW: AW: OpenMeetings <-> BigBlueButton

[Juan Antonio Moreno Carmona]

Hi Peter-Otto.

The command:

sudo /etc/init.d/tomcat3 start

Is another way to start openmeetings but then all we said simply won't 
works.


You should forget about the tomcat3 file and start openmeetings with 
that command. You must edit the file openmeetings.service, place it in 
/etc/systemd/system/openmeetings.service and start openmeetings with the 
command


sudo systemctl start openmeetings.service

Regards.

El 5/5/20 a las 14:02, Peter-Otto Weber escribió:


Hello Juan and Maxim,

i tested doing this:

created backup oft he two files

added AmbientCapabilities=CAP_NET_BIND_SERVICE to openmeetings.service

changed 5443 to 443 in server.xml

(There’s another line with port 5443 – shouldn’t this be changed 
also?)


rebooted the server

than login

sudo /etc/init.d/mysql start

sudo /etc/init.d/tomcat3 start

waiting about 1 minute

No access to openmeetings on 443 or 5443?

Used sudo netstat -plnt to see if port 443 is in use – could not find it.

Than copying back the changed files, reboot, start services and 
everything is back on port 5443.


Using netstat -plnt i can only see java but on tcp6 localhost :::5443 
i can not see on what port openmeetings is listening???


Your last hints regarding openmeetings.service did not hit my brain at 
the right position – i do not understand???


Best wishes

POW

*Von:* Maxim Solodovnik 
*Gesendet:* Dienstag, 5. Mai 2020 13:13
*An:* Openmeetings user-list 
*Betreff:* Re: AW: OpenMeetings <-> BigBlueButton

instructions are in the script:

https://github.com/apache/openmeetings/blob/master/openmeetings-server/src/main/assembly/scripts/openmeetings.service#L15

don't forget to update the paths :)

On Tue, 5 May 2020 at 18:10, Juan Antonio Moreno Carmona 
mailto:jam...@gmail.com>> wrote:


Hi again.

I forgot to warn that you must use the file openmeetings.service
to manage openmeetings for this to work. That is, you have copied
the file openmeetings.service to /etc/systemd /system and you
start, stop, restart openmeetings with:

sudo systemctl start openmeetings

sudo systemctl stop openmeetings

sudo systemctl restart openmeetings

Regards.

El 5/5/20 a las 13:04, Peter-Otto Weber escribió:

Thx Juan – i will give it a try.

Maybe it helps to get more acceptance with my business users.

Best wishes

POW

*Von:* Juan Antonio Moreno Carmona 

*Gesendet:* Dienstag, 5. Mai 2020 12:45
*An:* user@openmeetings.apache.org

*Betreff:* Re: OpenMeetings <-> BigBlueButton

Hi all.

As Maxim has already said, on *nix systems the use of ports
below 1024 is restricted to the root user. So, you have two
options, one is to run openmeetings as root user and then you
can configure to use port 443 or run openmeetings as another
user (openmeetings, nobody, etc.) and use a port above 1024
(usually 8443). Well, this It is not the whole truth, you can
really use a user other than root and configure openmeetings
to run on port 443. There are several ways to achieve this and
you can see some of them in


https://superuser.com/questions/710253/allow-non-root-process-to-bind-to-port-80-and-443

I tell you how I get it. I use the file openmeetings.service
that comes with the openmeetings distribution with some minor
modifications. You can see that lines 23-24 contain the following:

[Service]
Type=forking

Okay, add one more line just below so it looks like this

[Service]
Type=forking
AmbientCapabilities=CAP_NET_BIND_SERVICE

Then edit server.xml file and change

https://yourdomain.com/openmeetings


Regards.

El 5/5/20 a las 8:35, Maxim Solodovnik escribió:

On Tue, 5 May 2020 at 13:29, Peter-Otto Weber
mailto:cyber...@hotmail.de>> wrote:

Hello Maxim,

sometimes your answers are a bit „cryptic“ for dummies
like me 😊

What do you mean with „privileged on *nix“. What can
happen if i use a „privileged“ web Port?

Special privileges are required to use ports <=1024 on
*nix systems (MacOS, Ubuntu, Fedora etc.)

To do it secure way you need to create special user and
grant  it with special permission

Or use front-end proxy

I find 5443 one time in config. So i just change this
to 443 and reboot?


https://github.com/apache/openmeetings/blob/master/openmeetings-server/src/main/assembly/conf/server.xml#L57


https://github.com/apache/openmeetings/blob/master/openmeetings-server/src/main/assembly/conf/server.xml#L73

and restart OM

 

AW: AW: OpenMeetings <-> BigBlueButton

[Peter-Otto Weber]

Hello Juan and Maxim,

i tested doing this:

created backup oft he two files
added AmbientCapabilities=CAP_NET_BIND_SERVICE to openmeetings.service
changed 5443 to 443 in server.xml

(There’s another line with port 5443 – shouldn’t this be changed also?)

rebooted the server

than login

sudo /etc/init.d/mysql start
sudo /etc/init.d/tomcat3 start

waiting about 1 minute

No access to openmeetings on 443 or 5443?

Used sudo netstat -plnt to see if port 443 is in use – could not find it.

Than copying back the changed files, reboot, start services and everything is 
back on port 5443.

Using netstat -plnt i can only see java but on tcp6 localhost :::5443 i can not 
see on what port openmeetings is listening???

Your last hints regarding openmeetings.service did not hit my brain at the 
right position – i do not understand???

Best wishes

POW

Von: Maxim Solodovnik 
Gesendet: Dienstag, 5. Mai 2020 13:13
An: Openmeetings user-list 
Betreff: Re: AW: OpenMeetings <-> BigBlueButton

instructions are in the script:
https://github.com/apache/openmeetings/blob/master/openmeetings-server/src/main/assembly/scripts/openmeetings.service#L15

don't forget to update the paths :)

On Tue, 5 May 2020 at 18:10, Juan Antonio Moreno Carmona 
mailto:jam...@gmail.com>> wrote:

Hi again.

