You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@openmeetings.apache.org by Thirumal Karra <tk...@deepsea-tech.com> on 2015/09/23 17:20:10 UTC
RE: [HELP NEEDED] LDAP import AD groups
I am trying to setup LDAP but it didn't work. Please look at the log below
DEBUG 09-23 10:10:58.266 o.a.o.l.LdapLoginManagement:168 [http-nio-0.0.0.0-5080-exec-7] - LdapLoginmanagement.doLdapLogin
WARN 09-23 10:10:58.300 o.a.o.l.LdapLoginManagement:287 [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
WARN 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:287 [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
WARN 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:287 [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
ERROR 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:292 [http-nio-0.0.0.0-5080-exec-7] - NONE users found in LDAP
DEBUG 09-23 10:10:58.303 o.a.w.u.c.CookieUtils:273 [http-nio-0.0.0.0-5080-exec-7] - Unable to find Cookie with name=LoggedIn and request URI=signin?0-1.IBehaviorListener.2-signin
DEBUG 09-23 10:10:58.305 o.a.w.Localizer:378 [http-nio-0.0.0.0-5080-exec-7] - Property found in cache: '336'; Component: 'null'; value: 'Invalid password'
DEBUG 09-23 10:10:58.305 o.a.w.f.FeedbackMessages:69 [http-nio-0.0.0.0-5080-exec-7] - Adding feedback message '[FeedbackMessage message = "Invalid password", reporter = signin, level = ERROR]'
DEBUG 09-23 10:10:58.305 o.a.w.u.c.CookieUtils:273 [http-nio-0.0.0.0-5080-exec-7] - Unable to find Cookie with name=LoggedIn and request URI=signin?0-1.IBehaviorListener.2-signin
DEBUG 09-23 10:10:58.307 o.a.wicket.Page:871 [http-nio-0.0.0.0-5080-exec-7] - ending request for page [Page class = org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count = 1], request org.apache.wicket.protocol.http.servlet.ServletWebRequest@3a57191c
DEBUG 09-23 10:10:58.307 o.a.wicket.Page:871 [http-nio-0.0.0.0-5080-exec-7] - ending request for page [Page class = org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count = 1], request org.apache.wicket.protocol.http.servlet.ServletWebRequest@3a57191c
DEBUG 09-23 10:10:58.307 o.a.wicket.Page:871 [http-nio-0.0.0.0-5080-exec-7] - ending request for page [Page class = org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count = 1], request org.apache.wicket.protocol.http.servlet.ServletWebRequest@3a57191c
DEBUG 09-23 10:10:58.328 o.a.w.p.AsynchronousDataStore$PageSavingRunnable:354 [Wicket-PageSavingThread] - Saving asynchronously: Entry [sessionId=AEA1852D7D73CB3264F353796A510FCE, pageId=0]...
DEBUG 09-23 10:10:58.328 o.a.w.p.DiskDataStore:186 [Wicket-PageSavingThread] - Storing data for page with id '0' in session with id 'AEA1852D7D73CB3264F353796A510FCE'
DEBUG 09-23 10:10:58.329 o.a.w.p.PageAccessSynchronizer:207 [http-nio-0.0.0.0-5080-exec-7] - 'http-nio-0.0.0.0-5080-exec-7' released lock to page with id '0'
Best Regards
Thirumal
From: Maxim Solodovnik [mailto:solomax666@gmail.com]
Sent: Monday, August 10, 2015 10:24 AM
To: Openmeetings user-list <us...@openmeetings.apache.org>
Subject: Re: [HELP NEEDED] LDAP import AD groups
this query will return user DN, NOT groups
On Mon, Aug 10, 2015 at 9:10 PM, Wild, Rodney <ro...@cybastevens.com>> wrote:
ldap_search_query=(sAMAccountName=%s)
windows Account name according to this.
Rodney Wild | IT Support
From: Maxim Solodovnik [mailto:solomax666@gmail.com<ma...@gmail.com>]
Sent: Monday, August 10, 2015 12:52 AM
To: Openmeetings user-list
Subject: Re: [HELP NEEDED] LDAP import AD groups
And what is the AD query to get user groups by UID?
On Mon, Aug 10, 2015 at 12:25 PM, Dominic Prakash <do...@sps.co.in>> wrote:
This config works for me in M$ AD.
ldap_conn_host=123.456.789.123
ldap_conn_port=389
ldap_conn_secure=false
ldap_admin_dn=CN=ldapuser,OU=Software,OU=Unit-2,DC=sample,DC=co,DC=in
ldap_passwd=passwordhere
ldap_search_base=DC=sample,DC=co,DC=in
ldap_search_query=(sAMAccountName=%s)
ldap_search_scope=SUBTREE
ldap_auth_type=SEARCHANDBIND
ldap_userdn_format=sAMAccountName=%s,DC=sample,DC=co,DC=in
ldap_provisionning=AUTOCREATE
ldap_deref_mode=always
ldap_use_admin_to_get_attrs=true
ldap_sync_password_to_om=true
ldap_user_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=streetAddress
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=co
ldap_user_attr_town=l
ldap_user_attr_phone=telephoneNumber
ldap_user_picture_uri=profile.jpg
ldap_use_lower_case=false
Best Regards
Dominic
From: Maxim Solodovnik [mailto:solomax666@gmail.com<ma...@gmail.com>]
Sent: 05 August 2015 19:52
To: Openmeetings user-list
Subject: Re: [HELP NEEDED] LDAP import AD groups
I need someone who can fix this query for M$ AD :(
Or someone who can give me search only test access to AD
WBR, Maxim
(from mobile, sorry for the typos)
On Aug 5, 2015 20:18, "Michael Wuttke" <mi...@beuth-hochschule.de>> wrote:
Hello Maxim,
sorry but we use M$ AD and it returns nothing or only errors with this query. ;-(
Greetings,
Michael
Am 05.08.2015 um 15:18 schrieb Maxim Solodovnik:
Hello Michael,
Thanks for your reply
I need query to get all groups of user with some uid.
so I get uid for for the user: for ex. "solomax"
I need to get all groups this user is part of.
On my test LDAP server this query:
(&(memberUid=test1)(objectClass=posixGroup)) returns DNs of all groups
for given UID
On Wed, Aug 5, 2015 at 7:11 PM, Michael Wuttke
<mi...@beuth-hochschule.de>
<ma...@beuth-hochschule.de>>> wrote:
Hello Maxim,
I don't know how to use the ldap_search for your query.
But we use owncloud. Here are our LDAP queries we use for owncloud:
the ldap query for users:
(&(|(objectclass=person))
(|(|(memberof=CN=Owncloud-admins,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz0))
(|(memberof=CN=Students,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz1))
(|(memberof=CN=Employee,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz2))
(|(memberof=CN=Academics,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz3))
))
the ldap query for login attributes:
(&(&(|(objectclass=person))
(|(|(memberof=CN=Owncloud-admins,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz0))
(|(memberof=CN=Students,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz1))
(|(memberof=CN=Employee,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz2))
(|(memberof=CN=Academics,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz03))
(|(sAMAccountName=%uid)))
and the ldap query for groups:
(&(|(objectclass=group))(|(cn=Employee)(cn=Students)(cn=Owncloud-admins)(cn=Academics)))
Here is the docu how to configure ldap auth:
https://doc.owncloud.org/server/8.1/admin_manual/configuration_user/user_auth_ldap.html
and the cowncloud code repo the ldap auth app:
https://github.com/owncloud/core/tree/master/apps/user_ldap
Maybe it helps you?
Thanks & Greetings,
Michael
Am 05.08.2015 um 14:29 schrieb Maxim Solodovnik:
ups, sorry wrong keyboard :(((
---- Can anyone with access to AD check if this query works in
AD, and
сщккусе ше ащк ФВ ша тще,
++++ Can anyone with access to AD check if this query works in
AD, and
correct it for AD if not,
On Wed, Aug 5, 2015 at 6:28 PM, Maxim Solodovnik
<so...@gmail.com> <ma...@gmail.com>>
<ma...@gmail.com> <ma...@gmail.com>>>> wrote:
Hello All,
I'm currently trying to implement
https://issues.apache.org/jira/browse/OPENMEETINGS-1214
I was able to find query to get all groups in LDAP:
The following query seems to be able to list all groups for
the user
with "uid == test1":
(&(memberUid=test1)(objectClass=posixGroup))
Can anyone with access to AD check if this query works in
AD, and
сщккусе ше ащк ФВ ша тще,
Thanks in advance!
--
WBR
Maxim aka solomax
--
WBR
Maxim aka solomax
--
Vielen Dank & mit freundlichen Gru?en,
Michael Wuttke
Administration des Lern-Management-Systems
Beuth Hochschule Berlin - Hochschulrechenzentrum
Luxemburger Str. 10
13353 Berlin
Tel: +49 (0)30 45 04 2004
Haus Bauwesen; Raum: D 225a
E-Mail: michael.wuttke@beuth-hochschule.de<ma...@beuth-hochschule.de>
News: https://lms.beuth-hochschule.de/rss
--
WBR
Maxim aka solomax
--
WBR
Maxim aka solomax
Re: [HELP NEEDED] LDAP import AD groups
Posted by Maxim Solodovnik <so...@gmail.com>.
great!
On Wed, Sep 23, 2015 at 10:17 PM, Thirumal Karra <tk...@deepsea-tech.com>
wrote:
> ldap_search_query=(*userPrincipalName*=%s) worked for me.
>
>
>
> Here’s the correct configuration.
>
> ldap_conn_host=IP Address
> ldap_conn_port=389
> ldap_conn_secure=false
>
> # Login distinguished name (DN) for Authentication on LDAP Server - keep
> empty if not required
> # Use full qualified LDAP DN
> ldap_admin_dn=CN=Firstname Lastname,CN=Users,DC=DOMAIN,DC=com
>
> # Loginpass for Authentication on LDAP Server - keep empty if not required
> ldap_passwd=Password
>
> # base to search for userdata(of user, that wants to login)
> ldap_search_base=DC=DOMAIN,DC=com
>
> # Fieldnames (can differ between Ldap servers)
> ldap_search_query=(*userPrincipalName*=%s)
>
> # the scope of the search might be: OBJECT, ONELEVEL, SUBTREE
> ldap_search_scope=SUBTREE
>
> # Ldap auth type(NONE, SEARCHANDBIND, SIMPLEBIND)
> # When using SIMPLEBIND a simple bind is performed on the LDAP server to
> check user authentication
> # When using NONE, the Ldap server is not used for authentication
> ldap_auth_type=SEARCHANDBIND
>
> # userDN format, will be used to bind if ldap_auth_type=SIMPLEBIND
> # might be used to get provisionningDn in case ldap_auth_type=NONE
> #ldap_userdn_format=sAMAccountName=%s,DC=DOMAIN,DC=com
>
> # Ldap provisioning type(NONE, AUTOCREATE, AUTOUPDATE)
> ldap_provisionning=AUTOCREATE
>
> # Ldap deref mode (never, searching, finding, always)
> ldap_deref_mode=always
>
> # Set this to 'true' if you want to use admin_dn to get user attributes
> # If any other value is set, user_dn will be used
> ldap_use_admin_to_get_attrs=true
>
> # Ldap-password synchronization to OM DB
> # Set this to 'true' if you want OM to synchronize the user Ldap-password
> to OM's internal DB
> # If you want to disable the feature, set this to any other string.
