ldap config

[Orm Finnendahl <or...@selma.hfmdk-frankfurt.de>]

Hi,

 we successfully installed openmeetings on our server but have some
issues regarding integration with our ldap authentication server.

LDAP:

1. The location of the file om_ldap.cfg is unclear:

   The example file is located in

   /opt/open503/webapps/openmeetings/data/conf/

   but the online documentation states it should be in

   /opt/open503/webapps/openmeetings/conf/

   What is the right location?

2. The config file says:

   #ConfigKey 'ldap_config_path' must be set in DataBase Configuration
   # of OM and point to this file

   I can't find that entry anywhere. Can someone help?

3. What has to be filled in the ldap_admin_dn? We tried the following
   which uses a new created user in our ldap (without heightened
   privileges):

   ldap_admin_dn=cn=openmeetings,dc=selma,dc=hfmdk-frankfurt,dc=de

   ldap_passwd=<secret-passwd-omitted>

4. What has to be put into the Web Form at Administration/LDAP? I made
   an entry and entered "openmeetings" as Name, enabled it and called
   the config file name "om_ldap.cfg", saved it and hit reload. I can
   still see no users when trying to invite participants or log in
   with any of our ldap users.

5. Are there any logs to check in order to determine what goes wrong?

Re: inconsistencies between browsers/OSs

[Orm Finnendahl <or...@selma.hfmdk-frankfurt.de>]

Hi,

Am Donnerstag, den 02. April 2020 um 21:23:16 Uhr (+0200) schrieb YUP:
> Hi, it could be a problem of UDP ports. Can you check whether UDP
> ports are open or close in your firewall?

For the turnserver we have this:

ACCEPT     udp  --  anywhere             anywhere             udp spts:49152:65535 dpts:49152:65535
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:3478
ACCEPT     udp  --  anywhere             anywhere             udp dpt:3478
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:5349
ACCEPT     udp  --  anywhere             anywhere             udp dpt:5349

In our turnserver.conf the default min-port=49152 and max-port=65535
settings were commented out. I removed the comment signs and restarted
coturn. I'll report back if that changes anything.

If it doesn't work on connected users, sometimes it helps to retry a
couple of times (exiting the room and reentering). We also found out
that recent versions of firefox seem to work better. There seem to be
error messages in the browser console if it does't work. I will try to
track them down and report back.

In the meantime I'll follow Maxim's advice to install the last
snapshot. It's good to know that it works on other machines!

--
Orm

Re: inconsistencies between browsers/OSs

[Maxim Solodovnik <so...@gmail.com>]

I'm testing OM on Linux (all the time)
Linux <-> Windows (occasionally)
Windows <-> Windows (occasionally)
OSX - very rarely (I don't have one and it is hard to get access)

We have this bug report
https://issues.apache.org/jira/browse/OPENMEETINGS-2189
I have in plans to investigate it

I would appreciate if you can test latest SNAPSHOT
And report back if works better :))

On Fri, 3 Apr 2020 at 02:23, YUP <yu...@gmail.com> wrote:

> Hi, it could be a problem of UDP ports. Can you check whether UDP
> ports are open or close in your firewall?
> Regards,
> Yarema
>
> On Thu, Apr 2, 2020 at 9:10 PM Orm Finnendahl
> <or...@selma.hfmdk-frankfurt.de> wrote:
> >
> > Hi,
> >
> >  finally our OM server is working with https behind the firewall and
> > NAT, ldap ist working too and we were able to succefully establish a
> > stable conference between two linux boxes running firefox with
> > audio/video (yey!).
> >
> > om is really amazing work, thanks to everyone, who contributed!
> >
> > Unfortunately we get varying success regarding audio/video with other
> > OS/browser combinations: On OSX it seems to work with firefox but with
> > Safari audio/video works locally, but the remote linux user is
> > invisible/inaudible for the OSX user. With other OSX users and on a
> > Windows/Firefox <-> Linux/Firefox combination, video and audio of the
> > other side isn't working on both machines, etc...
> >
> > Is this a known issue? I searched the ML archives and the Web and
> > couldn't find relevant information. Are there any recommendations how
> > to troubleshoot the problems?
> >
> > It seems quite inconsistent and I don't know yet whether it's a setup
> > problem on the user's/administrator's side. All participants of two
> > part conferences state that they see their own audio/video and see the
> > empty video frame of the other participant whitout hearing anything
> > although seeing the green button of the other participant flash.
> >
> > We are using 5.0.0-M3, Revision b739f87
> >
> > --
> > Orm
>


-- 
Best regards,
Maxim

Re: inconsistencies between browsers/OSs

[YUP <yu...@gmail.com>]

Hi, it could be a problem of UDP ports. Can you check whether UDP
ports are open or close in your firewall?
Regards,
Yarema