I forgot to warn that you must use the file openmeetings.service to manage 
openmeetings for this to work. That is, you have copied the file 
openmeetings.service to /etc/systemd /system and you start, stop, restart 
openmeetings with:

sudo systemctl start openmeetings

sudo systemctl stop openmeetings

sudo systemctl restart openmeetings

Regards.
El 5/5/20 a las 13:04, Peter-Otto Weber escribió:
Thx Juan – i will give it a try.

Maybe it helps to get more acceptance with my business users.

Best wishes

POW

Von: Juan Antonio Moreno Carmona 
Gesendet: Dienstag, 5. Mai 2020 12:45
An: user@openmeetings.apache.org
Betreff: Re: OpenMeetings <-> BigBlueButton


Hi all.

As Maxim has already said, on *nix systems the use of ports below 1024 is 
restricted to the root user. So, you have two options, one is to run 
openmeetings as root user and then you can configure to use port 443 or run 
openmeetings as another user (openmeetings, nobody, etc.) and use a port above 
1024 (usually 8443). Well, this It is not the whole truth, you can really use a 
user other than root and configure openmeetings to run on port 443. There are 
several ways to achieve this and you can see some of them in

https://superuser.com/questions/710253/allow-non-root-process-to-bind-to-port-80-and-443

I tell you how I get it. I use the file openmeetings.service that comes with 
the openmeetings distribution with some minor modifications. You can see that 
lines 23-24 contain the following:

[Service]
Type=forking

Okay, add one more line just below so it looks like this

[Service]
Type=forking
AmbientCapabilities=CAP_NET_BIND_SERVICE

Then edit server.xml file and change

https://yourdomain.com/openmeetings

Regards.
El 5/5/20 a las 8:35, Maxim Solodovnik escribió:


On Tue, 5 May 2020 at 13:29, Peter-Otto Weber 
mailto:cyber...@hotmail.de>> wrote:
Hello Maxim,

sometimes your answers are a bit „cryptic“ for dummies like me 😊

What do you mean with „privileged on *nix“. What can happen if i use a 
„privileged“ web Port?

Special privileges are required to use ports <=1024 on *nix systems (MacOS, 
Ubuntu, Fedora etc.)

To do it secure way you need to create special user and grant  it with special 
permission
Or use front-end proxy


I find 5443 one time in config. So i just change this to 443 and reboot?

https://github.com/apache/openmeetings/blob/master/openmeetings-server/src/main/assembly/conf/server.xml#L57
https://github.com/apache/openmeetings/blob/master/openmeetings-server/src/main/assembly/conf/server.xml#L73

and restart OM


Best wishes for having long nights with growing up daughter…
POW

Von: Maxim Solodovnik mailto:solomax...@gmail.com>>
Gesendet: Dienstag, 5. Mai 2020 08:12
An: Openmeetings user-list 
mailto:user@openmeetings.apache.org>>
Betreff: Re: OpenMeetings <-> BigBlueButton



On Tue, 5 May 2020 at 13:08, Rohrbach, Gerald 
mailto:g.rohrb...@funkegruppe.de>> wrote:
Peter,

good question. I mean not if Maxim is sleeping ever…

Yes, I think it’s an important hint to use a standard port.
In business environments it´s a problem with special ports.

Maxim, where we have to configure this?

it depends on your configuration
for Tomcat stand-alone config
 
https://github.com/apache/openmeetings/blob/master/openmeetings-server/src/main/assembly/conf/server.xml

Please NOTE port 443 is privileged on *nix systems 




Regards

Gerald.


Von: Peter-Otto Weber [mailto:cyber...@hotmail.de]
Gesendet: Dienstag, 5. Mai 2020 08:05
An: user@openmeetings.apache.org
Betreff: AW: OpenMeetings <-> BigBlueButton

Hello Maxim,

has this been test

Re: AW: OpenMeetings <-> BigBlueButton

[Maxim Solodovnik]

instructions are in the script:
https://github.com/apache/openmeetings/blob/master/openmeetings-server/src/main/assembly/scripts/openmeetings.service#L15

don't forget to update the paths :)

On Tue, 5 May 2020 at 18:10, Juan Antonio Moreno Carmona 
wrote:

> Hi again.
>
> I forgot to warn that you must use the file openmeetings.service to manage
> openmeetings for this to work. That is, you have copied the file
> openmeetings.service to /etc/systemd /system and you start, stop, restart
> openmeetings with:
>
> sudo systemctl start openmeetings
>
> sudo systemctl stop openmeetings
>
> sudo systemctl restart openmeetings
>
> Regards.
> El 5/5/20 a las 13:04, Peter-Otto Weber escribió:
>
> Thx Juan – i will give it a try.
>
>
>
> Maybe it helps to get more acceptance with my business users.
>
>
>
> Best wishes
>
>
>
> POW
>
>
>
> *Von:* Juan Antonio Moreno Carmona  
> *Gesendet:* Dienstag, 5. Mai 2020 12:45
> *An:* user@openmeetings.apache.org
> *Betreff:* Re: OpenMeetings <-> BigBlueButton
>
>
>
> Hi all.
>
> As Maxim has already said, on *nix systems the use of ports below 1024 is
> restricted to the root user. So, you have two options, one is to run
> openmeetings as root user and then you can configure to use port 443 or run
> openmeetings as another user (openmeetings, nobody, etc.) and use a port
> above 1024 (usually 8443). Well, this It is not the whole truth, you can
> really use a user other than root and configure openmeetings to run on port
> 443. There are several ways to achieve this and you can see some of them in
>
>
> https://superuser.com/questions/710253/allow-non-root-process-to-bind-to-port-80-and-443
>
> I tell you how I get it. I use the file openmeetings.service that comes
> with the openmeetings distribution with some minor modifications. You can
> see that lines 23-24 contain the following:
>
> [Service]
> Type=forking
>
> Okay, add one more line just below so it looks like this
>
> [Service]
> Type=forking
> AmbientCapabilities=CAP_NET_BIND_SERVICE
>
> Then edit server.xml file and change
>
> 
> to
>
> 
> Restart openmeetings and visit https://yourdomain.com/openmeetings
>
> Regards.
>
> El 5/5/20 a las 8:35, Maxim Solodovnik escribió:
>
>
>
>
>
> On Tue, 5 May 2020 at 13:29, Peter-Otto Weber  wrote:
>
> Hello Maxim,
>
>
>
> sometimes your answers are a bit „cryptic“ for dummies like me 😊
>
>
>
> What do you mean with „privileged on *nix“. What can happen if i use a
> „privileged“ web Port?
>
>
>
> Special privileges are required to use ports <=1024 on *nix systems
> (MacOS, Ubuntu, Fedora etc.)
>
>
>
> To do it secure way you need to create special user and grant  it with
> special permission
>
> Or use front-end proxy
>
>
>
>
>
> I find 5443 one time in config. So i just change this to 443 and reboot?
>
>
>
>
> https://github.com/apache/openmeetings/blob/master/openmeetings-server/src/main/assembly/conf/server.xml#L57
>
>
> https://github.com/apache/openmeetings/blob/master/openmeetings-server/src/main/assembly/conf/server.xml#L73
>
>
>
> and restart OM
>
>
>
>
>
> Best wishes for having long nights with growing up daughter…
>
> POW
>
>
>
> *Von:* Maxim Solodovnik 
> *Gesendet:* Dienstag, 5. Mai 2020 08:12
> *An:* Openmeetings user-list 
> *Betreff:* Re: OpenMeetings <-> BigBlueButton
>
>
>
>
>
>
>
> On Tue, 5 May 2020 at 13:08, Rohrbach, Gerald 
> wrote:
>
> Peter,
>
>
>
> good question. I mean not if Maxim is sleeping ever…
>
>
>
> Yes, I think it’s an important hint to use a standard port.
>
> In business environments it´s a problem with special ports.
>
>
>
> Maxim, where we have to configure this?
>
>
>
> it depends on your configuration
>
> for Tomcat stand-alone config
>
>
> https://github.com/apache/openmeetings/blob/master/openmeetings-server/src/main/assembly/conf/server.xml
>
>
>
> Please NOTE port 443 is privileged on *nix systems 
>
>
>
>
>
>
>
>
>
> Regards
>
>
>
> Gerald.
>
>
>
>
>
> *Von:* Peter-Otto Weber [mailto:cyber...@hotmail.de]
> *Gesendet:* Dienstag, 5. Mai 2020 08:05
> *An:* user@openmeetings.apache.org
> *Betreff:* AW: OpenMeetings <-> BigBlueButton
>
>
>
> Hello Maxim,
>
>
>
> has this been tested / done before and mos impotant for „newbies“ how can
> this be configured?
>
>
>
> Regards
>
>
>
> è Do you ever sleep ? 😉
>
>
>
> POW
>
>
>
> *Von:* Maxim Solodovnik 
> *Gesendet:* Dienstag, 5. Mai 2020 08:02
> *An:* Openmeetings user-list 
> *Betreff:* Re: OpenMeetings <-> BigBlueButton
>
>
>
>
>
>
>
> On Tue, 5 May 2020 at 12:58, Peter-Otto Weber  wrote:
>
> I just got in first contact with „bigbluebutton“.
>
>
>
> It seems to be very similar to openmeetings but – as i suggested before –
> has a better implementation of video arrangement.
>
>
>
> All videos automatically were arranged above the whitboard – i like it.
>
>
>
> What i wonder is ,why open meetings needs to use specific https port and
> bigbluebutton does not?
>
>
>
> port 8443 is used for demo-next because version 4.0.x using 443 ATM
>
> port 5443 is used for out-of-box version to avoid con

Re: AW: OpenMeetings <-> BigBlueButton

[Juan Antonio Moreno Carmona]

Hi again.

I forgot to warn that you must use the file openmeetings.service to 
manage openmeetings for this to work. That is, you have copied the file 
openmeetings.service to /etc/systemd /system and you start, stop, 
restart openmeetings with:


sudo systemctl start openmeetings

sudo systemctl stop openmeetings

sudo systemctl restart openmeetings

Regards.

El 5/5/20 a las 13:04, Peter-Otto Weber escribió:


Thx Juan – i will give it a try.

Maybe it helps to get more acceptance with my business users.

Best wishes

POW

*Von:* Juan Antonio Moreno Carmona 
*Gesendet:* Dienstag, 5. Mai 2020 12:45
*An:* user@openmeetings.apache.org
*Betreff:* Re: OpenMeetings <-> BigBlueButton

Hi all.

As Maxim has already said, on *nix systems the use of ports below 1024 
is restricted to the root user. So, you have two options, one is to 
run openmeetings as root user and then you can configure to use port 
443 or run openmeetings as another user (openmeetings, nobody, etc.) 
and use a port above 1024 (usually 8443). Well, this It is not the 
whole truth, you can really use a user other than root and configure 
openmeetings to run on port 443. There are several ways to achieve 
this and you can see some of them in


https://superuser.com/questions/710253/allow-non-root-process-to-bind-to-port-80-and-443

I tell you how I get it. I use the file openmeetings.service that 
comes with the openmeetings distribution with some minor 
modifications. You can see that lines 23-24 contain the following:


[Service]
Type=forking

Okay, add one more line just below so it looks like this

[Service]
Type=forking
AmbientCapabilities=CAP_NET_BIND_SERVICE

Then edit server.xml file and change

https://yourdomain.com/openmeetings

Regards.