> # Defautl value is 'true'
> ldap_sync_password_to_om=true
>
> # Ldap user attributes mapping
> # Set the following internal OM user attributes to their corresponding
> Ldap-attribute
> ldap_user_attr_lastname=sn
> ldap_user_attr_firstname=givenName
> ldap_user_attr_mail=mail
> ldap_user_attr_street=streetAddress
> ldap_user_attr_additionalname=description
> ldap_user_attr_fax=facsimileTelephoneNumber
> ldap_user_attr_zip=postalCode
> ldap_user_attr_country=co
> ldap_user_attr_town=l
> ldap_user_attr_phone=telephoneNumber
>
> # optional, only absolute URLs make sense
> #ldap_user_picture_uri=profile.jpg
>
> # optional
> # the timezone has to match any timezone available in Java, otherwise the
> timezone defined in the value of
> # the conf_key "default.timezone" in OpenMeetings "configurations" table
> #ldap_user_timezone=timezone
>
> # Ldap ignore upper/lower case, convert all input to lower case
> ldap_use_lower_case=false
>
>
>
> Best Regards
>
> Thirumal
>
>
>
>
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* Wednesday, September 23, 2015 10:54 AM
>
> *To:* Openmeetings user-list <us...@openmeetings.apache.org>
> *Subject:* Re: [HELP NEEDED] LDAP import AD groups
>
>
>
> Config is OK
>
> according to the log 3 referral entries were fond, but skipped:
>
> WARN 09-23 10:10:58.300 o.a.o.l.LdapLoginManagement:287
> [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
> WARN 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:287
> [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
> WARN 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:287
> [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
>
>
>
> not sure why :(
>
> Unfortunately I'm not very good in LDAP, and nor sure what referral
> entries are ... and why they are not "dereferred"
>
> I'll try to check the code
>
>
>
> ldap_deref_mode=always
>
>
>
>
>
>
>
> On Wed, Sep 23, 2015 at 9:35 PM, Thirumal Karra <tk...@deepsea-tech.com>
> wrote:
>
> Here's the configuration
>
>
>
> ldap_conn_host=IP Address
> ldap_conn_port=389
> ldap_conn_secure=false
>
> # Login distinguished name (DN) for Authentication on LDAP Server - keep
> empty if not required
> # Use full qualified LDAP DN
> ldap_admin_dn=CN=Firstname Lastname,CN=Users,DC=DOMAIN,DC=com
>
> # Loginpass for Authentication on LDAP Server - keep empty if not required
> ldap_passwd=Password
>
> # base to search for userdata(of user, that wants to login)
> ldap_search_base=DC=DOMAIN,DC=com
>
> # Fieldnames (can differ between Ldap servers)
> ldap_search_query=(sAMAccountName=%s)
>
> # the scope of the search might be: OBJECT, ONELEVEL, SUBTREE
> ldap_search_scope=SUBTREE
>
> # Ldap auth type(NONE, SEARCHANDBIND, SIMPLEBIND)
> # When using SIMPLEBIND a simple bind is performed on the LDAP server to
> check user authentication
> # When using NONE, the Ldap server is not used for authentication
> ldap_auth_type=SEARCHANDBIND
>
> # userDN format, will be used to bind if ldap_auth_type=SIMPLEBIND
> # might be used to get provisionningDn in case ldap_auth_type=NONE
> ldap_userdn_format=sAMAccountName=%s,DC=DOMAIN,DC=com
>
> # Ldap provisioning type(NONE, AUTOCREATE, AUTOUPDATE)
> ldap_provisionning=AUTOCREATE
>
> # Ldap deref mode (never, searching, finding, always)
> ldap_deref_mode=always
>
> # Set this to 'true' if you want to use admin_dn to get user attributes
> # If any other value is set, user_dn will be used
> ldap_use_admin_to_get_attrs=true
>
> # Ldap-password synchronization to OM DB
> # Set this to 'true' if you want OM to synchronize the user Ldap-password
> to OM's internal DB
> # If you want to disable the feature, set this to any other string.
> # Defautl value is 'true'
> ldap_sync_password_to_om=true
>
> # Ldap user attributes mapping
> # Set the following internal OM user attributes to their corresponding
> Ldap-attribute
> ldap_user_attr_lastname=sn
> ldap_user_attr_firstname=givenName
> ldap_user_attr_mail=mail
> ldap_user_attr_street=streetAddress
> ldap_user_attr_additionalname=description
> ldap_user_attr_fax=facsimileTelephoneNumber
> ldap_user_attr_zip=postalCode
> ldap_user_attr_country=co
> ldap_user_attr_town=l
> ldap_user_attr_phone=telephoneNumber
>
> # optional, only absolute URLs make sense
> #ldap_user_picture_uri=profile.jpg
>
> # optional
> # the timezone has to match any timezone available in Java, otherwise the
> timezone defined in the value of
> # the conf_key "default.timezone" in OpenMeetings "configurations" table
> #ldap_user_timezone=timezone
>
> # Ldap ignore upper/lower case, convert all input to lower case
> ldap_use_lower_case=false
>
>
>
>
> ------------------------------
>
> *From:* Thirumal Karra <tk...@deepsea-tech.com>
> *Sent:* Wednesday, September 23, 2015 10:31 AM
> *To:* user@openmeetings.apache.org
> *Subject:* RE: [HELP NEEDED] LDAP import AD groups
>
>
>
> I am 100% sure the password is correct. I tried with multiple users and
> got the same error.
>
>
>
> Best Regards
>
> Thirumal
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* Wednesday, September 23, 2015 10:30 AM
> *To:* Openmeetings user-list <us...@openmeetings.apache.org>
> *Subject:* Re: [HELP NEEDED] LDAP import AD groups
>
>
>
> "Invalid password" I guess something wrong with the password
>
>
>
> On Wed, Sep 23, 2015 at 9:20 PM, Thirumal Karra <tk...@deepsea-tech.com>
> wrote:
>
> I am trying to setup LDAP but it didn't work. Please look at the log below
>
>
>
> DEBUG 09-23 10:10:58.266 o.a.o.l.LdapLoginManagement:168
> [http-nio-0.0.0.0-5080-exec-7] - LdapLoginmanagement.doLdapLogin
> WARN 09-23 10:10:58.300 o.a.o.l.LdapLoginManagement:287
> [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
> WARN 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:287
> [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
> WARN 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:287
> [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
> ERROR 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:292
> [http-nio-0.0.0.0-5080-exec-7] - NONE users found in LDAP
> DEBUG 09-23 10:10:58.303 o.a.w.u.c.CookieUtils:273
> [http-nio-0.0.0.0-5080-exec-7] - Unable to find Cookie with name=LoggedIn
> and request URI=signin?0-1.IBehaviorListener.2-signin
> DEBUG 09-23 10:10:58.305 o.a.w.Localizer:378
> [http-nio-0.0.0.0-5080-exec-7] - Property found in cache: '336'; Component:
> 'null'; value: 'Invalid password'
> DEBUG 09-23 10:10:58.305 o.a.w.f.FeedbackMessages:69
> [http-nio-0.0.0.0-5080-exec-7] - Adding feedback message '[FeedbackMessage
> message = "Invalid password", reporter = signin, level = ERROR]'
> DEBUG 09-23 10:10:58.305 o.a.w.u.c.CookieUtils:273
> [http-nio-0.0.0.0-5080-exec-7] - Unable to find Cookie with name=LoggedIn
> and request URI=signin?0-1.IBehaviorListener.2-signin
> DEBUG 09-23 10:10:58.307 o.a.wicket.Page:871
> [http-nio-0.0.0.0-5080-exec-7] - ending request for page [Page class =
> org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count =
> 1], request
> org.apache.wicket.protocol.http.servlet.ServletWebRequest@3a57191c
> DEBUG 09-23 10:10:58.307 o.a.wicket.Page:871
> [http-nio-0.0.0.0-5080-exec-7] - ending request for page [Page class =
> org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count =
> 1], request
> org.apache.wicket.protocol.http.servlet.ServletWebRequest@3a57191c
> DEBUG 09-23 10:10:58.307 o.a.wicket.Page:871
> [http-nio-0.0.0.0-5080-exec-7] - ending request for page [Page class =
> org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count =
> 1], request
> org.apache.wicket.protocol.http.servlet.ServletWebRequest@3a57191c
> DEBUG 09-23 10:10:58.328
> o.a.w.p.AsynchronousDataStore$PageSavingRunnable:354
> [Wicket-PageSavingThread] - Saving asynchronously: Entry
> [sessionId=AEA1852D7D73CB3264F353796A510FCE, pageId=0]...
> DEBUG 09-23 10:10:58.328 o.a.w.p.DiskDataStore:186
> [Wicket-PageSavingThread] - Storing data for page with id '0' in session
> with id 'AEA1852D7D73CB3264F353796A510FCE'
> DEBUG 09-23 10:10:58.329 o.a.w.p.PageAccessSynchronizer:207
> [http-nio-0.0.0.0-5080-exec-7] - 'http-nio-0.0.0.0-5080-exec-7' released
> lock to page with id '0'
>
>
>
>
>
> Best Regards
>
> Thirumal
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* Monday, August 10, 2015 10:24 AM
> *To:* Openmeetings user-list <us...@openmeetings.apache.org>
> *Subject:* Re: [HELP NEEDED] LDAP import AD groups
>
>
>
> this query will return user DN, NOT groups
>
>
>
> On Mon, Aug 10, 2015 at 9:10 PM, Wild, Rodney <ro...@cybastevens.com>
> wrote:
>
> ldap_search_query=(sAMAccountName=%s)
>
> windows Account name according to this.
>
>
>
> *Rodney Wild | *IT Support
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* Monday, August 10, 2015 12:52 AM
>
>
> *To:* Openmeetings user-list
> *Subject:* Re: [HELP NEEDED] LDAP import AD groups
>
>
>
> And what is the AD query to get user groups by UID?
>
>
>
> On Mon, Aug 10, 2015 at 12:25 PM, Dominic Prakash <do...@sps.co.in>
> wrote:
>
> This config works for me in M$ AD.
>
>
>
> ldap_conn_host=123.456.789.123
>
> ldap_conn_port=389
>
> ldap_conn_secure=false
>
>
>
> ldap_admin_dn=CN=ldapuser,OU=Software,OU=Unit-2,DC=sample,DC=co,DC=in
>
> ldap_passwd=passwordhere
>
> ldap_search_base=DC=sample,DC=co,DC=in
>
>
>
> ldap_search_query=(sAMAccountName=%s)
>
> ldap_search_scope=SUBTREE
>
> ldap_auth_type=SEARCHANDBIND
>
> ldap_userdn_format=sAMAccountName=%s,DC=sample,DC=co,DC=in
>
>
>
> ldap_provisionning=AUTOCREATE
>
> ldap_deref_mode=always
>
> ldap_use_admin_to_get_attrs=true
>
> ldap_sync_password_to_om=true
>
>
>
> ldap_user_attr_lastname=sn
>
> ldap_user_attr_firstname=givenName
>
> ldap_user_attr_mail=mail
>
> ldap_user_attr_street=streetAddress
>
> ldap_user_attr_additionalname=description
>
> ldap_user_attr_fax=facsimileTelephoneNumber
>
> ldap_user_attr_zip=postalCode
>
> ldap_user_attr_country=co
>
> ldap_user_attr_town=l
>
> ldap_user_attr_phone=telephoneNumber
>
>
>
> ldap_user_picture_uri=profile.jpg
>
> ldap_use_lower_case=false
>
>
>
>
>
> Best Regards
>
>
>
> Dominic
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* 05 August 2015 19:52
> *To:* Openmeetings user-list
> *Subject:* Re: [HELP NEEDED] LDAP import AD groups
>
>
>
> I need someone who can fix this query for M$ AD :(
> Or someone who can give me search only test access to AD
>
> WBR, Maxim
> (from mobile, sorry for the typos)
>
> On Aug 5, 2015 20:18, "Michael Wuttke" <mi...@beuth-hochschule.de>
> wrote:
>
> Hello Maxim,
>
> sorry but we use M$ AD and it returns nothing or only errors with this
> query. ;-(
>
> Greetings,
> Michael
>
> Am 05.08.2015 um 15:18 schrieb Maxim Solodovnik:
>
> Hello Michael,
>
> Thanks for your reply
> I need query to get all groups of user with some uid.
>
> so I get uid for for the user: for ex. "solomax"
> I need to get all groups this user is part of.
>
> On my test LDAP server this query:
> (&(memberUid=test1)(objectClass=posixGroup)) returns DNs of all groups
> for given UID
>
>
>
> On Wed, Aug 5, 2015 at 7:11 PM, Michael Wuttke
> <michael.wuttke@beuth-hochschule.de
> <ma...@beuth-hochschule.de>> wrote:
>
> Hello Maxim,
>
> I don't know how to use the ldap_search for your query.
>
> But we use owncloud. Here are our LDAP queries we use for owncloud:
>
> the ldap query for users:
> (&(|(objectclass=person))
>
> (|(|(memberof=CN=Owncloud-admins,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz0))
>
> (|(memberof=CN=Students,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz1))
>
> (|(memberof=CN=Employee,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz2))
>
> (|(memberof=CN=Academics,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz3))
> ))
>
> the ldap query for login attributes:
> (&(&(|(objectclass=person))
>
> (|(|(memberof=CN=Owncloud-admins,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz0))
>
> (|(memberof=CN=Students,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz1))
>
> (|(memberof=CN=Employee,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz2))
>
> (|(memberof=CN=Academics,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz03))
> (|(sAMAccountName=%uid)))
>
> and the ldap query for groups:
>
> (&(|(objectclass=group))(|(cn=Employee)(cn=Students)(cn=Owncloud-admins)(cn=Academics)))
>
> Here is the docu how to configure ldap auth:
>
> https://doc.owncloud.org/server/8.1/admin_manual/configuration_user/user_auth_ldap.html
>
> and the cowncloud code repo the ldap auth app:
> https://github.com/owncloud/core/tree/master/apps/user_ldap
>
> Maybe it helps you?
