RE: [HELP NEEDED] LDAP import AD groups

[Thirumal Karra <tk...@deepsea-tech.com>]

I am trying to setup LDAP but it didn't work.  Please look at the log below


DEBUG 09-23 10:10:58.266 o.a.o.l.LdapLoginManagement:168 [http-nio-0.0.0.0-5080-exec-7] - LdapLoginmanagement.doLdapLogin
 WARN 09-23 10:10:58.300 o.a.o.l.LdapLoginManagement:287 [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
 WARN 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:287 [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
 WARN 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:287 [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
ERROR 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:292 [http-nio-0.0.0.0-5080-exec-7] - NONE users found in LDAP
DEBUG 09-23 10:10:58.303 o.a.w.u.c.CookieUtils:273 [http-nio-0.0.0.0-5080-exec-7] - Unable to find Cookie with name=LoggedIn and request URI=signin?0-1.IBehaviorListener.2-signin
DEBUG 09-23 10:10:58.305 o.a.w.Localizer:378 [http-nio-0.0.0.0-5080-exec-7] - Property found in cache: '336'; Component: 'null'; value: 'Invalid password'
DEBUG 09-23 10:10:58.305 o.a.w.f.FeedbackMessages:69 [http-nio-0.0.0.0-5080-exec-7] - Adding feedback message '[FeedbackMessage message = "Invalid password", reporter = signin, level = ERROR]'
DEBUG 09-23 10:10:58.305 o.a.w.u.c.CookieUtils:273 [http-nio-0.0.0.0-5080-exec-7] - Unable to find Cookie with name=LoggedIn and request URI=signin?0-1.IBehaviorListener.2-signin
DEBUG 09-23 10:10:58.307 o.a.wicket.Page:871 [http-nio-0.0.0.0-5080-exec-7] - ending request for page [Page class = org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count = 1], request org.apache.wicket.protocol.http.servlet.ServletWebRequest@3a57191c
DEBUG 09-23 10:10:58.307 o.a.wicket.Page:871 [http-nio-0.0.0.0-5080-exec-7] - ending request for page [Page class = org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count = 1], request org.apache.wicket.protocol.http.servlet.ServletWebRequest@3a57191c
DEBUG 09-23 10:10:58.307 o.a.wicket.Page:871 [http-nio-0.0.0.0-5080-exec-7] - ending request for page [Page class = org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count = 1], request org.apache.wicket.protocol.http.servlet.ServletWebRequest@3a57191c
DEBUG 09-23 10:10:58.328 o.a.w.p.AsynchronousDataStore$PageSavingRunnable:354 [Wicket-PageSavingThread] - Saving asynchronously: Entry [sessionId=AEA1852D7D73CB3264F353796A510FCE, pageId=0]...
DEBUG 09-23 10:10:58.328 o.a.w.p.DiskDataStore:186 [Wicket-PageSavingThread] - Storing data for page with id '0' in session with id 'AEA1852D7D73CB3264F353796A510FCE'
DEBUG 09-23 10:10:58.329 o.a.w.p.PageAccessSynchronizer:207 [http-nio-0.0.0.0-5080-exec-7] - 'http-nio-0.0.0.0-5080-exec-7' released lock to page with id '0'





Best Regards

Thirumal



From: Maxim Solodovnik [mailto:solomax666@gmail.com]
Sent: Monday, August 10, 2015 10:24 AM
To: Openmeetings user-list <us...@openmeetings.apache.org>
Subject: Re: [HELP NEEDED] LDAP import AD groups



this query will return user DN, NOT groups



On Mon, Aug 10, 2015 at 9:10 PM, Wild, Rodney <ro...@cybastevens.com>> wrote:

ldap_search_query=(sAMAccountName=%s)

windows Account name according to this.



Rodney Wild | IT Support



From: Maxim Solodovnik [mailto:solomax666@gmail.com<ma...@gmail.com>]
Sent: Monday, August 10, 2015 12:52 AM

To: Openmeetings user-list
Subject: Re: [HELP NEEDED] LDAP import AD groups



And what is the AD query to get user groups by UID?



On Mon, Aug 10, 2015 at 12:25 PM, Dominic Prakash <do...@sps.co.in>> wrote:

This config works for me in M$ AD.



ldap_conn_host=123.456.789.123

ldap_conn_port=389

ldap_conn_secure=false



ldap_admin_dn=CN=ldapuser,OU=Software,OU=Unit-2,DC=sample,DC=co,DC=in

ldap_passwd=passwordhere

ldap_search_base=DC=sample,DC=co,DC=in



ldap_search_query=(sAMAccountName=%s)

ldap_search_scope=SUBTREE

ldap_auth_type=SEARCHANDBIND

ldap_userdn_format=sAMAccountName=%s,DC=sample,DC=co,DC=in



ldap_provisionning=AUTOCREATE

ldap_deref_mode=always

ldap_use_admin_to_get_attrs=true

ldap_sync_password_to_om=true



ldap_user_attr_lastname=sn

ldap_user_attr_firstname=givenName

ldap_user_attr_mail=mail

ldap_user_attr_street=streetAddress

ldap_user_attr_additionalname=description

ldap_user_attr_fax=facsimileTelephoneNumber

ldap_user_attr_zip=postalCode

ldap_user_attr_country=co

ldap_user_attr_town=l

ldap_user_attr_phone=telephoneNumber



ldap_user_picture_uri=profile.jpg

ldap_use_lower_case=false





Best Regards



Dominic



From: Maxim Solodovnik [mailto:solomax666@gmail.com<ma...@gmail.com>]
Sent: 05 August 2015 19:52
To: Openmeetings user-list
Subject: Re: [HELP NEEDED] LDAP import AD groups



I need someone who can fix this query for M$ AD :(
Or someone who can give me search only test access to AD

WBR, Maxim
(from mobile, sorry for the typos)

On Aug 5, 2015 20:18, "Michael Wuttke" <mi...@beuth-hochschule.de>> wrote:

Hello Maxim,

sorry but we use M$ AD and it returns nothing or only errors with this query. ;-(

Greetings,
Michael

Am 05.08.2015 um 15:18 schrieb Maxim Solodovnik:

Hello Michael,

Thanks for your reply
I need query to get all groups of user with some uid.

so I get uid for for the user: for ex. "solomax"
I need to get all groups this user is part of.

On my test LDAP server this query:
(&(memberUid=test1)(objectClass=posixGroup)) returns DNs of all groups
for given UID



On Wed, Aug 5, 2015 at 7:11 PM, Michael Wuttke
<mi...@beuth-hochschule.de>
<ma...@beuth-hochschule.de>>> wrote:

    Hello Maxim,

    I don't know how to use the ldap_search for your query.

    But we use owncloud. Here are our LDAP queries we use for owncloud:

    the ldap query for users:
    (&(|(objectclass=person))
    (|(|(memberof=CN=Owncloud-admins,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz0))
    (|(memberof=CN=Students,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz1))
    (|(memberof=CN=Employee,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz2))
    (|(memberof=CN=Academics,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz3))
    ))

    the ldap query for login attributes:
    (&(&(|(objectclass=person))
    (|(|(memberof=CN=Owncloud-admins,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz0))
    (|(memberof=CN=Students,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz1))
    (|(memberof=CN=Employee,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz2))
    (|(memberof=CN=Academics,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz03))
    (|(sAMAccountName=%uid)))

    and the ldap query for groups:
    (&(|(objectclass=group))(|(cn=Employee)(cn=Students)(cn=Owncloud-admins)(cn=Academics)))

    Here is the docu how to configure ldap auth:
    https://doc.owncloud.org/server/8.1/admin_manual/configuration_user/user_auth_ldap.html

    and the cowncloud code repo the ldap auth app:
    https://github.com/owncloud/core/tree/master/apps/user_ldap

    Maybe it helps you?

    Thanks & Greetings,
    Michael

    Am 05.08.2015 um 14:29 schrieb Maxim Solodovnik:

        ups, sorry wrong keyboard :(((

        ---- Can anyone with access to AD check if this query works in
        AD, and
        сщккусе ше ащк ФВ ша тще,
        ++++ Can anyone with access to AD check if this query works in
        AD, and
        correct it for AD if not,

        On Wed, Aug 5, 2015 at 6:28 PM, Maxim Solodovnik
        <so...@gmail.com> <ma...@gmail.com>>
        <ma...@gmail.com> <ma...@gmail.com>>>> wrote:

             Hello All,

             I'm currently trying to implement
        https://issues.apache.org/jira/browse/OPENMEETINGS-1214
             I was able to find query to get all groups in LDAP:

             The following query seems to be able to list all groups for
        the user
             with "uid == test1":
        (&(memberUid=test1)(objectClass=posixGroup))

             Can anyone with access to AD check if this query works in
        AD, and
             сщккусе ше ащк ФВ ша тще,

             Thanks in advance!

             --
             WBR
             Maxim aka solomax




--
WBR
Maxim aka solomax

--
Vielen Dank & mit freundlichen Gru?en,
Michael Wuttke

Administration des Lern-Management-Systems
Beuth Hochschule Berlin - Hochschulrechenzentrum
Luxemburger Str. 10
13353 Berlin
Tel: +49 (0)30 45 04 2004
Haus Bauwesen; Raum: D 225a
E-Mail: michael.wuttke@beuth-hochschule.de<ma...@beuth-hochschule.de>
News: https://lms.beuth-hochschule.de/rss





--

WBR
Maxim aka solomax





--

WBR
Maxim aka solomax

Re: [HELP NEEDED] LDAP import AD groups

[Maxim Solodovnik <so...@gmail.com>]

great!

On Wed, Sep 23, 2015 at 10:17 PM, Thirumal Karra <tk...@deepsea-tech.com>
wrote:

> ldap_search_query=(*userPrincipalName*=%s) worked for me.
>
>
>
> Here’s the correct configuration.
>
> ldap_conn_host=IP Address
> ldap_conn_port=389
> ldap_conn_secure=false
>
> # Login distinguished name (DN) for Authentication on LDAP Server - keep
> empty if not required
> # Use full qualified LDAP DN
> ldap_admin_dn=CN=Firstname Lastname,CN=Users,DC=DOMAIN,DC=com
>
> # Loginpass for Authentication on LDAP Server - keep empty if not required
> ldap_passwd=Password
>
> # base to search for userdata(of user, that wants to login)
> ldap_search_base=DC=DOMAIN,DC=com
>
> # Fieldnames (can differ between Ldap servers)
> ldap_search_query=(*userPrincipalName*=%s)
>
> # the scope of the search might be: OBJECT, ONELEVEL, SUBTREE
> ldap_search_scope=SUBTREE
>
> # Ldap auth type(NONE, SEARCHANDBIND, SIMPLEBIND)
> #  When using SIMPLEBIND a simple bind is performed on the LDAP server to
> check user authentication
> #  When using NONE, the Ldap server is not used for authentication
> ldap_auth_type=SEARCHANDBIND
>
> # userDN format, will be used to bind if ldap_auth_type=SIMPLEBIND
> # might be used to get provisionningDn in case ldap_auth_type=NONE
> #ldap_userdn_format=sAMAccountName=%s,DC=DOMAIN,DC=com
>
> # Ldap provisioning type(NONE, AUTOCREATE, AUTOUPDATE)
> ldap_provisionning=AUTOCREATE
>
> # Ldap deref mode (never, searching, finding, always)
> ldap_deref_mode=always
>
> #  Set this to 'true' if you want to use admin_dn to get user attributes
> #  If any other value is set, user_dn will be used
> ldap_use_admin_to_get_attrs=true
>
> # Ldap-password synchronization to OM DB
> #  Set this to 'true' if you want OM to synchronize the user Ldap-password
> to OM's internal DB
> #  If you want to disable the feature, set this to any other string.
> #  Defautl value is 'true'
> ldap_sync_password_to_om=true
>
> # Ldap user attributes mapping
> # Set the following internal OM user attributes to their corresponding
> Ldap-attribute
> ldap_user_attr_lastname=sn
> ldap_user_attr_firstname=givenName
> ldap_user_attr_mail=mail
> ldap_user_attr_street=streetAddress
> ldap_user_attr_additionalname=description
> ldap_user_attr_fax=facsimileTelephoneNumber
> ldap_user_attr_zip=postalCode
> ldap_user_attr_country=co
> ldap_user_attr_town=l
> ldap_user_attr_phone=telephoneNumber
>
> # optional, only absolute URLs make sense
> #ldap_user_picture_uri=profile.jpg
>
> # optional
> # the timezone has to match any timezone available in Java, otherwise the
> timezone defined in the value of
> # the conf_key "default.timezone" in OpenMeetings "configurations" table
> #ldap_user_timezone=timezone
>
> # Ldap ignore upper/lower case, convert all input to lower case
> ldap_use_lower_case=false
>
>
>
> Best Regards
>
> Thirumal
>
>
>
>
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* Wednesday, September 23, 2015 10:54 AM
>
> *To:* Openmeetings user-list <us...@openmeetings.apache.org>
> *Subject:* Re: [HELP NEEDED] LDAP import AD groups
>
>
>
> Config is OK
>
> according to the log 3 referral entries were fond, but skipped:
>
> WARN 09-23 10:10:58.300 o.a.o.l.LdapLoginManagement:287
> [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
>  WARN 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:287
> [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
>  WARN 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:287
> [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
>
>
>
> not sure why :(
>
> Unfortunately I'm not very good in LDAP, and nor sure what referral
> entries are ... and why they are not "dereferred"
>
> I'll try to check the code
>
>
>
> ldap_deref_mode=always
>
>
>
>
>
>
>
> On Wed, Sep 23, 2015 at 9:35 PM, Thirumal Karra <tk...@deepsea-tech.com>
> wrote:
>
> Here's the configuration
>
>
>
> ldap_conn_host=IP Address
> ldap_conn_port=389
> ldap_conn_secure=false
>
> # Login distinguished name (DN) for Authentication on LDAP Server - keep
> empty if not required
> # Use full qualified LDAP DN
> ldap_admin_dn=CN=Firstname Lastname,CN=Users,DC=DOMAIN,DC=com
>
> # Loginpass for Authentication on LDAP Server - keep empty if not required
> ldap_passwd=Password
>
> # base to search for userdata(of user, that wants to login)
> ldap_search_base=DC=DOMAIN,DC=com
>
> # Fieldnames (can differ between Ldap servers)
> ldap_search_query=(sAMAccountName=%s)
>
> # the scope of the search might be: OBJECT, ONELEVEL, SUBTREE
> ldap_search_scope=SUBTREE
>
> # Ldap auth type(NONE, SEARCHANDBIND, SIMPLEBIND)
> #  When using SIMPLEBIND a simple bind is performed on the LDAP server to
> check user authentication
> #  When using NONE, the Ldap server is not used for authentication
> ldap_auth_type=SEARCHANDBIND
>
> # userDN format, will be used to bind if ldap_auth_type=SIMPLEBIND
> # might be used to get provisionningDn in case ldap_auth_type=NONE
> ldap_userdn_format=sAMAccountName=%s,DC=DOMAIN,DC=com
>
> # Ldap provisioning type(NONE, AUTOCREATE, AUTOUPDATE)
> ldap_provisionning=AUTOCREATE
>
> # Ldap deref mode (never, searching, finding, always)
> ldap_deref_mode=always
>
> #  Set this to 'true' if you want to use admin_dn to get user attributes
> #  If any other value is set, user_dn will be used
> ldap_use_admin_to_get_attrs=true
>
> # Ldap-password synchronization to OM DB
> #  Set this to 'true' if you want OM to synchronize the user Ldap-password
> to OM's internal DB
> #  If you want to disable the feature, set this to any other string.
> #  Defautl value is 'true'
> ldap_sync_password_to_om=true
>
> # Ldap user attributes mapping
> # Set the following internal OM user attributes to their corresponding
> Ldap-attribute
> ldap_user_attr_lastname=sn
> ldap_user_attr_firstname=givenName
> ldap_user_attr_mail=mail
> ldap_user_attr_street=streetAddress
> ldap_user_attr_additionalname=description
> ldap_user_attr_fax=facsimileTelephoneNumber
> ldap_user_attr_zip=postalCode
> ldap_user_attr_country=co
> ldap_user_attr_town=l
> ldap_user_attr_phone=telephoneNumber
>
> # optional, only absolute URLs make sense
> #ldap_user_picture_uri=profile.jpg
>
> # optional
> # the timezone has to match any timezone available in Java, otherwise the
> timezone defined in the value of
> # the conf_key "default.timezone" in OpenMeetings "configurations" table
> #ldap_user_timezone=timezone
>
> # Ldap ignore upper/lower case, convert all input to lower case
> ldap_use_lower_case=false
>
>
>
>
> ------------------------------
>
> *From:* Thirumal Karra <tk...@deepsea-tech.com>
> *Sent:* Wednesday, September 23, 2015 10:31 AM
> *To:* user@openmeetings.apache.org
> *Subject:* RE: [HELP NEEDED] LDAP import AD groups
>
>
>
> I am 100% sure the password is correct.  I tried with multiple users and
> got the same error.
>
>
>
> Best Regards
>
> Thirumal
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* Wednesday, September 23, 2015 10:30 AM
> *To:* Openmeetings user-list <us...@openmeetings.apache.org>
> *Subject:* Re: [HELP NEEDED] LDAP import AD groups
>
>
>
> "Invalid password" I guess something wrong with the password
>
>
>
> On Wed, Sep 23, 2015 at 9:20 PM, Thirumal Karra <tk...@deepsea-tech.com>
> wrote:
>
> I am trying to setup LDAP but it didn't work.  Please look at the log below
>
>
>
> DEBUG 09-23 10:10:58.266 o.a.o.l.LdapLoginManagement:168
> [http-nio-0.0.0.0-5080-exec-7] - LdapLoginmanagement.doLdapLogin
>  WARN 09-23 10:10:58.300 o.a.o.l.LdapLoginManagement:287
> [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
>  WARN 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:287
> [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
>  WARN 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:287
> [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
> ERROR 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:292
> [http-nio-0.0.0.0-5080-exec-7] - NONE users found in LDAP
> DEBUG 09-23 10:10:58.303 o.a.w.u.c.CookieUtils:273
> [http-nio-0.0.0.0-5080-exec-7] - Unable to find Cookie with name=LoggedIn
> and request URI=signin?0-1.IBehaviorListener.2-signin
> DEBUG 09-23 10:10:58.305 o.a.w.Localizer:378
> [http-nio-0.0.0.0-5080-exec-7] - Property found in cache: '336'; Component:
> 'null'; value: 'Invalid password'
> DEBUG 09-23 10:10:58.305 o.a.w.f.FeedbackMessages:69
> [http-nio-0.0.0.0-5080-exec-7] - Adding feedback message '[FeedbackMessage
> message = "Invalid password", reporter = signin, level = ERROR]'
> DEBUG 09-23 10:10:58.305 o.a.w.u.c.CookieUtils:273
> [http-nio-0.0.0.0-5080-exec-7] - Unable to find Cookie with name=LoggedIn
> and request URI=signin?0-1.IBehaviorListener.2-signin
> DEBUG 09-23 10:10:58.307 o.a.wicket.Page:871
> [http-nio-0.0.0.0-5080-exec-7] - ending request for page [Page class =
> org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count =
> 1], request
> org.apache.wicket.protocol.http.servlet.ServletWebRequest@3a57191c
> DEBUG 09-23 10:10:58.307 o.a.wicket.Page:871
> [http-nio-0.0.0.0-5080-exec-7] - ending request for page [Page class =
> org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count =
> 1], request
> org.apache.wicket.protocol.http.servlet.ServletWebRequest@3a57191c
> DEBUG 09-23 10:10:58.307 o.a.wicket.Page:871
> [http-nio-0.0.0.0-5080-exec-7] - ending request for page [Page class =
> org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count =
> 1], request
> org.apache.wicket.protocol.http.servlet.ServletWebRequest@3a57191c
> DEBUG 09-23 10:10:58.328
> o.a.w.p.AsynchronousDataStore$PageSavingRunnable:354
> [Wicket-PageSavingThread] - Saving asynchronously: Entry
> [sessionId=AEA1852D7D73CB3264F353796A510FCE, pageId=0]...
> DEBUG 09-23 10:10:58.328 o.a.w.p.DiskDataStore:186
> [Wicket-PageSavingThread] - Storing data for page with id '0' in session
> with id 'AEA1852D7D73CB3264F353796A510FCE'
> DEBUG 09-23 10:10:58.329 o.a.w.p.PageAccessSynchronizer:207
> [http-nio-0.0.0.0-5080-exec-7] - 'http-nio-0.0.0.0-5080-exec-7' released
> lock to page with id '0'
>
>
>
>
>
> Best Regards
>
> Thirumal
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* Monday, August 10, 2015 10:24 AM
> *To:* Openmeetings user-list <us...@openmeetings.apache.org>
> *Subject:* Re: [HELP NEEDED] LDAP import AD groups
>
>
>
> this query will return user DN, NOT groups
>
>
>
> On Mon, Aug 10, 2015 at 9:10 PM, Wild, Rodney <ro...@cybastevens.com>
> wrote:
>
> ldap_search_query=(sAMAccountName=%s)
>
> windows Account name according to this.
>
>
>
> *Rodney Wild | *IT Support
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* Monday, August 10, 2015 12:52 AM
>
>
> *To:* Openmeetings user-list
> *Subject:* Re: [HELP NEEDED] LDAP import AD groups
>
>
>
> And what is the AD query to get user groups by UID?
>
>
>
> On Mon, Aug 10, 2015 at 12:25 PM, Dominic Prakash <do...@sps.co.in>
> wrote:
>
> This config works for me in M$ AD.
>
>
>
> ldap_conn_host=123.456.789.123
>
> ldap_conn_port=389
>
> ldap_conn_secure=false
>
>
>
> ldap_admin_dn=CN=ldapuser,OU=Software,OU=Unit-2,DC=sample,DC=co,DC=in
>
> ldap_passwd=passwordhere
>
> ldap_search_base=DC=sample,DC=co,DC=in
>
>
>
> ldap_search_query=(sAMAccountName=%s)
>
> ldap_search_scope=SUBTREE
>
> ldap_auth_type=SEARCHANDBIND
>
> ldap_userdn_format=sAMAccountName=%s,DC=sample,DC=co,DC=in
>
>
>
> ldap_provisionning=AUTOCREATE
>
> ldap_deref_mode=always
>
> ldap_use_admin_to_get_attrs=true
>
> ldap_sync_password_to_om=true
>
>
>
> ldap_user_attr_lastname=sn
>
> ldap_user_attr_firstname=givenName
>
> ldap_user_attr_mail=mail
>
> ldap_user_attr_street=streetAddress
>
> ldap_user_attr_additionalname=description
>
> ldap_user_attr_fax=facsimileTelephoneNumber
>
> ldap_user_attr_zip=postalCode
>
> ldap_user_attr_country=co
>
> ldap_user_attr_town=l
>
> ldap_user_attr_phone=telephoneNumber
>
>
>
> ldap_user_picture_uri=profile.jpg
>
> ldap_use_lower_case=false
>
>
>
>
>
> Best Regards
>
>
>
> Dominic
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* 05 August 2015 19:52
> *To:* Openmeetings user-list
> *Subject:* Re: [HELP NEEDED] LDAP import AD groups
>
>
>
> I need someone who can fix this query for M$ AD :(
> Or someone who can give me search only test access to AD
>
> WBR, Maxim
> (from mobile, sorry for the typos)
>
> On Aug 5, 2015 20:18, "Michael Wuttke" <mi...@beuth-hochschule.de>
> wrote:
>
> Hello Maxim,
>
> sorry but we use M$ AD and it returns nothing or only errors with this
> query. ;-(
>
> Greetings,
> Michael
>
> Am 05.08.2015 um 15:18 schrieb Maxim Solodovnik:
>
> Hello Michael,
>
> Thanks for your reply
> I need query to get all groups of user with some uid.
>
> so I get uid for for the user: for ex. "solomax"
> I need to get all groups this user is part of.
>
> On my test LDAP server this query:
> (&(memberUid=test1)(objectClass=posixGroup)) returns DNs of all groups
> for given UID
>
>
>
> On Wed, Aug 5, 2015 at 7:11 PM, Michael Wuttke
> <michael.wuttke@beuth-hochschule.de
> <ma...@beuth-hochschule.de>> wrote:
>
>     Hello Maxim,
>
>     I don't know how to use the ldap_search for your query.
>
>     But we use owncloud. Here are our LDAP queries we use for owncloud:
>
>     the ldap query for users:
>     (&(|(objectclass=person))
>
> (|(|(memberof=CN=Owncloud-admins,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz0))
>
> (|(memberof=CN=Students,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz1))
>
> (|(memberof=CN=Employee,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz2))
>
> (|(memberof=CN=Academics,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz3))
>     ))
>
>     the ldap query for login attributes:
>     (&(&(|(objectclass=person))
>
> (|(|(memberof=CN=Owncloud-admins,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz0))
>
> (|(memberof=CN=Students,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz1))
>
> (|(memberof=CN=Employee,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz2))
>
> (|(memberof=CN=Academics,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz03))
>     (|(sAMAccountName=%uid)))
>
>     and the ldap query for groups:
>
> (&(|(objectclass=group))(|(cn=Employee)(cn=Students)(cn=Owncloud-admins)(cn=Academics)))
>
>     Here is the docu how to configure ldap auth:
>
> https://doc.owncloud.org/server/8.1/admin_manual/configuration_user/user_auth_ldap.html
>
>     and the cowncloud code repo the ldap auth app:
>     https://github.com/owncloud/core/tree/master/apps/user_ldap
>
>     Maybe it helps you?
>
>     Thanks & Greetings,
>     Michael
>
>     Am 05.08.2015 um 14:29 schrieb Maxim Solodovnik:
>
>         ups, sorry wrong keyboard :(((
>
>         ---- Can anyone with access to AD check if this query works in
>         AD, and
>         сщккусе ше ащк ФВ ша тще,
>         ++++ Can anyone with access to AD check if this query works in
>         AD, and
>         correct it for AD if not,
>
>         On Wed, Aug 5, 2015 at 6:28 PM, Maxim Solodovnik
>         <solomax666@gmail.com <ma...@gmail.com>
>         <mailto:solomax666@gmail.com <ma...@gmail.com>>>
> wrote:
>
>              Hello All,
>
>              I'm currently trying to implement
>         https://issues.apache.org/jira/browse/OPENMEETINGS-1214
>              I was able to find query to get all groups in LDAP:
>
>              The following query seems to be able to list all groups for
>         the user
>              with "uid == test1":
>         (&(memberUid=test1)(objectClass=posixGroup))
>
>              Can anyone with access to AD check if this query works in
>         AD, and
>              сщккусе ше ащк ФВ ша тще,
>
>              Thanks in advance!
>
>              --
>              WBR
>              Maxim aka solomax
>
>
>
>
> --
> WBR
> Maxim aka solomax
>
>
> --
> Vielen Dank & mit freundlichen Grüßen,
> Michael Wuttke
>
> Administration des Lern-Management-Systems
> Beuth Hochschule Berlin - Hochschulrechenzentrum
> Luxemburger Str. 10
> 13353 Berlin
> Tel: +49 (0)30 45 04 2004
> Haus Bauwesen; Raum: D 225a
> E-Mail: michael.wuttke@beuth-hochschule.de
> News: https://lms.beuth-hochschule.de/rss
>
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
>
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
>
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
>
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
>