El 5/5/20 a las 8:35, Maxim Solodovnik escribió:

On Tue, 5 May 2020 at 13:29, Peter-Otto Weber mailto:cyber...@hotmail.de>> wrote:

Hello Maxim,

sometimes your answers are a bit „cryptic“ for dummies like me 😊

What do you mean with „privileged on *nix“. What can happen if
i use a „privileged“ web Port?

Special privileges are required to use ports <=1024 on *nix
systems (MacOS, Ubuntu, Fedora etc.)

To do it secure way you need to create special user and grant  it
with special permission

Or use front-end proxy

I find 5443 one time in config. So i just change this to 443
and reboot?


https://github.com/apache/openmeetings/blob/master/openmeetings-server/src/main/assembly/conf/server.xml#L57


https://github.com/apache/openmeetings/blob/master/openmeetings-server/src/main/assembly/conf/server.xml#L73

and restart OM

Best wishes for having long nights with growing up daughter…

POW

*Von:* Maxim Solodovnik mailto:solomax...@gmail.com>>
*Gesendet:* Dienstag, 5. Mai 2020 08:12
*An:* Openmeetings user-list mailto:user@openmeetings.apache.org>>
*Betreff:* Re: OpenMeetings <-> BigBlueButton

On Tue, 5 May 2020 at 13:08, Rohrbach, Gerald
mailto:g.rohrb...@funkegruppe.de>>
wrote:

Peter,

good question. I mean not if Maxim is sleeping ever…

Yes, I think it’s an important hint to use a standard port.

In business environments it´s a problem with special ports.

Maxim, where we have to configure this?

it depends on your configuration

for Tomcat stand-alone config


https://github.com/apache/openmeetings/blob/master/openmeetings-server/src/main/assembly/conf/server.xml

Please NOTE port 443 is privileged on *nix systems 

Regards

Gerald.

*Von:* Peter-Otto Weber [mailto:cyber...@hotmail.de
]
*Gesendet:* Dienstag, 5. Mai 2020 08:05
*An:* user@openmeetings.apache.org

*Betreff:* AW: OpenMeetings <-> BigBlueButton

Hello Maxim,

has this been tested / done before and mos impotant for
„newbies“ how can this be configured?

Regards

èDo you ever sleep ? 😉

POW

*Von:* Maxim Solodovnik mailto:solomax...@gmail.com>>
*Gesendet:* Dienstag, 5. Mai 2020 08:02
*An:* Openmeetings user-list mailto:user@openmeetings.apache.org>>
*Betreff:* Re: OpenMeetings <-> BigBlueButton

On Tue, 5 May 2020 at 12:58, Peter-Otto Weber
mailto:cyber...@hotmail.de>> wrote:

I just got in first contact with „bigbluebutton“.

It seems to be very similar to openmeetings but – as i
suggested before – has a better implementation of
video arrangement.

All videos automatically were arranged above the
whitboard – i like it.

What i wonder is ,why open meetings needs to use
  

AW: OpenMeetings <-> BigBlueButton

[Peter-Otto Weber]

Thx Juan – i will give it a try.

Maybe it helps to get more acceptance with my business users.

Best wishes

POW

Von: Juan Antonio Moreno Carmona 
Gesendet: Dienstag, 5. Mai 2020 12:45
An: user@openmeetings.apache.org
Betreff: Re: OpenMeetings <-> BigBlueButton


Hi all.

As Maxim has already said, on *nix systems the use of ports below 1024 is 
restricted to the root user. So, you have two options, one is to run 
openmeetings as root user and then you can configure to use port 443 or run 
openmeetings as another user (openmeetings, nobody, etc.) and use a port above 
1024 (usually 8443). Well, this It is not the whole truth, you can really use a 
user other than root and configure openmeetings to run on port 443. There are 
several ways to achieve this and you can see some of them in

https://superuser.com/questions/710253/allow-non-root-process-to-bind-to-port-80-and-443

I tell you how I get it. I use the file openmeetings.service that comes with 
the openmeetings distribution with some minor modifications. You can see that 
lines 23-24 contain the following:

[Service]
Type=forking

Okay, add one more line just below so it looks like this

[Service]
Type=forking
AmbientCapabilities=CAP_NET_BIND_SERVICE

Then edit server.xml file and change

https://yourdomain.com/openmeetings

Regards.
El 5/5/20 a las 8:35, Maxim Solodovnik escribió:


On Tue, 5 May 2020 at 13:29, Peter-Otto Weber 
mailto:cyber...@hotmail.de>> wrote:
Hello Maxim,

sometimes your answers are a bit „cryptic“ for dummies like me 😊

What do you mean with „privileged on *nix“. What can happen if i use a 
„privileged“ web Port?

Special privileges are required to use ports <=1024 on *nix systems (MacOS, 
Ubuntu, Fedora etc.)

To do it secure way you need to create special user and grant  it with special 
permission
Or use front-end proxy


I find 5443 one time in config. So i just change this to 443 and reboot?

https://github.com/apache/openmeetings/blob/master/openmeetings-server/src/main/assembly/conf/server.xml#L57
https://github.com/apache/openmeetings/blob/master/openmeetings-server/src/main/assembly/conf/server.xml#L73

and restart OM


Best wishes for having long nights with growing up daughter…
POW

Von: Maxim Solodovnik mailto:solomax...@gmail.com>>
Gesendet: Dienstag, 5. Mai 2020 08:12
An: Openmeetings user-list 
mailto:user@openmeetings.apache.org>>
Betreff: Re: OpenMeetings <-> BigBlueButton



On Tue, 5 May 2020 at 13:08, Rohrbach, Gerald 
mailto:g.rohrb...@funkegruppe.de>> wrote:
Peter,

good question. I mean not if Maxim is sleeping ever…

Yes, I think it’s an important hint to use a standard port.
In business environments it´s a problem with special ports.