>
> Thanks & Greetings,
> Michael
>
> Am 05.08.2015 um 14:29 schrieb Maxim Solodovnik:
>
> ups, sorry wrong keyboard :(((
>
> ---- Can anyone with access to AD check if this query works in
> AD, and
> сщккусе ше ащк ФВ ша тще,
> ++++ Can anyone with access to AD check if this query works in
> AD, and
> correct it for AD if not,
>
> On Wed, Aug 5, 2015 at 6:28 PM, Maxim Solodovnik
> <solomax666@gmail.com <ma...@gmail.com>
> <mailto:solomax666@gmail.com <ma...@gmail.com>>>
> wrote:
>
> Hello All,
>
> I'm currently trying to implement
> https://issues.apache.org/jira/browse/OPENMEETINGS-1214
> I was able to find query to get all groups in LDAP:
>
> The following query seems to be able to list all groups for
> the user
> with "uid == test1":
> (&(memberUid=test1)(objectClass=posixGroup))
>
> Can anyone with access to AD check if this query works in
> AD, and
> сщккусе ше ащк ФВ ша тще,
>
> Thanks in advance!
>
> --
> WBR
> Maxim aka solomax
>
>
>
>
> --
> WBR
> Maxim aka solomax
>
>
> --
> Vielen Dank & mit freundlichen Grüßen,
> Michael Wuttke
>
> Administration des Lern-Management-Systems
> Beuth Hochschule Berlin - Hochschulrechenzentrum
> Luxemburger Str. 10
> 13353 Berlin
> Tel: +49 (0)30 45 04 2004
> Haus Bauwesen; Raum: D 225a
> E-Mail: michael.wuttke@beuth-hochschule.de
> News: https://lms.beuth-hochschule.de/rss
>
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
>
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
>
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
>
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
>
--
WBR
Maxim aka solomax
RE: [HELP NEEDED] LDAP import AD groups
Posted by Thirumal Karra <tk...@deepsea-tech.com>.
ldap_search_query=(userPrincipalName=%s) worked for me.
Here’s the correct configuration.
ldap_conn_host=IP Address
ldap_conn_port=389
ldap_conn_secure=false
# Login distinguished name (DN) for Authentication on LDAP Server - keep empty if not required
# Use full qualified LDAP DN
ldap_admin_dn=CN=Firstname Lastname,CN=Users,DC=DOMAIN,DC=com
# Loginpass for Authentication on LDAP Server - keep empty if not required
ldap_passwd=Password
# base to search for userdata(of user, that wants to login)
ldap_search_base=DC=DOMAIN,DC=com
# Fieldnames (can differ between Ldap servers)
ldap_search_query=(userPrincipalName=%s)
# the scope of the search might be: OBJECT, ONELEVEL, SUBTREE
ldap_search_scope=SUBTREE
# Ldap auth type(NONE, SEARCHANDBIND, SIMPLEBIND)
# When using SIMPLEBIND a simple bind is performed on the LDAP server to check user authentication
# When using NONE, the Ldap server is not used for authentication
ldap_auth_type=SEARCHANDBIND
# userDN format, will be used to bind if ldap_auth_type=SIMPLEBIND
# might be used to get provisionningDn in case ldap_auth_type=NONE
#ldap_userdn_format=sAMAccountName=%s,DC=DOMAIN,DC=com
# Ldap provisioning type(NONE, AUTOCREATE, AUTOUPDATE)
ldap_provisionning=AUTOCREATE
# Ldap deref mode (never, searching, finding, always)
ldap_deref_mode=always
# Set this to 'true' if you want to use admin_dn to get user attributes
# If any other value is set, user_dn will be used
ldap_use_admin_to_get_attrs=true
# Ldap-password synchronization to OM DB
# Set this to 'true' if you want OM to synchronize the user Ldap-password to OM's internal DB
# If you want to disable the feature, set this to any other string.
# Defautl value is 'true'
ldap_sync_password_to_om=true
# Ldap user attributes mapping
# Set the following internal OM user attributes to their corresponding Ldap-attribute
ldap_user_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=streetAddress
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=co
ldap_user_attr_town=l
ldap_user_attr_phone=telephoneNumber
# optional, only absolute URLs make sense
#ldap_user_picture_uri=profile.jpg
# optional
# the timezone has to match any timezone available in Java, otherwise the timezone defined in the value of
# the conf_key "default.timezone" in OpenMeetings "configurations" table
#ldap_user_timezone=timezone
# Ldap ignore upper/lower case, convert all input to lower case
ldap_use_lower_case=false
Best Regards
Thirumal
From: Maxim Solodovnik [mailto:solomax666@gmail.com]
Sent: Wednesday, September 23, 2015 10:54 AM
To: Openmeetings user-list <us...@openmeetings.apache.org>
Subject: Re: [HELP NEEDED] LDAP import AD groups
Config is OK
according to the log 3 referral entries were fond, but skipped:
WARN 09-23 10:10:58.300 o.a.o.l.LdapLoginManagement:287 [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
WARN 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:287 [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
WARN 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:287 [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
not sure why :(
Unfortunately I'm not very good in LDAP, and nor sure what referral entries are ... and why they are not "dereferred"
I'll try to check the code
ldap_deref_mode=always
On Wed, Sep 23, 2015 at 9:35 PM, Thirumal Karra <tk...@deepsea-tech.com>> wrote:
Here's the configuration
ldap_conn_host=IP Address
ldap_conn_port=389
ldap_conn_secure=false
# Login distinguished name (DN) for Authentication on LDAP Server - keep empty if not required
# Use full qualified LDAP DN
ldap_admin_dn=CN=Firstname Lastname,CN=Users,DC=DOMAIN,DC=com
# Loginpass for Authentication on LDAP Server - keep empty if not required
ldap_passwd=Password
# base to search for userdata(of user, that wants to login)
ldap_search_base=DC=DOMAIN,DC=com
# Fieldnames (can differ between Ldap servers)
ldap_search_query=(sAMAccountName=%s)
# the scope of the search might be: OBJECT, ONELEVEL, SUBTREE
ldap_search_scope=SUBTREE
# Ldap auth type(NONE, SEARCHANDBIND, SIMPLEBIND)
# When using SIMPLEBIND a simple bind is performed on the LDAP server to check user authentication
# When using NONE, the Ldap server is not used for authentication
ldap_auth_type=SEARCHANDBIND
# userDN format, will be used to bind if ldap_auth_type=SIMPLEBIND
# might be used to get provisionningDn in case ldap_auth_type=NONE
ldap_userdn_format=sAMAccountName=%s,DC=DOMAIN,DC=com
# Ldap provisioning type(NONE, AUTOCREATE, AUTOUPDATE)
ldap_provisionning=AUTOCREATE
# Ldap deref mode (never, searching, finding, always)
ldap_deref_mode=always
# Set this to 'true' if you want to use admin_dn to get user attributes
# If any other value is set, user_dn will be used
ldap_use_admin_to_get_attrs=true
# Ldap-password synchronization to OM DB
# Set this to 'true' if you want OM to synchronize the user Ldap-password to OM's internal DB
# If you want to disable the feature, set this to any other string.
# Defautl value is 'true'
ldap_sync_password_to_om=true
# Ldap user attributes mapping
# Set the following internal OM user attributes to their corresponding Ldap-attribute
ldap_user_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=streetAddress
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=co
ldap_user_attr_town=l
ldap_user_attr_phone=telephoneNumber
# optional, only absolute URLs make sense
#ldap_user_picture_uri=profile.jpg
# optional
# the timezone has to match any timezone available in Java, otherwise the timezone defined in the value of
# the conf_key "default.timezone" in OpenMeetings "configurations" table
#ldap_user_timezone=timezone
# Ldap ignore upper/lower case, convert all input to lower case
ldap_use_lower_case=false
________________________________
From: Thirumal Karra <tk...@deepsea-tech.com>>
Sent: Wednesday, September 23, 2015 10:31 AM
To: user@openmeetings.apache.org<ma...@openmeetings.apache.org>
Subject: RE: [HELP NEEDED] LDAP import AD groups
I am 100% sure the password is correct. I tried with multiple users and got the same error.
Best Regards
Thirumal
From: Maxim Solodovnik [mailto:solomax666@gmail.com<ma...@gmail.com>]
Sent: Wednesday, September 23, 2015 10:30 AM
To: Openmeetings user-list <us...@openmeetings.apache.org>>
Subject: Re: [HELP NEEDED] LDAP import AD groups
"Invalid password" I guess something wrong with the password
On Wed, Sep 23, 2015 at 9:20 PM, Thirumal Karra <tk...@deepsea-tech.com>> wrote:
I am trying to setup LDAP but it didn't work. Please look at the log below
DEBUG 09-23 10:10:58.266 o.a.o.l.LdapLoginManagement:168 [http-nio-0.0.0.0-5080-exec-7] - LdapLoginmanagement.doLdapLogin
WARN 09-23 10:10:58.300 o.a.o.l.LdapLoginManagement:287 [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
WARN 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:287 [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
WARN 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:287 [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
ERROR 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:292 [http-nio-0.0.0.0-5080-exec-7] - NONE users found in LDAP
DEBUG 09-23 10:10:58.303 o.a.w.u.c.CookieUtils:273 [http-nio-0.0.0.0-5080-exec-7] - Unable to find Cookie with name=LoggedIn and request URI=signin?0-1.IBehaviorListener.2-signin
DEBUG 09-23 10:10:58.305 o.a.w.Localizer:378 [http-nio-0.0.0.0-5080-exec-7] - Property found in cache: '336'; Component: 'null'; value: 'Invalid password'
DEBUG 09-23 10:10:58.305 o.a.w.f.FeedbackMessages:69 [http-nio-0.0.0.0-5080-exec-7] - Adding feedback message '[FeedbackMessage message = "Invalid password", reporter = signin, level = ERROR]'
DEBUG 09-23 10:10:58.305 o.a.w.u.c.CookieUtils:273 [http-nio-0.0.0.0-5080-exec-7] - Unable to find Cookie with name=LoggedIn and request URI=signin?0-1.IBehaviorListener.2-signin
DEBUG 09-23 10:10:58.307 o.a.wicket.Page:871 [http-nio-0.0.0.0-5080-exec-7] - ending request for page [Page class = org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count = 1], request org.apache.wicket.protocol.http.servlet.ServletWebRequest@3a57191c<ma...@3a57191c>
DEBUG 09-23 10:10:58.307 o.a.wicket.Page:871 [http-nio-0.0.0.0-5080-exec-7] - ending request for page [Page class = org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count = 1], request org.apache.wicket.protocol.http.servlet.ServletWebRequest@3a57191c<ma...@3a57191c>
DEBUG 09-23 10:10:58.307 o.a.wicket.Page:871 [http-nio-0.0.0.0-5080-exec-7] - ending request for page [Page class = org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count = 1], request org.apache.wicket.protocol.http.servlet.ServletWebRequest@3a57191c<ma...@3a57191c>
DEBUG 09-23 10:10:58.328 o.a.w.p.AsynchronousDataStore$PageSavingRunnable:354 [Wicket-PageSavingThread] - Saving asynchronously: Entry [sessionId=AEA1852D7D73CB3264F353796A510FCE, pageId=0]...
DEBUG 09-23 10:10:58.328 o.a.w.p.DiskDataStore:186 [Wicket-PageSavingThread] - Storing data for page with id '0' in session with id 'AEA1852D7D73CB3264F353796A510FCE'
DEBUG 09-23 10:10:58.329 o.a.w.p.PageAccessSynchronizer:207 [http-nio-0.0.0.0-5080-exec-7] - 'http-nio-0.0.0.0-5080-exec-7' released lock to page with id '0'
Best Regards
Thirumal
From: Maxim Solodovnik [mailto:solomax666@gmail.com<ma...@gmail.com>]
Sent: Monday, August 10, 2015 10:24 AM
To: Openmeetings user-list <us...@openmeetings.apache.org>>
Subject: Re: [HELP NEEDED] LDAP import AD groups
this query will return user DN, NOT groups
On Mon, Aug 10, 2015 at 9:10 PM, Wild, Rodney <ro...@cybastevens.com>> wrote:
ldap_search_query=(sAMAccountName=%s)
windows Account name according to this.
Rodney Wild | IT Support
From: Maxim Solodovnik [mailto:solomax666@gmail.com<ma...@gmail.com>]
Sent: Monday, August 10, 2015 12:52 AM
To: Openmeetings user-list
Subject: Re: [HELP NEEDED] LDAP import AD groups
And what is the AD query to get user groups by UID?