On Thu, Apr 2, 2020 at 9:10 PM Orm Finnendahl
<or...@selma.hfmdk-frankfurt.de> wrote:
>
> Hi,
>
>  finally our OM server is working with https behind the firewall and
> NAT, ldap ist working too and we were able to succefully establish a
> stable conference between two linux boxes running firefox with
> audio/video (yey!).
>
> om is really amazing work, thanks to everyone, who contributed!
>
> Unfortunately we get varying success regarding audio/video with other
> OS/browser combinations: On OSX it seems to work with firefox but with
> Safari audio/video works locally, but the remote linux user is
> invisible/inaudible for the OSX user. With other OSX users and on a
> Windows/Firefox <-> Linux/Firefox combination, video and audio of the
> other side isn't working on both machines, etc...
>
> Is this a known issue? I searched the ML archives and the Web and
> couldn't find relevant information. Are there any recommendations how
> to troubleshoot the problems?
>
> It seems quite inconsistent and I don't know yet whether it's a setup
> problem on the user's/administrator's side. All participants of two
> part conferences state that they see their own audio/video and see the
> empty video frame of the other participant whitout hearing anything
> although seeing the green button of the other participant flash.
>
> We are using 5.0.0-M3, Revision b739f87
>
> --
> Orm

inconsistencies between browsers/OSs

[Orm Finnendahl <or...@selma.hfmdk-frankfurt.de>]

Hi,

 finally our OM server is working with https behind the firewall and
NAT, ldap ist working too and we were able to succefully establish a
stable conference between two linux boxes running firefox with
audio/video (yey!).

om is really amazing work, thanks to everyone, who contributed!

Unfortunately we get varying success regarding audio/video with other
OS/browser combinations: On OSX it seems to work with firefox but with
Safari audio/video works locally, but the remote linux user is
invisible/inaudible for the OSX user. With other OSX users and on a
Windows/Firefox <-> Linux/Firefox combination, video and audio of the
other side isn't working on both machines, etc...

Is this a known issue? I searched the ML archives and the Web and
couldn't find relevant information. Are there any recommendations how
to troubleshoot the problems?

It seems quite inconsistent and I don't know yet whether it's a setup
problem on the user's/administrator's side. All participants of two
part conferences state that they see their own audio/video and see the
empty video frame of the other participant whitout hearing anything
although seeing the green button of the other participant flash.

We are using 5.0.0-M3, Revision b739f87

--
Orm

Re: ldap config

[Maxim Solodovnik <so...@gmail.com>]

Actually I'm afraid you will need to figure out how to login first

Here is the quote from cmd-admin help (available if you run it without
params)

--------------------------------------------------------------------------------------------------
 -l,--LDAP                           Import LDAP users into DB
   -d,--domain-id <arg>              LDAP domain Id
      --print-only                   (optional) Print users found instead
of importing

so you should run:
./admin.sh -l -d ###

Where ### is DB ID of saved Ldap config with reference to config file

Please search archives https://openmeetings.markmail.org/
And came back here :)



On Mon, 30 Mar 2020 at 03:43, Orm Finnendahl <
orm.finnendahl@selma.hfmdk-frankfurt.de> wrote:

> Hi,
>
> Am Sonntag, den 29. März 2020 um 08:03:33 Uhr (+0700) schrieb Maxim
> Solodovnik:
> > Documentation is updated (will be published with next release)
>
> Thanks (also for your invaluable explanations)!
>
> ldap access for auth still doesn't seem to work, but it's not
> superimportant. Don't bother: We wil keep on trying and figure it out
> sooner or later ;-)
>
> For the moment it'd suffice to importing our entries into the db. For
> this I need to submit the LDAP domain-id to admin.sh. Can someone
> specify what exactly to put in there? I tried all kinds of things and
> couldn't find any example. Our ldapserver reacts to the cli command
> "ldapsearch -x" by printing out all entries and listens on port 389 of
> a local server (address 10.8.0.1).
>
> Best,
> Orm
>


-- 
WBR
Maxim aka solomax

Re: ldap config

[Orm Finnendahl <or...@selma.hfmdk-frankfurt.de>]

Hi,

Am Sonntag, den 29. März 2020 um 08:03:33 Uhr (+0700) schrieb Maxim
Solodovnik:
> Documentation is updated (will be published with next release)

Thanks (also for your invaluable explanations)!

ldap access for auth still doesn't seem to work, but it's not
superimportant. Don't bother: We wil keep on trying and figure it out
sooner or later ;-)

For the moment it'd suffice to importing our entries into the db. For
this I need to submit the LDAP domain-id to admin.sh. Can someone
specify what exactly to put in there? I tried all kinds of things and
couldn't find any example. Our ldapserver reacts to the cli command
"ldapsearch -x" by printing out all entries and listens on port 389 of
a local server (address 10.8.0.1).