Maxim, where we have to configure this?

it depends on your configuration
for Tomcat stand-alone config
 
https://github.com/apache/openmeetings/blob/master/openmeetings-server/src/main/assembly/conf/server.xml

Please NOTE port 443 is privileged on *nix systems 




Regards

Gerald.


Von: Peter-Otto Weber [mailto:cyber...@hotmail.de]
Gesendet: Dienstag, 5. Mai 2020 08:05
An: user@openmeetings.apache.org
Betreff: AW: OpenMeetings <-> BigBlueButton

Hello Maxim,

has this been tested / done before and mos impotant for „newbies“ how can this 
be configured?

Regards

==> Do you ever sleep ? 😉

POW

Von: Maxim Solodovnik mailto:solomax...@gmail.com>>
Gesendet: Dienstag, 5. Mai 2020 08:02
An: Openmeetings user-list 
mailto:user@openmeetings.apache.org>>
Betreff: Re: OpenMeetings <-> BigBlueButton



On Tue, 5 May 2020 at 12:58, Peter-Otto Weber 
mailto:cyber...@hotmail.de>> wrote:
I just got in first contact with „bigbluebutton“.

It seems to be very similar to openmeetings but – as i suggested before – has a 
better implementation of video arrangement.

All videos automatically were arranged above the whitboard – i like it.

What i wonder is ,why open meetings needs to use specific https port and 
bigbluebutton does not?

port 8443 is used for demo-next because version 4.0.x using 443 ATM
port 5443 is used for out-of-box version to avoid conflicts with running HTTP 
server

you free to set up OM on port 443


The main problem is with customers having a firewall allowing only 80/443. We 
had scheduled a meeting with customers that had to be canceled due to 
networking / firewall problems.

Using 80/443 like on bigbluebutton would make everything much easier? Is this 
possible?

Best wishes

POW


--
Best regards,
Maxim


--
Best regards,
Maxim


--
Best regards,
Maxim

RE: upgrade M5 version

[Chamberland, Martin]

[cid:banner1.jpg]

Thank’s for that link Maxim
Beside update all file to M5,  is that possible to only change some files that 
were modified/fixed for the Canadian timezone issue ?

Martin Chamberland
Technicien en informatique

La Financière agricole du Québec

1400, boul. Guillaume-Couture
Lévis (Québec) G6W 8K7
Téléphone : 418 838-5614, poste 6230
martin.chamberl...@fadq.qc.ca
www.fadq.qc.ca

[cid:image001.jpg@01D622AB.453FA800]

De : Maxim Solodovnik [mailto:solomax...@gmail.com]
Envoyé : 4 mai 2020 23:04
À : Openmeetings user-list 
Objet : Re: upgrade M5 version

Hello Martin,

there is no release yet
SNAPSHOT is available at build server: 
https://builds.apache.org/view/M-R/view/OpenMeetings/job/openmeetings/

On Tue, 5 May 2020 at 01:49, Chamberland, Martin 
mailto:martin.chamberl...@fadq.qc.ca>> wrote:

[cid:image002.jpg@01D622AB.453FA800]

Can i get the link to download M5 release.
We need it, because there is a bug in the calendar creation meeting when using 
Canada timezone.
It’s supposed to be fix in the M5 release and want to give it a try.

Thank’s

Martin Chamberland
Technicien en informatique

La Financière agricole du Québec

1400, boul. Guillaume-Couture
Lévis (Québec) G6W 8K7
Téléphone : 418 838-5614, poste 6230
martin.chamberl...@fadq.qc.ca
www.fadq.qc.ca

[cid:image001.jpg@01D622AB.453FA800]


--
Best regards,
Maxim

Re: OpenMeetings <-> BigBlueButton

[Juan Antonio Moreno Carmona]

Hi all.

As Maxim has already said, on *nix systems the use of ports below 1024 
is restricted to the root user. So, you have two options, one is to run 
openmeetings as root user and then you can configure to use port 443 or 
run openmeetings as another user (openmeetings, nobody, etc.) and use a 
port above 1024 (usually 8443). Well, this It is not the whole truth, 
you can really use a user other than root and configure openmeetings to 
run on port 443. There are several ways to achieve this and you can see 
some of them in


https://superuser.com/questions/710253/allow-non-root-process-to-bind-to-port-80-and-443

I tell you how I get it. I use the file openmeetings.service that comes 
with the openmeetings distribution with some minor modifications. You 
can see that lines 23-24 contain the following:


[Service]
Type=forking

Okay, add one more line just below so it looks like this

[Service]
Type=forking
AmbientCapabilities=CAP_NET_BIND_SERVICE

Then edit server.xml file and change

https://yourdomain.com/openmeetings

Regards.

El 5/5/20 a las 8:35, Maxim Solodovnik escribió:



On Tue, 5 May 2020 at 13:29, Peter-Otto Weber > wrote:


Hello Maxim,

sometimes your answers are a bit „cryptic“ for dummies like me 😊

What do you mean with „privileged on *nix“. What can happen if i
use a „privileged“ web Port?


Special privileges are required to use ports <=1024 on *nix systems 
(MacOS, Ubuntu, Fedora etc.)


To do it secure way you need to create special user and grant  it with 
special permission

Or use front-end proxy

I find 5443 one time in config. So i just change this to 443 and
reboot?

https://github.com/apache/openmeetings/blob/master/openmeetings-server/src/main/assembly/conf/server.xml#L57
https://github.com/apache/openmeetings/blob/master/openmeetings-server/src/main/assembly/conf/server.xml#L73

and restart OM

Best wishes for having long nights with growing up daughter…

POW

*Von:* Maxim Solodovnik mailto:solomax...@gmail.com>>
*Gesendet:* Dienstag, 5. Mai 2020 08:12
*An:* Openmeetings user-list mailto:user@openmeetings.apache.org>>
*Betreff:* Re: OpenMeetings <-> BigBlueButton

On Tue, 5 May 2020 at 13:08, Rohrbach, Gerald
mailto:g.rohrb...@funkegruppe.de>> wrote:

Peter,

good question. I mean not if Maxim is sleeping ever…

Yes, I think it’s an important hint to use a standard port.