On Mon, Aug 10, 2015 at 12:25 PM, Dominic Prakash <do...@sps.co.in>> wrote:
This config works for me in M$ AD.
ldap_conn_host=123.456.789.123
ldap_conn_port=389
ldap_conn_secure=false
ldap_admin_dn=CN=ldapuser,OU=Software,OU=Unit-2,DC=sample,DC=co,DC=in
ldap_passwd=passwordhere
ldap_search_base=DC=sample,DC=co,DC=in
ldap_search_query=(sAMAccountName=%s)
ldap_search_scope=SUBTREE
ldap_auth_type=SEARCHANDBIND
ldap_userdn_format=sAMAccountName=%s,DC=sample,DC=co,DC=in
ldap_provisionning=AUTOCREATE
ldap_deref_mode=always
ldap_use_admin_to_get_attrs=true
ldap_sync_password_to_om=true
ldap_user_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=streetAddress
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=co
ldap_user_attr_town=l
ldap_user_attr_phone=telephoneNumber
ldap_user_picture_uri=profile.jpg
ldap_use_lower_case=false
Best Regards
Dominic
From: Maxim Solodovnik [mailto:solomax666@gmail.com<ma...@gmail.com>]
Sent: 05 August 2015 19:52
To: Openmeetings user-list
Subject: Re: [HELP NEEDED] LDAP import AD groups
I need someone who can fix this query for M$ AD :(
Or someone who can give me search only test access to AD
WBR, Maxim
(from mobile, sorry for the typos)
On Aug 5, 2015 20:18, "Michael Wuttke" <mi...@beuth-hochschule.de>> wrote:
Hello Maxim,
sorry but we use M$ AD and it returns nothing or only errors with this query. ;-(
Greetings,
Michael
Am 05.08.2015 um 15:18 schrieb Maxim Solodovnik:
Hello Michael,
Thanks for your reply
I need query to get all groups of user with some uid.
so I get uid for for the user: for ex. "solomax"
I need to get all groups this user is part of.
On my test LDAP server this query:
(&(memberUid=test1)(objectClass=posixGroup)) returns DNs of all groups
for given UID
On Wed, Aug 5, 2015 at 7:11 PM, Michael Wuttke
<mi...@beuth-hochschule.de>
<ma...@beuth-hochschule.de>>> wrote:
Hello Maxim,
I don't know how to use the ldap_search for your query.
But we use owncloud. Here are our LDAP queries we use for owncloud:
the ldap query for users:
(&(|(objectclass=person))
(|(|(memberof=CN=Owncloud-admins,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz0))
(|(memberof=CN=Students,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz1))
(|(memberof=CN=Employee,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz2))
(|(memberof=CN=Academics,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz3))
))
the ldap query for login attributes:
(&(&(|(objectclass=person))
(|(|(memberof=CN=Owncloud-admins,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz0))
(|(memberof=CN=Students,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz1))
(|(memberof=CN=Employee,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz2))
(|(memberof=CN=Academics,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz03))
(|(sAMAccountName=%uid)))
and the ldap query for groups:
(&(|(objectclass=group))(|(cn=Employee)(cn=Students)(cn=Owncloud-admins)(cn=Academics)))
Here is the docu how to configure ldap auth:
https://doc.owncloud.org/server/8.1/admin_manual/configuration_user/user_auth_ldap.html
and the cowncloud code repo the ldap auth app:
https://github.com/owncloud/core/tree/master/apps/user_ldap
Maybe it helps you?
Thanks & Greetings,
Michael
Am 05.08.2015 um 14:29 schrieb Maxim Solodovnik:
ups, sorry wrong keyboard :(((
---- Can anyone with access to AD check if this query works in
AD, and
сщккусе ше ащк ФВ ша тще,
++++ Can anyone with access to AD check if this query works in
AD, and
correct it for AD if not,
On Wed, Aug 5, 2015 at 6:28 PM, Maxim Solodovnik
<so...@gmail.com> <ma...@gmail.com>>
<ma...@gmail.com> <ma...@gmail.com>>>> wrote:
Hello All,
I'm currently trying to implement
https://issues.apache.org/jira/browse/OPENMEETINGS-1214
I was able to find query to get all groups in LDAP:
The following query seems to be able to list all groups for
the user
with "uid == test1":
(&(memberUid=test1)(objectClass=posixGroup))
Can anyone with access to AD check if this query works in
AD, and
сщккусе ше ащк ФВ ша тще,
Thanks in advance!
--
WBR
Maxim aka solomax
--
WBR
Maxim aka solomax
--
Vielen Dank & mit freundlichen Grüßen,
Michael Wuttke
Administration des Lern-Management-Systems
Beuth Hochschule Berlin - Hochschulrechenzentrum
Luxemburger Str. 10
13353 Berlin
Tel: +49 (0)30 45 04 2004
Haus Bauwesen; Raum: D 225a
E-Mail: michael.wuttke@beuth-hochschule.de<ma...@beuth-hochschule.de>
News: https://lms.beuth-hochschule.de/rss
--
WBR
Maxim aka solomax
--
WBR
Maxim aka solomax
--
WBR
Maxim aka solomax
--
WBR
Maxim aka solomax
Re: [HELP NEEDED] LDAP import AD groups
Posted by Maxim Solodovnik <so...@gmail.com>.
Config is OK
according to the log 3 referral entries were fond, but skipped:
WARN 09-23 10:10:58.300 o.a.o.l.LdapLoginManagement:287
[http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
WARN 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:287
[http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
WARN 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:287
[http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
not sure why :(
Unfortunately I'm not very good in LDAP, and nor sure what referral entries
are ... and why they are not "dereferred"
I'll try to check the code
ldap_deref_mode=always
On Wed, Sep 23, 2015 at 9:35 PM, Thirumal Karra <tk...@deepsea-tech.com>
wrote:
> Here's the configuration
>
>
> ldap_conn_host=IP Address
> ldap_conn_port=389
> ldap_conn_secure=false
>
> # Login distinguished name (DN) for Authentication on LDAP Server - keep
> empty if not required
> # Use full qualified LDAP DN
> ldap_admin_dn=CN=Firstname Lastname,CN=Users,DC=DOMAIN,DC=com
>
> # Loginpass for Authentication on LDAP Server - keep empty if not required
> ldap_passwd=Password
>
> # base to search for userdata(of user, that wants to login)
> ldap_search_base=DC=DOMAIN,DC=com
>
> # Fieldnames (can differ between Ldap servers)
> ldap_search_query=(sAMAccountName=%s)
>
> # the scope of the search might be: OBJECT, ONELEVEL, SUBTREE
> ldap_search_scope=SUBTREE
>
> # Ldap auth type(NONE, SEARCHANDBIND, SIMPLEBIND)
> # When using SIMPLEBIND a simple bind is performed on the LDAP server to
> check user authentication
> # When using NONE, the Ldap server is not used for authentication
> ldap_auth_type=SEARCHANDBIND
>
> # userDN format, will be used to bind if ldap_auth_type=SIMPLEBIND
> # might be used to get provisionningDn in case ldap_auth_type=NONE
> ldap_userdn_format=sAMAccountName=%s,DC=DOMAIN,DC=com
>
> # Ldap provisioning type(NONE, AUTOCREATE, AUTOUPDATE)
> ldap_provisionning=AUTOCREATE
>
> # Ldap deref mode (never, searching, finding, always)
> ldap_deref_mode=always
>
> # Set this to 'true' if you want to use admin_dn to get user attributes
> # If any other value is set, user_dn will be used
> ldap_use_admin_to_get_attrs=true
>
> # Ldap-password synchronization to OM DB
> # Set this to 'true' if you want OM to synchronize the user Ldap-password
> to OM's internal DB
> # If you want to disable the feature, set this to any other string.
> # Defautl value is 'true'
> ldap_sync_password_to_om=true
>
> # Ldap user attributes mapping
> # Set the following internal OM user attributes to their corresponding
> Ldap-attribute
> ldap_user_attr_lastname=sn
> ldap_user_attr_firstname=givenName
> ldap_user_attr_mail=mail
> ldap_user_attr_street=streetAddress
> ldap_user_attr_additionalname=description
> ldap_user_attr_fax=facsimileTelephoneNumber
> ldap_user_attr_zip=postalCode
> ldap_user_attr_country=co
> ldap_user_attr_town=l
> ldap_user_attr_phone=telephoneNumber
>
> # optional, only absolute URLs make sense
> #ldap_user_picture_uri=profile.jpg
>
> # optional
> # the timezone has to match any timezone available in Java, otherwise the
> timezone defined in the value of
> # the conf_key "default.timezone" in OpenMeetings "configurations" table
> #ldap_user_timezone=timezone
>
> # Ldap ignore upper/lower case, convert all input to lower case
> ldap_use_lower_case=false
>
>
>
>
> ------------------------------
> *From:* Thirumal Karra <tk...@deepsea-tech.com>
> *Sent:* Wednesday, September 23, 2015 10:31 AM
> *To:* user@openmeetings.apache.org
> *Subject:* RE: [HELP NEEDED] LDAP import AD groups
>
>
> I am 100% sure the password is correct. I tried with multiple users and
> got the same error.
>
>
>
> Best Regards
>
> Thirumal
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* Wednesday, September 23, 2015 10:30 AM
> *To:* Openmeetings user-list <us...@openmeetings.apache.org>
> *Subject:* Re: [HELP NEEDED] LDAP import AD groups
>
>
>
> "Invalid password" I guess something wrong with the password
>
>
>
> On Wed, Sep 23, 2015 at 9:20 PM, Thirumal Karra <tk...@deepsea-tech.com>
> wrote:
>
> I am trying to setup LDAP but it didn't work. Please look at the log below
>
>
>
> DEBUG 09-23 10:10:58.266 o.a.o.l.LdapLoginManagement:168
> [http-nio-0.0.0.0-5080-exec-7] - LdapLoginmanagement.doLdapLogin
> WARN 09-23 10:10:58.300 o.a.o.l.LdapLoginManagement:287
> [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
> WARN 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:287
> [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
> WARN 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:287
> [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
> ERROR 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:292
> [http-nio-0.0.0.0-5080-exec-7] - NONE users found in LDAP
> DEBUG 09-23 10:10:58.303 o.a.w.u.c.CookieUtils:273
> [http-nio-0.0.0.0-5080-exec-7] - Unable to find Cookie with name=LoggedIn
> and request URI=signin?0-1.IBehaviorListener.2-signin
> DEBUG 09-23 10:10:58.305 o.a.w.Localizer:378
> [http-nio-0.0.0.0-5080-exec-7] - Property found in cache: '336'; Component:
> 'null'; value: 'Invalid password'
> DEBUG 09-23 10:10:58.305 o.a.w.f.FeedbackMessages:69
> [http-nio-0.0.0.0-5080-exec-7] - Adding feedback message '[FeedbackMessage
> message = "Invalid password", reporter = signin, level = ERROR]'
> DEBUG 09-23 10:10:58.305 o.a.w.u.c.CookieUtils:273
> [http-nio-0.0.0.0-5080-exec-7] - Unable to find Cookie with name=LoggedIn
> and request URI=signin?0-1.IBehaviorListener.2-signin
> DEBUG 09-23 10:10:58.307 o.a.wicket.Page:871
> [http-nio-0.0.0.0-5080-exec-7] - ending request for page [Page class =
> org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count =
> 1], request
> org.apache.wicket.protocol.http.servlet.ServletWebRequest@3a57191c
> DEBUG 09-23 10:10:58.307 o.a.wicket.Page:871
> [http-nio-0.0.0.0-5080-exec-7] - ending request for page [Page class =
> org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count =
> 1], request
> org.apache.wicket.protocol.http.servlet.ServletWebRequest@3a57191c
> DEBUG 09-23 10:10:58.307 o.a.wicket.Page:871
> [http-nio-0.0.0.0-5080-exec-7] - ending request for page [Page class =
> org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count =
> 1], request
> org.apache.wicket.protocol.http.servlet.ServletWebRequest@3a57191c
> DEBUG 09-23 10:10:58.328
> o.a.w.p.AsynchronousDataStore$PageSavingRunnable:354
> [Wicket-PageSavingThread] - Saving asynchronously: Entry
> [sessionId=AEA1852D7D73CB3264F353796A510FCE, pageId=0]...
