You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@openmeetings.apache.org by Mathias Kocks <ko...@labmed.de> on 2020/04/15 12:06:07 UTC
Can not use LDAP-Sync with Microsoft Active Directory
Hello,
i am new to this project and a have a problem with the LDAP-Sync. I even can not find any good documentations...
My problem is, that slapd does not find any user in my AD. I am not even shure, if it is searching for real. I found in the mailing list archive some example configs, but they does not work for me.
I found this one:
#LDAP URL
ldap_conn_host=LDAP_server.Company.com
ldap_conn_port=636
ldap_conn_secure=true
# Login distinguished name (DN) for Authentication on LDAP Server
# Use full qualified LDAP DN
ldap_admin_dn=CN=ldapauth,OU=Users,DC=Company,DC=com
# Loginpass for Authentication on LDAP Server
ldap_passwd=ldapauthpasswd
# base to search for userdata(of user, that wants to login)
ldap_search_base=OU=Users,DC=Company,DC=com
#ldap_search_base=DC=Company,DC=com
# Fieldnames (can differ between Ldap servers)
ldap_search_query=(&(objectCategory=person)(objectClass=person)(sAMAccountName=%1$s))
#ldap_search_query=(sAMAccountName=%s)
#ldap_search_query=(CN=%s)
# the scope of the search might be: OBJECT, ONELEVEL, SUBTREE
ldap_search_scope=SUBTREE
# Ldap auth type(NONE, SEARCHANDBIND, SIMPLEBIND)
ldap_auth_type=SEARCHANDBIND
# userDN format, will be used to bind if ldap_auth_type=SIMPLEBIND
ldap_userdn_format=sAMAccountName=%s,OU=Users,DC=beuth-hochschule.de,DC=com
#ldap_userdn_format=sAMAccountName=%s,DC=Company,DC=com
#ldap_userdn_format=CN=%s,OU=Users,DC=Company,DC=com
#ldap_userdn_format=CN=%s,DC=Company,DC=com
# Ldap-password synchronization to OM DB
ldap_sync_password_to_om=false
# Ldap user attributes mapping
# Set the following internal OM user attributes to their corresponding
Ldap-attribute
ldap_user_attr_lastname=sn
But even after i changed it to my AD and tried several changes, no users were found.
My actual config:
ldap_server_type=AD
ldap_conn_host=dc2.labmed.de
ldap_conn_port=389
ldap_conn_secure=false
ldap_admin_dn=CN=Administrator,CN=Users,DC=labmed,DC=de
ldap_passwd=SuperSecretPassword
ldap_search_base=OU=labmed,DC=labmed,DC=de
#ldap_search_query=(&(objectCategory=*)(objectClass=*)(sAMAccountName=%s))
ldap_search_query=(sAMAccountName=%s)
ldap_search_scope= SUBTREE
ldap_auth_type=SEARCHANDBIND
ldap_deref_mode=never
ldap_userdn_format=sAMAccountName=%s,DC=labmed,DC=de
ldap_provisionning=NONE
ldap_use_admin_to_get_attrs=true
ldap_sync_password_to_om=false
ldap_sync_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=streetAddress
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=co
ldap_user_attr_town=l
ldap_user_attr_phone=telephoneNumber
ldap_use_lower_case=false
It is the second day by now were i am bursting by happyness....
Mit freundlichen Grüßen
Mathias Kocks
Teamleitung IT-Infrastruktur
Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)
Überörtliche Berufsausübungsgemeinschaft
Medizinisches Versorgungszentrum
Dr. Eberhard & Partner Dortmund
MVZ-Haus 3: Balkenstr. 12-14
44137 Dortmund, Germany
Tel.: +49 231 9572 7158
Fax.: +49 231 9572 18 159
E-Mail: kocks@labmed.de<ma...@labmed.de>
Web: https://www.labmed.de<https://www.labmed.de/>
Re: Can not use LDAP-Sync with Microsoft Active Directory
Posted by Maxim Solodovnik <so...@gmail.com>.
Hello :)
On Wed, 15 Apr 2020 at 19:06, Mathias Kocks <ko...@labmed.de> wrote:
> Hello,
>
> i am new to this project and a have a problem with the LDAP-Sync. I even
> can not find any good documentations...
>
Documentation ATM is mostly questions and answers at ML
https://openmeetings.markmail.org/
And this PR https://github.com/apache/openmeetings/pull/61 (please check
both *.md file and discussion)
>
>
> My problem is, that slapd does not find any user in my AD. I am not even
> shure, if it is searching for real. I found in the mailing list archive
> some example configs, but they does not work for me.
>
enabling additional logging might help to understand what is wrong
(please check github PR for details)
> I found this one:
>
>
>
> #LDAP URL
>
> ldap_conn_host=LDAP_server.Company.com
>
> ldap_conn_port=636
>
> ldap_conn_secure=true
>
>
>
> # Login distinguished name (DN) for Authentication on LDAP Server
>
> # Use full qualified LDAP DN
>
> ldap_admin_dn=CN=ldapauth,OU=Users,DC=Company,DC=com
>
>
>
> # Loginpass for Authentication on LDAP Server
>
> ldap_passwd=ldapauthpasswd
>
>
>
> # base to search for userdata(of user, that wants to login)
>
> ldap_search_base=OU=Users,DC=Company,DC=com
>
> #ldap_search_base=DC=Company,DC=com
>
>
>
> # Fieldnames (can differ between Ldap servers)
>
>
> ldap_search_query=(&(objectCategory=person)(objectClass=person)(sAMAccountName=%1$s))
>
this `%1$s` looks suspicious
I would change it with `%s`
> #ldap_search_query=(sAMAccountName=%s)
>
> #ldap_search_query=(CN=%s)
>
>
>
> # the scope of the search might be: OBJECT, ONELEVEL, SUBTREE
>
> ldap_search_scope=SUBTREE
>
>
>
> # Ldap auth type(NONE, SEARCHANDBIND, SIMPLEBIND)
>
> ldap_auth_type=SEARCHANDBIND
>
>
>
> # userDN format, will be used to bind if ldap_auth_type=SIMPLEBIND
>
> ldap_userdn_format=sAMAccountName=%s,OU=Users,DC=beuth-hochschule.de
> ,DC=com
>
> #ldap_userdn_format=sAMAccountName=%s,DC=Company,DC=com
>
> #ldap_userdn_format=CN=%s,OU=Users,DC=Company,DC=com
>
> #ldap_userdn_format=CN=%s,DC=Company,DC=com
>
>
>
> # Ldap-password synchronization to OM DB
>
> ldap_sync_password_to_om=false
>
>
>
> # Ldap user attributes mapping
>
> # Set the following internal OM user attributes to their corresponding
>
> Ldap-attribute
>
> ldap_user_attr_lastname=sn
>
>
>
> But even after i changed it to my AD and tried several changes, no users
> were found.
>
Have you tried to search with any LDAP explorer first? (I personally using
Apache Directory Studio)
>
>
> My actual config:
>
>
>
> ldap_server_type=AD
>
> ldap_conn_host=dc2.labmed.de
>
> ldap_conn_port=389
>
> ldap_conn_secure=false
>
> ldap_admin_dn=CN=Administrator,CN=Users,DC=labmed,DC=de
>
> ldap_passwd=SuperSecretPassword
>
> ldap_search_base=OU=labmed,DC=labmed,DC=de
>
> #ldap_search_query=(&(objectCategory=*)(objectClass=*)(sAMAccountName=%s))
>
> ldap_search_query=(sAMAccountName=%s)
>
> ldap_search_scope= SUBTREE
>
> ldap_auth_type=SEARCHANDBIND
>
> ldap_deref_mode=never
>
> ldap_userdn_format=sAMAccountName=%s,DC=labmed,DC=de
>
> ldap_provisionning=NONE
>
> ldap_use_admin_to_get_attrs=true
>
> ldap_sync_password_to_om=false
>
> ldap_sync_attr_lastname=sn
>
> ldap_user_attr_firstname=givenName
>
> ldap_user_attr_mail=mail
>
> ldap_user_attr_street=streetAddress
>
> ldap_user_attr_additionalname=description
>
> ldap_user_attr_fax=facsimileTelephoneNumber
>
> ldap_user_attr_zip=postalCode
>
> ldap_user_attr_country=co
>
> ldap_user_attr_town=l
>
> ldap_user_attr_phone=telephoneNumber
>
> ldap_use_lower_case=false
>
>
>
>
>
> It is the second day by now were i am bursting by happyness....
>
Looking at config it's hard to say what is wrong (and access to LDAP/AD
server usually private)
So I would suggest to
1) check credentials/queries using LDAP explorer first
2) enable additional logging and check logs :)
>
>
>
>
>
>
> Mit freundlichen Grüßen
>
>
>
> *Mathias Kocks*
>
> *Teamleitung IT-Infrastruktur*
>
> *Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)*
>
>
>
> Überörtliche Berufsausübungsgemeinschaft
>
> *Medizinisches Versorgungszentrum*
>
> *Dr. Eberhard & Partner Dortmund*
>
> MVZ-Haus 3: Balkenstr. 12-14
>
> 44137 Dortmund, Germany
>
>
>
> Tel.: +49 231 9572 7158
>
> Fax.: +49 231 9572 18 159
>
> E-Mail: kocks@labmed.de
>
> Web: https://www.labmed.de
>
>
>
--
Best regards,
Maxim
Re: Can not use LDAP-Sync with Microsoft Active Directory
Posted by Maxim Solodovnik <so...@gmail.com>.
Hello,
- stop OM
- add the following line to
`$OM_HOME/webapps/openmeetings/WEB-INF/classes/logback-config.xml`:
`<logger name="org.apache.directory" level="DEBUG" />`
- restart OM
- Try to log in using the configured LDAP DB and try to debug the
problem by checking the log file. By default, logging is done to the
file `$OM_HOME/logs/catalina.out`.
More details are here https://github.com/apache/openmeetings/pull/61
please check PR and discussion
On Sun, 19 Apr 2020 at 05:03, Julian Weiß <ju...@ch-weiss.de> wrote:
> Hey Users,
>
> I’m new in Openmeetings trying to get the LDAP connection done. I’m using
> the same configuration as Mr Kocks has posted.
>
> I’ve got the Problem, that I can’t get logged in. I always get a wrong
> password error,
>
> Can anyone tell me how to get to the debug mode, so that I can see if
> there is any connection between Microsoft LDAP and the Openmeetingsserver?
