Jason - A couple of things is wrong in your ldap config. ldap_admin_dn= (wrong format, it should be something like CN:LDAP_account,OU:MYORG,DC:example,DC:int)
ldap_search_base= (your setting should be ok, mine is narowed down to the OU where the user accounts are located) field_user_principal= (this should be "userPrincipalName") ldap_server_type= (this should be "AD") -john- On Mon, Sep 9, 2013 at 10:40 AM, Antman, Jason (CMG-Atlanta) < [email protected]> wrote: > Hello, > > I've just installed OpenMeetings 2.1.1 on a CentOS 6 host for testing. > Everything seems to work fine with local auth, but then I attempted to > enable LDAP authentication to an Active Directory backend. As far as I > can tell, the bind is working, but I seem to be getting back invalid > password errors. I have dozens of other applications authing against > this same AD instance, and I copy/pasted the username and password, so I > know all of that is right. I thought it may have something to do with > the bind user having a "#" in the password, but that doesn't seem to be > the case, since the bind looks to be successful. I've tried setting > ldap_server_type to both "AD" and "OpenLDAP" (per some old mailing list > threads) but nothing seems to change with that. > > Does anyone else have AD auth working right? > > I'm attaching (slightly anonymized versions of) my om_ldap.cfg and > openmeetings.log (I was unable to find instructions for how to turn on > debug logging for the current version; the only document that Google > turned up was http://code.google.com/p/openmeetings/wiki/Logging which > points to a file that doesn't exist). > > I've tried my plain username with both a domain prefix (domain\username) > and without. With the domain prefix I get a "Username not found" error, > and without the prefix I get "Invalid password" (confirmed by the > AcceptSecurityContext error 525) > This implies to me (am I wrong): > 1) bind to AD is successful > 2) without the domain prefix is the correct format > 3) The account can at least be found > > Thanks in advance for any help, and many thanks for all the effort that > went in to a project that might finally free me (a desktop Linux user) > from incompatible or proprietary conference software. > > -Jason Antman > -- jt ________________________________ John Tran Northern California, CA [email protected] ICQ IM: 27741710 AOL IM: find1ngj0hn Yahoo! IM: findingj0hn MSN IM: [email protected]