> DEBUG 09-23 10:10:58.328 o.a.w.p.DiskDataStore:186
> [Wicket-PageSavingThread] - Storing data for page with id '0' in session
> with id 'AEA1852D7D73CB3264F353796A510FCE'
> DEBUG 09-23 10:10:58.329 o.a.w.p.PageAccessSynchronizer:207
> [http-nio-0.0.0.0-5080-exec-7] - 'http-nio-0.0.0.0-5080-exec-7' released
> lock to page with id '0'
>
>
>
>
>
> Best Regards
>
> Thirumal
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* Monday, August 10, 2015 10:24 AM
> *To:* Openmeetings user-list <us...@openmeetings.apache.org>
> *Subject:* Re: [HELP NEEDED] LDAP import AD groups
>
>
>
> this query will return user DN, NOT groups
>
>
>
> On Mon, Aug 10, 2015 at 9:10 PM, Wild, Rodney <ro...@cybastevens.com>
> wrote:
>
> ldap_search_query=(sAMAccountName=%s)
>
> windows Account name according to this.
>
>
>
> *Rodney Wild | *IT Support
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* Monday, August 10, 2015 12:52 AM
>
>
> *To:* Openmeetings user-list
> *Subject:* Re: [HELP NEEDED] LDAP import AD groups
>
>
>
> And what is the AD query to get user groups by UID?
>
>
>
> On Mon, Aug 10, 2015 at 12:25 PM, Dominic Prakash <do...@sps.co.in>
> wrote:
>
> This config works for me in M$ AD.
>
>
>
> ldap_conn_host=123.456.789.123
>
> ldap_conn_port=389
>
> ldap_conn_secure=false
>
>
>
> ldap_admin_dn=CN=ldapuser,OU=Software,OU=Unit-2,DC=sample,DC=co,DC=in
>
> ldap_passwd=passwordhere
>
> ldap_search_base=DC=sample,DC=co,DC=in
>
>
>
> ldap_search_query=(sAMAccountName=%s)
>
> ldap_search_scope=SUBTREE
>
> ldap_auth_type=SEARCHANDBIND
>
> ldap_userdn_format=sAMAccountName=%s,DC=sample,DC=co,DC=in
>
>
>
> ldap_provisionning=AUTOCREATE
>
> ldap_deref_mode=always
>
> ldap_use_admin_to_get_attrs=true
>
> ldap_sync_password_to_om=true
>
>
>
> ldap_user_attr_lastname=sn
>
> ldap_user_attr_firstname=givenName
>
> ldap_user_attr_mail=mail
>
> ldap_user_attr_street=streetAddress
>
> ldap_user_attr_additionalname=description
>
> ldap_user_attr_fax=facsimileTelephoneNumber
>
> ldap_user_attr_zip=postalCode
>
> ldap_user_attr_country=co
>
> ldap_user_attr_town=l
>
> ldap_user_attr_phone=telephoneNumber
>
>
>
> ldap_user_picture_uri=profile.jpg
>
> ldap_use_lower_case=false
>
>
>
>
>
> Best Regards
>
>
>
> Dominic
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* 05 August 2015 19:52
> *To:* Openmeetings user-list
> *Subject:* Re: [HELP NEEDED] LDAP import AD groups
>
>
>
> I need someone who can fix this query for M$ AD :(
> Or someone who can give me search only test access to AD
>
> WBR, Maxim
> (from mobile, sorry for the typos)
>
> On Aug 5, 2015 20:18, "Michael Wuttke" <mi...@beuth-hochschule.de>
> wrote:
>
> Hello Maxim,
>
> sorry but we use M$ AD and it returns nothing or only errors with this
> query. ;-(
>
> Greetings,
> Michael
>
> Am 05.08.2015 um 15:18 schrieb Maxim Solodovnik:
>
> Hello Michael,
>
> Thanks for your reply
> I need query to get all groups of user with some uid.
>
> so I get uid for for the user: for ex. "solomax"
> I need to get all groups this user is part of.
>
> On my test LDAP server this query:
> (&(memberUid=test1)(objectClass=posixGroup)) returns DNs of all groups
> for given UID
>
>
>
> On Wed, Aug 5, 2015 at 7:11 PM, Michael Wuttke
> <michael.wuttke@beuth-hochschule.de
> <ma...@beuth-hochschule.de>> wrote:
>
> Hello Maxim,
>
> I don't know how to use the ldap_search for your query.
>
> But we use owncloud. Here are our LDAP queries we use for owncloud:
>
> the ldap query for users:
> (&(|(objectclass=person))
>
> (|(|(memberof=CN=Owncloud-admins,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz0))
>
> (|(memberof=CN=Students,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz1))
>
> (|(memberof=CN=Employee,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz2))
>
> (|(memberof=CN=Academics,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz3))
> ))
>
> the ldap query for login attributes:
> (&(&(|(objectclass=person))
>
> (|(|(memberof=CN=Owncloud-admins,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz0))
>
> (|(memberof=CN=Students,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz1))
>
> (|(memberof=CN=Employee,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz2))
>
> (|(memberof=CN=Academics,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz03))
> (|(sAMAccountName=%uid)))
>
> and the ldap query for groups:
>
> (&(|(objectclass=group))(|(cn=Employee)(cn=Students)(cn=Owncloud-admins)(cn=Academics)))
>
> Here is the docu how to configure ldap auth:
>
> https://doc.owncloud.org/server/8.1/admin_manual/configuration_user/user_auth_ldap.html
>
> and the cowncloud code repo the ldap auth app:
> https://github.com/owncloud/core/tree/master/apps/user_ldap
>
> Maybe it helps you?
>
> Thanks & Greetings,
> Michael
>
> Am 05.08.2015 um 14:29 schrieb Maxim Solodovnik:
>
> ups, sorry wrong keyboard :(((
>
> ---- Can anyone with access to AD check if this query works in
> AD, and
> сщккусе ше ащк ФВ ша тще,
> ++++ Can anyone with access to AD check if this query works in
> AD, and
> correct it for AD if not,
>
> On Wed, Aug 5, 2015 at 6:28 PM, Maxim Solodovnik
> <solomax666@gmail.com <ma...@gmail.com>
> <mailto:solomax666@gmail.com <ma...@gmail.com>>>
> wrote:
>
> Hello All,
>
> I'm currently trying to implement
> https://issues.apache.org/jira/browse/OPENMEETINGS-1214
> I was able to find query to get all groups in LDAP:
>
> The following query seems to be able to list all groups for
> the user
> with "uid == test1":
> (&(memberUid=test1)(objectClass=posixGroup))
>
> Can anyone with access to AD check if this query works in
> AD, and
> сщккусе ше ащк ФВ ша тще,
>
> Thanks in advance!
>
> --
> WBR
> Maxim aka solomax
>
>
>
>
> --
> WBR
> Maxim aka solomax
>
>
> --
> Vielen Dank & mit freundlichen Grüßen,
> Michael Wuttke
>
> Administration des Lern-Management-Systems
> Beuth Hochschule Berlin - Hochschulrechenzentrum
> Luxemburger Str. 10
> 13353 Berlin
> Tel: +49 (0)30 45 04 2004
> Haus Bauwesen; Raum: D 225a
> E-Mail: michael.wuttke@beuth-hochschule.de
> News: https://lms.beuth-hochschule.de/rss
>
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
>
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
>
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
>
--
WBR
Maxim aka solomax
Re: [HELP NEEDED] LDAP import AD groups
Posted by Thirumal Karra <tk...@deepsea-tech.com>.
Here's the configuration
ldap_conn_host=IP Address
ldap_conn_port=389
ldap_conn_secure=false
# Login distinguished name (DN) for Authentication on LDAP Server - keep empty if not required
# Use full qualified LDAP DN
ldap_admin_dn=CN=Firstname Lastname,CN=Users,DC=DOMAIN,DC=com
# Loginpass for Authentication on LDAP Server - keep empty if not required
ldap_passwd=Password
# base to search for userdata(of user, that wants to login)
ldap_search_base=DC=DOMAIN,DC=com
# Fieldnames (can differ between Ldap servers)
ldap_search_query=(sAMAccountName=%s)
# the scope of the search might be: OBJECT, ONELEVEL, SUBTREE
ldap_search_scope=SUBTREE
# Ldap auth type(NONE, SEARCHANDBIND, SIMPLEBIND)
# When using SIMPLEBIND a simple bind is performed on the LDAP server to check user authentication
# When using NONE, the Ldap server is not used for authentication
ldap_auth_type=SEARCHANDBIND
# userDN format, will be used to bind if ldap_auth_type=SIMPLEBIND
# might be used to get provisionningDn in case ldap_auth_type=NONE
ldap_userdn_format=sAMAccountName=%s,DC=DOMAIN,DC=com
# Ldap provisioning type(NONE, AUTOCREATE, AUTOUPDATE)
ldap_provisionning=AUTOCREATE
# Ldap deref mode (never, searching, finding, always)
ldap_deref_mode=always
# Set this to 'true' if you want to use admin_dn to get user attributes
# If any other value is set, user_dn will be used
ldap_use_admin_to_get_attrs=true
# Ldap-password synchronization to OM DB
# Set this to 'true' if you want OM to synchronize the user Ldap-password to OM's internal DB
# If you want to disable the feature, set this to any other string.
# Defautl value is 'true'
ldap_sync_password_to_om=true
# Ldap user attributes mapping
# Set the following internal OM user attributes to their corresponding Ldap-attribute
ldap_user_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=streetAddress
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=co
ldap_user_attr_town=l
ldap_user_attr_phone=telephoneNumber
# optional, only absolute URLs make sense
#ldap_user_picture_uri=profile.jpg
# optional
# the timezone has to match any timezone available in Java, otherwise the timezone defined in the value of
# the conf_key "default.timezone" in OpenMeetings "configurations" table
#ldap_user_timezone=timezone
# Ldap ignore upper/lower case, convert all input to lower case
ldap_use_lower_case=false
________________________________
From: Thirumal Karra <tk...@deepsea-tech.com>
Sent: Wednesday, September 23, 2015 10:31 AM
To: user@openmeetings.apache.org
Subject: RE: [HELP NEEDED] LDAP import AD groups
I am 100% sure the password is correct. I tried with multiple users and got the same error.
Best Regards
Thirumal
From: Maxim Solodovnik [mailto:solomax666@gmail.com]
Sent: Wednesday, September 23, 2015 10:30 AM
To: Openmeetings user-list <us...@openmeetings.apache.org>
Subject: Re: [HELP NEEDED] LDAP import AD groups
"Invalid password" I guess something wrong with the password
On Wed, Sep 23, 2015 at 9:20 PM, Thirumal Karra <tk...@deepsea-tech.com>> wrote:
I am trying to setup LDAP but it didn't work. Please look at the log below
DEBUG 09-23 10:10:58.266 o.a.o.l.LdapLoginManagement:168 [http-nio-0.0.0.0-5080-exec-7] - LdapLoginmanagement.doLdapLogin
WARN 09-23 10:10:58.300 o.a.o.l.LdapLoginManagement:287 [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
WARN 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:287 [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
WARN 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:287 [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
ERROR 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:292 [http-nio-0.0.0.0-5080-exec-7] - NONE users found in LDAP
DEBUG 09-23 10:10:58.303 o.a.w.u.c.CookieUtils:273 [http-nio-0.0.0.0-5080-exec-7] - Unable to find Cookie with name=LoggedIn and request URI=signin?0-1.IBehaviorListener.2-signin
DEBUG 09-23 10:10:58.305 o.a.w.Localizer:378 [http-nio-0.0.0.0-5080-exec-7] - Property found in cache: '336'; Component: 'null'; value: 'Invalid password'
DEBUG 09-23 10:10:58.305 o.a.w.f.FeedbackMessages:69 [http-nio-0.0.0.0-5080-exec-7] - Adding feedback message '[FeedbackMessage message = "Invalid password", reporter = signin, level = ERROR]'
DEBUG 09-23 10:10:58.305 o.a.w.u.c.CookieUtils:273 [http-nio-0.0.0.0-5080-exec-7] - Unable to find Cookie with name=LoggedIn and request URI=signin?0-1.IBehaviorListener.2-signin
DEBUG 09-23 10:10:58.307 o.a.wicket.Page:871 [http-nio-0.0.0.0-5080-exec-7] - ending request for page [Page class = org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count = 1], request org.apache.wicket.protocol.http.servlet.ServletWebRequest@3a57191c<ma...@3a57191c>
DEBUG 09-23 10:10:58.307 o.a.wicket.Page:871 [http-nio-0.0.0.0-5080-exec-7] - ending request for page [Page class = org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count = 1], request org.apache.wicket.protocol.http.servlet.ServletWebRequest@3a57191c<ma...@3a57191c>
DEBUG 09-23 10:10:58.307 o.a.wicket.Page:871 [http-nio-0.0.0.0-5080-exec-7] - ending request for page [Page class = org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count = 1], request org.apache.wicket.protocol.http.servlet.ServletWebRequest@3a57191c<ma...@3a57191c>
DEBUG 09-23 10:10:58.328 o.a.w.p.AsynchronousDataStore$PageSavingRunnable:354 [Wicket-PageSavingThread] - Saving asynchronously: Entry [sessionId=AEA1852D7D73CB3264F353796A510FCE, pageId=0]...