In business environments it´s a problem with special ports.

Maxim, where we have to configure this?

it depends on your configuration

for Tomcat stand-alone config


https://github.com/apache/openmeetings/blob/master/openmeetings-server/src/main/assembly/conf/server.xml

Please NOTE port 443 is privileged on *nix systems 

Regards

Gerald.

*Von:* Peter-Otto Weber [mailto:cyber...@hotmail.de
]
*Gesendet:* Dienstag, 5. Mai 2020 08:05
*An:* user@openmeetings.apache.org

*Betreff:* AW: OpenMeetings <-> BigBlueButton

Hello Maxim,

has this been tested / done before and mos impotant for
„newbies“ how can this be configured?

Regards

èDo you ever sleep ? 😉

POW

*Von:* Maxim Solodovnik mailto:solomax...@gmail.com>>
*Gesendet:* Dienstag, 5. Mai 2020 08:02
*An:* Openmeetings user-list mailto:user@openmeetings.apache.org>>
*Betreff:* Re: OpenMeetings <-> BigBlueButton

On Tue, 5 May 2020 at 12:58, Peter-Otto Weber
mailto:cyber...@hotmail.de>> wrote:

I just got in first contact with „bigbluebutton“.

It seems to be very similar to openmeetings but – as i
suggested before – has a better implementation of video
arrangement.

All videos automatically were arranged above the whitboard
– i like it.

What i wonder is ,why open meetings needs to use specific
https port and bigbluebutton does not?

port 8443 is used for demo-next because version 4.0.x using
443 ATM

port 5443 is used for out-of-box version to avoid conflicts
with running HTTP server

you free to set up OM on port 443

The main problem is with customers having a firewall
allowing only 80/443. We had scheduled a meeting with
customers that had to be canceled due to networking /
firewall problems.

Using 80/443 like on bigbluebutton would make everything
much easier? Is this possible?

Best wishes

POW


-- 


Best regards,
Maxim


-- 


Best regards,
Maxim



--
Best regards,
Maxim

AW: Domain certificate not working

[Ninnig, Alexander]

Works now. For everyone, who wants to know how (feel free to use in tutorials, 
if useable):

1. Create certificate
-
Call https://mydomainca/certsrv/
Request a certificate
Advanced certificate request
Create and submit a request to this CA
Name: URL (e.g. if the URL is https://myserver.intern:5443, name should be 
myserver.intern)
Template: has to be a template, which allows private keys to be exported
Send in request and install certificate

2. Export certificate
-
Open certificate-store of the browser (e.g. Internet Explorer: Internet 
Options, Content, Certificates, Personal)
Export certificate WITH private key as PFX-file (with option: if possible, 
contain all certificates...), here myserver.pfx
Export certificate WITHOUT private key as CRT-file (base-64-encoded x.509), 
here myserver.crt

3. Change format
-
Get OpenSSL, copy PFX- and CER-file into directory of the openssl-exe-file 
(yeah, working with windows in this step)
openssl pkcs12 -in myserver.pfx -out myserverfull.pem -nodes
openssl pkey -in myserverfull.pem -out key.pem
openssl crl2pkcs7 -nocrl -certfile myserverfull.pem |  openssl pkcs7 
-print_certs -out chain.pem
openssl x509 -in myserver.cer -out myserver.pem -outform PEM
--> creates key.pem, chain.pem, myserver.pem, myserverfull.pem, copy them onto 
a netshare, which is accessable from your the openmeetings-server

4. Configure HTTPS
-
I created a folder for my PEM-files. I mounted a netshare and copied the 
PEM-files into this folder:
sudo mkdir /etc/mycertificates
sudo cp /media/netshare/*.pem /etc/mycertificates

cd /opt/open504/conf
sudo vi server.xml

--> delete the following lines (using "dd")







--> add the following lines (using "i")







--> save and exit (using "ESC", then ":w!", then ":q!")

sudo reboot
sudo /etc/init.d/mysql start
sudo /etc/init.d/kurento-media-server start
sudo /etc/init.d/tomcat3 start



Best Regards,
Alex

PS: this line was essential:sslProtocol="TLS"

-Ursprüngliche Nachricht-
Von: Ninnig, Alexander  
Gesendet: Dienstag, 5. Mai 2020 08:36
An: user@openmeetings.apache.org
Betreff: AW: Domain certificate not working

Hi,

THAT'S exactly the kind of information, I was looking for. I figured, it could 
be something like this.

Just one last question: I do this INSTEAD of all this other keystore-stuff? Or 
AFTER?

Best Regards,
Alex

-Ursprüngliche Nachricht-
Von: ratatouille 
Gesendet: Montag, 4. Mai 2020 17:15
An: user@openmeetings.apache.org
Betreff: Re: Domain certificate not working

Hello!

I made https available just by editing server.xml like this:







and it worked, nothing else I did.