>
> Thanks a lot!
>
>
>
> *Von: *Maxim Solodovnik <so...@gmail.com>
> *Antworten an: *"user@openmeetings.apache.org" <
> user@openmeetings.apache.org>
> *Datum: *Mittwoch, 15. April 2020 um 18:22
> *An: *Openmeetings user-list <us...@openmeetings.apache.org>
> *Betreff: *Re: Can not use LDAP-Sync with Microsoft Active Directory
>
>
>
> really weird
>
> even if mapping is wrong
>
> 1) login (after mapping)
>
> 2) type == LDAP
>
> 3) domainId
>
> should remain the same
>
> wrong but the same
>
>
>
> so users shouldn't get duplicated
>
> don't get how is this possible :(
>
>
>
> On Wed, 15 Apr 2020 at 23:09, Mathias Kocks <ko...@labmed.de> wrote:
>
> With your tip, i dont get any new, same named users.
>
> I changed the mapping like this and now it is fine.
>
>
>
> ldap_server_type=AD
>
> ldap_conn_host=dc2.labmed.de
>
> ldap_conn_port=389
>
> ldap_conn_secure=false
>
> ldap_admin_dn=CN=Mathias
> Kocks,OU=User,OU=EDV,OU=labmed,DC=labmed,DC=de
>
> ldap_passwd=SecretPassword
>
> ldap_search_base=DC=labmed,DC=de
>
> ldap_search_query=(userprincipalname=%s)
>
> ldap_search_scope= SUBTREE
>
> ldap_auth_type=SEARCHANDBIND
>
> ldap_deref_mode=always
>
> ldap_userdn_format=%s
>
> ldap_provisionning=AUTOCREATE
>
> ldap_use_admin_to_get_attrs=false
>
>
>
> ldap_sync_password_to_om=true
>
> ldap_sync_attr_lastname=sn
>
> ldap_user_attr_firstname=givenName
>
> ldap_user_attr_mail=mail
>
> ldap_user_attr_zip=postalCode
>
> ldap_user_attr_country=c
>
> ldap_user_attr_phone=telephoneNumber
>
> ldap_user_attr_login=samaccountname
>
> #ldap_use_lower_case=false
>
>
>
>
>
>
>
>
>
> Mit freundlichen Grüßen
>
>
>
> *Mathias Kocks*
>
> *Teamleitung IT-Infrastruktur*
>
> *Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)*
>
>
>
> Überörtliche Berufsausübungsgemeinschaft
>
> *Medizinisches Versorgungszentrum*
>
> *Dr. Eberhard & Partner Dortmund*
>
> MVZ-Haus 3: Balkenstr. 12-14
>
> 44137 Dortmund, Germany
>
>
>
> Tel.: +49 231 9572 7158
>
> Fax.: +49 231 9572 18 159
>
> E-Mail: kocks@labmed.de
>
> Web: https://www.labmed.de
>
>
>
> *Von:* Rohrbach, Gerald <G....@funkegruppe.de>
> *Gesendet:* Mittwoch, 15. April 2020 18:04
> *An:* user@openmeetings.apache.org
> *Betreff:* AW: Can not use LDAP-Sync with Microsoft Active Directory
>
>
>
> Mathias, I don`t think it is fixed really if that are user now.
>
>
>
> It should work like this: If a user logs in its checked against AD. Then
> OM looks if the user is already in DB.
>
> If yes, no new record in db is created.
>
>
>
> This is a LDAP maping problem, I had the same. .
>
>
>
>
>
> *Von:* Mathias Kocks [mailto:kocks@labmed.de <ko...@labmed.de>]
> *Gesendet:* Mittwoch, 15. April 2020 17:42
> *An:* user@openmeetings.apache.org
> *Betreff:* AW: Can not use LDAP-Sync with Microsoft Active Directory
>
>
>
>
>
>
>
> But the tip from Gerald worked fine. Now it is fixed.
>
> Thanks
>
>
>
>
>
>
>
> Mit freundlichen Grüßen
>
>
>
> *Mathias Kocks*
>
> *Teamleitung IT-Infrastruktur*
>
> *Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)*
>
>
>
> Überörtliche Berufsausübungsgemeinschaft
>
> *Medizinisches Versorgungszentrum*
>
> *Dr. Eberhard & Partner Dortmund*
>
> MVZ-Haus 3: Balkenstr. 12-14
>
> 44137 Dortmund, Germany
>
>
>
> Tel.: +49 231 9572 7158
>
> Fax.: +49 231 9572 18 159
>
> E-Mail: kocks@labmed.de
>
> Web: https://www.labmed.de
>
>
>
> *Von:* Maxim Solodovnik <so...@gmail.com>
> *Gesendet:* Mittwoch, 15. April 2020 17:36
> *An:* Openmeetings user-list <us...@openmeetings.apache.org>
> *Betreff:* Re: Can not use LDAP-Sync with Microsoft Active Directory
>
>
>
> Do you have additional DB entry on each login?
>
> this shouldn't be possible
>
> (AFAIR I have test to ensure this is impossible)
>
>
>
> On Wed, 15 Apr 2020 at 22:32, Rohrbach, Gerald <G....@funkegruppe.de>
> wrote:
>
> LDAP Mapping Problem, depends on
>
> ldap_userdn_format=userPrincipalName=%s,CN=Users,DC=mydomain,DC=de
>
>
>
> ldap_user_attr_login=sAMAccountName
>
>
>
> With debug you can analyse. It depends if users login with
> userPrinicalName like in our case I use sAMAccountName for storing in db.
>
>
>
>
>
> Gerald
>
>
>
> *Von:* Mathias Kocks [mailto:kocks@labmed.de]
> *Gesendet:* Mittwoch, 15. April 2020 17:19
> *An:* user@openmeetings.apache.org
> *Betreff:* AW: Can not use LDAP-Sync with Microsoft Active Directory
>
>
>
> And another problem:
>
> Every time i log into OpenMeetings, i get a new entry in the user database
> with login entry null@ourdomain.de.
>
>
>
> Mit freundlichen Grüßen
>
>
>
> *Mathias Kocks*
>
> *Teamleitung IT-Infrastruktur*
>
> *Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)*
>
>
>
> Überörtliche Berufsausübungsgemeinschaft
>
> *Medizinisches Versorgungszentrum*
>
> *Dr. Eberhard & Partner Dortmund*
>
> MVZ-Haus 3: Balkenstr. 12-14
>
> 44137 Dortmund, Germany
>
>
>
> Tel.: +49 231 9572 7158
>
> Fax.: +49 231 9572 18 159
>
> E-Mail: kocks@labmed.de
>
> Web: https://www.labmed.de
>
>
>
> *Von:* Maxim Solodovnik <so...@gmail.com>
> *Gesendet:* Mittwoch, 15. April 2020 16:58
> *An:* Openmeetings user-list <us...@openmeetings.apache.org>
> *Betreff:* Re: Can not use LDAP-Sync with Microsoft Active Directory
>
>
>
> congrats :)
>
>
>
> On Wed, 15 Apr 2020 at 21:53, Rohrbach, Gerald <G....@funkegruppe.de>
> wrote:
>
> Under administration you can set the default language to German…
>
> This helped us.
>
>
>
> Gerald
>
>
>
> *Von:* Mathias Kocks [mailto:kocks@labmed.de]
> *Gesendet:* Mittwoch, 15. April 2020 16:51
> *An:* user@openmeetings.apache.org
> *Betreff:* AW: Can not use LDAP-Sync with Microsoft Active Directory
>
>
>
> Got it.
>
>
>
> This configuration runs with our Active Directory:
>
>
>
> ldap_server_type=AD
>
> ldap_conn_host=dc2.labmed.de
>
> ldap_conn_port=389
>
> ldap_conn_secure=false
>
> ldap_admin_dn=CN=Some Username with
> blanks,OU=User,OU=EDV,OU=labmed,DC=labmed,DC=de
>
> ldap_passwd=SuperSecretPassword
>
> ldap_search_base=DC=labmed,DC=de
>
> ldap_search_query=(userprincipalname=%s)
>
> ldap_search_scope= SUBTREE
>
> ldap_auth_type=SEARCHANDBIND
>
> ldap_deref_mode=never
>
> ldap_userdn_format=%s
>
> ldap_provisionning=AUTOCREATE
>
> ldap_use_admin_to_get_attrs=false
>
>
>
> ldap_sync_password_to_om=true
>
> ldap_sync_attr_lastname=sn
>
> ldap_user_attr_firstname=givenName
>
> ldap_user_attr_mail=mail
>
> ldap_user_attr_zip=postalCode
>
> ldap_user_attr_country=c
>
> ldap_user_attr_phone=telephoneNumber
>
> #ldap_use_lower_case=false
>
>
>
>
>
>
>
> The only thing that bothers me is, that we do not have an flag for
> language in our AD, so every new user in OpenMeetings is english by
> default...
>
>
>
>
>
>
>
>
>
>
>
> Mit freundlichen Grüßen
>
>
>
> *Mathias Kocks*
>
> *Teamleitung IT-Infrastruktur*
>
> *Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)*
>
>
>
> Überörtliche Berufsausübungsgemeinschaft
>
> *Medizinisches Versorgungszentrum*
>
> *Dr. Eberhard & Partner Dortmund*
>
> MVZ-Haus 3: Balkenstr. 12-14
>
> 44137 Dortmund, Germany
>
>
>
> Tel.: +49 231 9572 7158
>
> Fax.: +49 231 9572 18 159
>
> E-Mail: kocks@labmed.de
>
> Web: https://www.labmed.de
>
>
>
> *Von:* Maxim Solodovnik <so...@gmail.com>
> *Gesendet:* Mittwoch, 15. April 2020 16:28
> *An:* Openmeetings user-list <us...@openmeetings.apache.org>
> *Betreff:* Re: Can not use LDAP-Sync with Microsoft Active Directory
>
>
>
> will answer here
>
>
>
> `%s` mean put passed parameter to this place as string
>
> full options are here
> https://docs.oracle.com/javase/7/docs/api/java/util/Formatter.html
>
>
>
> On Wed, 15 Apr 2020 at 19:37, Rohrbach, Gerald <G....@funkegruppe.de>
> wrote:
>
> This is working….