DEBUG 09-23 10:10:58.328 o.a.w.p.DiskDataStore:186 [Wicket-PageSavingThread] - Storing data for page with id '0' in session with id 'AEA1852D7D73CB3264F353796A510FCE'
DEBUG 09-23 10:10:58.329 o.a.w.p.PageAccessSynchronizer:207 [http-nio-0.0.0.0-5080-exec-7] - 'http-nio-0.0.0.0-5080-exec-7' released lock to page with id '0'
Best Regards
Thirumal
From: Maxim Solodovnik [mailto:solomax666@gmail.com<ma...@gmail.com>]
Sent: Monday, August 10, 2015 10:24 AM
To: Openmeetings user-list <us...@openmeetings.apache.org>>
Subject: Re: [HELP NEEDED] LDAP import AD groups
this query will return user DN, NOT groups
On Mon, Aug 10, 2015 at 9:10 PM, Wild, Rodney <ro...@cybastevens.com>> wrote:
ldap_search_query=(sAMAccountName=%s)
windows Account name according to this.
Rodney Wild | IT Support
From: Maxim Solodovnik [mailto:solomax666@gmail.com<ma...@gmail.com>]
Sent: Monday, August 10, 2015 12:52 AM
To: Openmeetings user-list
Subject: Re: [HELP NEEDED] LDAP import AD groups
And what is the AD query to get user groups by UID?
On Mon, Aug 10, 2015 at 12:25 PM, Dominic Prakash <do...@sps.co.in>> wrote:
This config works for me in M$ AD.
ldap_conn_host=123.456.789.123
ldap_conn_port=389
ldap_conn_secure=false
ldap_admin_dn=CN=ldapuser,OU=Software,OU=Unit-2,DC=sample,DC=co,DC=in
ldap_passwd=passwordhere
ldap_search_base=DC=sample,DC=co,DC=in
ldap_search_query=(sAMAccountName=%s)
ldap_search_scope=SUBTREE
ldap_auth_type=SEARCHANDBIND
ldap_userdn_format=sAMAccountName=%s,DC=sample,DC=co,DC=in
ldap_provisionning=AUTOCREATE
ldap_deref_mode=always
ldap_use_admin_to_get_attrs=true
ldap_sync_password_to_om=true
ldap_user_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=streetAddress
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=co
ldap_user_attr_town=l
ldap_user_attr_phone=telephoneNumber
ldap_user_picture_uri=profile.jpg
ldap_use_lower_case=false
Best Regards
Dominic
From: Maxim Solodovnik [mailto:solomax666@gmail.com<ma...@gmail.com>]
Sent: 05 August 2015 19:52
To: Openmeetings user-list
Subject: Re: [HELP NEEDED] LDAP import AD groups
I need someone who can fix this query for M$ AD :(
Or someone who can give me search only test access to AD
WBR, Maxim
(from mobile, sorry for the typos)
On Aug 5, 2015 20:18, "Michael Wuttke" <mi...@beuth-hochschule.de>> wrote:
Hello Maxim,
sorry but we use M$ AD and it returns nothing or only errors with this query. ;-(
Greetings,
Michael
Am 05.08.2015 um 15:18 schrieb Maxim Solodovnik:
Hello Michael,
Thanks for your reply
I need query to get all groups of user with some uid.
so I get uid for for the user: for ex. "solomax"
I need to get all groups this user is part of.
On my test LDAP server this query:
(&(memberUid=test1)(objectClass=posixGroup)) returns DNs of all groups
for given UID
On Wed, Aug 5, 2015 at 7:11 PM, Michael Wuttke
<mi...@beuth-hochschule.de>
<ma...@beuth-hochschule.de>>> wrote:
Hello Maxim,
I don't know how to use the ldap_search for your query.
But we use owncloud. Here are our LDAP queries we use for owncloud:
the ldap query for users:
(&(|(objectclass=person))
(|(|(memberof=CN=Owncloud-admins,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz0))
(|(memberof=CN=Students,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz1))
(|(memberof=CN=Employee,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz2))
(|(memberof=CN=Academics,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz3))
))
the ldap query for login attributes:
(&(&(|(objectclass=person))
(|(|(memberof=CN=Owncloud-admins,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz0))
(|(memberof=CN=Students,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz1))
(|(memberof=CN=Employee,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz2))
(|(memberof=CN=Academics,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz03))
(|(sAMAccountName=%uid)))
and the ldap query for groups:
(&(|(objectclass=group))(|(cn=Employee)(cn=Students)(cn=Owncloud-admins)(cn=Academics)))
Here is the docu how to configure ldap auth:
https://doc.owncloud.org/server/8.1/admin_manual/configuration_user/user_auth_ldap.html
and the cowncloud code repo the ldap auth app:
https://github.com/owncloud/core/tree/master/apps/user_ldap
Maybe it helps you?
Thanks & Greetings,
Michael
Am 05.08.2015 um 14:29 schrieb Maxim Solodovnik:
ups, sorry wrong keyboard :(((
---- Can anyone with access to AD check if this query works in
AD, and
??????? ?? ??? ?? ?? ???,
++++ Can anyone with access to AD check if this query works in
AD, and
correct it for AD if not,
On Wed, Aug 5, 2015 at 6:28 PM, Maxim Solodovnik
<so...@gmail.com> <ma...@gmail.com>>
<ma...@gmail.com> <ma...@gmail.com>>>> wrote:
Hello All,
I'm currently trying to implement
https://issues.apache.org/jira/browse/OPENMEETINGS-1214
I was able to find query to get all groups in LDAP:
The following query seems to be able to list all groups for
the user
with "uid == test1":
(&(memberUid=test1)(objectClass=posixGroup))
Can anyone with access to AD check if this query works in
AD, and
??????? ?? ??? ?? ?? ???,
Thanks in advance!
--
WBR
Maxim aka solomax
--
WBR
Maxim aka solomax
--
Vielen Dank & mit freundlichen Grüßen,
Michael Wuttke
Administration des Lern-Management-Systems
Beuth Hochschule Berlin - Hochschulrechenzentrum
Luxemburger Str. 10
13353 Berlin
Tel: +49 (0)30 45 04 2004
Haus Bauwesen; Raum: D 225a
E-Mail: michael.wuttke@beuth-hochschule.de<ma...@beuth-hochschule.de>
News: https://lms.beuth-hochschule.de/rss
--
WBR
Maxim aka solomax
--
WBR
Maxim aka solomax
--
WBR
Maxim aka solomax
Re: [HELP NEEDED] LDAP import AD groups
Posted by Maxim Solodovnik <so...@gmail.com>.
Maybe something wrong with the config:
ERROR 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:292
[http-nio-0.0.0.0-5080-exec-7] - NONE users found in LDAP
On Wed, Sep 23, 2015 at 9:31 PM, Thirumal Karra <tk...@deepsea-tech.com>
wrote:
> I am 100% sure the password is correct. I tried with multiple users and
> got the same error.
>
>
>
> Best Regards
>
> Thirumal
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* Wednesday, September 23, 2015 10:30 AM
> *To:* Openmeetings user-list <us...@openmeetings.apache.org>
> *Subject:* Re: [HELP NEEDED] LDAP import AD groups
>
>
>
> "Invalid password" I guess something wrong with the password
>
>
>
> On Wed, Sep 23, 2015 at 9:20 PM, Thirumal Karra <tk...@deepsea-tech.com>
> wrote:
>
> I am trying to setup LDAP but it didn't work. Please look at the log below
>
>
>
> DEBUG 09-23 10:10:58.266 o.a.o.l.LdapLoginManagement:168
> [http-nio-0.0.0.0-5080-exec-7] - LdapLoginmanagement.doLdapLogin
> WARN 09-23 10:10:58.300 o.a.o.l.LdapLoginManagement:287
> [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
> WARN 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:287
> [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
> WARN 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:287
> [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
> ERROR 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:292
> [http-nio-0.0.0.0-5080-exec-7] - NONE users found in LDAP
> DEBUG 09-23 10:10:58.303 o.a.w.u.c.CookieUtils:273
> [http-nio-0.0.0.0-5080-exec-7] - Unable to find Cookie with name=LoggedIn
> and request URI=signin?0-1.IBehaviorListener.2-signin
> DEBUG 09-23 10:10:58.305 o.a.w.Localizer:378
> [http-nio-0.0.0.0-5080-exec-7] - Property found in cache: '336'; Component:
> 'null'; value: 'Invalid password'
> DEBUG 09-23 10:10:58.305 o.a.w.f.FeedbackMessages:69
> [http-nio-0.0.0.0-5080-exec-7] - Adding feedback message '[FeedbackMessage
> message = "Invalid password", reporter = signin, level = ERROR]'
> DEBUG 09-23 10:10:58.305 o.a.w.u.c.CookieUtils:273
> [http-nio-0.0.0.0-5080-exec-7] - Unable to find Cookie with name=LoggedIn
> and request URI=signin?0-1.IBehaviorListener.2-signin
> DEBUG 09-23 10:10:58.307 o.a.wicket.Page:871
> [http-nio-0.0.0.0-5080-exec-7] - ending request for page [Page class =
> org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count =
> 1], request
> org.apache.wicket.protocol.http.servlet.ServletWebRequest@3a57191c
> DEBUG 09-23 10:10:58.307 o.a.wicket.Page:871
> [http-nio-0.0.0.0-5080-exec-7] - ending request for page [Page class =
> org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count =
> 1], request
> org.apache.wicket.protocol.http.servlet.ServletWebRequest@3a57191c
> DEBUG 09-23 10:10:58.307 o.a.wicket.Page:871
> [http-nio-0.0.0.0-5080-exec-7] - ending request for page [Page class =
> org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count =
> 1], request
> org.apache.wicket.protocol.http.servlet.ServletWebRequest@3a57191c
> DEBUG 09-23 10:10:58.328
> o.a.w.p.AsynchronousDataStore$PageSavingRunnable:354
> [Wicket-PageSavingThread] - Saving asynchronously: Entry
> [sessionId=AEA1852D7D73CB3264F353796A510FCE, pageId=0]...
> DEBUG 09-23 10:10:58.328 o.a.w.p.DiskDataStore:186
> [Wicket-PageSavingThread] - Storing data for page with id '0' in session
> with id 'AEA1852D7D73CB3264F353796A510FCE'
> DEBUG 09-23 10:10:58.329 o.a.w.p.PageAccessSynchronizer:207
> [http-nio-0.0.0.0-5080-exec-7] - 'http-nio-0.0.0.0-5080-exec-7' released
> lock to page with id '0'
>
>
>
>
>
> Best Regards
>
> Thirumal
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* Monday, August 10, 2015 10:24 AM
> *To:* Openmeetings user-list <us...@openmeetings.apache.org>
> *Subject:* Re: [HELP NEEDED] LDAP import AD groups
>
>
>
> this query will return user DN, NOT groups
>
>
>
> On Mon, Aug 10, 2015 at 9:10 PM, Wild, Rodney <ro...@cybastevens.com>
> wrote:
>
> ldap_search_query=(sAMAccountName=%s)
>
> windows Account name according to this.
>
>
>
> *Rodney Wild | *IT Support
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* Monday, August 10, 2015 12:52 AM
>
>
> *To:* Openmeetings user-list
> *Subject:* Re: [HELP NEEDED] LDAP import AD groups
>
>
>
> And what is the AD query to get user groups by UID?
>
>
>
> On Mon, Aug 10, 2015 at 12:25 PM, Dominic Prakash <do...@sps.co.in>
> wrote:
>
> This config works for me in M$ AD.