Best,
Orm

Re: ldap config

[Maxim Solodovnik <so...@gmail.com>]

Documentation is updated (will be published with next release)

On Sun, 29 Mar 2020 at 07:41, Maxim Solodovnik <so...@gmail.com> wrote:

> Hello,
>
> I assume you are using M3
>
>
> On Sat, 28 Mar 2020 at 23:22, Orm Finnendahl <
> orm.finnendahl@selma.hfmdk-frankfurt.de> wrote:
>
>> Hi,
>>
>>  we successfully installed openmeetings on our server but have some
>> issues regarding integration with our ldap authentication server.
>>
>> LDAP:
>>
>> 1. The location of the file om_ldap.cfg is unclear:
>>
>>    The example file is located in
>>
>>    /opt/open503/webapps/openmeetings/data/conf/
>>
>>    but the online documentation states it should be in
>>
>>    /opt/open503/webapps/openmeetings/conf/
>>
>>    What is the right location?
>>
>
> ***/data/conf is correct
> I'll try to update https://openmeetings.apache.org/LdapAndADS.html
> please fill free to file JIRA:
> https://openmeetings.apache.org/LdapAndADS.html
>
>
>>
>> 2. The config file says:
>>
>>    #ConfigKey 'ldap_config_path' must be set in DataBase Configuration
>>    # of OM and point to this file
>>
>>    I can't find that entry anywhere. Can someone help?
>>
>
> This is really old comment
> I believe it means:
> you have to set the name of the file (with extention) at
> Admin->Ldap->Config file name
> and save :)
>
>
>>
>> 3. What has to be filled in the ldap_admin_dn? We tried the following
>>    which uses a new created user in our ldap (without heightened
>>    privileges):
>>
>>    ldap_admin_dn=cn=openmeetings,dc=selma,dc=hfmdk-frankfurt,dc=de
>>
>>    ldap_passwd=<secret-passwd-omitted>
>>
>
> admin_dn is used to perform user search (ldap_auth_type=SEARCHANDBIND)
>
> (according to my tests it works much stable than SIMPLEBIND)
>
>
>>
>> 4. What has to be put into the Web Form at Administration/LDAP? I made
>>    an entry and entered "openmeetings" as Name, enabled it and called
>>    the config file name "om_ldap.cfg", saved it and hit reload. I can
>>    still see no users when trying to invite participants or log in
>>    with any of our ldap users.
>>
>
> Well,
> I'm afraid it works slightly different
>
> ATM LDAP is used to unify login only (like OAuth: if you will log-in with
> Google account it will not let you to search google users)
> You can use command line admin to import LDAP user into OM DB, this way
> search will work
>
> This can be improved
> But I believe some questions should be answered first:
> 1) is the performance will be enough
> 2) how LDAP and DB results shoul be combined
>
>
>
>>
>> 5. Are there any logs to check in order to determine what goes wrong?
>>
>
> Everything is logged into openmeetings.log :)
>
> --
> WBR
> Maxim aka solomax
>


-- 
WBR
Maxim aka solomax

Re: ldap config

[Maxim Solodovnik <so...@gmail.com>]

Hello,

I assume you are using M3


On Sat, 28 Mar 2020 at 23:22, Orm Finnendahl <
orm.finnendahl@selma.hfmdk-frankfurt.de> wrote:

> Hi,
>
>  we successfully installed openmeetings on our server but have some
> issues regarding integration with our ldap authentication server.
>
> LDAP:
>
> 1. The location of the file om_ldap.cfg is unclear:
>
>    The example file is located in
>
>    /opt/open503/webapps/openmeetings/data/conf/
>
>    but the online documentation states it should be in
>
>    /opt/open503/webapps/openmeetings/conf/
>
>    What is the right location?
>

***/data/conf is correct
I'll try to update https://openmeetings.apache.org/LdapAndADS.html
please fill free to file JIRA:
https://openmeetings.apache.org/LdapAndADS.html


>
> 2. The config file says:
>
>    #ConfigKey 'ldap_config_path' must be set in DataBase Configuration
>    # of OM and point to this file
>
>    I can't find that entry anywhere. Can someone help?
>

This is really old comment
I believe it means:
you have to set the name of the file (with extention) at
Admin->Ldap->Config file name
and save :)


>
> 3. What has to be filled in the ldap_admin_dn? We tried the following
>    which uses a new created user in our ldap (without heightened
>    privileges):
>
>    ldap_admin_dn=cn=openmeetings,dc=selma,dc=hfmdk-frankfurt,dc=de
>
>    ldap_passwd=<secret-passwd-omitted>
>

admin_dn is used to perform user search (ldap_auth_type=SEARCHANDBIND)

(according to my tests it works much stable than SIMPLEBIND)


>
> 4. What has to be put into the Web Form at Administration/LDAP? I made
>    an entry and entered "openmeetings" as Name, enabled it and called
>    the config file name "om_ldap.cfg", saved it and hit reload. I can
>    still see no users when trying to invite participants or log in
>    with any of our ldap users.
>

Well,
I'm afraid it works slightly different

ATM LDAP is used to unify login only (like OAuth: if you will log-in with
Google account it will not let you to search google users)
You can use command line admin to import LDAP user into OM DB, this way
search will work

This can be improved
But I believe some questions should be answered first:
1) is the performance will be enough
2) how LDAP and DB results shoul be combined



>
> 5. Are there any logs to check in order to determine what goes wrong?
>

Everything is logged into openmeetings.log :)

-- 
WBR
Maxim aka solomax