>
> I would not use an DomainAdmin account for query. It can be a simple
> restricted user…
>
>
>
> Maxim pointed already to a link, the debug mode is helpful…
>
>
>
>
>
> ldap_conn_host=DESVR-AD01.mydomain.de
>
> ldap_conn_port=389
>
> ldap_conn_secure=false
>
>
>
>
> ldap_admin_dn=CN=ldapopenmeetings,OU=Users-Service-Accounts,DC=mydomain,DC=de
>
>
>
> ldap_passwd=#password#
>
> ldap_search_base=DC=mydomain,DC=de
>
>
>
> ldap_search_query=(userPrincipalName=%s)
>
>
>
> ldap_search_scope=SUBTREE
>
>
>
> ldap_auth_type=SEARCHANDBIND
>
>
>
> ldap_userdn_format=userPrincipalName=%s,CN=Users,DC=mydomain,DC=de
>
>
>
> ldap_provisionning=AUTOCREATE
>
>
>
> ldap_deref_mode=always
>
>
>
> ldap_use_admin_to_get_attrs=true
>
> ldap_sync_password_to_om=true
>
>
>
> ldap_group_mode=NONE
>
>
>
> ldap_group_query=(&(memberUid=%s)(objectClass=posixGroup))
>
>
>
> # Ldap user attributes mapping
>
> # Set the following internal OM user attributes to their corresponding
> Ldap-attribute
>
> ldap_user_attr_login=sAMAccountName
>
> ldap_user_attr_lastname=sn
>
> ldap_user_attr_firstname=givenName
>
> ldap_user_attr_mail=mail
>
> ldap_user_attr_street=streetAddress
>
> ldap_user_attr_additionalname=description
>
> ldap_user_attr_fax=facsimileTelephoneNumber
>
> ldap_user_attr_zip=postalCode
>
> ldap_user_attr_country=c
>
> ldap_user_attr_town=l
>
> ldap_user_attr_phone=telephoneNumber
>
>
>
> ldap_group_attr=memberOf
>
>
>
>
>
> ldap_use_lower_case=false
>
>
>
> # Ldap import query, this query should retrieve all LDAP users
>
> ldap_import_query=(objectClass=inetOrgPerson)
>
>
>
> Dortmund is not far away…
>
>
>
> Regards
>
>
>
> Gerald
>
>
>
> *Von:* Mathias Kocks [mailto:kocks@labmed.de]
> *Gesendet:* Mittwoch, 15. April 2020 14:06
> *An:* user@openmeetings.apache.org
> *Betreff:* Can not use LDAP-Sync with Microsoft Active Directory
>
>
>
> Hello,
>
> i am new to this project and a have a problem with the LDAP-Sync. I even
> can not find any good documentations...
>
>
>
> My problem is, that slapd does not find any user in my AD. I am not even
> shure, if it is searching for real. I found in the mailing list archive
> some example configs, but they does not work for me.
>
> I found this one:
>
>
>
> #LDAP URL
>
> ldap_conn_host=LDAP_server.Company.com
>
> ldap_conn_port=636
>
> ldap_conn_secure=true
>
>
>
> # Login distinguished name (DN) for Authentication on LDAP Server
>
> # Use full qualified LDAP DN
>
> ldap_admin_dn=CN=ldapauth,OU=Users,DC=Company,DC=com
>
>
>
> # Loginpass for Authentication on LDAP Server
>
> ldap_passwd=ldapauthpasswd
>
>
>
> # base to search for userdata(of user, that wants to login)
>
> ldap_search_base=OU=Users,DC=Company,DC=com
>
> #ldap_search_base=DC=Company,DC=com
>
>
>
> # Fieldnames (can differ between Ldap servers)
>
>
> ldap_search_query=(&(objectCategory=person)(objectClass=person)(sAMAccountName=%1$s))
>
> #ldap_search_query=(sAMAccountName=%s)
>
> #ldap_search_query=(CN=%s)
>
>
>
> # the scope of the search might be: OBJECT, ONELEVEL, SUBTREE
>
> ldap_search_scope=SUBTREE
>
>
>
> # Ldap auth type(NONE, SEARCHANDBIND, SIMPLEBIND)
>
> ldap_auth_type=SEARCHANDBIND
>
>
>
> # userDN format, will be used to bind if ldap_auth_type=SIMPLEBIND
>
> ldap_userdn_format=sAMAccountName=%s,OU=Users,DC=beuth-hochschule.de
> ,DC=com
>
> #ldap_userdn_format=sAMAccountName=%s,DC=Company,DC=com
>
> #ldap_userdn_format=CN=%s,OU=Users,DC=Company,DC=com
>
> #ldap_userdn_format=CN=%s,DC=Company,DC=com
>
>
>
> # Ldap-password synchronization to OM DB
>
> ldap_sync_password_to_om=false
>
>
>
> # Ldap user attributes mapping
>
> # Set the following internal OM user attributes to their corresponding
>
> Ldap-attribute
>
> ldap_user_attr_lastname=sn
>
>
>
> But even after i changed it to my AD and tried several changes, no users
> were found.
>
>
>
> My actual config:
>
>
>
> ldap_server_type=AD
>
> ldap_conn_host=dc2.labmed.de
>
> ldap_conn_port=389
>
> ldap_conn_secure=false
>
> ldap_admin_dn=CN=Administrator,CN=Users,DC=labmed,DC=de
>
> ldap_passwd=SuperSecretPassword
>
> ldap_search_base=OU=labmed,DC=labmed,DC=de
>
> #ldap_search_query=(&(objectCategory=*)(objectClass=*)(sAMAccountName=%s))
>
> ldap_search_query=(sAMAccountName=%s)
>
> ldap_search_scope= SUBTREE
>
> ldap_auth_type=SEARCHANDBIND
>
> ldap_deref_mode=never
>
> ldap_userdn_format=sAMAccountName=%s,DC=labmed,DC=de
>
> ldap_provisionning=NONE
>
> ldap_use_admin_to_get_attrs=true
>
> ldap_sync_password_to_om=false
>
> ldap_sync_attr_lastname=sn
>
> ldap_user_attr_firstname=givenName
>
> ldap_user_attr_mail=mail
>
> ldap_user_attr_street=streetAddress
>
> ldap_user_attr_additionalname=description
>
> ldap_user_attr_fax=facsimileTelephoneNumber
>
> ldap_user_attr_zip=postalCode
>
> ldap_user_attr_country=co
>
> ldap_user_attr_town=l
>
> ldap_user_attr_phone=telephoneNumber
>
> ldap_use_lower_case=false
>
>
>
>
>
> It is the second day by now were i am bursting by happyness....
>
>
>
>
>
>
>
> Mit freundlichen Grüßen
>
>
>
> *Mathias Kocks*
>
> *Teamleitung IT-Infrastruktur*
>
> *Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)*
>
>
>
> Überörtliche Berufsausübungsgemeinschaft
>
> *Medizinisches Versorgungszentrum*
>
> *Dr. Eberhard & Partner Dortmund*
>
> MVZ-Haus 3: Balkenstr. 12-14
>
> 44137 Dortmund, Germany
>
>
>
> Tel.: +49 231 9572 7158
>
> Fax.: +49 231 9572 18 159
>
> E-Mail: kocks@labmed.de
>
> Web: https://www.labmed.de
>
>
>
>
>
>
> --
>
> Best regards,
> Maxim
>
>
>
>
> --
>
> Best regards,
> Maxim
>
>
>
>
> --
>
> Best regards,
> Maxim
>
>
>
>
> --
>
> Best regards,
> Maxim
>
--
Best regards,
Maxim
Re: Can not use LDAP-Sync with Microsoft Active Directory
Posted by Julian Weiß <ju...@ch-weiss.de>.
Hey Users,
I’m new in Openmeetings trying to get the LDAP connection done. I’m using the same configuration as Mr Kocks has posted.
I’ve got the Problem, that I can’t get logged in. I always get a wrong password error,
Can anyone tell me how to get to the debug mode, so that I can see if there is any connection between Microsoft LDAP and the Openmeetingsserver?
Thanks a lot!
Von: Maxim Solodovnik <so...@gmail.com>
Antworten an: "user@openmeetings.apache.org" <us...@openmeetings.apache.org>
Datum: Mittwoch, 15. April 2020 um 18:22
An: Openmeetings user-list <us...@openmeetings.apache.org>
Betreff: Re: Can not use LDAP-Sync with Microsoft Active Directory
really weird
even if mapping is wrong
1) login (after mapping)
2) type == LDAP
3) domainId
should remain the same
wrong but the same
so users shouldn't get duplicated
don't get how is this possible :(
On Wed, 15 Apr 2020 at 23:09, Mathias Kocks <ko...@labmed.de> wrote:
With your tip, i dont get any new, same named users.
I changed the mapping like this and now it is fine.
ldap_server_type=AD
ldap_conn_host=dc2.labmed.de
ldap_conn_port=389
ldap_conn_secure=false
ldap_admin_dn=CN=Mathias Kocks,OU=User,OU=EDV,OU=labmed,DC=labmed,DC=de
ldap_passwd=SecretPassword
ldap_search_base=DC=labmed,DC=de
ldap_search_query=(userprincipalname=%s)
ldap_search_scope= SUBTREE
ldap_auth_type=SEARCHANDBIND
ldap_deref_mode=always
ldap_userdn_format=%s
ldap_provisionning=AUTOCREATE
ldap_use_admin_to_get_attrs=false
ldap_sync_password_to_om=true
ldap_sync_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_zip=postalCode
ldap_user_attr_country=c
ldap_user_attr_phone=telephoneNumber
ldap_user_attr_login=samaccountname
#ldap_use_lower_case=false
Mit freundlichen Grüßen
Mathias Kocks
Teamleitung IT-Infrastruktur
Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)
Überörtliche Berufsausübungsgemeinschaft
Medizinisches Versorgungszentrum
Dr. Eberhard & Partner Dortmund
MVZ-Haus 3: Balkenstr. 12-14
44137 Dortmund, Germany
Tel.: +49 231 9572 7158
Fax.: +49 231 9572 18 159
E-Mail: kocks@labmed.de
Web: https://www.labmed.de
Von: Rohrbach, Gerald <G....@funkegruppe.de>
Gesendet: Mittwoch, 15. April 2020 18:04
An: user@openmeetings.apache.org
Betreff: AW: Can not use LDAP-Sync with Microsoft Active Directory
Mathias, I don`t think it is fixed really if that are user now.
It should work like this: If a user logs in its checked against AD. Then OM looks if the user is already in DB.
If yes, no new record in db is created.