-- 
WBR
Maxim aka solomax

RE: [HELP NEEDED] LDAP import AD groups

[Thirumal Karra <tk...@deepsea-tech.com>]

ldap_search_query=(userPrincipalName=%s) worked for me.

Here’s the correct configuration.

ldap_conn_host=IP Address
ldap_conn_port=389
ldap_conn_secure=false

# Login distinguished name (DN) for Authentication on LDAP Server - keep empty if not required
# Use full qualified LDAP DN
ldap_admin_dn=CN=Firstname Lastname,CN=Users,DC=DOMAIN,DC=com

# Loginpass for Authentication on LDAP Server - keep empty if not required
ldap_passwd=Password

# base to search for userdata(of user, that wants to login)
ldap_search_base=DC=DOMAIN,DC=com

# Fieldnames (can differ between Ldap servers)
ldap_search_query=(userPrincipalName=%s)

# the scope of the search might be: OBJECT, ONELEVEL, SUBTREE
ldap_search_scope=SUBTREE

# Ldap auth type(NONE, SEARCHANDBIND, SIMPLEBIND)
#  When using SIMPLEBIND a simple bind is performed on the LDAP server to check user authentication
#  When using NONE, the Ldap server is not used for authentication
ldap_auth_type=SEARCHANDBIND

# userDN format, will be used to bind if ldap_auth_type=SIMPLEBIND
# might be used to get provisionningDn in case ldap_auth_type=NONE
#ldap_userdn_format=sAMAccountName=%s,DC=DOMAIN,DC=com

# Ldap provisioning type(NONE, AUTOCREATE, AUTOUPDATE)
ldap_provisionning=AUTOCREATE

# Ldap deref mode (never, searching, finding, always)
ldap_deref_mode=always

#  Set this to 'true' if you want to use admin_dn to get user attributes
#  If any other value is set, user_dn will be used
ldap_use_admin_to_get_attrs=true

# Ldap-password synchronization to OM DB
#  Set this to 'true' if you want OM to synchronize the user Ldap-password to OM's internal DB
#  If you want to disable the feature, set this to any other string.
#  Defautl value is 'true'
ldap_sync_password_to_om=true

# Ldap user attributes mapping
# Set the following internal OM user attributes to their corresponding Ldap-attribute
ldap_user_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=streetAddress
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=co
ldap_user_attr_town=l
ldap_user_attr_phone=telephoneNumber

# optional, only absolute URLs make sense
#ldap_user_picture_uri=profile.jpg

# optional
# the timezone has to match any timezone available in Java, otherwise the timezone defined in the value of
# the conf_key "default.timezone" in OpenMeetings "configurations" table
#ldap_user_timezone=timezone

# Ldap ignore upper/lower case, convert all input to lower case
ldap_use_lower_case=false

Best Regards
Thirumal



From: Maxim Solodovnik [mailto:solomax666@gmail.com]
Sent: Wednesday, September 23, 2015 10:54 AM
To: Openmeetings user-list <us...@openmeetings.apache.org>
Subject: Re: [HELP NEEDED] LDAP import AD groups

Config is OK
according to the log 3 referral entries were fond, but skipped:
WARN 09-23 10:10:58.300 o.a.o.l.LdapLoginManagement:287 [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
 WARN 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:287 [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
 WARN 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:287 [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it

not sure why :(
Unfortunately I'm not very good in LDAP, and nor sure what referral entries are ... and why they are not "dereferred"
I'll try to check the code

ldap_deref_mode=always



On Wed, Sep 23, 2015 at 9:35 PM, Thirumal Karra <tk...@deepsea-tech.com>> wrote:

Here's the configuration



ldap_conn_host=IP Address
ldap_conn_port=389
ldap_conn_secure=false

# Login distinguished name (DN) for Authentication on LDAP Server - keep empty if not required
# Use full qualified LDAP DN
ldap_admin_dn=CN=Firstname Lastname,CN=Users,DC=DOMAIN,DC=com

# Loginpass for Authentication on LDAP Server - keep empty if not required
ldap_passwd=Password

# base to search for userdata(of user, that wants to login)
ldap_search_base=DC=DOMAIN,DC=com

# Fieldnames (can differ between Ldap servers)
ldap_search_query=(sAMAccountName=%s)

# the scope of the search might be: OBJECT, ONELEVEL, SUBTREE
ldap_search_scope=SUBTREE

# Ldap auth type(NONE, SEARCHANDBIND, SIMPLEBIND)
#  When using SIMPLEBIND a simple bind is performed on the LDAP server to check user authentication
#  When using NONE, the Ldap server is not used for authentication
ldap_auth_type=SEARCHANDBIND

# userDN format, will be used to bind if ldap_auth_type=SIMPLEBIND
# might be used to get provisionningDn in case ldap_auth_type=NONE
ldap_userdn_format=sAMAccountName=%s,DC=DOMAIN,DC=com

# Ldap provisioning type(NONE, AUTOCREATE, AUTOUPDATE)
ldap_provisionning=AUTOCREATE

# Ldap deref mode (never, searching, finding, always)
ldap_deref_mode=always

#  Set this to 'true' if you want to use admin_dn to get user attributes
#  If any other value is set, user_dn will be used
ldap_use_admin_to_get_attrs=true

# Ldap-password synchronization to OM DB
#  Set this to 'true' if you want OM to synchronize the user Ldap-password to OM's internal DB
#  If you want to disable the feature, set this to any other string.
#  Defautl value is 'true'
ldap_sync_password_to_om=true

# Ldap user attributes mapping
# Set the following internal OM user attributes to their corresponding Ldap-attribute
ldap_user_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=streetAddress
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=co
ldap_user_attr_town=l
ldap_user_attr_phone=telephoneNumber

# optional, only absolute URLs make sense
#ldap_user_picture_uri=profile.jpg

# optional
# the timezone has to match any timezone available in Java, otherwise the timezone defined in the value of
# the conf_key "default.timezone" in OpenMeetings "configurations" table
#ldap_user_timezone=timezone

# Ldap ignore upper/lower case, convert all input to lower case
ldap_use_lower_case=false


________________________________
From: Thirumal Karra <tk...@deepsea-tech.com>>
Sent: Wednesday, September 23, 2015 10:31 AM
To: user@openmeetings.apache.org<ma...@openmeetings.apache.org>
Subject: RE: [HELP NEEDED] LDAP import AD groups


I am 100% sure the password is correct.  I tried with multiple users and got the same error.



Best Regards

Thirumal



From: Maxim Solodovnik [mailto:solomax666@gmail.com<ma...@gmail.com>]
Sent: Wednesday, September 23, 2015 10:30 AM
To: Openmeetings user-list <us...@openmeetings.apache.org>>
Subject: Re: [HELP NEEDED] LDAP import AD groups



"Invalid password" I guess something wrong with the password



On Wed, Sep 23, 2015 at 9:20 PM, Thirumal Karra <tk...@deepsea-tech.com>> wrote:

I am trying to setup LDAP but it didn't work.  Please look at the log below



DEBUG 09-23 10:10:58.266 o.a.o.l.LdapLoginManagement:168 [http-nio-0.0.0.0-5080-exec-7] - LdapLoginmanagement.doLdapLogin
 WARN 09-23 10:10:58.300 o.a.o.l.LdapLoginManagement:287 [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
 WARN 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:287 [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
 WARN 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:287 [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
ERROR 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:292 [http-nio-0.0.0.0-5080-exec-7] - NONE users found in LDAP
DEBUG 09-23 10:10:58.303 o.a.w.u.c.CookieUtils:273 [http-nio-0.0.0.0-5080-exec-7] - Unable to find Cookie with name=LoggedIn and request URI=signin?0-1.IBehaviorListener.2-signin
DEBUG 09-23 10:10:58.305 o.a.w.Localizer:378 [http-nio-0.0.0.0-5080-exec-7] - Property found in cache: '336'; Component: 'null'; value: 'Invalid password'
DEBUG 09-23 10:10:58.305 o.a.w.f.FeedbackMessages:69 [http-nio-0.0.0.0-5080-exec-7] - Adding feedback message '[FeedbackMessage message = "Invalid password", reporter = signin, level = ERROR]'
DEBUG 09-23 10:10:58.305 o.a.w.u.c.CookieUtils:273 [http-nio-0.0.0.0-5080-exec-7] - Unable to find Cookie with name=LoggedIn and request URI=signin?0-1.IBehaviorListener.2-signin
DEBUG 09-23 10:10:58.307 o.a.wicket.Page:871 [http-nio-0.0.0.0-5080-exec-7] - ending request for page [Page class = org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count = 1], request org.apache.wicket.protocol.http.servlet.ServletWebRequest@3a57191c<ma...@3a57191c>
DEBUG 09-23 10:10:58.307 o.a.wicket.Page:871 [http-nio-0.0.0.0-5080-exec-7] - ending request for page [Page class = org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count = 1], request org.apache.wicket.protocol.http.servlet.ServletWebRequest@3a57191c<ma...@3a57191c>
DEBUG 09-23 10:10:58.307 o.a.wicket.Page:871 [http-nio-0.0.0.0-5080-exec-7] - ending request for page [Page class = org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count = 1], request org.apache.wicket.protocol.http.servlet.ServletWebRequest@3a57191c<ma...@3a57191c>
DEBUG 09-23 10:10:58.328 o.a.w.p.AsynchronousDataStore$PageSavingRunnable:354 [Wicket-PageSavingThread] - Saving asynchronously: Entry [sessionId=AEA1852D7D73CB3264F353796A510FCE, pageId=0]...
DEBUG 09-23 10:10:58.328 o.a.w.p.DiskDataStore:186 [Wicket-PageSavingThread] - Storing data for page with id '0' in session with id 'AEA1852D7D73CB3264F353796A510FCE'
DEBUG 09-23 10:10:58.329 o.a.w.p.PageAccessSynchronizer:207 [http-nio-0.0.0.0-5080-exec-7] - 'http-nio-0.0.0.0-5080-exec-7' released lock to page with id '0'





Best Regards

Thirumal



From: Maxim Solodovnik [mailto:solomax666@gmail.com<ma...@gmail.com>]
Sent: Monday, August 10, 2015 10:24 AM
To: Openmeetings user-list <us...@openmeetings.apache.org>>
Subject: Re: [HELP NEEDED] LDAP import AD groups



this query will return user DN, NOT groups



On Mon, Aug 10, 2015 at 9:10 PM, Wild, Rodney <ro...@cybastevens.com>> wrote:

ldap_search_query=(sAMAccountName=%s)

windows Account name according to this.



Rodney Wild | IT Support



From: Maxim Solodovnik [mailto:solomax666@gmail.com<ma...@gmail.com>]
Sent: Monday, August 10, 2015 12:52 AM

To: Openmeetings user-list
Subject: Re: [HELP NEEDED] LDAP import AD groups



And what is the AD query to get user groups by UID?



