Okay, I found the solution sniffing the packets of OpenFire doing its
authentication.

OU=Users should have been CN=Users in ldap_search_base.  We've had this
domain for ages, so I'm going to guess there's still some legacy schema
from way back in use.

Btw, that more complex ldap_search_query I got from the other post does
work, although I'm curious about the difference between %1$s and the use
of %s in yours (both seem to work).

Either way, thanks for helping out.

On 12/3/2014 11:08 PM, Maxim Solodovnik wrote:
> Actually you better test with LDAPExplorer to ensure userdn format is
> correct
> to be fair I was unable to set up userdn and use SIMPLEBIND.
>
> I usually using SEARCHANDBIND
>
> your error: 0000208D: NameErr: DSID-0310020A, problem 2001
> (NO_OBJECT), data 0, best match of: 'DC=intranet,DC=Company,DC=com'
> might be caused by too specific search
> query: 
> ldap_search_query=(&(objectCategory=person)(objectClass=person)(sAMAccountName=%1$s))
> I would start with more generic one: ldap_search_query=(sAMAccountName=%s)
>
>
> On Thu, Dec 4, 2014 at 1:04 PM, Ian <[email protected]
> <mailto:[email protected]>> wrote:
>
>     Thanks Maxim.  Apparently when I use SEARCHANDBIND,
>     ldap_userdn_format is not used (at least I don't see it being
>     passed in clear text with tcpdump).
>     I switched it back to SIMPLEBIND and I see the ldap_userdn_format
>     being passed, but now I'm getting a different error:
>
>     LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data
>     52e, v1db1.
>
>     Maybe what I'll do is sniff the traffic of OpenFire and see how it
>     is passing things to the server and try to mimic that.
>
>     On 12/3/2014 10:51 PM, Maxim Solodovnik wrote:
>>     I guess you need to set 
>>     ldap_auth_type=SIMPLEBIND
>>     ldap_userdn_format=sAMAccountName=%s,OU=Company,DC=medint,DC=local
>>
>>
>>     I would start with
>>     ldap_admin_dn=CN=dummy,OU=Company,DC=medint,DC=local
>>     ldap_passwd=dummy07
>>     ldap_search_base=OU=Company,DC=medint,DC=local
>>     ldap_search_query=(sAMAccountName=%s)
>>     ldap_auth_type=SEARCHANDBIND
>>
>>
>>
>>     On Thu, Dec 4, 2014 at 12:24 PM, Ian <[email protected]
>>     <mailto:[email protected]>> wrote:
>>
>>         According to the docs here:
>>         http://openmeetings.apache.org/LdapAndADS.html
>>
>>         "In: $RED5_HOME/webapps/openmeetings/conf you will find
>>         sample configurations for LDAP and Active Directory."
>>
>>         However, I only see an example configuration file for ldap,
>>         not AD.  Have the two been merged in 3.x?  When searching for
>>         the AD example file in Google, I'm finding examples, but the
>>         posts are all dated 2011 or earlier and the settings are
>>         vastly different than those in the example LDAP configuration
>>         file.
>>
>>         I've got AD working correctly with other open source projects
>>         (OpenFire), so I have some clue as to how to set things up,
>>         however, I don't see an option to set the username field to
>>         sAMAccountName, and I'm confused about what I need to set
>>         ldap_userdn_format to.
>>
>>
>>
>>
>>     -- 
>>     WBR
>>     Maxim aka solomax
>
>
>
>
> -- 
> WBR
> Maxim aka solomax

Reply via email to