It’s working now, here my config file for those interessted. ldap_conn_host=ldapint1.fadq.qc ldap_conn_port=389 ldap_conn_secure=false ldap_admin_dn=cn=ldapproxy,OU=Comptes de service,OU=Administration,DC=fadq,DC=qc ldap_passwd=******* ldap_search_base=OU=Utilisateurs,DC=fadq,DC=qc ldap_search_query=(userPrincipalName=%s) ldap_search_scope=SUBTREE ldap_auth_type=SEARCHANDBIND ldap_userdn_format=uid=%s,OU=Utilisateurs,DC=fadq,DC=qc ldap_provisionning=AUTOCREATE ldap_deref_mode=always ldap_use_admin_to_get_attrs=true ldap_sync_password_to_om=false ldap_group_mode=NONE ldap_group_query=(&(memberUid=%s)(objectClass=posixGroup)) ldap_user_attr_login=userPrincipalName ldap_user_attr_lastname=sn ldap_user_attr_firstname=givenName ldap_user_attr_mail=mail ldap_user_attr_street=streetAddress ldap_user_attr_additionalname=description ldap_user_attr_fax=facsimileTelephoneNumber ldap_user_attr_zip=postalCode ldap_user_attr_country=co ldap_user_attr_town=l ldap_user_attr_phone=telephoneNumber ldap_group_attr=memberOf ldap_use_lower_case=false ldap_import_query=(objectClass=inetOrgPerson)
De : Maxim Solodovnik [mailto:[email protected]] Envoyé : 3 mai 2017 09:36 À : Openmeetings user-list Objet : Re: problem with LDAP (3.2.2) I doubt ldap_search_query=userPrincipalName is a valid search query for LDAP I can recommend you to set up LDAPExplorer and test all these parameters On Wed, May 3, 2017 at 8:33 PM, Chamberland, Martin <[email protected]<mailto:[email protected]>> wrote: I change for : ldap_userdn_format=uid=%s,OU=Utilisateurs,DC=fadq,DC=qc Error message is now different. ERROR 05-03 09:31:12.920 o.a.o.c.l.LdapLoginManagement:262 [http-nio-0.0.0.0-5080-exec-6] - Unexpected exception. org.apache.directory.api.ldap.model.exception.LdapProtocolErrorException: The filter userPrincipalName is invalid. Caused by: java.text.ParseException: ERR_04155 No '(' at the beginning of the filter Anyone can provide me a exemple file ? De : Maxim Solodovnik [mailto:[email protected]<mailto:[email protected]>] Envoyé : 3 mai 2017 09:29 À : Openmeetings user-list Objet : Re: problem with LDAP (3.2.2) I guess no-one can login to your LDAP using following DN: ldap_userdn_format=uid=%s,OU=Company,DC=medint,DC=local %s will be changed with user provided login Are you sure you need "SIMPLEBIND"? In this mode DN is constructed using pattern provided Maybe you need SEARCHANDBIND so user will be searched using your admin DN and search base? On Wed, May 3, 2017 at 8:18 PM, Chamberland, Martin <[email protected]<mailto:[email protected]>> wrote: There is so much new parameters, i don’t know what to set it ☹ From now, i get : ERROR 05-03 09:16:01.333 o.a.o.c.l.LdapLoginManagement:257 [http-nio-0.0.0.0-5080-exec-10] - Not authenticated. ldap_conn_host=ldapint1.fadq.qc ldap_conn_port=389 ldap_conn_secure=false # Login distinguished name (DN) for Authentication on LDAP Server - keep empty if not required # Use full qualified LDAP DN #ldap_admin_dn=CN=dummy,OU=Company,DC=medint,DC=local ldap_admin_dn=cn=ldap,OU=Comptes de service,OU=Administration,DC=fadq,DC=qc # Loginpass for Authentication on LDAP Server - keep empty if not required ldap_passwd=******** # base to search for userdata(of user, that wants to login) #ldap_search_base=OU=Company,DC=medint,DC=local ldap_search_base=OU=Utilisateurs,DC=fadq,DC=qc # Fieldnames (can differ between Ldap servers) #ldap_search_query=(uid=%s) ldap_search_query=userPrincipalName # the scope of the search might be: OBJECT, ONELEVEL, SUBTREE ldap_search_scope=ONELEVEL # Ldap auth type(NONE, SEARCHANDBIND, SIMPLEBIND) # When using SIMPLEBIND a simple bind is performed on the LDAP server to check user authentication # When using NONE, the Ldap server is not used for authentication ldap_auth_type=SIMPLEBIND # userDN format, will be used to bind if ldap_auth_type=SIMPLEBIND # might be used to get provisionningDn in case ldap_auth_type=NONE ldap_userdn_format=uid=%s,OU=Company,DC=medint,DC=local # Ldap provisioning type(NONE, AUTOCREATE, AUTOUPDATE) ldap_provisionning=AUTOCREATE # Ldap deref mode (never, searching, finding, always) ldap_deref_mode=always # Set this to 'true' if you want to use admin_dn to get user attributes # If any other value is set, user_dn will be used ldap_use_admin_to_get_attrs=true # Ldap-password synchronization to OM DB # Set this to 'true' if you want OM to synchronize the user Ldap-password to OM's internal DB # If you want to disable the feature, set this to any other string. # Defautl value is 'true' #ldap_sync_password_to_om=true ldap_sync_password_to_om=false # Ldap group mode (NONE, ATTRIBUTE, QUERY) # NONE means group associations will be ignored # ATTRIBUTE means group associations will be taken from 'ldap_group_attr' attribute (M$ AD mode) # QUERY means group associations will be taken as a result of 'ldap_group_query' query ldap_group_mode=NONE ldap_group_query=(&(memberUid=%s)(objectClass=posixGroup)) # Ldap user attributes mapping # Set the following internal OM user attributes to their corresponding Ldap-attribute ldap_user_attr_login=uid ldap_user_attr_lastname=sn ldap_user_attr_firstname=givenName ldap_user_attr_mail=mail ldap_user_attr_street=streetAddress ldap_user_attr_additionalname=description ldap_user_attr_fax=facsimileTelephoneNumber ldap_user_attr_zip=postalCode ldap_user_attr_country=co ldap_user_attr_town=l ldap_user_attr_phone=telephoneNumber ldap_group_attr=memberOf # optional, only absolute URLs make sense #ldap_user_picture_uri=picture_uri # optional # the timezone has to match any timezone available in Java, otherwise the timezone defined in the value of # the conf_key "default.timezone" in OpenMeetings "configurations" table #ldap_user_timezone=timezone # Ldap ignore upper/lower case, convert all input to lower case ldap_use_lower_case=false # Ldap import query, this query should retrieve all LDAP users ldap_import_query=(objectClass=inetOrgPerson) De : Maxim Solodovnik [mailto:[email protected]<mailto:[email protected]>] Envoyé : 3 mai 2017 08:53 À : Openmeetings user-list Objet : Re: problem with LDAP (3.2.2) Parameters were updated, there are more of them there is no need to specify DN in "weird" format: OU:Utilisateurs,DC:fadq,DC:qc it should be specified as "normal" DN: OU=Utilisateurs,DC=fadq,DC=qc please grab example config and update it with your credentials On Wed, May 3, 2017 at 7:47 PM, Chamberland, Martin <[email protected]<mailto:[email protected]>> wrote: Exactly, i just copy over network. I was sure parameters are the same, they are not ? De : Maxim Solodovnik [mailto:[email protected]<mailto:[email protected]>] Envoyé : 3 mai 2017 08:46 À : Openmeetings user-list Objet : Re: problem with LDAP (3.2.2) Additionally your config seems to be copied from OM 1.9 or so I would suggest you to take example config and update it line by line with your server, port, password, etc. On Wed, May 3, 2017 at 7:43 PM, Maxim Solodovnik <[email protected]<mailto:[email protected]>> wrote: Thanks for the configuration you have specified ldap_auth_type=SIMPLEBIND but haven't specified ldap_userdn_format=... additionally ldap_admin_dn doesn't look like DN please check example config at [1] and set all required fields [1] https://github.com/apache/openmeetings/blob/3.2.x/openmeetings-web/src/main/webapp/conf/om_ldap.cfg On Wed, May 3, 2017 at 7:38 PM, Chamberland, Martin <[email protected]<mailto:[email protected]>> wrote: We are using AS Windows 2012 By the way, i have already here a Openmeeting 3.0.3 that is connected successfully on the same AD De : Wentao Liu [mailto:[email protected]<mailto:[email protected]>] Envoyé : 3 mai 2017 00:21 À : Chamberland, Martin; '[email protected]<mailto:[email protected]>' Objet : RE: problem with LDAP (3.2.2) Hi Martin, Could you please tell which LDAP server you used? MS AD or OpenLDAP, Apache Directory Server? Since the configuration is a little bit different among different servers.. Good luck! Wentao Sent from Mail<https://go.microsoft.com/fwlink/?LinkId=550986> for Windows 10 From: Chamberland, Martin<mailto:[email protected]> Sent: Wednesday, 3 May 2017 2:06 AM To: '[email protected]'<mailto:[email protected]> Subject: problem with LDAP (3.2.2) Hi, I configure ldap on openmeeting 3.2.2 (snapshot) I think i did it correctly from server side (ldap.cfg file) and from the web interface, but… I always receive this error message : ERROR 05-02 14:02:37.252 o.a.o.c.l.LdapLoginManagement:262 [http-nio-0.0.0.0-5080-exec-9] - Unexpected exception. org.apache.directory.api.ldap.model.exception.LdapInvalidDnException: ERR_04202 A value is missing on some RDN Can you help me where i can look for more information to troubleshoot ? Thank’s in advance. Martin C. -- WBR Maxim aka solomax -- WBR Maxim aka solomax -- WBR Maxim aka solomax -- WBR Maxim aka solomax -- WBR Maxim aka solomax
