On Wed, 15 Apr 2020 at 20:12, Stephen COTTHAM < stephen.cott...@robertbird.com.au> wrote:
> Thanks Gerald, > > > > Ive tried as suggested by using SAM and the UPN, even tried injecting the > domain portion after the @ with the domain and email namespace, both result > in the - No users was found: > > > > Looking at the logs as they are we see this: > > > > DEBUG 04-15 12:51:52.393 o.a.o.d.d.u.UserDao:626 [nio-5443-exec-7] - No > users was found: stephen.cottham > > DEBUG 04-15 12:51:52.393 o.a.o.c.l.LdapLoginManager:201 [nio-5443-exec-7] > - getByLogin:: authenticated ? false, login = 'stephen.cottham', domain = > 1, user = null > > ERROR 04-15 12:51:52.394 o.a.o.c.l.LdapLoginManager:338 [nio-5443-exec-7] > - LDAP entry is null, search or lookup by Dn failed > According to your config You have ldap_userdn_format='sAMAccountName=%s,OU=Users,OU=London,OU=UK,OU=Company,DC=domain,DC=local' According to the log login is `stephen.cottham` So Om tries to authenticate using "sAMAccountName=stephen.cottham,OU=Users,OU=London,OU=UK,OU=Company,DC=domain,DC=local" And unable to find such DN can you confirm LDAP explorer able to find such user? > > > The last line, is it saying the variable is NULL as it returned no results > from the bind *OR* is it saying the initial bind was not successful and > therefore the variable is null? (this distinguishes if it’s the DN of the > lookup user vs. getting the expected format correct) > > > > Sorry I think I missed the debug option, can you please relink that here > and I’ll see what else I can find out. > > > > Also to confirm, the config file is escaping out the spaces? > > > > For example: > > > > ldap_admin_dn='CN=Adm some user with spaces,OU=London,OU=Administrative > Users,OU=RBG,OU=Rights Delegation,DC=domain,DC=local' > > > > Assume we don’t need to put the ‘ ‘ after the =’cn…. ? (just ruling this > out as a cause) > > > > Best regards > > > > Stephen > > > > > > *From:* Rohrbach, Gerald <g.rohrb...@funkegruppe.de> > *Sent:* 15 April 2020 13:41 > *To:* user@openmeetings.apache.org > *Subject:* AW: Ldap with Microsoft Active Directory > > > > Stephen, depends on your AD and how users login. > > For us this worked > > ldap_search_query=(userPrincipalName=%s) > > > > Go under AD, pik one user account, properties, Attribute Editor. This > shows all. > > ( > > Probably under view you need to switch on advanced features! > > > > Gerald > > > > > > *Von:* Stephen COTTHAM [mailto:stephen.cott...@robertbird.com.au > <stephen.cott...@robertbird.com.au>] > *Gesendet:* Mittwoch, 15. April 2020 14:22 > *An:* user@openmeetings.apache.org > *Betreff:* Ldap with Microsoft Active Directory > > > > Hey Guys, > > > > *I am in the same situation as Mathias ldap issue below.* > > > > *My Config:* > > > > ldap_conn_host=DC > > ldap_conn_port=389 > > ldap_conn_secure=false > > ldap_admin_dn='CN=Adm some user,OU=London,OU=Administrative > Users,OU=RBG,OU=Rights Delegation,DC=domain,DC=local' > > ldap_passwd='******' > > ldap_search_base='OU=Company,DC=domain,DC=local' > > ldap_search_query=(sAMAccountName=%s) > > ldap_search_scope=ONELEVEL > > ldap_auth_type=SIMPLEBIND > > > ldap_userdn_format='sAMAccountName=%s,OU=Users,OU=London,OU=UK,OU=Company,DC=domain,DC=local' > > ldap_provisionning=AUTOCREATE > > ldap_deref_mode=always > > ldap_use_admin_to_get_attrs=true > > ldap_sync_password_to_om=true > > ldap_group_mode=NONE > > ldap_group_query=(&(memberUid=%s)(objectClass=posixGroup)) > > ldap_user_attr_login=sAMAccountName > > ldap_user_attr_lastname=sn > > ldap_user_attr_firstname=givenName > > ldap_user_attr_mail=mail > > ldap_user_attr_street=streetAddress > > ldap_user_attr_additionalname=description > > ldap_user_attr_fax=facsimileTelephoneNumber > > ldap_user_attr_zip=postalCode > > ldap_user_attr_country=co > > ldap_user_attr_town=l > > ldap_user_attr_phone=telephoneNumber > > ldap_group_attr=memberOf > > ldap_use_lower_case=false > > ldap_import_query=(objectClass=inetOrgPerson) > > > > Always returns: > > > > *No users was found:* > > > > Checked with ldapsearch and I can retrieve them fine, other systems that > use LDAP from Linux such as Apache Guacamole and Next Cloud both have > working AD integration using the same values I set there. > > > > Is there a way to get a better debug logs from open Meetings? About what > it is sending to the DC? The initial bind status, error code from the DC > etc.. > > > > I rem in old versions of OM we could run it in debug mode to stdout? > > > > Otherwise is there anything obviously I’m missing here? > > > > Best regards > > > > Stephen > > > > > > > > > > *From:* Mathias Kocks <ko...