actually
"%s" means 'substitute parameter as string'
"%1$s" means 'substitute _first_ parameter as string'

due to there is only one parameter both are the same

but with "%1$s" you can write queries like: ((uid=%1$s) or (email=%1$s)) //
pseudo code :))


On Thu, Dec 4, 2014 at 1:35 PM, Ian <[email protected]> wrote:

>  Okay, I found the solution sniffing the packets of OpenFire doing its
> authentication.
>
> OU=Users should have been CN=Users in ldap_search_base.  We've had this
> domain for ages, so I'm going to guess there's still some legacy schema
> from way back in use.
>
> Btw, that more complex ldap_search_query I got from the other post does
> work, although I'm curious about the difference between %1$s and the use of
> %s in yours (both seem to work).
>
> Either way, thanks for helping out.
>
>
> On 12/3/2014 11:08 PM, Maxim Solodovnik wrote:
>
> Actually you better test with LDAPExplorer to ensure userdn format is
> correct
> to be fair I was unable to set up userdn and use SIMPLEBIND.
>
>  I usually using SEARCHANDBIND
>
>  your error: 0000208D: NameErr: DSID-0310020A, problem 2001 (NO_OBJECT),
> data 0, best match of: 'DC=intranet,DC=Company,DC=com'
> might be caused by too specific search query: ldap_search_query=(&(
> objectCategory=person)(objectClass=person)(sAMAccountName=%1$s))
> I would start with more generic one: ldap_search_query=(sAMAccountName=%s)
>
>
> On Thu, Dec 4, 2014 at 1:04 PM, Ian <[email protected]> wrote:
>
>>  Thanks Maxim.  Apparently when I use SEARCHANDBIND, ldap_userdn_format
>> is not used (at least I don't see it being passed in clear text with
>> tcpdump).
>> I switched it back to SIMPLEBIND and I see the ldap_userdn_format being
>> passed, but now I'm getting a different error:
>>
>> LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e,
>> v1db1.
>>
>> Maybe what I'll do is sniff the traffic of OpenFire and see how it is
>> passing things to the server and try to mimic that.
>>
>> On 12/3/2014 10:51 PM, Maxim Solodovnik wrote:
>>
>> I guess you need to set
>> ldap_auth_type=SIMPLEBIND
>>  ldap_userdn_format=sAMAccountName=%s,OU=Company,DC=medint,DC=local
>>
>>
>>  I would start with
>> ldap_admin_dn=CN=dummy,OU=Company,DC=medint,DC=local
>>  ldap_passwd=dummy07
>>  ldap_search_base=OU=Company,DC=medint,DC=local
>>  ldap_search_query=(sAMAccountName=%s)
>>  ldap_auth_type=SEARCHANDBIND
>>
>>
>>
>> On Thu, Dec 4, 2014 at 12:24 PM, Ian <[email protected]> wrote:
>>
>>>  According to the docs here:
>>> http://openmeetings.apache.org/LdapAndADS.html
>>>
>>> "In: $RED5_HOME/webapps/openmeetings/conf you will find sample
>>> configurations for LDAP and Active Directory."
>>>
>>> However, I only see an example configuration file for ldap, not AD.
>>> Have the two been merged in 3.x?  When searching for the AD example file in
>>> Google, I'm finding examples, but the posts are all dated 2011 or earlier
>>> and the settings are vastly different than those in the example LDAP
>>> configuration file.
>>>
>>> I've got AD working correctly with other open source projects
>>> (OpenFire), so I have some clue as to how to set things up, however, I
>>> don't see an option to set the username field to sAMAccountName, and I'm
>>> confused about what I need to set ldap_userdn_format to.
>>>
>>
>>
>>
>>  --
>> WBR
>> Maxim aka solomax
>>
>>
>>
>
>
>  --
> WBR
> Maxim aka solomax
>
>
>


-- 
WBR
Maxim aka solomax

Reply via email to