I doubt ldap_search_query=userPrincipalName is a valid search query for LDAP
I can recommend you to set up LDAPExplorer and test all these parameters On Wed, May 3, 2017 at 8:33 PM, Chamberland, Martin < [email protected]> wrote: > I change for : ldap_userdn_format=uid=%s,OU=Utilisateurs,DC=fadq,DC=qc > > > > Error message is now different. > > > > ERROR 05-03 09:31:12.920 o.a.o.c.l.LdapLoginManagement:262 > [http-nio-0.0.0.0-5080-exec-6] - Unexpected exception. > > org.apache.directory.api.ldap.model.exception.LdapProtocolErrorException: > The filter userPrincipalName is invalid. > > Caused by: java.text.ParseException: ERR_04155 No '(' at the beginning of > the filter > > > > Anyone can provide me a exemple file ? > > > > > > *De :* Maxim Solodovnik [mailto:[email protected]] > *Envoyé :* 3 mai 2017 09:29 > *À :* Openmeetings user-list > *Objet :* Re: problem with LDAP (3.2.2) > > > > I guess no-one can login to your LDAP using following DN: > > *ldap_userdn_format=uid=%s,OU=Company,DC=medint,DC=local* > > *%s *will be changed with user provided login > > > > Are you sure you need "SIMPLEBIND"? > > In this mode DN is constructed using pattern provided > > > > Maybe you need SEARCHANDBIND so user will be searched using your admin DN > and search base? > > > > On Wed, May 3, 2017 at 8:18 PM, Chamberland, Martin < > [email protected]> wrote: > > There is so much new parameters, i don’t know what to set it L > > > > From now, i get : ERROR 05-03 09:16:01.333 o.a.o.c.l.LdapLoginManagement:257 > [http-nio-0.0.0.0-5080-exec-10] - Not authenticated. > > > > ldap_conn_host=ldapint1.fadq.qc > > ldap_conn_port=389 > > ldap_conn_secure=false > > > > # Login distinguished name (DN) for Authentication on LDAP Server - keep > empty if not required > > # Use full qualified LDAP DN > > #ldap_admin_dn=CN=dummy,OU=Company,DC=medint,DC=local > > ldap_admin_dn=cn=ldap,OU=Comptes de service,OU=Administration,DC= > fadq,DC=qc > > > > # Loginpass for Authentication on LDAP Server - keep empty if not required > > ldap_passwd=******** > > > > # base to search for userdata(of user, that wants to login) > > #ldap_search_base=OU=Company,DC=medint,DC=local > > ldap_search_base=OU=Utilisateurs,DC=fadq,DC=qc > > > > # Fieldnames (can differ between Ldap servers) > > #ldap_search_query=(uid=%s) > > ldap_search_query=userPrincipalName > > > > # the scope of the search might be: OBJECT, ONELEVEL, SUBTREE > > ldap_search_scope=ONELEVEL > > > > # Ldap auth type(NONE, SEARCHANDBIND, SIMPLEBIND) > > # When using SIMPLEBIND a simple bind is performed on the LDAP server to > check user authentication > > # When using NONE, the Ldap server is not used for authentication > > ldap_auth_type=SIMPLEBIND > > > > # userDN format, will be used to bind if ldap_auth_type=SIMPLEBIND > > # might be used to get provisionningDn in case ldap_auth_type=NONE > > *ldap_userdn_format=uid=%s,OU=Company,DC=medint,DC=local* > > > > # Ldap provisioning type(NONE, AUTOCREATE, AUTOUPDATE) > > ldap_provisionning=AUTOCREATE > > > > # Ldap deref mode (never, searching, finding, always) > > ldap_deref_mode=always > > > > # Set this to 'true' if you want to use admin_dn to get user attributes > > # If any other value is set, user_dn will be used > > ldap_use_admin_to_get_attrs=true > > > > # Ldap-password synchronization to OM DB > > # Set this to 'true' if you want OM to synchronize the user Ldap-password > to OM's internal DB > > # If you want to disable the feature, set this to any other string. > > # Defautl value is 'true' > > #ldap_sync_password_to_om=true > > ldap_sync_password_to_om=false > > > > > > # Ldap group mode (NONE, ATTRIBUTE, QUERY) > > # NONE means group associations will be ignored > > # ATTRIBUTE means group associations will be taken from 'ldap_group_attr' > attribute (M$ AD mode) > > # QUERY means group associations will be taken as a result of > 'ldap_group_query' query > > ldap_group_mode=NONE > > > > ldap_group_query=(&(memberUid=%s)(objectClass=posixGroup)) > > > > # Ldap user attributes mapping > > # Set the following internal OM user attributes to their corresponding > Ldap-attribute > > ldap_user_attr_login=uid > > ldap_user_attr_lastname=sn > > ldap_user_attr_firstname=givenName > > ldap_user_attr_mail=mail > > ldap_user_attr_street=streetAddress > > ldap_user_attr_additionalname=description > > ldap_user_attr_fax=facsimileTelephoneNumber > > ldap_user_attr_zip=postalCode > > ldap_user_attr_country=co > > ldap_user_attr_town=l > > ldap_user_attr_phone=telephoneNumber > > ldap_group_attr=memberOf > > > > # optional, only absolute URLs make sense > > #ldap_user_picture_uri=picture_uri > > > > # optional > > # the timezone has to match any timezone available in Java, otherwise the > timezone defined in the value of > > # the conf_key "default.timezone" in OpenMeetings "configurations" table > > #ldap_user_timezone=timezone > > > > # Ldap ignore upper/lower case, convert all input to lower case > > ldap_use_lower_case=false > > > > # Ldap import query, this query should retrieve all LDAP users > > ldap_import_query=(objectClass=inetOrgPerson) > > > > *De :* Maxim Solodovnik [mailto:[email protected]] > *Envoyé :* 3 mai 2017 08:53 > *À :* Openmeetings user-list > *Objet :* Re: problem with LDAP (3.2.2) > > > > Parameters were updated, > > there are more of them > > there is no need to specify DN in "weird" format: > > OU:Utilisateurs,DC:fadq,DC:qc > > it should be specified as "normal" DN: > > OU=Utilisateurs,DC=fadq,DC=qc > > > > please grab example config and update it with your credentials > > > > > > On Wed, May 3, 2017 at 7:47 PM, Chamberland, Martin < > [email protected]> wrote: > > Exactly, i just copy over network. > > I was sure parameters are the same, they are not ? > > > > *De :* Maxim Solodovnik [mailto:[email protected]] > *Envoyé :* 3 mai 2017 08:46 > *À :* Openmeetings user-list > *Objet :* Re: problem with LDAP (3.2.2) > > > > Additionally your config seems to be copied from OM 1.9 or so > > I would suggest you to take example config and update it line by line with > your server, port, password, etc. > > > > On Wed, May 3, 2017 at 7:43 PM, Maxim Solodovnik <[email protected]> > wrote: > > Thanks for the configuration > > > > you have specified > > ldap_auth_type=SIMPLEBIND > > > > but haven't specified > > ldap_userdn_format=... > > > > additionally ldap_admin_dn doesn't look like DN > > > > please check example config at [1] > > and set all required fields > > > > [1] https://github.com/apache/openmeetings/blob/3.2.x/ > openmeetings-web/src/main/webapp/conf/om_ldap.cfg > > > > On Wed, May 3, 2017 at 7:38 PM, Chamberland, Martin < > [email protected]> wrote: > > We are using AS Windows 2012 > > > > By the way, i have already here a Openmeeting 3.0.3 that is connected > successfully on the same AD > > > > *De :* Wentao Liu [mailto:[email protected]] > *Envoyé :* 3 mai 2017 00:21 > *À :* Chamberland, Martin; '[email protected]' > *Objet :* RE: problem with LDAP (3.2.2) > > > > Hi Martin, > > > > Could you please tell which LDAP server you used? MS AD or OpenLDAP, > Apache Directory Server? > > Since the configuration is a little bit different among different servers.. > > > > Good luck! > > Wentao > > > > Sent from Mail <https://go.microsoft.com/fwlink/?LinkId=550986> for > Windows 10 > > > > *From: *Chamberland, Martin <[email protected]> > *Sent: *Wednesday, 3 May 2017 2:06 AM > *To: *'[email protected]' <[email protected]> > *Subject: *problem with LDAP (3.2.2) > > > > Hi, > > > > I configure ldap on openmeeting 3.2.2 (snapshot) > > > > I think i did it correctly from server side (ldap.cfg file) and from the > web interface, but… > > I always receive this error message : > > > > ERROR 05-02 14:02:37.252 o.a.o.c.l.LdapLoginManagement:262 > [http-nio-0.0.0.0-5080-exec-9] - Unexpected exception. > > org.apache.directory.api.ldap.model.exception.LdapInvalidDnException: > ERR_04202 A value is missing on some RDN > > > > Can you help me where i can look for more information to troubleshoot ? > > > > Thank’s in advance. > > > > Martin C. > > > > > > > > > > > > > > -- > > WBR > Maxim aka solomax > > > > > > -- > > WBR > Maxim aka solomax > > > > > > -- > > WBR > Maxim aka solomax > > > > > > -- > > WBR > Maxim aka solomax > -- WBR Maxim aka solomax
