According to this [1] link it seems like DN/pass can be correct but the user is not admin Can you check this?
[1] https://social.technet.microsoft.com/Forums/windowsserver/en-US/c98f3569-072a-4677-9b89-635ed2b8dffc/ldap-error-code-49-8009030c-ldaperr-dsid0c0903a9-comment-acceptsecuritycontext-error-data?forum=winserverDS On Fri, Jul 3, 2015 at 5:15 PM, Дорофеев Сергей <[email protected]> wrote: > Hello again! > > > > Here is full log from start to finish at the moment, when im clicking > “Sign in” button: > > > > DEBUG 07-03 11:01:29.884 ServletWebRequest.java 73637 189 > org.apache.wicket.protocol.http.servlet.ServletWebRequest > [http-nio-0.0.0.0-5080-exec-6] - Calculating context relative path from: > context path '/openmeetings', filterPrefix '', uri '/openmeetings/signin' > > DEBUG 07-03 11:01:29.886 PageAccessSynchronizer.java 73639 112 > org.apache.wicket.page.PageAccessSynchronizer > [http-nio-0.0.0.0-5080-exec-6] - 'http-nio-0.0.0.0-5080-exec-6' attempting > to acquire lock to page with id '0' > > DEBUG 07-03 11:01:29.886 PageAccessSynchronizer.java 73639 137 > org.apache.wicket.page.PageAccessSynchronizer > [http-nio-0.0.0.0-5080-exec-6] - http-nio-0.0.0.0-5080-exec-6 acquired lock > to page 0 > > DEBUG 07-03 11:01:29.891 SessiondataDao.java 73644 68 > org.apache.openmeetings.db.dao.server.SessiondataDao > [http-nio-0.0.0.0-5080-exec-6] - startsession :: startsession > > DEBUG 07-03 11:01:29.891 ManageCryptStyle.java 73644 32 > org.apache.openmeetings.util.crypt.ManageCryptStyle > [http-nio-0.0.0.0-5080-exec-6] - getInstanceOfCrypt:: > configKeyCryptClassName: > org.apache.openmeetings.util.crypt.MD5Implementation > > DEBUG 07-03 11:01:29.896 LdapLoginManagement.java 73649 171 > org.apache.openmeetings.ldap.LdapLoginManagement > [http-nio-0.0.0.0-5080-exec-6] - LdapLoginmanagement.doLdapLogin > > ERROR 07-03 11:01:29.911 LdapLoginManagement.java 73664 376 > org.apache.openmeetings.ldap.LdapLoginManagement > [http-nio-0.0.0.0-5080-exec-6] - Not authenticated. > > org.apache.directory.api.ldap.model.exception.LdapAuthenticationException: > 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, > data 52e, v1db1 > > at > org.apache.directory.api.ldap.model.message.ResultCodeEnum.processResponse(ResultCodeEnum.java:2021) > ~[api-all-jar-1.0.0-M28.jar:1.0.0-M28] > > at > org.apache.directory.ldap.client.api.AbstractLdapConnection.bind(AbstractLdapConnection.java:129) > ~[api-all-jar-1.0.0-M28.jar:1.0.0-M28] > > at > org.apache.directory.ldap.client.api.AbstractLdapConnection.bind(AbstractLdapConnection.java:112) > ~[api-all-jar-1.0.0-M28.jar:1.0.0-M28] > > at > org.apache.openmeetings.ldap.LdapLoginManagement.bindAdmin(LdapLoginManagement.java:152) > ~[openmeetings-core-3.0.4-RELEASE.jar:na] > > at > org.apache.openmeetings.ldap.LdapLoginManagement.login(LdapLoginManagement.java:262) > ~[openmeetings-core-3.0.4-RELEASE.jar:na] > > at > org.apache.openmeetings.web.app.WebSession.signIn(WebSession.java:257) > [openmeetings-web-3.0.4-RELEASE.jar:na] > > at > org.apache.openmeetings.web.pages.auth.SignInDialog.onSubmit(SignInDialog.java:192) > [openmeetings-web-3.0.4-RELEASE.jar:na] > > at > com.googlecode.wicket.jquery.ui.widget.dialog.AbstractFormDialog$DialogFormSubmitter.onSubmit(AbstractFormDialog.java:303) > [wicket-jquery-ui-bundle-6.19.0.jar:na] > > at > org.apache.wicket.markup.html.form.Form.delegateSubmit(Form.java:1288) > [wicket-core-jar-6.19.0.jar:6.19.0] > > at > org.apache.wicket.markup.html.form.Form.process(Form.java:952) > [wicket-core-jar-6.19.0.jar:6.19.0] > > at > org.apache.wicket.markup.html.form.StatelessForm.process(StatelessForm.java:100) > [wicket-core-jar-6.19.0.jar:6.19.0] > > at > org.apache.wicket.markup.html.form.Form.onFormSubmitted(Form.java:784) > [wicket-core-jar-6.19.0.jar:6.19.0] > > at > com.googlecode.wicket.jquery.ui.widget.dialog.AbstractFormDialog.internalOnClick(AbstractFormDialog.java:224) > [wicket-jquery-ui-bundle-6.19.0.jar:na] > > at > com.googlecode.wicket.jquery.ui.widget.dialog.AbstractDialog$1.onClick(AbstractDialog.java:419) > [wicket-jquery-ui-bundle-6.19.0.jar:na] > > at > com.googlecode.wicket.jquery.ui.widget.dialog.DialogBehavior.onAjax(DialogBehavior.java:175) > [wicket-jquery-ui-bundle-6.19.0.jar:na] > > at > com.googlecode.wicket.jquery.core.ajax.JQueryAjaxBehavior.respond(JQueryAjaxBehavior.java:171) > [wicket-jquery-ui-core-bundle-6.19.0.jar:na] > > at > org.apache.wicket.ajax.AbstractDefaultAjaxBehavior.onRequest(AbstractDefaultAjaxBehavior.java:633) > [wicket-core-jar-6.19.0.jar:6.19.0] > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native > Method) ~[na:1.7.0_79] > > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) > ~[na:1.7.0_79] > > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > ~[na:1.7.0_79] > > at java.lang.reflect.Method.invoke(Method.java:606) > ~[na:1.7.0_79] > > at > org.apache.wicket.RequestListenerInterface.internalInvoke(RequestListenerInterface.java:258) > [wicket-core-jar-6.19.0.jar:6.19.0] > > at > org.apache.wicket.RequestListenerInterface.invoke(RequestListenerInterface.java:241) > [wicket-core-jar-6.19.0.jar:6.19.0] > > at > org.apache.wicket.core.request.handler.ListenerInterfaceRequestHandler.invokeListener(ListenerInterfaceRequestHandler.java:250) > [wicket-core-jar-6.19.0.jar:6.19.0] > > at > org.apache.wicket.core.request.handler.ListenerInterfaceRequestHandler.respond(ListenerInterfaceRequestHandler.java:236) > [wicket-core-jar-6.19.0.jar:6.19.0] > > at > org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor.respond(RequestCycle.java:890) > [wicket-core-jar-6.19.0.jar:6.19.0] > > at > org.apache.wicket.request.RequestHandlerStack.execute(RequestHandlerStack.java:64) > [wicket-request-jar-6.19.0.jar:6.19.0] > > at > org.apache.wicket.request.cycle.RequestCycle.execute(RequestCycle.java:261) > [wicket-core-jar-6.19.0.jar:6.19.0] > > at > org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:218) > [wicket-core-jar-6.19.0.jar:6.19.0] > > at > org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:289) > [wicket-core-jar-6.19.0.jar:6.19.0] > > at > org.apache.wicket.protocol.ws.AbstractUpgradeFilter.processRequestCycle(AbstractUpgradeFilter.java:59) > [wicket-native-websocket-core-jar-6.19.0.jar:6.19.0] > > at > org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:201) > [wicket-core-jar-6.19.0.jar:6.19.0] > > at > org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282) > [wicket-core-jar-6.19.0.jar:6.19.0] > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) > [tomcat-embed-core.jar:7.0.57] > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) > [tomcat-embed-core.jar:7.0.57] > > at > org.red5.logging.LoggerContextFilter.doFilter(LoggerContextFilter.java:77) > [red5-server.jar:1.0.5-RELEASE] > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) > [tomcat-embed-core.jar:7.0.57] > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) > [tomcat-embed-core.jar:7.0.57] > > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) > [tomcat-embed-core.jar:7.0.57] > > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) > [tomcat-embed-core.jar:7.0.57] > > at > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:503) > [tomcat-embed-core.jar:7.0.57] > > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170) > [tomcat-embed-core.jar:7.0.57] > > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) > [tomcat-embed-core.jar:7.0.57] > > at > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950) > [tomcat-embed-core.jar:7.0.57] > > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) > [tomcat-embed-core.jar:7.0.57] > > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421) > [tomcat-embed-core.jar:7.0.57] > > at > org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070) > [tomcat-embed-core.jar:7.0.57] > > at > org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611) > [tomcat-embed-core.jar:7.0.57] > > at > org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1736) > [tomcat-embed-core.jar:7.0.57] > > at > org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1695) > [tomcat-embed-core.jar:7.0.57] > > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) > [na:1.7.0_79] > > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) > [na:1.7.0_79] > > at > org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) > [tomcat-embed-core.jar:7.0.57] > > at java.lang.Thread.run(Thread.java:745) [na:1.7.0_79] > > DEBUG 07-03 11:01:29.913 CookieUtils.java 73666 273 > org.apache.wicket.util.cookies.CookieUtils [http-nio-0.0.0.0-5080-exec-6] - > Unable to find Cookie with name=LoggedIn and request > URI=signin?0-1.IBehaviorListener.2-signin > > DEBUG 07-03 11:01:29.919 FeedbackMessages.java 73672 69 > org.apache.wicket.feedback.FeedbackMessages [http-nio-0.0.0.0-5080-exec-6] > - Adding feedback message '[FeedbackMessage message = "Invalid password", > reporter = signin, level = ERROR]' > > DEBUG 07-03 11:01:29.920 CookieUtils.java 73673 273 > org.apache.wicket.util.cookies.CookieUtils [http-nio-0.0.0.0-5080-exec-6] - > Unable to find Cookie with name=LoggedIn and request > URI=signin?0-1.IBehaviorListener.2-signin > > DEBUG 07-03 11:01:29.921 Page.java 73674 871 org.apache.wicket.Page > [http-nio-0.0.0.0-5080-exec-6] - ending request for page [Page class = > org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count = > 1], request > org.apache.wicket.protocol.http.servlet.ServletWebRequest@1c228b0 > > DEBUG 07-03 11:01:29.921 Page.java 73674 871 org.apache.wicket.Page > [http-nio-0.0.0.0-5080-exec-6] - ending request for page [Page class = > org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count = > 1], request > org.apache.wicket.protocol.http.servlet.ServletWebRequest@1c228b0 > > DEBUG 07-03 11:01:29.922 Page.java 73675 871 org.apache.wicket.Page > [http-nio-0.0.0.0-5080-exec-6] - ending request for page [Page class = > org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count = > 1], request > org.apache.wicket.protocol.http.servlet.ServletWebRequest@1c228b0 > > DEBUG 07-03 11:01:29.925 PageAccessSynchronizer.java 73678 207 > org.apache.wicket.page.PageAccessSynchronizer > [http-nio-0.0.0.0-5080-exec-6] - 'http-nio-0.0.0.0-5080-exec-6' released > lock to page with id '0' > > DEBUG 07-03 11:01:29.925 AsynchronousDataStore.java 73678 354 > org.apache.wicket.pageStore.AsynchronousDataStore$PageSavingRunnable > [Wicket-PageSavingThread] - Saving asynchronously: Entry > [sessionId=5C25A5503DF7707CD214290D1FF03160, pageId=0]... > > DEBUG 07-03 11:01:29.925 PageAccessSynchronizer.java 73678 358 > org.apache.wicket.page.PageAccessSynchronizer > [http-nio-0.0.0.0-5080-exec-6] - 'http-nio-0.0.0.0-5080-exec-6' notifying > blocked threads > > DEBUG 07-03 11:01:29.925 DiskDataStore.java 73678 186 > org.apache.wicket.pageStore.DiskDataStore [Wicket-PageSavingThread] - > Storing data for page with id '0' in session with id > '5C25A5503DF7707CD214290D1FF03160' > > > > > > > > WBR > > > > *From:* Maxim Solodovnik [mailto:[email protected]] > *Sent:* Friday, July 03, 2015 12:59 PM > *To:* Openmeetings user-list > *Subject:* Re: openmeetings and AD > > > > I guess this user: > > ldap_conn_host=192.168.XXX.XXX > > ldap_conn_port=389 > > ldap_admin_dn=CN=test,OU=Users,DC=example,DC=local > > ldap_passwd=password > > ldap_conn_secure=false > > > > is failed to authenticate > > Can you provide bigger stacktrace so I can try to guess which operation > failed? > > > > > > 2015-07-03 13:39 GMT+06:00 Дорофеев Сергей <[email protected]>: > > Hello. > > > > Im having an issue with authentication through Active Directory. I’ve > tried several configs from this list, which were marked as working, but > still not succeed. > > Im using 3.0.4-RELEASE rev. 1659257 > > My om-ldap.cfg now: > > > > ldap_server_type=AD > > ldap_conn_host=192.168.XXX.XXX > > ldap_conn_port=389 > > ldap_admin_dn=CN=test,OU=Users,DC=example,DC=local > > ldap_passwd=password > > ldap_conn_secure=false > > ldap_search_base=DC=example,DC=local > > ldap_search_scope=ONELEVEL > > field_user_principal=userPrincipalName > > ldap_search_query=(userPrincipalName=%s) ### ive also tried > (sAMAccountName=%s) > > ldap_userdn_format=sAMAccountName=%s,DC=example,DC=local > > ldap_auth_type=SEARCHANDBIND > > ldap_sync_password_to_om=true > > ldap_provisionning=AUTOCREATE > > ldap_deref_mode=always > > ldap_userdn_format=uid=%s,DC=example,DC=local > > > > ldap_user_attr_lastname=sn > > ldap_user_attr_firstname=givenName > > ldap_user_attr_mail=mail > > ldap_user_attr_street=streetAddress > > ldap_user_attr_additionalname=description > > ldap_user_attr_fax=facsimileTelephoneNumber > > ldap_user_attr_zip=postalCode > > ldap_user_attr_country=ru > > ldap_user_attr_town=l > > ldap_user_attr_phone=telephoneNumber > > ldap_use_lower_case=false > > > > logon window says: Invalid password > > debug says: > > DEBUG 07-01 12:20:38.820 LdapLoginManagement.java 7614383 171 > org.apache.openmeetings.ldap.LdapLoginManagement > [http-nio-0.0.0.0-5080-exec-1] - LdapLoginmanagement.doLdapLogin > > ERROR 07-01 12:20:38.921 LdapLoginManagement.java 7614484 376 > org.apache.openmeetings.ldap.LdapLoginManagement > [http-nio-0.0.0.0-5080-exec-1] - Not authenticated. > > org.apache.directory.api.ldap.model.exception.LdapAuthenticationException: > 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, > data 52e, v1db1 > > > > Im 100% sure, password is correct. > > > > Can you help me? > > > > WBR > ------------------------------ > > Это электронное сообщение и любые документы, приложенные к нему, содержат > конфиденциальную информацию и предназначены исключительно для использования > сотрудниками компании, физическим или юридическим лицом, которому они > адресованы. Уведомляем Вас о том, что если это сообщение не предназначено > Вам, использование, копирование, распространение информации, содержащейся в > настоящем сообщении, а также осуществление любых действий на основе этой > информации, не допускается. Если вы получили это электронное сообщение по > ошибке, пожалуйста, свяжитесь с отправителем и удалите электронное > сообщение и любые файлы, передаваемые с ним, с компьютера незамедлительно. > Спасибо. > > > > > > -- > > WBR > Maxim aka solomax > -- WBR Maxim aka solomax