This is a LDAP maping problem, I had the same. .
Von: Mathias Kocks [mailto:kocks@labmed.de]
Gesendet: Mittwoch, 15. April 2020 17:42
An: user@openmeetings.apache.org
Betreff: AW: Can not use LDAP-Sync with Microsoft Active Directory
But the tip from Gerald worked fine. Now it is fixed.
Thanks
Mit freundlichen Grüßen
Mathias Kocks
Teamleitung IT-Infrastruktur
Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)
Überörtliche Berufsausübungsgemeinschaft
Medizinisches Versorgungszentrum
Dr. Eberhard & Partner Dortmund
MVZ-Haus 3: Balkenstr. 12-14
44137 Dortmund, Germany
Tel.: +49 231 9572 7158
Fax.: +49 231 9572 18 159
E-Mail: kocks@labmed.de
Web: https://www.labmed.de
Von: Maxim Solodovnik <so...@gmail.com>
Gesendet: Mittwoch, 15. April 2020 17:36
An: Openmeetings user-list <us...@openmeetings.apache.org>
Betreff: Re: Can not use LDAP-Sync with Microsoft Active Directory
Do you have additional DB entry on each login?
this shouldn't be possible
(AFAIR I have test to ensure this is impossible)
On Wed, 15 Apr 2020 at 22:32, Rohrbach, Gerald <G....@funkegruppe.de> wrote:
LDAP Mapping Problem, depends on
ldap_userdn_format=userPrincipalName=%s,CN=Users,DC=mydomain,DC=de
ldap_user_attr_login=sAMAccountName
With debug you can analyse. It depends if users login with userPrinicalName like in our case I use sAMAccountName for storing in db.
Gerald
Von: Mathias Kocks [mailto:kocks@labmed.de]
Gesendet: Mittwoch, 15. April 2020 17:19
An: user@openmeetings.apache.org
Betreff: AW: Can not use LDAP-Sync with Microsoft Active Directory
And another problem:
Every time i log into OpenMeetings, i get a new entry in the user database with login entry null@ourdomain.de.
Mit freundlichen Grüßen
Mathias Kocks
Teamleitung IT-Infrastruktur
Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)
Überörtliche Berufsausübungsgemeinschaft
Medizinisches Versorgungszentrum
Dr. Eberhard & Partner Dortmund
MVZ-Haus 3: Balkenstr. 12-14
44137 Dortmund, Germany
Tel.: +49 231 9572 7158
Fax.: +49 231 9572 18 159
E-Mail: kocks@labmed.de
Web: https://www.labmed.de
Von: Maxim Solodovnik <so...@gmail.com>
Gesendet: Mittwoch, 15. April 2020 16:58
An: Openmeetings user-list <us...@openmeetings.apache.org>
Betreff: Re: Can not use LDAP-Sync with Microsoft Active Directory
congrats :)
On Wed, 15 Apr 2020 at 21:53, Rohrbach, Gerald <G....@funkegruppe.de> wrote:
Under administration you can set the default language to German…
This helped us.
Gerald
Von: Mathias Kocks [mailto:kocks@labmed.de]
Gesendet: Mittwoch, 15. April 2020 16:51
An: user@openmeetings.apache.org
Betreff: AW: Can not use LDAP-Sync with Microsoft Active Directory
Got it.
This configuration runs with our Active Directory:
ldap_server_type=AD
ldap_conn_host=dc2.labmed.de
ldap_conn_port=389
ldap_conn_secure=false
ldap_admin_dn=CN=Some Username with blanks,OU=User,OU=EDV,OU=labmed,DC=labmed,DC=de
ldap_passwd=SuperSecretPassword
ldap_search_base=DC=labmed,DC=de
ldap_search_query=(userprincipalname=%s)
ldap_search_scope= SUBTREE
ldap_auth_type=SEARCHANDBIND
ldap_deref_mode=never
ldap_userdn_format=%s
ldap_provisionning=AUTOCREATE
ldap_use_admin_to_get_attrs=false
ldap_sync_password_to_om=true
ldap_sync_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_zip=postalCode
ldap_user_attr_country=c
ldap_user_attr_phone=telephoneNumber
#ldap_use_lower_case=false
The only thing that bothers me is, that we do not have an flag for language in our AD, so every new user in OpenMeetings is english by default...
Mit freundlichen Grüßen
Mathias Kocks
Teamleitung IT-Infrastruktur
Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)
Überörtliche Berufsausübungsgemeinschaft
Medizinisches Versorgungszentrum
Dr. Eberhard & Partner Dortmund
MVZ-Haus 3: Balkenstr. 12-14
44137 Dortmund, Germany
Tel.: +49 231 9572 7158
Fax.: +49 231 9572 18 159
E-Mail: kocks@labmed.de
Web: https://www.labmed.de
Von: Maxim Solodovnik <so...@gmail.com>
Gesendet: Mittwoch, 15. April 2020 16:28
An: Openmeetings user-list <us...@openmeetings.apache.org>
Betreff: Re: Can not use LDAP-Sync with Microsoft Active Directory
will answer here
`%s` mean put passed parameter to this place as string
full options are here https://docs.oracle.com/javase/7/docs/api/java/util/Formatter.html
On Wed, 15 Apr 2020 at 19:37, Rohrbach, Gerald <G....@funkegruppe.de> wrote:
This is working….
I would not use an DomainAdmin account for query. It can be a simple restricted user…
Maxim pointed already to a link, the debug mode is helpful…
ldap_conn_host=DESVR-AD01.mydomain.de
ldap_conn_port=389
ldap_conn_secure=false
ldap_admin_dn=CN=ldapopenmeetings,OU=Users-Service-Accounts,DC=mydomain,DC=de
ldap_passwd=#password#
ldap_search_base=DC=mydomain,DC=de
ldap_search_query=(userPrincipalName=%s)
ldap_search_scope=SUBTREE
ldap_auth_type=SEARCHANDBIND
ldap_userdn_format=userPrincipalName=%s,CN=Users,DC=mydomain,DC=de
ldap_provisionning=AUTOCREATE
ldap_deref_mode=always
ldap_use_admin_to_get_attrs=true
ldap_sync_password_to_om=true
ldap_group_mode=NONE
ldap_group_query=(&(memberUid=%s)(objectClass=posixGroup))
# Ldap user attributes mapping
# Set the following internal OM user attributes to their corresponding Ldap-attribute
ldap_user_attr_login=sAMAccountName
ldap_user_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=streetAddress
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=c
ldap_user_attr_town=l
ldap_user_attr_phone=telephoneNumber
ldap_group_attr=memberOf
ldap_use_lower_case=false
# Ldap import query, this query should retrieve all LDAP users
ldap_import_query=(objectClass=inetOrgPerson)
Dortmund is not far away…
Regards
Gerald
Von: Mathias Kocks [mailto:kocks@labmed.de]
Gesendet: Mittwoch, 15. April 2020 14:06
An: user@openmeetings.apache.org
Betreff: Can not use LDAP-Sync with Microsoft Active Directory
Hello,
i am new to this project and a have a problem with the LDAP-Sync. I even can not find any good documentations...
My problem is, that slapd does not find any user in my AD. I am not even shure, if it is searching for real. I found in the mailing list archive some example configs, but they does not work for me.
I found this one:
#LDAP URL
ldap_conn_host=LDAP_server.Company.com
ldap_conn_port=636
ldap_conn_secure=true
# Login distinguished name (DN) for Authentication on LDAP Server
# Use full qualified LDAP DN
ldap_admin_dn=CN=ldapauth,OU=Users,DC=Company,DC=com
# Loginpass for Authentication on LDAP Server
ldap_passwd=ldapauthpasswd
# base to search for userdata(of user, that wants to login)
ldap_search_base=OU=Users,DC=Company,DC=com
#ldap_search_base=DC=Company,DC=com
# Fieldnames (can differ between Ldap servers)
ldap_search_query=(&(objectCategory=person)(objectClass=person)(sAMAccountName=%1$s))
#ldap_search_query=(sAMAccountName=%s)
#ldap_search_query=(CN=%s)
# the scope of the search might be: OBJECT, ONELEVEL, SUBTREE
ldap_search_scope=SUBTREE
# Ldap auth type(NONE, SEARCHANDBIND, SIMPLEBIND)
ldap_auth_type=SEARCHANDBIND
# userDN format, will be used to bind if ldap_auth_type=SIMPLEBIND
ldap_userdn_format=sAMAccountName=%s,OU=Users,DC=beuth-hochschule.de,DC=com
#ldap_userdn_format=sAMAccountName=%s,DC=Company,DC=com
#ldap_userdn_format=CN=%s,OU=Users,DC=Company,DC=com
#ldap_userdn_format=CN=%s,DC=Company,DC=com
# Ldap-password synchronization to OM DB
ldap_sync_password_to_om=false
# Ldap user attributes mapping
# Set the following internal OM user attributes to their corresponding
Ldap-attribute
ldap_user_attr_lastname=sn
But even after i changed it to my AD and tried several changes, no users were found.
My actual config:
ldap_server_type=AD
ldap_conn_host=dc2.labmed.de
ldap_conn_port=389
ldap_conn_secure=false
ldap_admin_dn=CN=Administrator,CN=Users,DC=labmed,DC=de
ldap_passwd=SuperSecretPassword
ldap_search_base=OU=labmed,DC=labmed,DC=de
#ldap_search_query=(&(objectCategory=*)(objectClass=*)(sAMAccountName=%s))
ldap_search_query=(sAMAccountName=%s)
ldap_search_scope= SUBTREE
ldap_auth_type=SEARCHANDBIND
ldap_deref_mode=never
ldap_userdn_format=sAMAccountName=%s,DC=labmed,DC=de
ldap_provisionning=NONE
ldap_use_admin_to_get_attrs=true
ldap_sync_password_to_om=false
ldap_sync_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=streetAddress
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=co
ldap_user_attr_town=l
ldap_user_attr_phone=telephoneNumber
ldap_use_lower_case=false
It is the second day by now were i am bursting by happyness....
