Okay, I found the solution sniffing the packets of OpenFire doing its authentication.
OU=Users should have been CN=Users in ldap_search_base. We've had this domain for ages, so I'm going to guess there's still some legacy schema from way back in use. Btw, that more complex ldap_search_query I got from the other post does work, although I'm curious about the difference between %1$s and the use of %s in yours (both seem to work). Either way, thanks for helping out. On 12/3/2014 11:08 PM, Maxim Solodovnik wrote: > Actually you better test with LDAPExplorer to ensure userdn format is > correct > to be fair I was unable to set up userdn and use SIMPLEBIND. > > I usually using SEARCHANDBIND > > your error: 0000208D: NameErr: DSID-0310020A, problem 2001 > (NO_OBJECT), data 0, best match of: 'DC=intranet,DC=Company,DC=com' > might be caused by too specific search > query: > ldap_search_query=(&(objectCategory=person)(objectClass=person)(sAMAccountName=%1$s)) > I would start with more generic one: ldap_search_query=(sAMAccountName=%s) > > > On Thu, Dec 4, 2014 at 1:04 PM, Ian <[email protected] > <mailto:[email protected]>> wrote: > > Thanks Maxim. Apparently when I use SEARCHANDBIND, > ldap_userdn_format is not used (at least I don't see it being > passed in clear text with tcpdump). > I switched it back to SIMPLEBIND and I see the ldap_userdn_format > being passed, but now I'm getting a different error: > > LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data > 52e, v1db1. > > Maybe what I'll do is sniff the traffic of OpenFire and see how it > is passing things to the server and try to mimic that. > > On 12/3/2014 10:51 PM, Maxim Solodovnik wrote: >> I guess you need to set >> ldap_auth_type=SIMPLEBIND >> ldap_userdn_format=sAMAccountName=%s,OU=Company,DC=medint,DC=local >> >> >> I would start with >> ldap_admin_dn=CN=dummy,OU=Company,DC=medint,DC=local >> ldap_passwd=dummy07 >> ldap_search_base=OU=Company,DC=medint,DC=local >> ldap_search_query=(sAMAccountName=%s) >> ldap_auth_type=SEARCHANDBIND >> >> >> >> On Thu, Dec 4, 2014 at 12:24 PM, Ian <[email protected] >> <mailto:[email protected]>> wrote: >> >> According to the docs here: >> http://openmeetings.apache.org/LdapAndADS.html >> >> "In: $RED5_HOME/webapps/openmeetings/conf you will find >> sample configurations for LDAP and Active Directory." >> >> However, I only see an example configuration file for ldap, >> not AD. Have the two been merged in 3.x? When searching for >> the AD example file in Google, I'm finding examples, but the >> posts are all dated 2011 or earlier and the settings are >> vastly different than those in the example LDAP configuration >> file. >> >> I've got AD working correctly with other open source projects >> (OpenFire), so I have some clue as to how to set things up, >> however, I don't see an option to set the username field to >> sAMAccountName, and I'm confused about what I need to set >> ldap_userdn_format to. >> >> >> >> >> -- >> WBR >> Maxim aka solomax > > > > > -- > WBR > Maxim aka solomax