>
>
>
> ldap_conn_host=123.456.789.123
>
> ldap_conn_port=389
>
> ldap_conn_secure=false
>
>
>
> ldap_admin_dn=CN=ldapuser,OU=Software,OU=Unit-2,DC=sample,DC=co,DC=in
>
> ldap_passwd=passwordhere
>
> ldap_search_base=DC=sample,DC=co,DC=in
>
>
>
> ldap_search_query=(sAMAccountName=%s)
>
> ldap_search_scope=SUBTREE
>
> ldap_auth_type=SEARCHANDBIND
>
> ldap_userdn_format=sAMAccountName=%s,DC=sample,DC=co,DC=in
>
>
>
> ldap_provisionning=AUTOCREATE
>
> ldap_deref_mode=always
>
> ldap_use_admin_to_get_attrs=true
>
> ldap_sync_password_to_om=true
>
>
>
> ldap_user_attr_lastname=sn
>
> ldap_user_attr_firstname=givenName
>
> ldap_user_attr_mail=mail
>
> ldap_user_attr_street=streetAddress
>
> ldap_user_attr_additionalname=description
>
> ldap_user_attr_fax=facsimileTelephoneNumber
>
> ldap_user_attr_zip=postalCode
>
> ldap_user_attr_country=co
>
> ldap_user_attr_town=l
>
> ldap_user_attr_phone=telephoneNumber
>
>
>
> ldap_user_picture_uri=profile.jpg
>
> ldap_use_lower_case=false
>
>
>
>
>
> Best Regards
>
>
>
> Dominic
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* 05 August 2015 19:52
> *To:* Openmeetings user-list
> *Subject:* Re: [HELP NEEDED] LDAP import AD groups
>
>
>
> I need someone who can fix this query for M$ AD :(
> Or someone who can give me search only test access to AD
>
> WBR, Maxim
> (from mobile, sorry for the typos)
>
> On Aug 5, 2015 20:18, "Michael Wuttke" <mi...@beuth-hochschule.de>
> wrote:
>
> Hello Maxim,
>
> sorry but we use M$ AD and it returns nothing or only errors with this
> query. ;-(
>
> Greetings,
> Michael
>
> Am 05.08.2015 um 15:18 schrieb Maxim Solodovnik:
>
> Hello Michael,
>
> Thanks for your reply
> I need query to get all groups of user with some uid.
>
> so I get uid for for the user: for ex. "solomax"
> I need to get all groups this user is part of.
>
> On my test LDAP server this query:
> (&(memberUid=test1)(objectClass=posixGroup)) returns DNs of all groups
> for given UID
>
>
>
> On Wed, Aug 5, 2015 at 7:11 PM, Michael Wuttke
> <michael.wuttke@beuth-hochschule.de
> <ma...@beuth-hochschule.de>> wrote:
>
> Hello Maxim,
>
> I don't know how to use the ldap_search for your query.
>
> But we use owncloud. Here are our LDAP queries we use for owncloud:
>
> the ldap query for users:
> (&(|(objectclass=person))
>
> (|(|(memberof=CN=Owncloud-admins,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz0))
>
> (|(memberof=CN=Students,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz1))
>
> (|(memberof=CN=Employee,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz2))
>
> (|(memberof=CN=Academics,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz3))
> ))
>
> the ldap query for login attributes:
> (&(&(|(objectclass=person))
>
> (|(|(memberof=CN=Owncloud-admins,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz0))
>
> (|(memberof=CN=Students,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz1))
>
> (|(memberof=CN=Employee,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz2))
>
> (|(memberof=CN=Academics,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz03))
> (|(sAMAccountName=%uid)))
>
> and the ldap query for groups:
>
> (&(|(objectclass=group))(|(cn=Employee)(cn=Students)(cn=Owncloud-admins)(cn=Academics)))
>
> Here is the docu how to configure ldap auth:
>
> https://doc.owncloud.org/server/8.1/admin_manual/configuration_user/user_auth_ldap.html
>
> and the cowncloud code repo the ldap auth app:
> https://github.com/owncloud/core/tree/master/apps/user_ldap
>
> Maybe it helps you?
>
> Thanks & Greetings,
> Michael
>
> Am 05.08.2015 um 14:29 schrieb Maxim Solodovnik:
>
> ups, sorry wrong keyboard :(((
>
> ---- Can anyone with access to AD check if this query works in
> AD, and
> сщккусе ше ащк ФВ ша тще,
> ++++ Can anyone with access to AD check if this query works in
> AD, and
> correct it for AD if not,
>
> On Wed, Aug 5, 2015 at 6:28 PM, Maxim Solodovnik
> <solomax666@gmail.com <ma...@gmail.com>
> <mailto:solomax666@gmail.com <ma...@gmail.com>>>
> wrote:
>
> Hello All,
>
> I'm currently trying to implement
> https://issues.apache.org/jira/browse/OPENMEETINGS-1214
> I was able to find query to get all groups in LDAP:
>
> The following query seems to be able to list all groups for
> the user
> with "uid == test1":
> (&(memberUid=test1)(objectClass=posixGroup))
>
> Can anyone with access to AD check if this query works in
> AD, and
> сщккусе ше ащк ФВ ша тще,
>
> Thanks in advance!
>
> --
> WBR
> Maxim aka solomax
>
>
>
>
> --
> WBR
> Maxim aka solomax
>
>
> --
> Vielen Dank & mit freundlichen Grüßen,
> Michael Wuttke
>
> Administration des Lern-Management-Systems
> Beuth Hochschule Berlin - Hochschulrechenzentrum
> Luxemburger Str. 10
> 13353 Berlin
> Tel: +49 (0)30 45 04 2004
> Haus Bauwesen; Raum: D 225a
> E-Mail: michael.wuttke@beuth-hochschule.de
> News: https://lms.beuth-hochschule.de/rss
>
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
>
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
>
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
>
--
WBR
Maxim aka solomax
RE: [HELP NEEDED] LDAP import AD groups
Posted by Thirumal Karra <tk...@deepsea-tech.com>.
I am 100% sure the password is correct. I tried with multiple users and got the same error.
Best Regards
Thirumal
From: Maxim Solodovnik [mailto:solomax666@gmail.com]
Sent: Wednesday, September 23, 2015 10:30 AM
To: Openmeetings user-list <us...@openmeetings.apache.org>
Subject: Re: [HELP NEEDED] LDAP import AD groups
"Invalid password" I guess something wrong with the password
On Wed, Sep 23, 2015 at 9:20 PM, Thirumal Karra <tk...@deepsea-tech.com>> wrote:
I am trying to setup LDAP but it didn't work. Please look at the log below
DEBUG 09-23 10:10:58.266 o.a.o.l.LdapLoginManagement:168 [http-nio-0.0.0.0-5080-exec-7] - LdapLoginmanagement.doLdapLogin
WARN 09-23 10:10:58.300 o.a.o.l.LdapLoginManagement:287 [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
WARN 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:287 [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
WARN 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:287 [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
ERROR 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:292 [http-nio-0.0.0.0-5080-exec-7] - NONE users found in LDAP
DEBUG 09-23 10:10:58.303 o.a.w.u.c.CookieUtils:273 [http-nio-0.0.0.0-5080-exec-7] - Unable to find Cookie with name=LoggedIn and request URI=signin?0-1.IBehaviorListener.2-signin
DEBUG 09-23 10:10:58.305 o.a.w.Localizer:378 [http-nio-0.0.0.0-5080-exec-7] - Property found in cache: '336'; Component: 'null'; value: 'Invalid password'
DEBUG 09-23 10:10:58.305 o.a.w.f.FeedbackMessages:69 [http-nio-0.0.0.0-5080-exec-7] - Adding feedback message '[FeedbackMessage message = "Invalid password", reporter = signin, level = ERROR]'
DEBUG 09-23 10:10:58.305 o.a.w.u.c.CookieUtils:273 [http-nio-0.0.0.0-5080-exec-7] - Unable to find Cookie with name=LoggedIn and request URI=signin?0-1.IBehaviorListener.2-signin
DEBUG 09-23 10:10:58.307 o.a.wicket.Page:871 [http-nio-0.0.0.0-5080-exec-7] - ending request for page [Page class = org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count = 1], request org.apache.wicket.protocol.http.servlet.ServletWebRequest@3a57191c<ma...@3a57191c>
DEBUG 09-23 10:10:58.307 o.a.wicket.Page:871 [http-nio-0.0.0.0-5080-exec-7] - ending request for page [Page class = org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count = 1], request org.apache.wicket.protocol.http.servlet.ServletWebRequest@3a57191c<ma...@3a57191c>
DEBUG 09-23 10:10:58.307 o.a.wicket.Page:871 [http-nio-0.0.0.0-5080-exec-7] - ending request for page [Page class = org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count = 1], request org.apache.wicket.protocol.http.servlet.ServletWebRequest@3a57191c<ma...@3a57191c>
DEBUG 09-23 10:10:58.328 o.a.w.p.AsynchronousDataStore$PageSavingRunnable:354 [Wicket-PageSavingThread] - Saving asynchronously: Entry [sessionId=AEA1852D7D73CB3264F353796A510FCE, pageId=0]...
DEBUG 09-23 10:10:58.328 o.a.w.p.DiskDataStore:186 [Wicket-PageSavingThread] - Storing data for page with id '0' in session with id 'AEA1852D7D73CB3264F353796A510FCE'
DEBUG 09-23 10:10:58.329 o.a.w.p.PageAccessSynchronizer:207 [http-nio-0.0.0.0-5080-exec-7] - 'http-nio-0.0.0.0-5080-exec-7' released lock to page with id '0'
Best Regards
Thirumal
From: Maxim Solodovnik [mailto:solomax666@gmail.com<ma...@gmail.com>]
Sent: Monday, August 10, 2015 10:24 AM
To: Openmeetings user-list <us...@openmeetings.apache.org>>
Subject: Re: [HELP NEEDED] LDAP import AD groups
this query will return user DN, NOT groups
On Mon, Aug 10, 2015 at 9:10 PM, Wild, Rodney <ro...@cybastevens.com>> wrote:
ldap_search_query=(sAMAccountName=%s)
windows Account name according to this.
Rodney Wild | IT Support
From: Maxim Solodovnik [mailto:solomax666@gmail.com<ma...@gmail.com>]
Sent: Monday, August 10, 2015 12:52 AM
To: Openmeetings user-list
Subject: Re: [HELP NEEDED] LDAP import AD groups
And what is the AD query to get user groups by UID?
On Mon, Aug 10, 2015 at 12:25 PM, Dominic Prakash <do...@sps.co.in>> wrote:
This config works for me in M$ AD.
ldap_conn_host=123.456.789.123
ldap_conn_port=389
ldap_conn_secure=false
ldap_admin_dn=CN=ldapuser,OU=Software,OU=Unit-2,DC=sample,DC=co,DC=in
ldap_passwd=passwordhere
ldap_search_base=DC=sample,DC=co,DC=in
ldap_search_query=(sAMAccountName=%s)
ldap_search_scope=SUBTREE
ldap_auth_type=SEARCHANDBIND
ldap_userdn_format=sAMAccountName=%s,DC=sample,DC=co,DC=in
ldap_provisionning=AUTOCREATE
ldap_deref_mode=always
ldap_use_admin_to_get_attrs=true
ldap_sync_password_to_om=true
ldap_user_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=streetAddress
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=co
ldap_user_attr_town=l
ldap_user_attr_phone=telephoneNumber
ldap_user_picture_uri=profile.jpg
ldap_use_lower_case=false
Best Regards
Dominic
From: Maxim Solodovnik [mailto:solomax666@gmail.com<ma...@gmail.com>]
Sent: 05 August 2015 19:52
To: Openmeetings user-list
Subject: Re: [HELP NEEDED] LDAP import AD groups
I need someone who can fix this query for M$ AD :(
Or someone who can give me search only test access to AD
WBR, Maxim
(from mobile, sorry for the typos)
On Aug 5, 2015 20:18, "Michael Wuttke" <mi...@beuth-hochschule.de>> wrote:
Hello Maxim,
sorry but we use M$ AD and it returns nothing or only errors with this query. ;-(
Greetings,
Michael
Am 05.08.2015 um 15:18 schrieb Maxim Solodovnik:
Hello Michael,
Thanks for your reply
I need query to get all groups of user with some uid.
so I get uid for for the user: for ex. "solomax"
I need to get all groups this user is part of.
On my test LDAP server this query:
(&(memberUid=test1)(objectClass=posixGroup)) returns DNs of all groups
for given UID
On Wed, Aug 5, 2015 at 7:11 PM, Michael Wuttke
<mi...@beuth-hochschule.de>
<ma...@beuth-hochschule.de>>> wrote:
Hello Maxim,
I don't know how to use the ldap_search for your query.
