actually "%s" means 'substitute parameter as string' "%1$s" means 'substitute _first_ parameter as string'
due to there is only one parameter both are the same but with "%1$s" you can write queries like: ((uid=%1$s) or (email=%1$s)) // pseudo code :)) On Thu, Dec 4, 2014 at 1:35 PM, Ian <[email protected]> wrote: > Okay, I found the solution sniffing the packets of OpenFire doing its > authentication. > > OU=Users should have been CN=Users in ldap_search_base. We've had this > domain for ages, so I'm going to guess there's still some legacy schema > from way back in use. > > Btw, that more complex ldap_search_query I got from the other post does > work, although I'm curious about the difference between %1$s and the use of > %s in yours (both seem to work). > > Either way, thanks for helping out. > > > On 12/3/2014 11:08 PM, Maxim Solodovnik wrote: > > Actually you better test with LDAPExplorer to ensure userdn format is > correct > to be fair I was unable to set up userdn and use SIMPLEBIND. > > I usually using SEARCHANDBIND > > your error: 0000208D: NameErr: DSID-0310020A, problem 2001 (NO_OBJECT), > data 0, best match of: 'DC=intranet,DC=Company,DC=com' > might be caused by too specific search query: ldap_search_query=(&( > objectCategory=person)(objectClass=person)(sAMAccountName=%1$s)) > I would start with more generic one: ldap_search_query=(sAMAccountName=%s) > > > On Thu, Dec 4, 2014 at 1:04 PM, Ian <[email protected]> wrote: > >> Thanks Maxim. Apparently when I use SEARCHANDBIND, ldap_userdn_format >> is not used (at least I don't see it being passed in clear text with >> tcpdump). >> I switched it back to SIMPLEBIND and I see the ldap_userdn_format being >> passed, but now I'm getting a different error: >> >> LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, >> v1db1. >> >> Maybe what I'll do is sniff the traffic of OpenFire and see how it is >> passing things to the server and try to mimic that. >> >> On 12/3/2014 10:51 PM, Maxim Solodovnik wrote: >> >> I guess you need to set >> ldap_auth_type=SIMPLEBIND >> ldap_userdn_format=sAMAccountName=%s,OU=Company,DC=medint,DC=local >> >> >> I would start with >> ldap_admin_dn=CN=dummy,OU=Company,DC=medint,DC=local >> ldap_passwd=dummy07 >> ldap_search_base=OU=Company,DC=medint,DC=local >> ldap_search_query=(sAMAccountName=%s) >> ldap_auth_type=SEARCHANDBIND >> >> >> >> On Thu, Dec 4, 2014 at 12:24 PM, Ian <[email protected]> wrote: >> >>> According to the docs here: >>> http://openmeetings.apache.org/LdapAndADS.html >>> >>> "In: $RED5_HOME/webapps/openmeetings/conf you will find sample >>> configurations for LDAP and Active Directory." >>> >>> However, I only see an example configuration file for ldap, not AD. >>> Have the two been merged in 3.x? When searching for the AD example file in >>> Google, I'm finding examples, but the posts are all dated 2011 or earlier >>> and the settings are vastly different than those in the example LDAP >>> configuration file. >>> >>> I've got AD working correctly with other open source projects >>> (OpenFire), so I have some clue as to how to set things up, however, I >>> don't see an option to set the username field to sAMAccountName, and I'm >>> confused about what I need to set ldap_userdn_format to. >>> >> >> >> >> -- >> WBR >> Maxim aka solomax >> >> >> > > > -- > WBR > Maxim aka solomax > > > -- WBR Maxim aka solomax
