Actually you better test with LDAPExplorer to ensure userdn format is correct to be fair I was unable to set up userdn and use SIMPLEBIND.
I usually using SEARCHANDBIND your error: 0000208D: NameErr: DSID-0310020A, problem 2001 (NO_OBJECT), data 0, best match of: 'DC=intranet,DC=Company,DC=com' might be caused by too specific search query: ldap_search_query=(&( objectCategory=person)(objectClass=person)(sAMAccountName=%1$s)) I would start with more generic one: ldap_search_query=(sAMAccountName=%s) On Thu, Dec 4, 2014 at 1:04 PM, Ian <[email protected]> wrote: > Thanks Maxim. Apparently when I use SEARCHANDBIND, ldap_userdn_format > is not used (at least I don't see it being passed in clear text with > tcpdump). > I switched it back to SIMPLEBIND and I see the ldap_userdn_format being > passed, but now I'm getting a different error: > > LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, > v1db1. > > Maybe what I'll do is sniff the traffic of OpenFire and see how it is > passing things to the server and try to mimic that. > > On 12/3/2014 10:51 PM, Maxim Solodovnik wrote: > > I guess you need to set > ldap_auth_type=SIMPLEBIND > ldap_userdn_format=sAMAccountName=%s,OU=Company,DC=medint,DC=local > > > I would start with > ldap_admin_dn=CN=dummy,OU=Company,DC=medint,DC=local > ldap_passwd=dummy07 > ldap_search_base=OU=Company,DC=medint,DC=local > ldap_search_query=(sAMAccountName=%s) > ldap_auth_type=SEARCHANDBIND > > > > On Thu, Dec 4, 2014 at 12:24 PM, Ian <[email protected]> wrote: > >> According to the docs here: >> http://openmeetings.apache.org/LdapAndADS.html >> >> "In: $RED5_HOME/webapps/openmeetings/conf you will find sample >> configurations for LDAP and Active Directory." >> >> However, I only see an example configuration file for ldap, not AD. Have >> the two been merged in 3.x? When searching for the AD example file in >> Google, I'm finding examples, but the posts are all dated 2011 or earlier >> and the settings are vastly different than those in the example LDAP >> configuration file. >> >> I've got AD working correctly with other open source projects (OpenFire), >> so I have some clue as to how to set things up, however, I don't see an >> option to set the username field to sAMAccountName, and I'm confused about >> what I need to set ldap_userdn_format to. >> > > > > -- > WBR > Maxim aka solomax > > > -- WBR Maxim aka solomax