On Mon, Aug 10, 2015 at 12:25 PM, Dominic Prakash <do...@sps.co.in>> wrote:

This config works for me in M$ AD.



ldap_conn_host=123.456.789.123

ldap_conn_port=389

ldap_conn_secure=false



ldap_admin_dn=CN=ldapuser,OU=Software,OU=Unit-2,DC=sample,DC=co,DC=in

ldap_passwd=passwordhere

ldap_search_base=DC=sample,DC=co,DC=in



ldap_search_query=(sAMAccountName=%s)

ldap_search_scope=SUBTREE

ldap_auth_type=SEARCHANDBIND

ldap_userdn_format=sAMAccountName=%s,DC=sample,DC=co,DC=in



ldap_provisionning=AUTOCREATE

ldap_deref_mode=always

ldap_use_admin_to_get_attrs=true

ldap_sync_password_to_om=true



ldap_user_attr_lastname=sn

ldap_user_attr_firstname=givenName

ldap_user_attr_mail=mail

ldap_user_attr_street=streetAddress

ldap_user_attr_additionalname=description

ldap_user_attr_fax=facsimileTelephoneNumber

ldap_user_attr_zip=postalCode

ldap_user_attr_country=co

ldap_user_attr_town=l

ldap_user_attr_phone=telephoneNumber



ldap_user_picture_uri=profile.jpg

ldap_use_lower_case=false





Best Regards



Dominic



From: Maxim Solodovnik [mailto:solomax666@gmail.com<ma...@gmail.com>]
Sent: 05 August 2015 19:52
To: Openmeetings user-list
Subject: Re: [HELP NEEDED] LDAP import AD groups



I need someone who can fix this query for M$ AD :(
Or someone who can give me search only test access to AD

WBR, Maxim
(from mobile, sorry for the typos)

On Aug 5, 2015 20:18, "Michael Wuttke" <mi...@beuth-hochschule.de>> wrote:

Hello Maxim,

sorry but we use M$ AD and it returns nothing or only errors with this query. ;-(

Greetings,
Michael

Am 05.08.2015 um 15:18 schrieb Maxim Solodovnik:

Hello Michael,

Thanks for your reply
I need query to get all groups of user with some uid.

so I get uid for for the user: for ex. "solomax"
I need to get all groups this user is part of.

On my test LDAP server this query:
(&(memberUid=test1)(objectClass=posixGroup)) returns DNs of all groups
for given UID



On Wed, Aug 5, 2015 at 7:11 PM, Michael Wuttke
<mi...@beuth-hochschule.de>
<ma...@beuth-hochschule.de>>> wrote:

    Hello Maxim,

    I don't know how to use the ldap_search for your query.

    But we use owncloud. Here are our LDAP queries we use for owncloud:

    the ldap query for users:
    (&(|(objectclass=person))
    (|(|(memberof=CN=Owncloud-admins,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz0))
    (|(memberof=CN=Students,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz1))
    (|(memberof=CN=Employee,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz2))
    (|(memberof=CN=Academics,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz3))
    ))

    the ldap query for login attributes:
    (&(&(|(objectclass=person))
    (|(|(memberof=CN=Owncloud-admins,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz0))
    (|(memberof=CN=Students,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz1))
    (|(memberof=CN=Employee,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz2))
    (|(memberof=CN=Academics,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz03))
    (|(sAMAccountName=%uid)))

    and the ldap query for groups:
    (&(|(objectclass=group))(|(cn=Employee)(cn=Students)(cn=Owncloud-admins)(cn=Academics)))

    Here is the docu how to configure ldap auth:
    https://doc.owncloud.org/server/8.1/admin_manual/configuration_user/user_auth_ldap.html

    and the cowncloud code repo the ldap auth app:
    https://github.com/owncloud/core/tree/master/apps/user_ldap

    Maybe it helps you?

    Thanks & Greetings,
    Michael

    Am 05.08.2015 um 14:29 schrieb Maxim Solodovnik:

        ups, sorry wrong keyboard :(((

        ---- Can anyone with access to AD check if this query works in
        AD, and
        сщккусе ше ащк ФВ ша тще,
        ++++ Can anyone with access to AD check if this query works in
        AD, and
        correct it for AD if not,

        On Wed, Aug 5, 2015 at 6:28 PM, Maxim Solodovnik
        <so...@gmail.com> <ma...@gmail.com>>
        <ma...@gmail.com> <ma...@gmail.com>>>> wrote:

             Hello All,

             I'm currently trying to implement
        https://issues.apache.org/jira/browse/OPENMEETINGS-1214
             I was able to find query to get all groups in LDAP:

             The following query seems to be able to list all groups for
        the user
             with "uid == test1":
        (&(memberUid=test1)(objectClass=posixGroup))

             Can anyone with access to AD check if this query works in
        AD, and
             сщккусе ше ащк ФВ ша тще,

             Thanks in advance!

             --
             WBR
             Maxim aka solomax




--
WBR
Maxim aka solomax

--
Vielen Dank & mit freundlichen Grüßen,
Michael Wuttke

Administration des Lern-Management-Systems
Beuth Hochschule Berlin - Hochschulrechenzentrum
Luxemburger Str. 10
13353 Berlin
Tel: +49 (0)30 45 04 2004
Haus Bauwesen; Raum: D 225a
E-Mail: michael.wuttke@beuth-hochschule.de<ma...@beuth-hochschule.de>
News: https://lms.beuth-hochschule.de/rss





--

WBR
Maxim aka solomax





--

WBR
Maxim aka solomax





--

WBR
Maxim aka solomax



--
WBR
Maxim aka solomax

Re: [HELP NEEDED] LDAP import AD groups

[Maxim Solodovnik <so...@gmail.com>]

Config is OK
according to the log 3 referral entries were fond, but skipped:
WARN 09-23 10:10:58.300 o.a.o.l.LdapLoginManagement:287
[http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
 WARN 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:287
[http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
 WARN 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:287
[http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it

not sure why :(
Unfortunately I'm not very good in LDAP, and nor sure what referral entries
are ... and why they are not "dereferred"
I'll try to check the code

ldap_deref_mode=always



On Wed, Sep 23, 2015 at 9:35 PM, Thirumal Karra <tk...@deepsea-tech.com>
wrote:

> Here's the configuration
>
>
> ldap_conn_host=IP Address
> ldap_conn_port=389
> ldap_conn_secure=false
>
> # Login distinguished name (DN) for Authentication on LDAP Server - keep
> empty if not required
> # Use full qualified LDAP DN
> ldap_admin_dn=CN=Firstname Lastname,CN=Users,DC=DOMAIN,DC=com
>
> # Loginpass for Authentication on LDAP Server - keep empty if not required
> ldap_passwd=Password
>
> # base to search for userdata(of user, that wants to login)
> ldap_search_base=DC=DOMAIN,DC=com
>
> # Fieldnames (can differ between Ldap servers)
> ldap_search_query=(sAMAccountName=%s)
>
> # the scope of the search might be: OBJECT, ONELEVEL, SUBTREE
> ldap_search_scope=SUBTREE
>
> # Ldap auth type(NONE, SEARCHANDBIND, SIMPLEBIND)
> #  When using SIMPLEBIND a simple bind is performed on the LDAP server to
> check user authentication
> #  When using NONE, the Ldap server is not used for authentication
> ldap_auth_type=SEARCHANDBIND
>
> # userDN format, will be used to bind if ldap_auth_type=SIMPLEBIND
> # might be used to get provisionningDn in case ldap_auth_type=NONE
> ldap_userdn_format=sAMAccountName=%s,DC=DOMAIN,DC=com
>
> # Ldap provisioning type(NONE, AUTOCREATE, AUTOUPDATE)
> ldap_provisionning=AUTOCREATE
>
> # Ldap deref mode (never, searching, finding, always)
> ldap_deref_mode=always
>
> #  Set this to 'true' if you want to use admin_dn to get user attributes
> #  If any other value is set, user_dn will be used
> ldap_use_admin_to_get_attrs=true
>
> # Ldap-password synchronization to OM DB
> #  Set this to 'true' if you want OM to synchronize the user Ldap-password
> to OM's internal DB
> #  If you want to disable the feature, set this to any other string.
> #  Defautl value is 'true'
> ldap_sync_password_to_om=true
>
> # Ldap user attributes mapping
> # Set the following internal OM user attributes to their corresponding
> Ldap-attribute
> ldap_user_attr_lastname=sn
> ldap_user_attr_firstname=givenName
> ldap_user_attr_mail=mail
> ldap_user_attr_street=streetAddress
> ldap_user_attr_additionalname=description
> ldap_user_attr_fax=facsimileTelephoneNumber
> ldap_user_attr_zip=postalCode
> ldap_user_attr_country=co
> ldap_user_attr_town=l
> ldap_user_attr_phone=telephoneNumber
>
> # optional, only absolute URLs make sense
> #ldap_user_picture_uri=profile.jpg
>
> # optional
> # the timezone has to match any timezone available in Java, otherwise the
> timezone defined in the value of
> # the conf_key "default.timezone" in OpenMeetings "configurations" table
> #ldap_user_timezone=timezone
>
> # Ldap ignore upper/lower case, convert all input to lower case
> ldap_use_lower_case=false
>
>
>
>
> ------------------------------
> *From:* Thirumal Karra <tk...@deepsea-tech.com>
> *Sent:* Wednesday, September 23, 2015 10:31 AM
> *To:* user@openmeetings.apache.org
> *Subject:* RE: [HELP NEEDED] LDAP import AD groups
>
>
> I am 100% sure the password is correct.  I tried with multiple users and
> got the same error.
>
>
>
> Best Regards
>
> Thirumal
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* Wednesday, September 23, 2015 10:30 AM
> *To:* Openmeetings user-list <us...@openmeetings.apache.org>
> *Subject:* Re: [HELP NEEDED] LDAP import AD groups
>
>
>
> "Invalid password" I guess something wrong with the password
>
>
>
> On Wed, Sep 23, 2015 at 9:20 PM, Thirumal Karra <tk...@deepsea-tech.com>
> wrote:
>
> I am trying to setup LDAP but it didn't work.  Please look at the log below
>
>
>
> DEBUG 09-23 10:10:58.266 o.a.o.l.LdapLoginManagement:168
> [http-nio-0.0.0.0-5080-exec-7] - LdapLoginmanagement.doLdapLogin
>  WARN 09-23 10:10:58.300 o.a.o.l.LdapLoginManagement:287
> [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
>  WARN 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:287
> [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
>  WARN 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:287
> [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
> ERROR 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:292
> [http-nio-0.0.0.0-5080-exec-7] - NONE users found in LDAP
> DEBUG 09-23 10:10:58.303 o.a.w.u.c.CookieUtils:273
> [http-nio-0.0.0.0-5080-exec-7] - Unable to find Cookie with name=LoggedIn
> and request URI=signin?0-1.IBehaviorListener.2-signin
> DEBUG 09-23 10:10:58.305 o.a.w.Localizer:378
> [http-nio-0.0.0.0-5080-exec-7] - Property found in cache: '336'; Component:
> 'null'; value: 'Invalid password'
> DEBUG 09-23 10:10:58.305 o.a.w.f.FeedbackMessages:69
> [http-nio-0.0.0.0-5080-exec-7] - Adding feedback message '[FeedbackMessage
> message = "Invalid password", reporter = signin, level = ERROR]'
> DEBUG 09-23 10:10:58.305 o.a.w.u.c.CookieUtils:273
> [http-nio-0.0.0.0-5080-exec-7] - Unable to find Cookie with name=LoggedIn
> and request URI=signin?0-1.IBehaviorListener.2-signin
> DEBUG 09-23 10:10:58.307 o.a.wicket.Page:871
> [http-nio-0.0.0.0-5080-exec-7] - ending request for page [Page class =
> org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count =
> 1], request
> org.apache.wicket.protocol.http.servlet.ServletWebRequest@3a57191c
> DEBUG 09-23 10:10:58.307 o.a.wicket.Page:871
> [http-nio-0.0.0.0-5080-exec-7] - ending request for page [Page class =
> org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count =
> 1], request
> org.apache.wicket.protocol.http.servlet.ServletWebRequest@3a57191c
> DEBUG 09-23 10:10:58.307 o.a.wicket.Page:871
> [http-nio-0.0.0.0-5080-exec-7] - ending request for page [Page class =
> org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count =
> 1], request
> org.apache.wicket.protocol.http.servlet.ServletWebRequest@3a57191c
> DEBUG 09-23 10:10:58.328
> o.a.w.p.AsynchronousDataStore$PageSavingRunnable:354
> [Wicket-PageSavingThread] - Saving asynchronously: Entry
> [sessionId=AEA1852D7D73CB3264F353796A510FCE, pageId=0]...
> DEBUG 09-23 10:10:58.328 o.a.w.p.DiskDataStore:186
> [Wicket-PageSavingThread] - Storing data for page with id '0' in session
> with id 'AEA1852D7D73CB3264F353796A510FCE'
> DEBUG 09-23 10:10:58.329 o.a.w.p.PageAccessSynchronizer:207
> [http-nio-0.0.0.0-5080-exec-7] - 'http-nio-0.0.0.0-5080-exec-7' released
> lock to page with id '0'
>
>
>
>
>
> Best Regards
>
> Thirumal
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* Monday, August 10, 2015 10:24 AM
> *To:* Openmeetings user-list <us...@openmeetings.apache.org>
> *Subject:* Re: [HELP NEEDED] LDAP import AD groups
>
>
>
> this query will return user DN, NOT groups
>
>
>
> On Mon, Aug 10, 2015 at 9:10 PM, Wild, Rodney <ro...@cybastevens.com>
> wrote:
>
> ldap_search_query=(sAMAccountName=%s)
>
> windows Account name according to this.
>
>
>
> *Rodney Wild | *IT Support
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* Monday, August 10, 2015 12:52 AM
>
>
> *To:* Openmeetings user-list
> *Subject:* Re: [HELP NEEDED] LDAP import AD groups
>
>
>
> And what is the AD query to get user groups by UID?
>
>
>
> On Mon, Aug 10, 2015 at 12:25 PM, Dominic Prakash <do...@sps.co.in>
> wrote:
>
> This config works for me in M$ AD.
>
>
>
> ldap_conn_host=123.456.789.123
>
> ldap_conn_port=389
>
> ldap_conn_secure=false
>
>
>
> ldap_admin_dn=CN=ldapuser,OU=Software,OU=Unit-2,DC=sample,DC=co,DC=in
>
> ldap_passwd=passwordhere
>
> ldap_search_base=DC=sample,DC=co,DC=in
>
>
>
> ldap_search_query=(sAMAccountName=%s)
>
> ldap_search_scope=SUBTREE
>
> ldap_auth_type=SEARCHANDBIND
>
> ldap_userdn_format=sAMAccountName=%s,DC=sample,DC=co,DC=in
>
>
>
> ldap_provisionning=AUTOCREATE
>
> ldap_deref_mode=always
>
> ldap_use_admin_to_get_attrs=true
>
> ldap_sync_password_to_om=true
>
>
>
> ldap_user_attr_lastname=sn
>
> ldap_user_attr_firstname=givenName
>
> ldap_user_attr_mail=mail
>
> ldap_user_attr_street=streetAddress
>
> ldap_user_attr_additionalname=description
>
> ldap_user_attr_fax=facsimileTelephoneNumber
>
> ldap_user_attr_zip=postalCode
>
> ldap_user_attr_country=co
>
> ldap_user_attr_town=l
>
> ldap_user_attr_phone=telephoneNumber
>
>
>
> ldap_user_picture_uri=profile.jpg
>
> ldap_use_lower_case=false
>
>
>
>
>
> Best Regards
>
>
>
> Dominic
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* 05 August 2015 19:52
> *To:* Openmeetings user-list
> *Subject:* Re: [HELP NEEDED] LDAP import AD groups
>
>
>
> I need someone who can fix this query for M$ AD :(
> Or someone who can give me search only test access to AD
>
> WBR, Maxim
> (from mobile, sorry for the typos)
>
> On Aug 5, 2015 20:18, "Michael Wuttke" <mi...@beuth-hochschule.de>
> wrote:
>
> Hello Maxim,
>
> sorry but we use M$ AD and it returns nothing or only errors with this
> query. ;-(
>
> Greetings,
> Michael
>
> Am 05.08.2015 um 15:18 schrieb Maxim Solodovnik:
>
> Hello Michael,
>
> Thanks for your reply
> I need query to get all groups of user with some uid.
>
> so I get uid for for the user: for ex. "solomax"
> I need to get all groups this user is part of.
>
> On my test LDAP server this query:
> (&(memberUid=test1)(objectClass=posixGroup)) returns DNs of all groups
> for given UID
>
>
>
> On Wed, Aug 5, 2015 at 7:11 PM, Michael Wuttke
> <michael.wuttke@beuth-hochschule.de
> <ma...@beuth-hochschule.de>> wrote:
>
>     Hello Maxim,
>
>     I don't know how to use the ldap_search for your query.
>
>     But we use owncloud. Here are our LDAP queries we use for owncloud:
>
>     the ldap query for users:
>     (&(|(objectclass=person))
>
> (|(|(memberof=CN=Owncloud-admins,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz0))
>
> (|(memberof=CN=Students,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz1))
>
> (|(memberof=CN=Employee,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz2))
>
> (|(memberof=CN=Academics,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz3))
>     ))
>
>     the ldap query for login attributes:
>     (&(&(|(objectclass=person))
>
> (|(|(memberof=CN=Owncloud-admins,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz0))
>
> (|(memberof=CN=Students,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz1))
>
> (|(memberof=CN=Employee,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz2))
>
> (|(memberof=CN=Academics,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz03))
>     (|(sAMAccountName=%uid)))
>
>     and the ldap query for groups:
>
> (&(|(objectclass=group))(|(cn=Employee)(cn=Students)(cn=Owncloud-admins)(cn=Academics)))
>
>     Here is the docu how to configure ldap auth:
>
> https://doc.owncloud.org/server/8.1/admin_manual/configuration_user/user_auth_ldap.html
>
>     and the cowncloud code repo the ldap auth app:
>     https://github.com/owncloud/core/tree/master/apps/user_ldap
>
>     Maybe it helps you?
>
>     Thanks & Greetings,
>     Michael
>
>     Am 05.08.2015 um 14:29 schrieb Maxim Solodovnik:
>
>         ups, sorry wrong keyboard :(((
>
>         ---- Can anyone with access to AD check if this query works in
>         AD, and
>         сщккусе ше ащк ФВ ша тще,
>         ++++ Can anyone with access to AD check if this query works in
>         AD, and
>         correct it for AD if not,
>
>         On Wed, Aug 5, 2015 at 6:28 PM, Maxim Solodovnik
>         <solomax666@gmail.com <ma...@gmail.com>
>         <mailto:solomax666@gmail.com <ma...@gmail.com>>>
> wrote:
>
>              Hello All,
>
>              I'm currently trying to implement
>         https://issues.apache.org/jira/browse/OPENMEETINGS-1214
>              I was able to find query to get all groups in LDAP:
>
>              The following query seems to be able to list all groups for
>         the user
>              with "uid == test1":
>         (&(memberUid=test1)(objectClass=posixGroup))
>
>              Can anyone with access to AD check if this query works in
>         AD, and
>              сщккусе ше ащк ФВ ша тще,
>
>              Thanks in advance!
>
>              --
>              WBR
>              Maxim aka solomax
>
>
>
>
> --
> WBR
> Maxim aka solomax
>
>
> --
> Vielen Dank & mit freundlichen Grüßen,
> Michael Wuttke
>
> Administration des Lern-Management-Systems
> Beuth Hochschule Berlin - Hochschulrechenzentrum
> Luxemburger Str. 10
> 13353 Berlin
> Tel: +49 (0)30 45 04 2004
> Haus Bauwesen; Raum: D 225a
> E-Mail: michael.wuttke@beuth-hochschule.de
> News: https://lms.beuth-hochschule.de/rss
>
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
>
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
>
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
>



-- 
WBR
Maxim aka solomax

Re: [HELP NEEDED] LDAP import AD groups

[Thirumal Karra <tk...@deepsea-tech.com>]

Here's the configuration


ldap_conn_host=IP Address
ldap_conn_port=389
ldap_conn_secure=false

# Login distinguished name (DN) for Authentication on LDAP Server - keep empty if not required
# Use full qualified LDAP DN
ldap_admin_dn=CN=Firstname Lastname,CN=Users,DC=DOMAIN,DC=com

# Loginpass for Authentication on LDAP Server - keep empty if not required
ldap_passwd=Password

# base to search for userdata(of user, that wants to login)
ldap_search_base=DC=DOMAIN,DC=com

# Fieldnames (can differ between Ldap servers)
ldap_search_query=(sAMAccountName=%s)

# the scope of the search might be: OBJECT, ONELEVEL, SUBTREE
ldap_search_scope=SUBTREE

# Ldap auth type(NONE, SEARCHANDBIND, SIMPLEBIND)
#  When using SIMPLEBIND a simple bind is performed on the LDAP server to check user authentication
#  When using NONE, the Ldap server is not used for authentication
ldap_auth_type=SEARCHANDBIND

# userDN format, will be used to bind if ldap_auth_type=SIMPLEBIND
# might be used to get provisionningDn in case ldap_auth_type=NONE
ldap_userdn_format=sAMAccountName=%s,DC=DOMAIN,DC=com

# Ldap provisioning type(NONE, AUTOCREATE, AUTOUPDATE)
ldap_provisionning=AUTOCREATE

# Ldap deref mode (never, searching, finding, always)
ldap_deref_mode=always

#  Set this to 'true' if you want to use admin_dn to get user attributes
#  If any other value is set, user_dn will be used
ldap_use_admin_to_get_attrs=true

# Ldap-password synchronization to OM DB
#  Set this to 'true' if you want OM to synchronize the user Ldap-password to OM's internal DB
#  If you want to disable the feature, set this to any other string.
#  Defautl value is 'true'
ldap_sync_password_to_om=true

# Ldap user attributes mapping
# Set the following internal OM user attributes to their corresponding Ldap-attribute
ldap_user_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=streetAddress
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=co
ldap_user_attr_town=l
ldap_user_attr_phone=telephoneNumber

# optional, only absolute URLs make sense
#ldap_user_picture_uri=profile.jpg

# optional
# the timezone has to match any timezone available in Java, otherwise the timezone defined in the value of
# the conf_key "default.timezone" in OpenMeetings "configurations" table
#ldap_user_timezone=timezone

# Ldap ignore upper/lower case, convert all input to lower case
ldap_use_lower_case=false



________________________________
From: Thirumal Karra <tk...@deepsea-tech.com>
Sent: Wednesday, September 23, 2015 10:31 AM
To: user@openmeetings.apache.org
Subject: RE: [HELP NEEDED] LDAP import AD groups


I am 100% sure the password is correct.  I tried with multiple users and got the same error.



Best Regards

Thirumal



From: Maxim Solodovnik [mailto:solomax666@gmail.com]
Sent: Wednesday, September 23, 2015 10:30 AM
To: Openmeetings user-list <us...@openmeetings.apache.org>
Subject: Re: [HELP NEEDED] LDAP import AD groups



"Invalid password" I guess something wrong with the password



On Wed, Sep 23, 2015 at 9:20 PM, Thirumal Karra <tk...@deepsea-tech.com>> wrote:

I am trying to setup LDAP but it didn't work.  Please look at the log below



DEBUG 09-23 10:10:58.266 o.a.o.l.LdapLoginManagement:168 [http-nio-0.0.0.0-5080-exec-7] - LdapLoginmanagement.doLdapLogin
 WARN 09-23 10:10:58.300 o.a.o.l.LdapLoginManagement:287 [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
 WARN 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:287 [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
 WARN 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:287 [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
ERROR 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:292 [http-nio-0.0.0.0-5080-exec-7] - NONE users found in LDAP
DEBUG 09-23 10:10:58.303 o.a.w.u.c.CookieUtils:273 [http-nio-0.0.0.0-5080-exec-7] - Unable to find Cookie with name=LoggedIn and request URI=signin?0-1.IBehaviorListener.2-signin
DEBUG 09-23 10:10:58.305 o.a.w.Localizer:378 [http-nio-0.0.0.0-5080-exec-7] - Property found in cache: '336'; Component: 'null'; value: 'Invalid password'
DEBUG 09-23 10:10:58.305 o.a.w.f.FeedbackMessages:69 [http-nio-0.0.0.0-5080-exec-7] - Adding feedback message '[FeedbackMessage message = "Invalid password", reporter = signin, level = ERROR]'
DEBUG 09-23 10:10:58.305 o.a.w.u.c.CookieUtils:273 [http-nio-0.0.0.0-5080-exec-7] - Unable to find Cookie with name=LoggedIn and request URI=signin?0-1.IBehaviorListener.2-signin
DEBUG 09-23 10:10:58.307 o.a.wicket.Page:871 [http-nio-0.0.0.0-5080-exec-7] - ending request for page [Page class = org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count = 1], request org.apache.wicket.protocol.http.servlet.ServletWebRequest@3a57191c<ma...@3a57191c>
DEBUG 09-23 10:10:58.307 o.a.wicket.Page:871 [http-nio-0.0.0.0-5080-exec-7] - ending request for page [Page class = org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count = 1], request org.apache.wicket.protocol.http.servlet.ServletWebRequest@3a57191c<ma...@3a57191c>
DEBUG 09-23 10:10:58.307 o.a.wicket.Page:871 [http-nio-0.0.0.0-5080-exec-7] - ending request for page [Page class = org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count = 1], request org.apache.wicket.protocol.http.servlet.ServletWebRequest@3a57191c<ma...@3a57191c>
DEBUG 09-23 10:10:58.328 o.a.w.p.AsynchronousDataStore$PageSavingRunnable:354 [Wicket-PageSavingThread] - Saving asynchronously: Entry [sessionId=AEA1852D7D73CB3264F353796A510FCE, pageId=0]...
DEBUG 09-23 10:10:58.328 o.a.w.p.DiskDataStore:186 [Wicket-PageSavingThread] - Storing data for page with id '0' in session with id 'AEA1852D7D73CB3264F353796A510FCE'
DEBUG 09-23 10:10:58.329 o.a.w.p.PageAccessSynchronizer:207 [http-nio-0.0.0.0-5080-exec-7] - 'http-nio-0.0.0.0-5080-exec-7' released lock to page with id '0'





Best Regards

Thirumal



From: Maxim Solodovnik [mailto:solomax666@gmail.com<ma...@gmail.com>]
Sent: Monday, August 10, 2015 10:24 AM
To: Openmeetings user-list <us...@openmeetings.apache.org>>
Subject: Re: [HELP NEEDED] LDAP import AD groups



this query will return user DN, NOT groups



On Mon, Aug 10, 2015 at 9:10 PM, Wild, Rodney <ro...@cybastevens.com>> wrote:

ldap_search_query=(sAMAccountName=%s)

windows Account name according to this.