  Andreas


"Ninnig, Alexander"  schrieb am 04.05.20 
um 13:55:43 Uhr:

> Hi,
> 
> I installed Openmeetings 504 on a virtual Ubuntu 18.04 Server, following the 
> instructions of the newest tutorial. As far as I can tell, everything works 
> fine.
> 
> Now, I am trying to replace the selfsigned certificate and use a 
> domain-certificate instead, following the information from: 
> https://openmeetings.apache.org/HTTPS.html#real-certificate. But after this 
> and after a reboot - the https-site is not avaiable anymore (site cannot be 
> found). I am a bit at loss here about what to do now.
> 
> Here is what I did:
> 
> First Attempt
> --
> --
> 
> cd /opt/open504/conf
> sudo mv localhost.jks localhost.org
> sudo keytool -keysize 4096 -genkey -alias openmeetings -keyalg RSA -storetype 
> PKCS12 -keystore /opt/open504/conf/localhost.jks
> Old password:   PassW0rd
> New password:   PassW0rd
> Name (Websitename): myserver
> (...)
> 
> sudo keytool -certreq -keyalg RSA -alias openmeetings -file 
> openmeetings.csr -keystore /opt/open504/conf/localhost.jks sudo cp 
> openmeetings.csr /media/netshare
> 
> Here, I opened the website of my domain-CA, which is a Server 2012 R2 
> Windows Server (https://issuingca/certsrv/) I chose: request a certificate.
> I chose: advanced certificate request.
> I chose: submit a certificate request by using a base-64-encoded (...).
> I opened the request-file (openmeetings.csr) in a texteditor and used copy & 
> paste to hand in my request.
> I chose "Web Server" as certificate-template and start the request.
> I download the certificate as Base-64-Certificate (cer-filetype) - the 
> certificate is valid.
> I copy this certificate and the certificate of my root and my issuing CA onto 
> my netshare, so I can access it from my OpenMeetings-Linux-Server.
> 
> cd /opt/open504/conf
> sudo cp /media/netshare/root.crt root.crt sudo cp 
> /media/netshare/issuing.cer issuin

Re: Edge Browser

[Maxim Solodovnik]

I don't have access to Windows 10 right now
And have no estimates when I'll get it
So I can't check :(

(from mobile, sorry for typos)

On Tue, May 5, 2020, 16:14 Rohrbach, Gerald 
wrote:

> Maxim
>
>
>
> I tried today the newest Edge Version with the Chrome engine. Version
> 81.0416.68.
>
>
>
> It works with video and microphone,
>
> but the screen sharing produces an error message:
>
>
>
> TypeError: navigator.getDisplayMedia is not a function×
>
>
>
> Are you aware of this?  Is there a work around?
>
> It`s not possible to stop the sharing, so you need to reenter the room.
>
>
>
> Usually we are using Firefox, but some externals do have just edge.
>
>
>
>
>
> Name
>
> OpenMeetings
>
> Version
>
> 5.0.0-M4-SNAPSHOT
>
> Revision
>
> 1ba1986
>
>
>
> Maybe you fixed it already in a newer release?
>
>
>
>
>
> Regards
>
>
>
> Gerald.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> *Von:* Maxim Solodovnik [mailto:solomax...@gmail.com]
> *Gesendet:* Dienstag, 5. Mai 2020 08:45
> *An:* Openmeetings user-list 
> *Betreff:* Re: Domain certificate not working
>
>
>
> You should select one way or another
>
> The topic was discussed you can search mailing-list archives
>
> (from mobile, sorry for typos)
>
>
>
> On Tue, May 5, 2020, 13:36 Ninnig, Alexander <
> alexander.nin...@rechnungshof.rlp.de> wrote:
>
> Hi,
>
> THAT'S exactly the kind of information, I was looking for. I figured, it
> could be something like this.
>
> Just one last question: I do this INSTEAD of all this other
> keystore-stuff? Or AFTER?
>
> Best Regards,
> Alex
>
> -Ursprüngliche Nachricht-
> Von: ratatouille 
> Gesendet: Montag, 4. Mai 2020 17:15
> An: user@openmeetings.apache.org
> Betreff: Re: Domain certificate not working
>
> Hello!
>
> I made https available just by editing server.xml like this:
>
>  SSLEnabled="true">
> 
>   certificateKeyFile="/etc/letsencrypt/live/
> domain.de/privkey.pem"
>  certificateChainFile="/etc/letsencrypt/live/
> domain.de/fullchain.pem" />
> 
> 
>
> and it worked, nothing else I did.
>
>   Andreas
>
>
> "Ninnig, Alexander"  schrieb am
> 04.05.20 um 13:55:43 Uhr:
>
> > Hi,
> >
> > I installed Openmeetings 504 on a virtual Ubuntu 18.04 Server, following
> the instructions of the newest tutorial. As far as I can tell, everything
> works fine.
> >
> > Now, I am trying to replace the selfsigned certificate and use a
> domain-certificate instead, following the information from:
> https://openmeetings.apache.org/HTTPS.html#real-certificate. But after
> this and after a reboot - the https-site is not avaiable anymore (site
> cannot be found). I am a bit at loss here about what to do now.
> >
> > Here is what I did:
> >
> > First Attempt
> > --
> > --
> >
> > cd /opt/open504/conf
> > sudo mv localhost.jks localhost.org
> > sudo keytool -keysize 4096 -genkey -alias openmeetings -keyalg RSA
> -storetype PKCS12 -keystore /opt/open504/conf/localhost.jks
> > Old password:   PassW0rd
> > New password:   PassW0rd
> > Name (Websitename): myserver
> > (...)
> >
> > sudo keytool -certreq -keyalg RSA -alias openmeetings -file
> > openmeetings.csr -keystore /opt/open504/conf/localhost.jks sudo cp
> > openmeetings.csr /media/netshare
> >
> > Here, I opened the website of my domain-CA, which is a Server 2012 R2
> > Windows Server (https://issuingca/certsrv/) I chose: request a
> certificate.
> > I chose: advanced certificate request.
> > I chose: submit a certificate request by using a base-64-encoded (...).
> > I opened the request-file (openmeetings.csr) in a texteditor and used
> copy & paste to hand in my request.
> > I chose "Web Server" as certificate-template and start the request.
> > I download the certificate as Base-64-Certificate (cer-filetype) - the
> certificate is valid.
> > I copy this certificate and the certificate of my root and my issuing CA
> onto my netshare, so I can access it from my OpenMeetings-Linux-Server.
> >
> > cd /opt/open504/conf
> > sudo cp /media/netshare/root.crt root.crt sudo cp
> > /media/netshare/issuing.cer issuing.cer sudo cp
> > /media/netshare/myserver.cer myserver.cer sudo keytool -import -alias
> > root -keystore /opt/open504/conf/localhost.jks -trustcacerts -file
> > root.crt sudo keytool -import -alias intermed -keystore
> > /opt/open504/conf/localhost.jks -trustcacerts -file issuing.cer sudo
> > keytool -import -alias openmeetings -keystore
> > /opt/open504/conf/localhost.jks -trustcacerts -file myserver.cer
> >
> > ==> No errors so far.
> >
> > sudo reboot now
> > sudo /etc/init.d/mysql start
> > sudo /etc/init.d/kurento-media-server start sudo /etc/init.d/tomcat3
> > start
> >
> > ==> HTTPS-Website is not available.
> >
> > Second Attempt
> > --
> > --
> >
> > I found out, that the certificate-template "Web Server" may not be
> righ