Mit freundlichen Grüßen
Mathias Kocks
Teamleitung IT-Infrastruktur
Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)
Überörtliche Berufsausübungsgemeinschaft
Medizinisches Versorgungszentrum
Dr. Eberhard & Partner Dortmund
MVZ-Haus 3: Balkenstr. 12-14
44137 Dortmund, Germany
Tel.: +49 231 9572 7158
Fax.: +49 231 9572 18 159
E-Mail: kocks@labmed.de
Web: https://www.labmed.de
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
Re: Can not use LDAP-Sync with Microsoft Active Directory
Posted by Maxim Solodovnik <so...@gmail.com>.
really weird
even if mapping is wrong
1) login (after mapping)
2) type == LDAP
3) domainId
should remain the same
wrong but the same
so users shouldn't get duplicated
don't get how is this possible :(
On Wed, 15 Apr 2020 at 23:09, Mathias Kocks <ko...@labmed.de> wrote:
> With your tip, i dont get any new, same named users.
>
> I changed the mapping like this and now it is fine.
>
>
>
> ldap_server_type=AD
>
> ldap_conn_host=dc2.labmed.de
>
> ldap_conn_port=389
>
> ldap_conn_secure=false
>
> ldap_admin_dn=CN=Mathias
> Kocks,OU=User,OU=EDV,OU=labmed,DC=labmed,DC=de
>
> ldap_passwd=SecretPassword
>
> ldap_search_base=DC=labmed,DC=de
>
> ldap_search_query=(userprincipalname=%s)
>
> ldap_search_scope= SUBTREE
>
> ldap_auth_type=SEARCHANDBIND
>
> ldap_deref_mode=always
>
> ldap_userdn_format=%s
>
> ldap_provisionning=AUTOCREATE
>
> ldap_use_admin_to_get_attrs=false
>
>
>
> ldap_sync_password_to_om=true
>
> ldap_sync_attr_lastname=sn
>
> ldap_user_attr_firstname=givenName
>
> ldap_user_attr_mail=mail
>
> ldap_user_attr_zip=postalCode
>
> ldap_user_attr_country=c
>
> ldap_user_attr_phone=telephoneNumber
>
> ldap_user_attr_login=samaccountname
>
> #ldap_use_lower_case=false
>
>
>
>
>
>
>
>
>
> Mit freundlichen Grüßen
>
>
>
> *Mathias Kocks*
>
> *Teamleitung IT-Infrastruktur*
>
> *Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)*
>
>
>
> Überörtliche Berufsausübungsgemeinschaft
>
> *Medizinisches Versorgungszentrum*
>
> *Dr. Eberhard & Partner Dortmund*
>
> MVZ-Haus 3: Balkenstr. 12-14
>
> 44137 Dortmund, Germany
>
>
>
> Tel.: +49 231 9572 7158
>
> Fax.: +49 231 9572 18 159
>
> E-Mail: kocks@labmed.de
>
> Web: https://www.labmed.de
>
>
>
> *Von:* Rohrbach, Gerald <G....@funkegruppe.de>
> *Gesendet:* Mittwoch, 15. April 2020 18:04
> *An:* user@openmeetings.apache.org
> *Betreff:* AW: Can not use LDAP-Sync with Microsoft Active Directory
>
>
>
> Mathias, I don`t think it is fixed really if that are user now.
>
>
>
> It should work like this: If a user logs in its checked against AD. Then
> OM looks if the user is already in DB.
>
> If yes, no new record in db is created.
>
>
>
> This is a LDAP maping problem, I had the same. .
>
>
>
>
>
> *Von:* Mathias Kocks [mailto:kocks@labmed.de <ko...@labmed.de>]
> *Gesendet:* Mittwoch, 15. April 2020 17:42
> *An:* user@openmeetings.apache.org
> *Betreff:* AW: Can not use LDAP-Sync with Microsoft Active Directory
>
>
>
>
>
>
>
> But the tip from Gerald worked fine. Now it is fixed.
>
> Thanks
>
>
>
>
>
>
>
> Mit freundlichen Grüßen
>
>
>
> *Mathias Kocks*
>
> *Teamleitung IT-Infrastruktur*
>
> *Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)*
>
>
>
> Überörtliche Berufsausübungsgemeinschaft
>
> *Medizinisches Versorgungszentrum*
>
> *Dr. Eberhard & Partner Dortmund*
>
> MVZ-Haus 3: Balkenstr. 12-14
>
> 44137 Dortmund, Germany
>
>
>
> Tel.: +49 231 9572 7158
>
> Fax.: +49 231 9572 18 159
>
> E-Mail: kocks@labmed.de
>
> Web: https://www.labmed.de
>
>
>
> *Von:* Maxim Solodovnik <so...@gmail.com>
> *Gesendet:* Mittwoch, 15. April 2020 17:36
> *An:* Openmeetings user-list <us...@openmeetings.apache.org>
> *Betreff:* Re: Can not use LDAP-Sync with Microsoft Active Directory
>
>
>
> Do you have additional DB entry on each login?
>
> this shouldn't be possible
>
> (AFAIR I have test to ensure this is impossible)
>
>
>
> On Wed, 15 Apr 2020 at 22:32, Rohrbach, Gerald <G....@funkegruppe.de>
> wrote:
>
> LDAP Mapping Problem, depends on
>
> ldap_userdn_format=userPrincipalName=%s,CN=Users,DC=mydomain,DC=de
>
>
>
> ldap_user_attr_login=sAMAccountName
>
>
>
> With debug you can analyse. It depends if users login with
> userPrinicalName like in our case I use sAMAccountName for storing in db.
>
>
>
>
>
> Gerald
>
>
>
> *Von:* Mathias Kocks [mailto:kocks@labmed.de]
> *Gesendet:* Mittwoch, 15. April 2020 17:19
> *An:* user@openmeetings.apache.org
> *Betreff:* AW: Can not use LDAP-Sync with Microsoft Active Directory
>
>
>
> And another problem:
>
> Every time i log into OpenMeetings, i get a new entry in the user database
> with login entry null@ourdomain.de.
>
>
>
> Mit freundlichen Grüßen
>
>
>
> *Mathias Kocks*
>
> *Teamleitung IT-Infrastruktur*
>
> *Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)*
>
>
>
> Überörtliche Berufsausübungsgemeinschaft
>
> *Medizinisches Versorgungszentrum*
>
> *Dr. Eberhard & Partner Dortmund*
>
> MVZ-Haus 3: Balkenstr. 12-14
>
> 44137 Dortmund, Germany
>
>
>
> Tel.: +49 231 9572 7158
>
> Fax.: +49 231 9572 18 159
>
> E-Mail: kocks@labmed.de
>
> Web: https://www.labmed.de
>
>
>
> *Von:* Maxim Solodovnik <so...@gmail.com>
> *Gesendet:* Mittwoch, 15. April 2020 16:58
> *An:* Openmeetings user-list <us...@openmeetings.apache.org>
> *Betreff:* Re: Can not use LDAP-Sync with Microsoft Active Directory
>
>
>
> congrats :)
>
>
>
> On Wed, 15 Apr 2020 at 21:53, Rohrbach, Gerald <G....@funkegruppe.de>
> wrote:
>
> Under administration you can set the default language to German…
>
> This helped us.
>
>
>
> Gerald
>
>
>
> *Von:* Mathias Kocks [mailto:kocks@labmed.de]
> *Gesendet:* Mittwoch, 15. April 2020 16:51
> *An:* user@openmeetings.apache.org
> *Betreff:* AW: Can not use LDAP-Sync with Microsoft Active Directory
>
>
>
> Got it.
>
>
>
> This configuration runs with our Active Directory:
>
>
>
> ldap_server_type=AD
>
> ldap_conn_host=dc2.labmed.de
>
> ldap_conn_port=389
>
> ldap_conn_secure=false
>
> ldap_admin_dn=CN=Some Username with
> blanks,OU=User,OU=EDV,OU=labmed,DC=labmed,DC=de
>
> ldap_passwd=SuperSecretPassword
>
> ldap_search_base=DC=labmed,DC=de
>
> ldap_search_query=(userprincipalname=%s)
>
> ldap_search_scope= SUBTREE
>
> ldap_auth_type=SEARCHANDBIND
>
> ldap_deref_mode=never
>
> ldap_userdn_format=%s
>
> ldap_provisionning=AUTOCREATE
>
> ldap_use_admin_to_get_attrs=false
>
>
>
> ldap_sync_password_to_om=true
>
> ldap_sync_attr_lastname=sn
>
> ldap_user_attr_firstname=givenName
>
> ldap_user_attr_mail=mail
>
> ldap_user_attr_zip=postalCode
>
> ldap_user_attr_country=c
>
> ldap_user_attr_phone=telephoneNumber
>
> #ldap_use_lower_case=false
>
>
>
>
>
>
>
> The only thing that bothers me is, that we do not have an flag for
> language in our AD, so every new user in OpenMeetings is english by
> default...
>
>
>
>
>
>
>
>
>
>
>
> Mit freundlichen Grüßen
>
>
>
> *Mathias Kocks*
>
> *Teamleitung IT-Infrastruktur*
>
> *Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)*
>
>
>
> Überörtliche Berufsausübungsgemeinschaft
>
> *Medizinisches Versorgungszentrum*
>
> *Dr. Eberhard & Partner Dortmund*
>
> MVZ-Haus 3: Balkenstr. 12-14
>
> 44137 Dortmund, Germany
>
>
>
> Tel.: +49 231 9572 7158
>
> Fax.: +49 231 9572 18 159
>
> E-Mail: kocks@labmed.de
>
> Web: https://www.labmed.de
>
>
>
> *Von:* Maxim Solodovnik <so...@gmail.com>
> *Gesendet:* Mittwoch, 15. April 2020 16:28
> *An:* Openmeetings user-list <us...@openmeetings.apache.org>
> *Betreff:* Re: Can not use LDAP-Sync with Microsoft Active Directory
>
>
>
> will answer here
>
>
>
> `%s` mean put passed parameter to this place as string
>
> full options are here
> https://docs.oracle.com/javase/7/docs/api/java/util/Formatter.html
>
>
>
> On Wed, 15 Apr 2020 at 19:37, Rohrbach, Gerald <G....@funkegruppe.de>
> wrote:
>
> This is working….