Rodney Wild | IT Support



From: Maxim Solodovnik [mailto:solomax666@gmail.com<ma...@gmail.com>]
Sent: Monday, August 10, 2015 12:52 AM

To: Openmeetings user-list
Subject: Re: [HELP NEEDED] LDAP import AD groups



And what is the AD query to get user groups by UID?



On Mon, Aug 10, 2015 at 12:25 PM, Dominic Prakash <do...@sps.co.in>> wrote:

This config works for me in M$ AD.



ldap_conn_host=123.456.789.123

ldap_conn_port=389

ldap_conn_secure=false



ldap_admin_dn=CN=ldapuser,OU=Software,OU=Unit-2,DC=sample,DC=co,DC=in

ldap_passwd=passwordhere

ldap_search_base=DC=sample,DC=co,DC=in



ldap_search_query=(sAMAccountName=%s)

ldap_search_scope=SUBTREE

ldap_auth_type=SEARCHANDBIND

ldap_userdn_format=sAMAccountName=%s,DC=sample,DC=co,DC=in



ldap_provisionning=AUTOCREATE

ldap_deref_mode=always

ldap_use_admin_to_get_attrs=true

ldap_sync_password_to_om=true



ldap_user_attr_lastname=sn

ldap_user_attr_firstname=givenName

ldap_user_attr_mail=mail

ldap_user_attr_street=streetAddress

ldap_user_attr_additionalname=description

ldap_user_attr_fax=facsimileTelephoneNumber

ldap_user_attr_zip=postalCode

ldap_user_attr_country=co

ldap_user_attr_town=l

ldap_user_attr_phone=telephoneNumber



ldap_user_picture_uri=profile.jpg

ldap_use_lower_case=false





Best Regards



Dominic



From: Maxim Solodovnik [mailto:solomax666@gmail.com<ma...@gmail.com>]
Sent: 05 August 2015 19:52
To: Openmeetings user-list
Subject: Re: [HELP NEEDED] LDAP import AD groups



I need someone who can fix this query for M$ AD :(
Or someone who can give me search only test access to AD

WBR, Maxim
(from mobile, sorry for the typos)

On Aug 5, 2015 20:18, "Michael Wuttke" <mi...@beuth-hochschule.de>> wrote:

Hello Maxim,

sorry but we use M$ AD and it returns nothing or only errors with this query. ;-(

Greetings,
Michael

Am 05.08.2015 um 15:18 schrieb Maxim Solodovnik:

Hello Michael,

Thanks for your reply
I need query to get all groups of user with some uid.

so I get uid for for the user: for ex. "solomax"
I need to get all groups this user is part of.

On my test LDAP server this query:
(&(memberUid=test1)(objectClass=posixGroup)) returns DNs of all groups
for given UID



On Wed, Aug 5, 2015 at 7:11 PM, Michael Wuttke
<mi...@beuth-hochschule.de>
<ma...@beuth-hochschule.de>>> wrote:

    Hello Maxim,

    I don't know how to use the ldap_search for your query.

    But we use owncloud. Here are our LDAP queries we use for owncloud:

    the ldap query for users:
    (&(|(objectclass=person))
    (|(|(memberof=CN=Owncloud-admins,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz0))
    (|(memberof=CN=Students,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz1))
    (|(memberof=CN=Employee,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz2))
    (|(memberof=CN=Academics,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz3))
    ))

    the ldap query for login attributes:
    (&(&(|(objectclass=person))
    (|(|(memberof=CN=Owncloud-admins,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz0))
    (|(memberof=CN=Students,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz1))
    (|(memberof=CN=Employee,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz2))
    (|(memberof=CN=Academics,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz03))
    (|(sAMAccountName=%uid)))

    and the ldap query for groups:
    (&(|(objectclass=group))(|(cn=Employee)(cn=Students)(cn=Owncloud-admins)(cn=Academics)))

    Here is the docu how to configure ldap auth:
    https://doc.owncloud.org/server/8.1/admin_manual/configuration_user/user_auth_ldap.html

    and the cowncloud code repo the ldap auth app:
    https://github.com/owncloud/core/tree/master/apps/user_ldap

    Maybe it helps you?

    Thanks & Greetings,
    Michael

    Am 05.08.2015 um 14:29 schrieb Maxim Solodovnik:

        ups, sorry wrong keyboard :(((

        ---- Can anyone with access to AD check if this query works in
        AD, and
        ??????? ?? ??? ?? ?? ???,
        ++++ Can anyone with access to AD check if this query works in
        AD, and
        correct it for AD if not,

        On Wed, Aug 5, 2015 at 6:28 PM, Maxim Solodovnik
        <so...@gmail.com> <ma...@gmail.com>>
        <ma...@gmail.com> <ma...@gmail.com>>>> wrote:

             Hello All,

             I'm currently trying to implement
        https://issues.apache.org/jira/browse/OPENMEETINGS-1214
             I was able to find query to get all groups in LDAP:

             The following query seems to be able to list all groups for
        the user
             with "uid == test1":
        (&(memberUid=test1)(objectClass=posixGroup))

             Can anyone with access to AD check if this query works in
        AD, and
             ??????? ?? ??? ?? ?? ???,

             Thanks in advance!

             --
             WBR
             Maxim aka solomax




--
WBR
Maxim aka solomax

--
Vielen Dank & mit freundlichen Grüßen,
Michael Wuttke

Administration des Lern-Management-Systems
Beuth Hochschule Berlin - Hochschulrechenzentrum
Luxemburger Str. 10
13353 Berlin
Tel: +49 (0)30 45 04 2004
Haus Bauwesen; Raum: D 225a
E-Mail: michael.wuttke@beuth-hochschule.de<ma...@beuth-hochschule.de>
News: https://lms.beuth-hochschule.de/rss





--

WBR
Maxim aka solomax





--

WBR
Maxim aka solomax





--

WBR
Maxim aka solomax

Re: [HELP NEEDED] LDAP import AD groups

[Maxim Solodovnik <so...@gmail.com>]

Maybe something wrong with the config:

ERROR 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:292
[http-nio-0.0.0.0-5080-exec-7] - NONE users found in LDAP

On Wed, Sep 23, 2015 at 9:31 PM, Thirumal Karra <tk...@deepsea-tech.com>
wrote:

> I am 100% sure the password is correct.  I tried with multiple users and
> got the same error.
>
>
>
> Best Regards
>
> Thirumal
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* Wednesday, September 23, 2015 10:30 AM
> *To:* Openmeetings user-list <us...@openmeetings.apache.org>
> *Subject:* Re: [HELP NEEDED] LDAP import AD groups
>
>
>
> "Invalid password" I guess something wrong with the password
>
>
>
> On Wed, Sep 23, 2015 at 9:20 PM, Thirumal Karra <tk...@deepsea-tech.com>
> wrote:
>
> I am trying to setup LDAP but it didn't work.  Please look at the log below
>
>
>
> DEBUG 09-23 10:10:58.266 o.a.o.l.LdapLoginManagement:168
> [http-nio-0.0.0.0-5080-exec-7] - LdapLoginmanagement.doLdapLogin
>  WARN 09-23 10:10:58.300 o.a.o.l.LdapLoginManagement:287
> [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
>  WARN 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:287
> [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
>  WARN 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:287
> [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
> ERROR 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:292
> [http-nio-0.0.0.0-5080-exec-7] - NONE users found in LDAP
> DEBUG 09-23 10:10:58.303 o.a.w.u.c.CookieUtils:273
> [http-nio-0.0.0.0-5080-exec-7] - Unable to find Cookie with name=LoggedIn
> and request URI=signin?0-1.IBehaviorListener.2-signin
> DEBUG 09-23 10:10:58.305 o.a.w.Localizer:378
> [http-nio-0.0.0.0-5080-exec-7] - Property found in cache: '336'; Component:
> 'null'; value: 'Invalid password'
> DEBUG 09-23 10:10:58.305 o.a.w.f.FeedbackMessages:69
> [http-nio-0.0.0.0-5080-exec-7] - Adding feedback message '[FeedbackMessage
> message = "Invalid password", reporter = signin, level = ERROR]'
> DEBUG 09-23 10:10:58.305 o.a.w.u.c.CookieUtils:273
> [http-nio-0.0.0.0-5080-exec-7] - Unable to find Cookie with name=LoggedIn
> and request URI=signin?0-1.IBehaviorListener.2-signin
> DEBUG 09-23 10:10:58.307 o.a.wicket.Page:871
> [http-nio-0.0.0.0-5080-exec-7] - ending request for page [Page class =
> org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count =
> 1], request
> org.apache.wicket.protocol.http.servlet.ServletWebRequest@3a57191c
> DEBUG 09-23 10:10:58.307 o.a.wicket.Page:871
> [http-nio-0.0.0.0-5080-exec-7] - ending request for page [Page class =
> org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count =
> 1], request
> org.apache.wicket.protocol.http.servlet.ServletWebRequest@3a57191c
> DEBUG 09-23 10:10:58.307 o.a.wicket.Page:871
> [http-nio-0.0.0.0-5080-exec-7] - ending request for page [Page class =
> org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count =
> 1], request
> org.apache.wicket.protocol.http.servlet.ServletWebRequest@3a57191c
> DEBUG 09-23 10:10:58.328
> o.a.w.p.AsynchronousDataStore$PageSavingRunnable:354
> [Wicket-PageSavingThread] - Saving asynchronously: Entry
> [sessionId=AEA1852D7D73CB3264F353796A510FCE, pageId=0]...
> DEBUG 09-23 10:10:58.328 o.a.w.p.DiskDataStore:186
> [Wicket-PageSavingThread] - Storing data for page with id '0' in session
> with id 'AEA1852D7D73CB3264F353796A510FCE'
> DEBUG 09-23 10:10:58.329 o.a.w.p.PageAccessSynchronizer:207
> [http-nio-0.0.0.0-5080-exec-7] - 'http-nio-0.0.0.0-5080-exec-7' released
> lock to page with id '0'
>
>
>
>
>
> Best Regards
>
> Thirumal
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* Monday, August 10, 2015 10:24 AM
> *To:* Openmeetings user-list <us...@openmeetings.apache.org>
> *Subject:* Re: [HELP NEEDED] LDAP import AD groups
>
>
>
> this query will return user DN, NOT groups
>
>
>
> On Mon, Aug 10, 2015 at 9:10 PM, Wild, Rodney <ro...@cybastevens.com>
> wrote:
>
> ldap_search_query=(sAMAccountName=%s)
>
> windows Account name according to this.
>
>
>
> *Rodney Wild | *IT Support
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* Monday, August 10, 2015 12:52 AM
>
>
> *To:* Openmeetings user-list
> *Subject:* Re: [HELP NEEDED] LDAP import AD groups
>
>
>
> And what is the AD query to get user groups by UID?
>
>
>
> On Mon, Aug 10, 2015 at 12:25 PM, Dominic Prakash <do...@sps.co.in>
> wrote:
>
> This config works for me in M$ AD.
>
>
>
> ldap_conn_host=123.456.789.123
>
> ldap_conn_port=389
>
> ldap_conn_secure=false
>
>
>
> ldap_admin_dn=CN=ldapuser,OU=Software,OU=Unit-2,DC=sample,DC=co,DC=in
>
> ldap_passwd=passwordhere
>
> ldap_search_base=DC=sample,DC=co,DC=in
>
>
>
> ldap_search_query=(sAMAccountName=%s)
>
> ldap_search_scope=SUBTREE
>
> ldap_auth_type=SEARCHANDBIND
>
> ldap_userdn_format=sAMAccountName=%s,DC=sample,DC=co,DC=in
>
>
>
> ldap_provisionning=AUTOCREATE
>
> ldap_deref_mode=always
>
> ldap_use_admin_to_get_attrs=true
>
> ldap_sync_password_to_om=true
>
>
>
> ldap_user_attr_lastname=sn
>
> ldap_user_attr_firstname=givenName
>
> ldap_user_attr_mail=mail
>
> ldap_user_attr_street=streetAddress
>
> ldap_user_attr_additionalname=description
>
> ldap_user_attr_fax=facsimileTelephoneNumber
>
> ldap_user_attr_zip=postalCode
>
> ldap_user_attr_country=co
>
> ldap_user_attr_town=l
>
> ldap_user_attr_phone=telephoneNumber
>
>
>
> ldap_user_picture_uri=profile.jpg
>
> ldap_use_lower_case=false
>
>
>
>
>
> Best Regards
>
>
>
> Dominic
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* 05 August 2015 19:52
> *To:* Openmeetings user-list
> *Subject:* Re: [HELP NEEDED] LDAP import AD groups
>
>
>
> I need someone who can fix this query for M$ AD :(
> Or someone who can give me search only test access to AD
>
> WBR, Maxim
> (from mobile, sorry for the typos)
>
> On Aug 5, 2015 20:18, "Michael Wuttke" <mi...@beuth-hochschule.de>
> wrote:
>
> Hello Maxim,
>
> sorry but we use M$ AD and it returns nothing or only errors with this
> query. ;-(
>
> Greetings,
> Michael
>
> Am 05.08.2015 um 15:18 schrieb Maxim Solodovnik:
>
> Hello Michael,
>
> Thanks for your reply
> I need query to get all groups of user with some uid.
>
> so I get uid for for the user: for ex. "solomax"
> I need to get all groups this user is part of.
>
> On my test LDAP server this query:
> (&(memberUid=test1)(objectClass=posixGroup)) returns DNs of all groups
> for given UID
>
>
>
> On Wed, Aug 5, 2015 at 7:11 PM, Michael Wuttke
> <michael.wuttke@beuth-hochschule.de
> <ma...@beuth-hochschule.de>> wrote:
>
>     Hello Maxim,
>
>     I don't know how to use the ldap_search for your query.
>
>     But we use owncloud. Here are our LDAP queries we use for owncloud:
>
>     the ldap query for users:
>     (&(|(objectclass=person))
>
> (|(|(memberof=CN=Owncloud-admins,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz0))
>
> (|(memberof=CN=Students,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz1))
>
> (|(memberof=CN=Employee,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz2))
>
> (|(memberof=CN=Academics,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz3))
>     ))
>
>     the ldap query for login attributes:
>     (&(&(|(objectclass=person))
>
> (|(|(memberof=CN=Owncloud-admins,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz0))
>
> (|(memberof=CN=Students,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz1))
>
> (|(memberof=CN=Employee,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz2))
>
> (|(memberof=CN=Academics,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz03))
>     (|(sAMAccountName=%uid)))
>
>     and the ldap query for groups:
>
> (&(|(objectclass=group))(|(cn=Employee)(cn=Students)(cn=Owncloud-admins)(cn=Academics)))
>
>     Here is the docu how to configure ldap auth:
>
> https://doc.owncloud.org/server/8.1/admin_manual/configuration_user/user_auth_ldap.html
>
>     and the cowncloud code repo the ldap auth app:
>     https://github.com/owncloud/core/tree/master/apps/user_ldap
>
>     Maybe it helps you?
>
>     Thanks & Greetings,
>     Michael
>
>     Am 05.08.2015 um 14:29 schrieb Maxim Solodovnik:
>
>         ups, sorry wrong keyboard :(((
>
>         ---- Can anyone with access to AD check if this query works in
>         AD, and
>         сщккусе ше ащк ФВ ша тще,
>         ++++ Can anyone with access to AD check if this query works in
>         AD, and
>         correct it for AD if not,
>
>         On Wed, Aug 5, 2015 at 6:28 PM, Maxim Solodovnik
>         <solomax666@gmail.com <ma...@gmail.com>
>         <mailto:solomax666@gmail.com <ma...@gmail.com>>>
> wrote:
>
>              Hello All,
>
>              I'm currently trying to implement
>         https://issues.apache.org/jira/browse/OPENMEETINGS-1214
>              I was able to find query to get all groups in LDAP:
>
>              The following query seems to be able to list all groups for
>         the user
>              with "uid == test1":
>         (&(memberUid=test1)(objectClass=posixGroup))
>
>              Can anyone with access to AD check if this query works in
>         AD, and
>              сщккусе ше ащк ФВ ша тще,
>
>              Thanks in advance!
>
>              --
>              WBR
>              Maxim aka solomax
>
>
>
>
> --
> WBR
> Maxim aka solomax
>
>
> --
> Vielen Dank & mit freundlichen Grüßen,
> Michael Wuttke
>
> Administration des Lern-Management-Systems
> Beuth Hochschule Berlin - Hochschulrechenzentrum
> Luxemburger Str. 10
> 13353 Berlin
> Tel: +49 (0)30 45 04 2004
> Haus Bauwesen; Raum: D 225a
> E-Mail: michael.wuttke@beuth-hochschule.de
> News: https://lms.beuth-hochschule.de/rss
>
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
>
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
>
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
>