@labmed.de> > *Sent:* 15 April 2020 13:06 > *To:* user@openmeetings.apache.org > *Subject:* [Possible Untrusted Sender] Can not use LDAP-Sync with > Microsoft Active Directory > > > > Hello, > > i am new to this project and a have a problem with the LDAP-Sync. I even > can not find any good documentations... > > > > My problem is, that slapd does not find any user in my AD. I am not even > shure, if it is searching for real. I found in the mailing list archive > some example configs, but they does not work for me. > > I found this one: > > > > #LDAP URL > > ldap_conn_host=LDAP_server.Company.com > > ldap_conn_port=636 > > ldap_conn_secure=true > > > > # Login distinguished name (DN) for Authentication on LDAP Server > > # Use full qualified LDAP DN > > ldap_admin_dn=CN=ldapauth,OU=Users,DC=Company,DC=com > > > > # Loginpass for Authentication on LDAP Server > > ldap_passwd=ldapauthpasswd > > > > # base to search for userdata(of user, that wants to login) > > ldap_search_base=OU=Users,DC=Company,DC=com > > #ldap_search_base=DC=Company,DC=com > > > > # Fieldnames (can differ between Ldap servers) > > > ldap_search_query=(&(objectCategory=person)(objectClass=person)(sAMAccountName=%1$s)) > > #ldap_search_query=(sAMAccountName=%s) > > #ldap_search_query=(CN=%s) > > > > # the scope of the search might be: OBJECT, ONELEVEL, SUBTREE > > ldap_search_scope=SUBTREE > > > > # Ldap auth type(NONE, SEARCHANDBIND, SIMPLEBIND) > > ldap_auth_type=SEARCHANDBIND > > > > # userDN format, will be used to bind if ldap_auth_type=SIMPLEBIND > > ldap_userdn_format=sAMAccountName=%s,OU=Users,DC=beuth-hochschule.de > ,DC=com > > #ldap_userdn_format=sAMAccountName=%s,DC=Company,DC=com > > #ldap_userdn_format=CN=%s,OU=Users,DC=Company,DC=com > > #ldap_userdn_format=CN=%s,DC=Company,DC=com > > > > # Ldap-password synchronization to OM DB > > ldap_sync_password_to_om=false > > > > # Ldap user attributes mapping > > # Set the following internal OM user attributes to their corresponding > > Ldap-attribute > > ldap_user_attr_lastname=sn > > > > But even after i changed it to my AD and tried several changes, no users > were found. > > > > My actual config: > > > > ldap_server_type=AD > > ldap_conn_host=dc2.labmed.de > > ldap_conn_port=389 > > ldap_conn_secure=false > > ldap_admin_dn=CN=Administrator,CN=Users,DC=labmed,DC=de > > ldap_passwd=SuperSecretPassword > > ldap_search_base=OU=labmed,DC=labmed,DC=de > > #ldap_search_query=(&(objectCategory=*)(objectClass=*)(sAMAccountName=%s)) > > ldap_search_query=(sAMAccountName=%s) > > ldap_search_scope= SUBTREE > > ldap_auth_type=SEARCHANDBIND > > ldap_deref_mode=never > > ldap_userdn_format=sAMAccountName=%s,DC=labmed,DC=de > > ldap_provisionning=NONE > > ldap_use_admin_to_get_attrs=true > > ldap_sync_password_to_om=false > > ldap_sync_attr_lastname=sn > > ldap_user_attr_firstname=givenName > > ldap_user_attr_mail=mail > > ldap_user_attr_street=streetAddress > > ldap_user_attr_additionalname=description > > ldap_user_attr_fax=facsimileTelephoneNumber > > ldap_user_attr_zip=postalCode > > ldap_user_attr_country=co > > ldap_user_attr_town=l > > ldap_user_attr_phone=telephoneNumber > > ldap_use_lower_case=false > > > > > > It is the second day by now were i am bursting by happyness.... > > > > > > > > Mit freundlichen Grüßen > > > > *Mathias Kocks* > > *Teamleitung IT-Infrastruktur* > > *Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)* > > > > Überörtliche Berufsausübungsgemeinschaft > > *Medizinisches Versorgungszentrum* > > *Dr. Eberhard & Partner Dortmund* > > MVZ-Haus 3: Balkenstr. 12-14 > > 44137 Dortmund, Germany > > > > Tel.: +49 231 9572 7158 > > Fax.: +49 231 9572 18 159 > > E-Mail: ko...@labmed.de > > Web: https://www.labmed.de > <https://urldefense.com/v3/__https:/www.labmed.de/__;!!Bv4Xkg!z5sh0C1R9gGjNPTiHdemYSPR49XGTx-AmD4F8_dWPIXAw6SpTR3u5VSZWX8_PwBU1whiqaubSw$> > > > -- Best regards, Maxim