>
> I would not use an DomainAdmin account for query. It can be a simple
> restricted user…
>
>
>
> Maxim pointed already to a link, the debug mode is helpful…
>
>
>
>
>
> ldap_conn_host=DESVR-AD01.mydomain.de
>
> ldap_conn_port=389
>
> ldap_conn_secure=false
>
>
>
>
> ldap_admin_dn=CN=ldapopenmeetings,OU=Users-Service-Accounts,DC=mydomain,DC=de
>
>
>
> ldap_passwd=#password#
>
> ldap_search_base=DC=mydomain,DC=de
>
>
>
> ldap_search_query=(userPrincipalName=%s)
>
>
>
> ldap_search_scope=SUBTREE
>
>
>
> ldap_auth_type=SEARCHANDBIND
>
>
>
> ldap_userdn_format=userPrincipalName=%s,CN=Users,DC=mydomain,DC=de
>
>
>
> ldap_provisionning=AUTOCREATE
>
>
>
> ldap_deref_mode=always
>
>
>
> ldap_use_admin_to_get_attrs=true
>
> ldap_sync_password_to_om=true
>
>
>
> ldap_group_mode=NONE
>
>
>
> ldap_group_query=(&(memberUid=%s)(objectClass=posixGroup))
>
>
>
> # Ldap user attributes mapping
>
> # Set the following internal OM user attributes to their corresponding
> Ldap-attribute
>
> ldap_user_attr_login=sAMAccountName
>
> ldap_user_attr_lastname=sn
>
> ldap_user_attr_firstname=givenName
>
> ldap_user_attr_mail=mail
>
> ldap_user_attr_street=streetAddress
>
> ldap_user_attr_additionalname=description
>
> ldap_user_attr_fax=facsimileTelephoneNumber
>
> ldap_user_attr_zip=postalCode
>
> ldap_user_attr_country=c
>
> ldap_user_attr_town=l
>
> ldap_user_attr_phone=telephoneNumber
>
>
>
> ldap_group_attr=memberOf
>
>
>
>
>
> ldap_use_lower_case=false
>
>
>
> # Ldap import query, this query should retrieve all LDAP users
>
> ldap_import_query=(objectClass=inetOrgPerson)
>
>
>
> Dortmund is not far away…
>
>
>
> Regards
>
>
>
> Gerald
>
>
>
> *Von:* Mathias Kocks [mailto:kocks@labmed.de]
> *Gesendet:* Mittwoch, 15. April 2020 14:06
> *An:* user@openmeetings.apache.org
> *Betreff:* Can not use LDAP-Sync with Microsoft Active Directory
>
>
>
> Hello,
>
> i am new to this project and a have a problem with the LDAP-Sync. I even
> can not find any good documentations...
>
>
>
> My problem is, that slapd does not find any user in my AD. I am not even
> shure, if it is searching for real. I found in the mailing list archive
> some example configs, but they does not work for me.
>
> I found this one:
>
>
>
> #LDAP URL
>
> ldap_conn_host=LDAP_server.Company.com
>
> ldap_conn_port=636
>
> ldap_conn_secure=true
>
>
>
> # Login distinguished name (DN) for Authentication on LDAP Server
>
> # Use full qualified LDAP DN
>
> ldap_admin_dn=CN=ldapauth,OU=Users,DC=Company,DC=com
>
>
>
> # Loginpass for Authentication on LDAP Server
>
> ldap_passwd=ldapauthpasswd
>
>
>
> # base to search for userdata(of user, that wants to login)
>
> ldap_search_base=OU=Users,DC=Company,DC=com
>
> #ldap_search_base=DC=Company,DC=com
>
>
>
> # Fieldnames (can differ between Ldap servers)
>
>
> ldap_search_query=(&(objectCategory=person)(objectClass=person)(sAMAccountName=%1$s))
>
> #ldap_search_query=(sAMAccountName=%s)
>
> #ldap_search_query=(CN=%s)
>
>
>
> # the scope of the search might be: OBJECT, ONELEVEL, SUBTREE
>
> ldap_search_scope=SUBTREE
>
>
>
> # Ldap auth type(NONE, SEARCHANDBIND, SIMPLEBIND)
>
> ldap_auth_type=SEARCHANDBIND
>
>
>
> # userDN format, will be used to bind if ldap_auth_type=SIMPLEBIND
>
> ldap_userdn_format=sAMAccountName=%s,OU=Users,DC=beuth-hochschule.de
> ,DC=com
>
> #ldap_userdn_format=sAMAccountName=%s,DC=Company,DC=com
>
> #ldap_userdn_format=CN=%s,OU=Users,DC=Company,DC=com
>
> #ldap_userdn_format=CN=%s,DC=Company,DC=com
>
>
>
> # Ldap-password synchronization to OM DB
>
> ldap_sync_password_to_om=false
>
>
>
> # Ldap user attributes mapping
>
> # Set the following internal OM user attributes to their corresponding
>
> Ldap-attribute
>
> ldap_user_attr_lastname=sn
>
>
>
> But even after i changed it to my AD and tried several changes, no users
> were found.
>
>
>
> My actual config:
>
>
>
> ldap_server_type=AD
>
> ldap_conn_host=dc2.labmed.de
>
> ldap_conn_port=389
>
> ldap_conn_secure=false
>
> ldap_admin_dn=CN=Administrator,CN=Users,DC=labmed,DC=de
>
> ldap_passwd=SuperSecretPassword
>
> ldap_search_base=OU=labmed,DC=labmed,DC=de
>
> #ldap_search_query=(&(objectCategory=*)(objectClass=*)(sAMAccountName=%s))
>
> ldap_search_query=(sAMAccountName=%s)
>
> ldap_search_scope= SUBTREE
>
> ldap_auth_type=SEARCHANDBIND
>
> ldap_deref_mode=never
>
> ldap_userdn_format=sAMAccountName=%s,DC=labmed,DC=de
>
> ldap_provisionning=NONE
>
> ldap_use_admin_to_get_attrs=true
>
> ldap_sync_password_to_om=false
>
> ldap_sync_attr_lastname=sn
>
> ldap_user_attr_firstname=givenName
>
> ldap_user_attr_mail=mail
>
> ldap_user_attr_street=streetAddress
>
> ldap_user_attr_additionalname=description
>
> ldap_user_attr_fax=facsimileTelephoneNumber
>
> ldap_user_attr_zip=postalCode
>
> ldap_user_attr_country=co
>
> ldap_user_attr_town=l
>
> ldap_user_attr_phone=telephoneNumber
>
> ldap_use_lower_case=false
>
>
>
>
>
> It is the second day by now were i am bursting by happyness....
>
>
>
>
>
>
>
> Mit freundlichen Grüßen
>
>
>
> *Mathias Kocks*
>
> *Teamleitung IT-Infrastruktur*
>
> *Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)*
>
>
>
> Überörtliche Berufsausübungsgemeinschaft
>
> *Medizinisches Versorgungszentrum*
>
> *Dr. Eberhard & Partner Dortmund*
>
> MVZ-Haus 3: Balkenstr. 12-14
>
> 44137 Dortmund, Germany
>
>
>
> Tel.: +49 231 9572 7158
>
> Fax.: +49 231 9572 18 159
>
> E-Mail: kocks@labmed.de
>
> Web: https://www.labmed.de
>
>
>
>
>
>
> --
>
> Best regards,
> Maxim
>
>
>
>
> --
>
> Best regards,
> Maxim
>
>
>
>
> --
>
> Best regards,
> Maxim
>
--
Best regards,
Maxim
AW: Can not use LDAP-Sync with Microsoft Active Directory
Posted by Mathias Kocks <ko...@labmed.de>.
With your tip, i dont get any new, same named users.
I changed the mapping like this and now it is fine.
ldap_server_type=AD
ldap_conn_host=dc2.labmed.de
ldap_conn_port=389
ldap_conn_secure=false
ldap_admin_dn=CN=Mathias Kocks,OU=User,OU=EDV,OU=labmed,DC=labmed,DC=de
ldap_passwd=SecretPassword
ldap_search_base=DC=labmed,DC=de
ldap_search_query=(userprincipalname=%s)
ldap_search_scope= SUBTREE
ldap_auth_type=SEARCHANDBIND
ldap_deref_mode=always
ldap_userdn_format=%s
ldap_provisionning=AUTOCREATE
ldap_use_admin_to_get_attrs=false
ldap_sync_password_to_om=true
ldap_sync_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_zip=postalCode
ldap_user_attr_country=c
ldap_user_attr_phone=telephoneNumber
ldap_user_attr_login=samaccountname
#ldap_use_lower_case=false
Mit freundlichen Grüßen
Mathias Kocks
Teamleitung IT-Infrastruktur
Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)
Überörtliche Berufsausübungsgemeinschaft
Medizinisches Versorgungszentrum
Dr. Eberhard & Partner Dortmund
MVZ-Haus 3: Balkenstr. 12-14
44137 Dortmund, Germany
Tel.: +49 231 9572 7158
Fax.: +49 231 9572 18 159
E-Mail: kocks@labmed.de<ma...@labmed.de>
Web: https://www.labmed.de<https://www.labmed.de/>
Von: Rohrbach, Gerald <G....@funkegruppe.de>
Gesendet: Mittwoch, 15. April 2020 18:04
An: user@openmeetings.apache.org
Betreff: AW: Can not use LDAP-Sync with Microsoft Active Directory
Mathias, I don`t think it is fixed really if that are user now.
It should work like this: If a user logs in its checked against AD. Then OM looks if the user is already in DB.
If yes, no new record in db is created.
This is a LDAP maping problem, I had the same. .
Von: Mathias Kocks [mailto:kocks@labmed.de]
Gesendet: Mittwoch, 15. April 2020 17:42
An: user@openmeetings.apache.org<ma...@openmeetings.apache.org>
Betreff: AW: Can not use LDAP-Sync with Microsoft Active Directory
[cid:image001.png@01D61350.EE9175B0]
But the tip from Gerald worked fine. Now it is fixed.
Thanks
Mit freundlichen Grüßen
Mathias Kocks
Teamleitung IT-Infrastruktur
Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)
Überörtliche Berufsausübungsgemeinschaft
Medizinisches Versorgungszentrum
Dr. Eberhard & Partner Dortmund
MVZ-Haus 3: Balkenstr. 12-14
44137 Dortmund, Germany
Tel.: +49 231 9572 7158
Fax.: +49 231 9572 18 159
E-Mail: kocks@labmed.de<ma...@labmed.de>
Web: https://www.labmed.de<https://www.labmed.de/>
Von: Maxim Solodovnik <so...@gmail.com>>
Gesendet: Mittwoch, 15. April 2020 17:36
An: Openmeetings user-list <us...@openmeetings.apache.org>>
Betreff: Re: Can not use LDAP-Sync with Microsoft Active Directory
Do you have additional DB entry on each login?
this shouldn't be possible
(AFAIR I have test to ensure this is impossible)
On Wed, 15 Apr 2020 at 22:32, Rohrbach, Gerald <G....@funkegruppe.de>> wrote:
LDAP Mapping Problem, depends on
ldap_userdn_format=userPrincipalName=%s,CN=Users,DC=mydomain,DC=de
ldap_user_attr_login=sAMAccountName
With debug you can analyse. It depends if users login with userPrinicalName like in our case I use sAMAccountName for storing in db.