-- 
WBR
Maxim aka solomax

RE: [HELP NEEDED] LDAP import AD groups

[Thirumal Karra <tk...@deepsea-tech.com>]

I am 100% sure the password is correct.  I tried with multiple users and got the same error.

Best Regards
Thirumal

From: Maxim Solodovnik [mailto:solomax666@gmail.com]
Sent: Wednesday, September 23, 2015 10:30 AM
To: Openmeetings user-list <us...@openmeetings.apache.org>
Subject: Re: [HELP NEEDED] LDAP import AD groups

"Invalid password" I guess something wrong with the password

On Wed, Sep 23, 2015 at 9:20 PM, Thirumal Karra <tk...@deepsea-tech.com>> wrote:

I am trying to setup LDAP but it didn't work.  Please look at the log below



DEBUG 09-23 10:10:58.266 o.a.o.l.LdapLoginManagement:168 [http-nio-0.0.0.0-5080-exec-7] - LdapLoginmanagement.doLdapLogin
 WARN 09-23 10:10:58.300 o.a.o.l.LdapLoginManagement:287 [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
 WARN 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:287 [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
 WARN 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:287 [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
ERROR 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:292 [http-nio-0.0.0.0-5080-exec-7] - NONE users found in LDAP
DEBUG 09-23 10:10:58.303 o.a.w.u.c.CookieUtils:273 [http-nio-0.0.0.0-5080-exec-7] - Unable to find Cookie with name=LoggedIn and request URI=signin?0-1.IBehaviorListener.2-signin
DEBUG 09-23 10:10:58.305 o.a.w.Localizer:378 [http-nio-0.0.0.0-5080-exec-7] - Property found in cache: '336'; Component: 'null'; value: 'Invalid password'
DEBUG 09-23 10:10:58.305 o.a.w.f.FeedbackMessages:69 [http-nio-0.0.0.0-5080-exec-7] - Adding feedback message '[FeedbackMessage message = "Invalid password", reporter = signin, level = ERROR]'
DEBUG 09-23 10:10:58.305 o.a.w.u.c.CookieUtils:273 [http-nio-0.0.0.0-5080-exec-7] - Unable to find Cookie with name=LoggedIn and request URI=signin?0-1.IBehaviorListener.2-signin
DEBUG 09-23 10:10:58.307 o.a.wicket.Page:871 [http-nio-0.0.0.0-5080-exec-7] - ending request for page [Page class = org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count = 1], request org.apache.wicket.protocol.http.servlet.ServletWebRequest@3a57191c<ma...@3a57191c>
DEBUG 09-23 10:10:58.307 o.a.wicket.Page:871 [http-nio-0.0.0.0-5080-exec-7] - ending request for page [Page class = org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count = 1], request org.apache.wicket.protocol.http.servlet.ServletWebRequest@3a57191c<ma...@3a57191c>
DEBUG 09-23 10:10:58.307 o.a.wicket.Page:871 [http-nio-0.0.0.0-5080-exec-7] - ending request for page [Page class = org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count = 1], request org.apache.wicket.protocol.http.servlet.ServletWebRequest@3a57191c<ma...@3a57191c>
DEBUG 09-23 10:10:58.328 o.a.w.p.AsynchronousDataStore$PageSavingRunnable:354 [Wicket-PageSavingThread] - Saving asynchronously: Entry [sessionId=AEA1852D7D73CB3264F353796A510FCE, pageId=0]...
DEBUG 09-23 10:10:58.328 o.a.w.p.DiskDataStore:186 [Wicket-PageSavingThread] - Storing data for page with id '0' in session with id 'AEA1852D7D73CB3264F353796A510FCE'
DEBUG 09-23 10:10:58.329 o.a.w.p.PageAccessSynchronizer:207 [http-nio-0.0.0.0-5080-exec-7] - 'http-nio-0.0.0.0-5080-exec-7' released lock to page with id '0'





Best Regards

Thirumal



From: Maxim Solodovnik [mailto:solomax666@gmail.com<ma...@gmail.com>]
Sent: Monday, August 10, 2015 10:24 AM
To: Openmeetings user-list <us...@openmeetings.apache.org>>
Subject: Re: [HELP NEEDED] LDAP import AD groups



this query will return user DN, NOT groups



On Mon, Aug 10, 2015 at 9:10 PM, Wild, Rodney <ro...@cybastevens.com>> wrote:

ldap_search_query=(sAMAccountName=%s)

windows Account name according to this.



Rodney Wild | IT Support



From: Maxim Solodovnik [mailto:solomax666@gmail.com<ma...@gmail.com>]
Sent: Monday, August 10, 2015 12:52 AM

To: Openmeetings user-list
Subject: Re: [HELP NEEDED] LDAP import AD groups



And what is the AD query to get user groups by UID?



On Mon, Aug 10, 2015 at 12:25 PM, Dominic Prakash <do...@sps.co.in>> wrote:

This config works for me in M$ AD.



ldap_conn_host=123.456.789.123

ldap_conn_port=389

ldap_conn_secure=false



ldap_admin_dn=CN=ldapuser,OU=Software,OU=Unit-2,DC=sample,DC=co,DC=in

ldap_passwd=passwordhere

ldap_search_base=DC=sample,DC=co,DC=in



ldap_search_query=(sAMAccountName=%s)

ldap_search_scope=SUBTREE

ldap_auth_type=SEARCHANDBIND

ldap_userdn_format=sAMAccountName=%s,DC=sample,DC=co,DC=in



ldap_provisionning=AUTOCREATE

ldap_deref_mode=always

ldap_use_admin_to_get_attrs=true

ldap_sync_password_to_om=true



ldap_user_attr_lastname=sn

ldap_user_attr_firstname=givenName

ldap_user_attr_mail=mail

ldap_user_attr_street=streetAddress

ldap_user_attr_additionalname=description

ldap_user_attr_fax=facsimileTelephoneNumber

ldap_user_attr_zip=postalCode

ldap_user_attr_country=co

ldap_user_attr_town=l

ldap_user_attr_phone=telephoneNumber



ldap_user_picture_uri=profile.jpg

ldap_use_lower_case=false





Best Regards



Dominic



From: Maxim Solodovnik [mailto:solomax666@gmail.com<ma...@gmail.com>]
Sent: 05 August 2015 19:52
To: Openmeetings user-list
Subject: Re: [HELP NEEDED] LDAP import AD groups



I need someone who can fix this query for M$ AD :(
Or someone who can give me search only test access to AD

WBR, Maxim
(from mobile, sorry for the typos)

On Aug 5, 2015 20:18, "Michael Wuttke" <mi...@beuth-hochschule.de>> wrote:

Hello Maxim,

sorry but we use M$ AD and it returns nothing or only errors with this query. ;-(

Greetings,
Michael

Am 05.08.2015 um 15:18 schrieb Maxim Solodovnik:

Hello Michael,

Thanks for your reply
I need query to get all groups of user with some uid.

so I get uid for for the user: for ex. "solomax"
I need to get all groups this user is part of.

On my test LDAP server this query:
(&(memberUid=test1)(objectClass=posixGroup)) returns DNs of all groups
for given UID



On Wed, Aug 5, 2015 at 7:11 PM, Michael Wuttke
<mi...@beuth-hochschule.de>
<ma...@beuth-hochschule.de>>> wrote:

    Hello Maxim,

    I don't know how to use the ldap_search for your query.

    But we use owncloud. Here are our LDAP queries we use for owncloud:

    the ldap query for users:
    (&(|(objectclass=person))
    (|(|(memberof=CN=Owncloud-admins,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz0))
    (|(memberof=CN=Students,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz1))
    (|(memberof=CN=Employee,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz2))
    (|(memberof=CN=Academics,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz3))
    ))

    the ldap query for login attributes:
    (&(&(|(objectclass=person))
    (|(|(memberof=CN=Owncloud-admins,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz0))
    (|(memberof=CN=Students,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz1))
    (|(memberof=CN=Employee,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz2))
    (|(memberof=CN=Academics,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz03))
    (|(sAMAccountName=%uid)))

    and the ldap query for groups:
    (&(|(objectclass=group))(|(cn=Employee)(cn=Students)(cn=Owncloud-admins)(cn=Academics)))

    Here is the docu how to configure ldap auth:
    https://doc.owncloud.org/server/8.1/admin_manual/configuration_user/user_auth_ldap.html

    and the cowncloud code repo the ldap auth app:
    https://github.com/owncloud/core/tree/master/apps/user_ldap

    Maybe it helps you?