But we use owncloud. Here are our LDAP queries we use for owncloud:
the ldap query for users:
(&(|(objectclass=person))
(|(|(memberof=CN=Owncloud-admins,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz0))
(|(memberof=CN=Students,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz1))
(|(memberof=CN=Employee,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz2))
(|(memberof=CN=Academics,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz3))
))
the ldap query for login attributes:
(&(&(|(objectclass=person))
(|(|(memberof=CN=Owncloud-admins,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz0))
(|(memberof=CN=Students,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz1))
(|(memberof=CN=Employee,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz2))
(|(memberof=CN=Academics,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz03))
(|(sAMAccountName=%uid)))
and the ldap query for groups:
(&(|(objectclass=group))(|(cn=Employee)(cn=Students)(cn=Owncloud-admins)(cn=Academics)))
Here is the docu how to configure ldap auth:
https://doc.owncloud.org/server/8.1/admin_manual/configuration_user/user_auth_ldap.html
and the cowncloud code repo the ldap auth app:
https://github.com/owncloud/core/tree/master/apps/user_ldap
Maybe it helps you?
Thanks & Greetings,
Michael
Am 05.08.2015 um 14:29 schrieb Maxim Solodovnik:
ups, sorry wrong keyboard :(((
---- Can anyone with access to AD check if this query works in
AD, and
сщккусе ше ащк ФВ ша тще,
++++ Can anyone with access to AD check if this query works in
AD, and
correct it for AD if not,
On Wed, Aug 5, 2015 at 6:28 PM, Maxim Solodovnik
<so...@gmail.com> <ma...@gmail.com>>
<ma...@gmail.com> <ma...@gmail.com>>>> wrote:
Hello All,
I'm currently trying to implement
https://issues.apache.org/jira/browse/OPENMEETINGS-1214
I was able to find query to get all groups in LDAP:
The following query seems to be able to list all groups for
the user
with "uid == test1":
(&(memberUid=test1)(objectClass=posixGroup))
Can anyone with access to AD check if this query works in
AD, and
сщккусе ше ащк ФВ ша тще,
Thanks in advance!
--
WBR
Maxim aka solomax
--
WBR
Maxim aka solomax
--
Vielen Dank & mit freundlichen Grüßen,
Michael Wuttke
Administration des Lern-Management-Systems
Beuth Hochschule Berlin - Hochschulrechenzentrum
Luxemburger Str. 10
13353 Berlin
Tel: +49 (0)30 45 04 2004
Haus Bauwesen; Raum: D 225a
E-Mail: michael.wuttke@beuth-hochschule.de<ma...@beuth-hochschule.de>
News: https://lms.beuth-hochschule.de/rss
--
WBR
Maxim aka solomax
--
WBR
Maxim aka solomax
--
WBR
Maxim aka solomax
Re: [HELP NEEDED] LDAP import AD groups
Posted by Maxim Solodovnik <so...@gmail.com>.
"Invalid password" I guess something wrong with the password
On Wed, Sep 23, 2015 at 9:20 PM, Thirumal Karra <tk...@deepsea-tech.com>
wrote:
> I am trying to setup LDAP but it didn't work. Please look at the log below
>
>
> DEBUG 09-23 10:10:58.266 o.a.o.l.LdapLoginManagement:168
> [http-nio-0.0.0.0-5080-exec-7] - LdapLoginmanagement.doLdapLogin
> WARN 09-23 10:10:58.300 o.a.o.l.LdapLoginManagement:287
> [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
> WARN 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:287
> [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
> WARN 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:287
> [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
> ERROR 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:292
> [http-nio-0.0.0.0-5080-exec-7] - NONE users found in LDAP
> DEBUG 09-23 10:10:58.303 o.a.w.u.c.CookieUtils:273
> [http-nio-0.0.0.0-5080-exec-7] - Unable to find Cookie with name=LoggedIn
> and request URI=signin?0-1.IBehaviorListener.2-signin
> DEBUG 09-23 10:10:58.305 o.a.w.Localizer:378
> [http-nio-0.0.0.0-5080-exec-7] - Property found in cache: '336'; Component:
> 'null'; value: 'Invalid password'
> DEBUG 09-23 10:10:58.305 o.a.w.f.FeedbackMessages:69
> [http-nio-0.0.0.0-5080-exec-7] - Adding feedback message '[FeedbackMessage
> message = "Invalid password", reporter = signin, level = ERROR]'
> DEBUG 09-23 10:10:58.305 o.a.w.u.c.CookieUtils:273
> [http-nio-0.0.0.0-5080-exec-7] - Unable to find Cookie with name=LoggedIn
> and request URI=signin?0-1.IBehaviorListener.2-signin
> DEBUG 09-23 10:10:58.307 o.a.wicket.Page:871
> [http-nio-0.0.0.0-5080-exec-7] - ending request for page [Page class =
> org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count =
> 1], request
> org.apache.wicket.protocol.http.servlet.ServletWebRequest@3a57191c
> DEBUG 09-23 10:10:58.307 o.a.wicket.Page:871
> [http-nio-0.0.0.0-5080-exec-7] - ending request for page [Page class =
> org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count =
> 1], request
> org.apache.wicket.protocol.http.servlet.ServletWebRequest@3a57191c
> DEBUG 09-23 10:10:58.307 o.a.wicket.Page:871
> [http-nio-0.0.0.0-5080-exec-7] - ending request for page [Page class =
> org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count =
> 1], request
> org.apache.wicket.protocol.http.servlet.ServletWebRequest@3a57191c
> DEBUG 09-23 10:10:58.328
> o.a.w.p.AsynchronousDataStore$PageSavingRunnable:354
> [Wicket-PageSavingThread] - Saving asynchronously: Entry
> [sessionId=AEA1852D7D73CB3264F353796A510FCE, pageId=0]...
> DEBUG 09-23 10:10:58.328 o.a.w.p.DiskDataStore:186
> [Wicket-PageSavingThread] - Storing data for page with id '0' in session
> with id 'AEA1852D7D73CB3264F353796A510FCE'
> DEBUG 09-23 10:10:58.329 o.a.w.p.PageAccessSynchronizer:207
> [http-nio-0.0.0.0-5080-exec-7] - 'http-nio-0.0.0.0-5080-exec-7' released
> lock to page with id '0'
>
>
>
>
>
> Best Regards
>
> Thirumal
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* Monday, August 10, 2015 10:24 AM
> *To:* Openmeetings user-list <us...@openmeetings.apache.org>
> *Subject:* Re: [HELP NEEDED] LDAP import AD groups
>
>
>
> this query will return user DN, NOT groups
>
>
>
> On Mon, Aug 10, 2015 at 9:10 PM, Wild, Rodney <ro...@cybastevens.com>
> wrote:
>
> ldap_search_query=(sAMAccountName=%s)
>
> windows Account name according to this.
>
>
>
> *Rodney Wild | *IT Support
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* Monday, August 10, 2015 12:52 AM
>
>
> *To:* Openmeetings user-list
> *Subject:* Re: [HELP NEEDED] LDAP import AD groups
>
>
>
> And what is the AD query to get user groups by UID?
>
>
>
> On Mon, Aug 10, 2015 at 12:25 PM, Dominic Prakash <do...@sps.co.in>
> wrote:
>
> This config works for me in M$ AD.
>
>
>
> ldap_conn_host=123.456.789.123
>
> ldap_conn_port=389
>
> ldap_conn_secure=false
>
>
>
> ldap_admin_dn=CN=ldapuser,OU=Software,OU=Unit-2,DC=sample,DC=co,DC=in
>
> ldap_passwd=passwordhere
>
> ldap_search_base=DC=sample,DC=co,DC=in
>
>
>
> ldap_search_query=(sAMAccountName=%s)
>
> ldap_search_scope=SUBTREE
>
> ldap_auth_type=SEARCHANDBIND
>
> ldap_userdn_format=sAMAccountName=%s,DC=sample,DC=co,DC=in
>
>
>
> ldap_provisionning=AUTOCREATE
>
> ldap_deref_mode=always
>
> ldap_use_admin_to_get_attrs=true
>
> ldap_sync_password_to_om=true
>
>
>
> ldap_user_attr_lastname=sn
>
> ldap_user_attr_firstname=givenName
>
> ldap_user_attr_mail=mail
>
> ldap_user_attr_street=streetAddress
>
> ldap_user_attr_additionalname=description
>
> ldap_user_attr_fax=facsimileTelephoneNumber
>
> ldap_user_attr_zip=postalCode
>
> ldap_user_attr_country=co
>
> ldap_user_attr_town=l
>
> ldap_user_attr_phone=telephoneNumber
>
>
>
> ldap_user_picture_uri=profile.jpg
>
> ldap_use_lower_case=false
>
>
>
>
>
> Best Regards
>
>
>
> Dominic
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* 05 August 2015 19:52
> *To:* Openmeetings user-list
> *Subject:* Re: [HELP NEEDED] LDAP import AD groups
>
>
>
> I need someone who can fix this query for M$ AD :(
> Or someone who can give me search only test access to AD
>
> WBR, Maxim
> (from mobile, sorry for the typos)
>
> On Aug 5, 2015 20:18, "Michael Wuttke" <mi...@beuth-hochschule.de>
> wrote:
>
> Hello Maxim,
>
> sorry but we use M$ AD and it returns nothing or only errors with this
> query. ;-(
>
> Greetings,
> Michael
>
> Am 05.08.2015 um 15:18 schrieb Maxim Solodovnik:
>
> Hello Michael,
>
> Thanks for your reply
> I need query to get all groups of user with some uid.
>
> so I get uid for for the user: for ex. "solomax"
> I need to get all groups this user is part of.
>
> On my test LDAP server this query:
> (&(memberUid=test1)(objectClass=posixGroup)) returns DNs of all groups
> for given UID
>
>
>
> On Wed, Aug 5, 2015 at 7:11 PM, Michael Wuttke
> <michael.wuttke@beuth-hochschule.de
> <ma...@beuth-hochschule.de>> wrote:
>
> Hello Maxim,
>
> I don't know how to use the ldap_search for your query.
>
> But we use owncloud. Here are our LDAP queries we use for owncloud:
>
> the ldap query for users:
> (&(|(objectclass=person))
>
> (|(|(memberof=CN=Owncloud-admins,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz0))
>
> (|(memberof=CN=Students,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz1))
>
> (|(memberof=CN=Employee,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz2))
>
> (|(memberof=CN=Academics,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz3))
> ))
>
> the ldap query for login attributes:
> (&(&(|(objectclass=person))
>
> (|(|(memberof=CN=Owncloud-admins,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz0))
>
> (|(memberof=CN=Students,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz1))
>
> (|(memberof=CN=Employee,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz2))
>
> (|(memberof=CN=Academics,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz03))
> (|(sAMAccountName=%uid)))
>
> and the ldap query for groups:
>
> (&(|(objectclass=group))(|(cn=Employee)(cn=Students)(cn=Owncloud-admins)(cn=Academics)))
>
> Here is the docu how to configure ldap auth:
>
> https://doc.owncloud.org/server/8.1/admin_manual/configuration_user/user_auth_ldap.html
>
> and the cowncloud code repo the ldap auth app:
> https://github.com/owncloud/core/tree/master/apps/user_ldap
>
> Maybe it helps you?
>
> Thanks & Greetings,
> Michael
>
> Am 05.08.2015 um 14:29 schrieb Maxim Solodovnik:
>
> ups, sorry wrong keyboard :(((
>
> ---- Can anyone with access to AD check if this query works in
> AD, and
> сщккусе ше ащк ФВ ша тще,
> ++++ Can anyone with access to AD check if this query works in
> AD, and
> correct it for AD if not,
>
> On Wed, Aug 5, 2015 at 6:28 PM, Maxim Solodovnik
> <solomax666@gmail.com <ma...@gmail.com>
> <mailto:solomax666@gmail.com <ma...@gmail.com>>>
> wrote:
>
> Hello All,
>
> I'm currently trying to implement
> https://issues.apache.org/jira/browse/OPENMEETINGS-1214
> I was able to find query to get all groups in LDAP:
>
> The following query seems to be able to list all groups for
> the user
> with "uid == test1":
> (&(memberUid=test1)(objectClass=posixGroup))
>
> Can anyone with access to AD check if this query works in
> AD, and
> сщккусе ше ащк ФВ ша тще,
>
> Thanks in advance!
>
> --
> WBR
> Maxim aka solomax
>
>
>
>
> --
> WBR
> Maxim aka solomax
>
>
> --
> Vielen Dank & mit freundlichen Grüßen,
> Michael Wuttke
>
> Administration des Lern-Management-Systems
> Beuth Hochschule Berlin - Hochschulrechenzentrum
> Luxemburger Str. 10
> 13353 Berlin
> Tel: +49 (0)30 45 04 2004
> Haus Bauwesen; Raum: D 225a
> E-Mail: michael.wuttke@beuth-hochschule.de
> News: https://lms.beuth-hochschule.de/rss
>
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
>
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
>
--
WBR
Maxim aka solomax