Gerald
Von: Mathias Kocks [mailto:kocks@labmed.de<ma...@labmed.de>]
Gesendet: Mittwoch, 15. April 2020 17:19
An: user@openmeetings.apache.org<ma...@openmeetings.apache.org>
Betreff: AW: Can not use LDAP-Sync with Microsoft Active Directory
And another problem:
Every time i log into OpenMeetings, i get a new entry in the user database with login entry null@ourdomain.de<ma...@ourdomain.de>.
Mit freundlichen Grüßen
Mathias Kocks
Teamleitung IT-Infrastruktur
Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)
Überörtliche Berufsausübungsgemeinschaft
Medizinisches Versorgungszentrum
Dr. Eberhard & Partner Dortmund
MVZ-Haus 3: Balkenstr. 12-14
44137 Dortmund, Germany
Tel.: +49 231 9572 7158
Fax.: +49 231 9572 18 159
E-Mail: kocks@labmed.de<ma...@labmed.de>
Web: https://www.labmed.de<https://www.labmed.de/>
Von: Maxim Solodovnik <so...@gmail.com>>
Gesendet: Mittwoch, 15. April 2020 16:58
An: Openmeetings user-list <us...@openmeetings.apache.org>>
Betreff: Re: Can not use LDAP-Sync with Microsoft Active Directory
congrats :)
On Wed, 15 Apr 2020 at 21:53, Rohrbach, Gerald <G....@funkegruppe.de>> wrote:
Under administration you can set the default language to German…
This helped us.
Gerald
Von: Mathias Kocks [mailto:kocks@labmed.de<ma...@labmed.de>]
Gesendet: Mittwoch, 15. April 2020 16:51
An: user@openmeetings.apache.org<ma...@openmeetings.apache.org>
Betreff: AW: Can not use LDAP-Sync with Microsoft Active Directory
Got it.
This configuration runs with our Active Directory:
ldap_server_type=AD
ldap_conn_host=dc2.labmed.de<http://dc2.labmed.de>
ldap_conn_port=389
ldap_conn_secure=false
ldap_admin_dn=CN=Some Username with blanks,OU=User,OU=EDV,OU=labmed,DC=labmed,DC=de
ldap_passwd=SuperSecretPassword
ldap_search_base=DC=labmed,DC=de
ldap_search_query=(userprincipalname=%s)
ldap_search_scope= SUBTREE
ldap_auth_type=SEARCHANDBIND
ldap_deref_mode=never
ldap_userdn_format=%s
ldap_provisionning=AUTOCREATE
ldap_use_admin_to_get_attrs=false
ldap_sync_password_to_om=true
ldap_sync_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_zip=postalCode
ldap_user_attr_country=c
ldap_user_attr_phone=telephoneNumber
#ldap_use_lower_case=false
The only thing that bothers me is, that we do not have an flag for language in our AD, so every new user in OpenMeetings is english by default...
Mit freundlichen Grüßen
Mathias Kocks
Teamleitung IT-Infrastruktur
Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)
Überörtliche Berufsausübungsgemeinschaft
Medizinisches Versorgungszentrum
Dr. Eberhard & Partner Dortmund
MVZ-Haus 3: Balkenstr. 12-14
44137 Dortmund, Germany
Tel.: +49 231 9572 7158
Fax.: +49 231 9572 18 159
E-Mail: kocks@labmed.de<ma...@labmed.de>
Web: https://www.labmed.de<https://www.labmed.de/>
Von: Maxim Solodovnik <so...@gmail.com>>
Gesendet: Mittwoch, 15. April 2020 16:28
An: Openmeetings user-list <us...@openmeetings.apache.org>>
Betreff: Re: Can not use LDAP-Sync with Microsoft Active Directory
will answer here
`%s` mean put passed parameter to this place as string
full options are here https://docs.oracle.com/javase/7/docs/api/java/util/Formatter.html
On Wed, 15 Apr 2020 at 19:37, Rohrbach, Gerald <G....@funkegruppe.de>> wrote:
This is working….
I would not use an DomainAdmin account for query. It can be a simple restricted user…
Maxim pointed already to a link, the debug mode is helpful…
ldap_conn_host=DESVR-AD01.mydomain.de<http://DESVR-AD01.mydomain.de>
ldap_conn_port=389
ldap_conn_secure=false
ldap_admin_dn=CN=ldapopenmeetings,OU=Users-Service-Accounts,DC=mydomain,DC=de
ldap_passwd=#password#
ldap_search_base=DC=mydomain,DC=de
ldap_search_query=(userPrincipalName=%s)
ldap_search_scope=SUBTREE
ldap_auth_type=SEARCHANDBIND
ldap_userdn_format=userPrincipalName=%s,CN=Users,DC=mydomain,DC=de
ldap_provisionning=AUTOCREATE
ldap_deref_mode=always
ldap_use_admin_to_get_attrs=true
ldap_sync_password_to_om=true
ldap_group_mode=NONE
ldap_group_query=(&(memberUid=%s)(objectClass=posixGroup))
# Ldap user attributes mapping
# Set the following internal OM user attributes to their corresponding Ldap-attribute
ldap_user_attr_login=sAMAccountName
ldap_user_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=streetAddress
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=c
ldap_user_attr_town=l
ldap_user_attr_phone=telephoneNumber
ldap_group_attr=memberOf
ldap_use_lower_case=false
# Ldap import query, this query should retrieve all LDAP users
ldap_import_query=(objectClass=inetOrgPerson)
Dortmund is not far away…
Regards
Gerald
Von: Mathias Kocks [mailto:kocks@labmed.de<ma...@labmed.de>]
Gesendet: Mittwoch, 15. April 2020 14:06
An: user@openmeetings.apache.org<ma...@openmeetings.apache.org>
Betreff: Can not use LDAP-Sync with Microsoft Active Directory
Hello,
i am new to this project and a have a problem with the LDAP-Sync. I even can not find any good documentations...
My problem is, that slapd does not find any user in my AD. I am not even shure, if it is searching for real. I found in the mailing list archive some example configs, but they does not work for me.
I found this one:
#LDAP URL
ldap_conn_host=LDAP_server.Company.com<http://LDAP_server.Company.com>
ldap_conn_port=636
ldap_conn_secure=true
# Login distinguished name (DN) for Authentication on LDAP Server
# Use full qualified LDAP DN
ldap_admin_dn=CN=ldapauth,OU=Users,DC=Company,DC=com
# Loginpass for Authentication on LDAP Server
ldap_passwd=ldapauthpasswd
# base to search for userdata(of user, that wants to login)
ldap_search_base=OU=Users,DC=Company,DC=com
#ldap_search_base=DC=Company,DC=com
# Fieldnames (can differ between Ldap servers)
ldap_search_query=(&(objectCategory=person)(objectClass=person)(sAMAccountName=%1$s))
#ldap_search_query=(sAMAccountName=%s)
#ldap_search_query=(CN=%s)
# the scope of the search might be: OBJECT, ONELEVEL, SUBTREE
ldap_search_scope=SUBTREE
# Ldap auth type(NONE, SEARCHANDBIND, SIMPLEBIND)
ldap_auth_type=SEARCHANDBIND
# userDN format, will be used to bind if ldap_auth_type=SIMPLEBIND
ldap_userdn_format=sAMAccountName=%s,OU=Users,DC=beuth-hochschule.de<http://beuth-hochschule.de>,DC=com
#ldap_userdn_format=sAMAccountName=%s,DC=Company,DC=com
#ldap_userdn_format=CN=%s,OU=Users,DC=Company,DC=com
#ldap_userdn_format=CN=%s,DC=Company,DC=com
# Ldap-password synchronization to OM DB
ldap_sync_password_to_om=false
# Ldap user attributes mapping
# Set the following internal OM user attributes to their corresponding
Ldap-attribute
ldap_user_attr_lastname=sn
But even after i changed it to my AD and tried several changes, no users were found.
My actual config:
ldap_server_type=AD
ldap_conn_host=dc2.labmed.de<http://dc2.labmed.de>
ldap_conn_port=389
ldap_conn_secure=false
ldap_admin_dn=CN=Administrator,CN=Users,DC=labmed,DC=de
ldap_passwd=SuperSecretPassword
ldap_search_base=OU=labmed,DC=labmed,DC=de
#ldap_search_query=(&(objectCategory=*)(objectClass=*)(sAMAccountName=%s))
ldap_search_query=(sAMAccountName=%s)
ldap_search_scope= SUBTREE
ldap_auth_type=SEARCHANDBIND
ldap_deref_mode=never
ldap_userdn_format=sAMAccountName=%s,DC=labmed,DC=de
ldap_provisionning=NONE
ldap_use_admin_to_get_attrs=true
ldap_sync_password_to_om=false
ldap_sync_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=streetAddress
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=co
ldap_user_attr_town=l
ldap_user_attr_phone=telephoneNumber
ldap_use_lower_case=false
It is the second day by now were i am bursting by happyness....
Mit freundlichen Grüßen
Mathias Kocks
Teamleitung IT-Infrastruktur
Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)
Überörtliche Berufsausübungsgemeinschaft
Medizinisches Versorgungszentrum
Dr. Eberhard & Partner Dortmund
MVZ-Haus 3: Balkenstr. 12-14
44137 Dortmund, Germany
Tel.: +49 231 9572 7158
Fax.: +49 231 9572 18 159
E-Mail: kocks@labmed.de<ma...@labmed.de>
Web: https://www.labmed.de<https://www.labmed.de/>
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
AW: Can not use LDAP-Sync with Microsoft Active Directory
Posted by "Rohrbach, Gerald" <G....@funkegruppe.de>.
Mathias, I don`t think it is fixed really if that are user now.
It should work like this: If a user logs in its checked against AD. Then OM looks if the user is already in DB.
If yes, no new record in db is created.
This is a LDAP maping problem, I had the same. .
Von: Mathias Kocks [mailto:kocks@labmed.de]
Gesendet: Mittwoch, 15. April 2020 17:42
An: user@openmeetings.apache.org
Betreff: AW: Can not use LDAP-Sync with Microsoft Active Directory
[cid:image001.png@01D61350.306EFDA0]
But the tip from Gerald worked fine. Now it is fixed.