Edge Browser

[Rohrbach, Gerald]

Maxim

I tried today the newest Edge Version with the Chrome engine. Version 
81.0416.68.

It works with video and microphone,
but the screen sharing produces an error message:

TypeError: navigator.getDisplayMedia is not a function×

Are you aware of this?  Is there a work around?
It`s not possible to stop the sharing, so you need to reenter the room.

Usually we are using Firefox, but some externals do have just edge.


Name
OpenMeetings
Version
5.0.0-M4-SNAPSHOT
Revision
1ba1986

Maybe you fixed it already in a newer release?


Regards

Gerald.







Von: Maxim Solodovnik [mailto:solomax...@gmail.com]
Gesendet: Dienstag, 5. Mai 2020 08:45
An: Openmeetings user-list 
Betreff: Re: Domain certificate not working

You should select one way or another
The topic was discussed you can search mailing-list archives
(from mobile, sorry for typos)

On Tue, May 5, 2020, 13:36 Ninnig, Alexander 
mailto:alexander.nin...@rechnungshof.rlp.de>>
 wrote:
Hi,

THAT'S exactly the kind of information, I was looking for. I figured, it could 
be something like this.

Just one last question: I do this INSTEAD of all this other keystore-stuff? Or 
AFTER?

Best Regards,
Alex

-Ursprüngliche Nachricht-
Von: ratatouille mailto:ratatoui...@bitclusive.de>>
Gesendet: Montag, 4. Mai 2020 17:15
An: user@openmeetings.apache.org
Betreff: Re: Domain certificate not working

Hello!

I made https available just by editing server.xml like this:



http://domain.de/cert.pem>"
 
certificateKeyFile="/etc/letsencrypt/live/domain.de/privkey.pem"
 
certificateChainFile="/etc/letsencrypt/live/domain.de/fullchain.pem"
 />



and it worked, nothing else I did.

  Andreas


"Ninnig, Alexander" 
mailto:alexander.nin...@rechnungshof.rlp.de>>
 schrieb am 04.05.20 um 13:55:43 Uhr:

> Hi,
>
> I installed Openmeetings 504 on a virtual Ubuntu 18.04 Server, following the 
> instructions of the newest tutorial. As far as I can tell, everything works 
> fine.
>
> Now, I am trying to replace the selfsigned certificate and use a 
> domain-certificate instead, following the information from: 
> https://openmeetings.apache.org/HTTPS.html#real-certificate. But after this 
> and after a reboot - the https-site is not avaiable anymore (site cannot be 
> found). I am a bit at loss here about what to do now.
>
> Here is what I did:
>
> First Attempt
> --
> --
>
> cd /opt/open504/conf
> sudo mv localhost.jks localhost.org
> sudo keytool -keysize 4096 -genkey -alias openmeetings -keyalg RSA -storetype 
> PKCS12 -keystore /opt/open504/conf/localhost.jks
> Old password:   PassW0rd
> New password:   PassW0rd
> Name (Websitename): myserver
> (...)
>
> sudo keytool -certreq -keyalg RSA -alias openmeetings -file
> openmeetings.csr -keystore /opt/open504/conf/localhost.jks sudo cp
> openmeetings.csr /media/netshare
>
> Here, I opened the website of my domain-CA, which is a Server 2012 R2
> Windows Server (https://issuingca/certsrv/) I chose: request a certificate.
> I chose: advanced certificate request.
> I chose: submit a certificate request by using a base-64-encoded (...).
> I opened the request-file (openmeetings.csr) in a texteditor and used copy & 
> paste to hand in my request.
> I chose "Web Server" as certificate-template and start the request.
> I download the certificate as Base-64-Certificate (cer-filetype) - the 
> certificate is valid.
> I copy this certificate and the certificate of my root and my issuing CA onto 
> my netshare, so I can access it from my OpenMeetings-Linux-Server.
>
> cd /opt/open504/conf
> sudo cp /media/netshare/root.crt root.crt sudo cp
> /media/netshare/issuing.cer issuing.cer sudo cp
> /media/netshare/myserver.cer myserver.cer sudo keytool -import -alias
> root -keystore /opt/open504/conf/localhost.jks -trustcacerts -file
> root.crt sudo keytool -import -alias intermed -keystore
> /opt/open504/conf/localhost.jks -trustcacerts -file issuing.cer sudo
> keytool -import -alias openmeetings -keystore
> /opt/open504/conf/localhost.jks -trustcacerts -file myserver.cer
>
> ==> No errors so far.
>
> sudo reboot now
> sudo /etc/init.d/mysql start
> sudo /etc/init.d/kurento-media-server start sudo /etc/init.d/tomcat3
> start
>
> ==> HTTPS-Website is not available.
>
> Second Attempt
> --
> --
>
> I found out, that the certificate-template "Web Server" may not be right. It 
> says, the maximum is 2048.
> So I created a new template ("Web Server 4096") and changed the length to 
> 4096.
> I also checked the option, that the private key is exportable.
> I started from the beginning - same result.
>
> Third Attempt
> -