    Thanks & Greetings,
    Michael

    Am 05.08.2015 um 14:29 schrieb Maxim Solodovnik:

        ups, sorry wrong keyboard :(((

        ---- Can anyone with access to AD check if this query works in
        AD, and
        сщккусе ше ащк ФВ ша тще,
        ++++ Can anyone with access to AD check if this query works in
        AD, and
        correct it for AD if not,

        On Wed, Aug 5, 2015 at 6:28 PM, Maxim Solodovnik
        <so...@gmail.com> <ma...@gmail.com>>
        <ma...@gmail.com> <ma...@gmail.com>>>> wrote:

             Hello All,

             I'm currently trying to implement
        https://issues.apache.org/jira/browse/OPENMEETINGS-1214
             I was able to find query to get all groups in LDAP:

             The following query seems to be able to list all groups for
        the user
             with "uid == test1":
        (&(memberUid=test1)(objectClass=posixGroup))

             Can anyone with access to AD check if this query works in
        AD, and
             сщккусе ше ащк ФВ ша тще,

             Thanks in advance!

             --
             WBR
             Maxim aka solomax




--
WBR
Maxim aka solomax

--
Vielen Dank & mit freundlichen Grüßen,
Michael Wuttke

Administration des Lern-Management-Systems
Beuth Hochschule Berlin - Hochschulrechenzentrum
Luxemburger Str. 10
13353 Berlin
Tel: +49 (0)30 45 04 2004
Haus Bauwesen; Raum: D 225a
E-Mail: michael.wuttke@beuth-hochschule.de<ma...@beuth-hochschule.de>
News: https://lms.beuth-hochschule.de/rss





--

WBR
Maxim aka solomax





--

WBR
Maxim aka solomax



--
WBR
Maxim aka solomax

Re: [HELP NEEDED] LDAP import AD groups

[Maxim Solodovnik <so...@gmail.com>]

"Invalid password" I guess something wrong with the password

On Wed, Sep 23, 2015 at 9:20 PM, Thirumal Karra <tk...@deepsea-tech.com>
wrote:

> I am trying to setup LDAP but it didn't work.  Please look at the log below
>
>
> DEBUG 09-23 10:10:58.266 o.a.o.l.LdapLoginManagement:168
> [http-nio-0.0.0.0-5080-exec-7] - LdapLoginmanagement.doLdapLogin
>  WARN 09-23 10:10:58.300 o.a.o.l.LdapLoginManagement:287
> [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
>  WARN 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:287
> [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
>  WARN 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:287
> [http-nio-0.0.0.0-5080-exec-7] - Referral LDAP entry found, ignore it
> ERROR 09-23 10:10:58.301 o.a.o.l.LdapLoginManagement:292
> [http-nio-0.0.0.0-5080-exec-7] - NONE users found in LDAP
> DEBUG 09-23 10:10:58.303 o.a.w.u.c.CookieUtils:273
> [http-nio-0.0.0.0-5080-exec-7] - Unable to find Cookie with name=LoggedIn
> and request URI=signin?0-1.IBehaviorListener.2-signin
> DEBUG 09-23 10:10:58.305 o.a.w.Localizer:378
> [http-nio-0.0.0.0-5080-exec-7] - Property found in cache: '336'; Component:
> 'null'; value: 'Invalid password'
> DEBUG 09-23 10:10:58.305 o.a.w.f.FeedbackMessages:69
> [http-nio-0.0.0.0-5080-exec-7] - Adding feedback message '[FeedbackMessage
> message = "Invalid password", reporter = signin, level = ERROR]'
> DEBUG 09-23 10:10:58.305 o.a.w.u.c.CookieUtils:273
> [http-nio-0.0.0.0-5080-exec-7] - Unable to find Cookie with name=LoggedIn
> and request URI=signin?0-1.IBehaviorListener.2-signin
> DEBUG 09-23 10:10:58.307 o.a.wicket.Page:871
> [http-nio-0.0.0.0-5080-exec-7] - ending request for page [Page class =
> org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count =
> 1], request
> org.apache.wicket.protocol.http.servlet.ServletWebRequest@3a57191c
> DEBUG 09-23 10:10:58.307 o.a.wicket.Page:871
> [http-nio-0.0.0.0-5080-exec-7] - ending request for page [Page class =
> org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count =
> 1], request
> org.apache.wicket.protocol.http.servlet.ServletWebRequest@3a57191c
> DEBUG 09-23 10:10:58.307 o.a.wicket.Page:871
> [http-nio-0.0.0.0-5080-exec-7] - ending request for page [Page class =
> org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count =
> 1], request
> org.apache.wicket.protocol.http.servlet.ServletWebRequest@3a57191c
> DEBUG 09-23 10:10:58.328
> o.a.w.p.AsynchronousDataStore$PageSavingRunnable:354
> [Wicket-PageSavingThread] - Saving asynchronously: Entry
> [sessionId=AEA1852D7D73CB3264F353796A510FCE, pageId=0]...
> DEBUG 09-23 10:10:58.328 o.a.w.p.DiskDataStore:186
> [Wicket-PageSavingThread] - Storing data for page with id '0' in session
> with id 'AEA1852D7D73CB3264F353796A510FCE'
> DEBUG 09-23 10:10:58.329 o.a.w.p.PageAccessSynchronizer:207
> [http-nio-0.0.0.0-5080-exec-7] - 'http-nio-0.0.0.0-5080-exec-7' released
> lock to page with id '0'
>
>
>
>
>
> Best Regards
>
> Thirumal
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* Monday, August 10, 2015 10:24 AM
> *To:* Openmeetings user-list <us...@openmeetings.apache.org>
> *Subject:* Re: [HELP NEEDED] LDAP import AD groups
>
>
>
> this query will return user DN, NOT groups
>
>
>
> On Mon, Aug 10, 2015 at 9:10 PM, Wild, Rodney <ro...@cybastevens.com>
> wrote:
>
> ldap_search_query=(sAMAccountName=%s)
>
> windows Account name according to this.
>
>
>
> *Rodney Wild | *IT Support
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* Monday, August 10, 2015 12:52 AM
>
>
> *To:* Openmeetings user-list
> *Subject:* Re: [HELP NEEDED] LDAP import AD groups
>
>
>
> And what is the AD query to get user groups by UID?
>
>
>
> On Mon, Aug 10, 2015 at 12:25 PM, Dominic Prakash <do...@sps.co.in>
> wrote:
>
> This config works for me in M$ AD.
>
>
>
> ldap_conn_host=123.456.789.123
>
> ldap_conn_port=389
>
> ldap_conn_secure=false
>
>
>
> ldap_admin_dn=CN=ldapuser,OU=Software,OU=Unit-2,DC=sample,DC=co,DC=in
>
> ldap_passwd=passwordhere
>
> ldap_search_base=DC=sample,DC=co,DC=in
>
>
>
> ldap_search_query=(sAMAccountName=%s)
>
> ldap_search_scope=SUBTREE
>
> ldap_auth_type=SEARCHANDBIND
>
> ldap_userdn_format=sAMAccountName=%s,DC=sample,DC=co,DC=in
>
>
>
> ldap_provisionning=AUTOCREATE
>
> ldap_deref_mode=always
>
> ldap_use_admin_to_get_attrs=true
>
> ldap_sync_password_to_om=true
>
>
>
> ldap_user_attr_lastname=sn
>
> ldap_user_attr_firstname=givenName
>
> ldap_user_attr_mail=mail
>
> ldap_user_attr_street=streetAddress
>
> ldap_user_attr_additionalname=description
>
> ldap_user_attr_fax=facsimileTelephoneNumber
>
> ldap_user_attr_zip=postalCode
>
> ldap_user_attr_country=co
>
> ldap_user_attr_town=l
>
> ldap_user_attr_phone=telephoneNumber
>
>
>
> ldap_user_picture_uri=profile.jpg
>
> ldap_use_lower_case=false
>
>
>
>
>
> Best Regards
>
>
>
> Dominic
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* 05 August 2015 19:52
> *To:* Openmeetings user-list
> *Subject:* Re: [HELP NEEDED] LDAP import AD groups
>
>
>
> I need someone who can fix this query for M$ AD :(
> Or someone who can give me search only test access to AD
>
> WBR, Maxim
> (from mobile, sorry for the typos)
>
> On Aug 5, 2015 20:18, "Michael Wuttke" <mi...@beuth-hochschule.de>
> wrote:
>
> Hello Maxim,
>
> sorry but we use M$ AD and it returns nothing or only errors with this
> query. ;-(
>
> Greetings,
> Michael
>
> Am 05.08.2015 um 15:18 schrieb Maxim Solodovnik:
>
> Hello Michael,
>
> Thanks for your reply
> I need query to get all groups of user with some uid.
>
> so I get uid for for the user: for ex. "solomax"
> I need to get all groups this user is part of.
>
> On my test LDAP server this query:
> (&(memberUid=test1)(objectClass=posixGroup)) returns DNs of all groups
> for given UID
>
>
>
> On Wed, Aug 5, 2015 at 7:11 PM, Michael Wuttke
> <michael.wuttke@beuth-hochschule.de
> <ma...@beuth-hochschule.de>> wrote:
>
>     Hello Maxim,
>
>     I don't know how to use the ldap_search for your query.
>
>     But we use owncloud. Here are our LDAP queries we use for owncloud:
>
>     the ldap query for users:
>     (&(|(objectclass=person))
>
> (|(|(memberof=CN=Owncloud-admins,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz0))
>
> (|(memberof=CN=Students,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz1))
>
> (|(memberof=CN=Employee,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz2))
>
> (|(memberof=CN=Academics,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz3))
>     ))
>
>     the ldap query for login attributes:
>     (&(&(|(objectclass=person))
>
> (|(|(memberof=CN=Owncloud-admins,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz0))
>
> (|(memberof=CN=Students,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz1))
>
> (|(memberof=CN=Employee,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz2))
>
> (|(memberof=CN=Academics,OU=Global,OU=Groups,DC=mycompany,DC=de)(primaryGroupID=xyz03))
>     (|(sAMAccountName=%uid)))
>
>     and the ldap query for groups:
>
> (&(|(objectclass=group))(|(cn=Employee)(cn=Students)(cn=Owncloud-admins)(cn=Academics)))
>
>     Here is the docu how to configure ldap auth:
>
> https://doc.owncloud.org/server/8.1/admin_manual/configuration_user/user_auth_ldap.html
>
>     and the cowncloud code repo the ldap auth app:
>     https://github.com/owncloud/core/tree/master/apps/user_ldap
>
>     Maybe it helps you?
>
>     Thanks & Greetings,
>     Michael
>
>     Am 05.08.2015 um 14:29 schrieb Maxim Solodovnik:
>
>         ups, sorry wrong keyboard :(((
>
>         ---- Can anyone with access to AD check if this query works in
>         AD, and
>         сщккусе ше ащк ФВ ша тще,
>         ++++ Can anyone with access to AD check if this query works in
>         AD, and
>         correct it for AD if not,
>
>         On Wed, Aug 5, 2015 at 6:28 PM, Maxim Solodovnik
>         <solomax666@gmail.com <ma...@gmail.com>
>         <mailto:solomax666@gmail.com <ma...@gmail.com>>>
> wrote:
>
>              Hello All,
>
>              I'm currently trying to implement
>         https://issues.apache.org/jira/browse/OPENMEETINGS-1214
>              I was able to find query to get all groups in LDAP:
>
>              The following query seems to be able to list all groups for
>         the user
>              with "uid == test1":
>         (&(memberUid=test1)(objectClass=posixGroup))
>
>              Can anyone with access to AD check if this query works in
>         AD, and
>              сщккусе ше ащк ФВ ша тще,
>
>              Thanks in advance!
>
>              --
>              WBR
>              Maxim aka solomax
>
>
>
>
> --
> WBR
> Maxim aka solomax
>
>
> --
> Vielen Dank & mit freundlichen Grüßen,
> Michael Wuttke
>
> Administration des Lern-Management-Systems
> Beuth Hochschule Berlin - Hochschulrechenzentrum
> Luxemburger Str. 10
> 13353 Berlin
> Tel: +49 (0)30 45 04 2004
> Haus Bauwesen; Raum: D 225a
> E-Mail: michael.wuttke@beuth-hochschule.de
> News: https://lms.beuth-hochschule.de/rss
>
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
>
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
>



-- 
WBR
Maxim aka solomax