Thanks
Mit freundlichen Grüßen
Mathias Kocks
Teamleitung IT-Infrastruktur
Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)
Überörtliche Berufsausübungsgemeinschaft
Medizinisches Versorgungszentrum
Dr. Eberhard & Partner Dortmund
MVZ-Haus 3: Balkenstr. 12-14
44137 Dortmund, Germany
Tel.: +49 231 9572 7158
Fax.: +49 231 9572 18 159
E-Mail: kocks@labmed.de<ma...@labmed.de>
Web: https://www.labmed.de<https://www.labmed.de/>
Von: Maxim Solodovnik <so...@gmail.com>>
Gesendet: Mittwoch, 15. April 2020 17:36
An: Openmeetings user-list <us...@openmeetings.apache.org>>
Betreff: Re: Can not use LDAP-Sync with Microsoft Active Directory
Do you have additional DB entry on each login?
this shouldn't be possible
(AFAIR I have test to ensure this is impossible)
On Wed, 15 Apr 2020 at 22:32, Rohrbach, Gerald <G....@funkegruppe.de>> wrote:
LDAP Mapping Problem, depends on
ldap_userdn_format=userPrincipalName=%s,CN=Users,DC=mydomain,DC=de
ldap_user_attr_login=sAMAccountName
With debug you can analyse. It depends if users login with userPrinicalName like in our case I use sAMAccountName for storing in db.
Gerald
Von: Mathias Kocks [mailto:kocks@labmed.de<ma...@labmed.de>]
Gesendet: Mittwoch, 15. April 2020 17:19
An: user@openmeetings.apache.org<ma...@openmeetings.apache.org>
Betreff: AW: Can not use LDAP-Sync with Microsoft Active Directory
And another problem:
Every time i log into OpenMeetings, i get a new entry in the user database with login entry null@ourdomain.de<ma...@ourdomain.de>.
Mit freundlichen Grüßen
Mathias Kocks
Teamleitung IT-Infrastruktur
Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)
Überörtliche Berufsausübungsgemeinschaft
Medizinisches Versorgungszentrum
Dr. Eberhard & Partner Dortmund
MVZ-Haus 3: Balkenstr. 12-14
44137 Dortmund, Germany
Tel.: +49 231 9572 7158
Fax.: +49 231 9572 18 159
E-Mail: kocks@labmed.de<ma...@labmed.de>
Web: https://www.labmed.de<https://www.labmed.de/>
Von: Maxim Solodovnik <so...@gmail.com>>
Gesendet: Mittwoch, 15. April 2020 16:58
An: Openmeetings user-list <us...@openmeetings.apache.org>>
Betreff: Re: Can not use LDAP-Sync with Microsoft Active Directory
congrats :)
On Wed, 15 Apr 2020 at 21:53, Rohrbach, Gerald <G....@funkegruppe.de>> wrote:
Under administration you can set the default language to German…
This helped us.
Gerald
Von: Mathias Kocks [mailto:kocks@labmed.de<ma...@labmed.de>]
Gesendet: Mittwoch, 15. April 2020 16:51
An: user@openmeetings.apache.org<ma...@openmeetings.apache.org>
Betreff: AW: Can not use LDAP-Sync with Microsoft Active Directory
Got it.
This configuration runs with our Active Directory:
ldap_server_type=AD
ldap_conn_host=dc2.labmed.de<http://dc2.labmed.de>
ldap_conn_port=389
ldap_conn_secure=false
ldap_admin_dn=CN=Some Username with blanks,OU=User,OU=EDV,OU=labmed,DC=labmed,DC=de
ldap_passwd=SuperSecretPassword
ldap_search_base=DC=labmed,DC=de
ldap_search_query=(userprincipalname=%s)
ldap_search_scope= SUBTREE
ldap_auth_type=SEARCHANDBIND
ldap_deref_mode=never
ldap_userdn_format=%s
ldap_provisionning=AUTOCREATE
ldap_use_admin_to_get_attrs=false
ldap_sync_password_to_om=true
ldap_sync_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_zip=postalCode
ldap_user_attr_country=c
ldap_user_attr_phone=telephoneNumber
#ldap_use_lower_case=false
The only thing that bothers me is, that we do not have an flag for language in our AD, so every new user in OpenMeetings is english by default...
Mit freundlichen Grüßen
Mathias Kocks
Teamleitung IT-Infrastruktur
Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)
Überörtliche Berufsausübungsgemeinschaft
Medizinisches Versorgungszentrum
Dr. Eberhard & Partner Dortmund
MVZ-Haus 3: Balkenstr. 12-14
44137 Dortmund, Germany
Tel.: +49 231 9572 7158
Fax.: +49 231 9572 18 159
E-Mail: kocks@labmed.de<ma...@labmed.de>
Web: https://www.labmed.de<https://www.labmed.de/>
Von: Maxim Solodovnik <so...@gmail.com>>
Gesendet: Mittwoch, 15. April 2020 16:28
An: Openmeetings user-list <us...@openmeetings.apache.org>>
Betreff: Re: Can not use LDAP-Sync with Microsoft Active Directory
will answer here
`%s` mean put passed parameter to this place as string
full options are here https://docs.oracle.com/javase/7/docs/api/java/util/Formatter.html
On Wed, 15 Apr 2020 at 19:37, Rohrbach, Gerald <G....@funkegruppe.de>> wrote:
This is working….
I would not use an DomainAdmin account for query. It can be a simple restricted user…
Maxim pointed already to a link, the debug mode is helpful…
ldap_conn_host=DESVR-AD01.mydomain.de<http://DESVR-AD01.mydomain.de>
ldap_conn_port=389
ldap_conn_secure=false
ldap_admin_dn=CN=ldapopenmeetings,OU=Users-Service-Accounts,DC=mydomain,DC=de
ldap_passwd=#password#
ldap_search_base=DC=mydomain,DC=de
ldap_search_query=(userPrincipalName=%s)
ldap_search_scope=SUBTREE
ldap_auth_type=SEARCHANDBIND
ldap_userdn_format=userPrincipalName=%s,CN=Users,DC=mydomain,DC=de
ldap_provisionning=AUTOCREATE
ldap_deref_mode=always
ldap_use_admin_to_get_attrs=true
ldap_sync_password_to_om=true
ldap_group_mode=NONE
ldap_group_query=(&(memberUid=%s)(objectClass=posixGroup))
# Ldap user attributes mapping
# Set the following internal OM user attributes to their corresponding Ldap-attribute
ldap_user_attr_login=sAMAccountName
ldap_user_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=streetAddress
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=c
ldap_user_attr_town=l
ldap_user_attr_phone=telephoneNumber
ldap_group_attr=memberOf
ldap_use_lower_case=false
# Ldap import query, this query should retrieve all LDAP users
ldap_import_query=(objectClass=inetOrgPerson)
Dortmund is not far away…
Regards
Gerald
Von: Mathias Kocks [mailto:kocks@labmed.de<ma...@labmed.de>]
Gesendet: Mittwoch, 15. April 2020 14:06
An: user@openmeetings.apache.org<ma...@openmeetings.apache.org>
Betreff: Can not use LDAP-Sync with Microsoft Active Directory
Hello,
i am new to this project and a have a problem with the LDAP-Sync. I even can not find any good documentations...
My problem is, that slapd does not find any user in my AD. I am not even shure, if it is searching for real. I found in the mailing list archive some example configs, but they does not work for me.
I found this one:
#LDAP URL
ldap_conn_host=LDAP_server.Company.com<http://LDAP_server.Company.com>
ldap_conn_port=636
ldap_conn_secure=true
# Login distinguished name (DN) for Authentication on LDAP Server
# Use full qualified LDAP DN
ldap_admin_dn=CN=ldapauth,OU=Users,DC=Company,DC=com
# Loginpass for Authentication on LDAP Server
ldap_passwd=ldapauthpasswd
# base to search for userdata(of user, that wants to login)
ldap_search_base=OU=Users,DC=Company,DC=com
#ldap_search_base=DC=Company,DC=com
# Fieldnames (can differ between Ldap servers)
ldap_search_query=(&(objectCategory=person)(objectClass=person)(sAMAccountName=%1$s))
#ldap_search_query=(sAMAccountName=%s)
#ldap_search_query=(CN=%s)
# the scope of the search might be: OBJECT, ONELEVEL, SUBTREE
ldap_search_scope=SUBTREE
# Ldap auth type(NONE, SEARCHANDBIND, SIMPLEBIND)
ldap_auth_type=SEARCHANDBIND
# userDN format, will be used to bind if ldap_auth_type=SIMPLEBIND
ldap_userdn_format=sAMAccountName=%s,OU=Users,DC=beuth-hochschule.de<http://beuth-hochschule.de>,DC=com
#ldap_userdn_format=sAMAccountName=%s,DC=Company,DC=com
#ldap_userdn_format=CN=%s,OU=Users,DC=Company,DC=com
#ldap_userdn_format=CN=%s,DC=Company,DC=com
# Ldap-password synchronization to OM DB
ldap_sync_password_to_om=false
# Ldap user attributes mapping
# Set the following internal OM user attributes to their corresponding
Ldap-attribute
ldap_user_attr_lastname=sn
But even after i changed it to my AD and tried several changes, no users were found.
My actual config:
ldap_server_type=AD
ldap_conn_host=dc2.labmed.de<http://dc2.labmed.de>
ldap_conn_port=389
ldap_conn_secure=false
ldap_admin_dn=CN=Administrator,CN=Users,DC=labmed,DC=de
ldap_passwd=SuperSecretPassword
ldap_search_base=OU=labmed,DC=labmed,DC=de
#ldap_search_query=(&(objectCategory=*)(objectClass=*)(sAMAccountName=%s))
ldap_search_query=(sAMAccountName=%s)
ldap_search_scope= SUBTREE
ldap_auth_type=SEARCHANDBIND
ldap_deref_mode=never
ldap_userdn_format=sAMAccountName=%s,DC=labmed,DC=de
ldap_provisionning=NONE
ldap_use_admin_to_get_attrs=true
ldap_sync_password_to_om=false
ldap_sync_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=streetAddress
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=co
ldap_user_attr_town=l
ldap_user_attr_phone=telephoneNumber
ldap_use_lower_case=false
It is the second day by now were i am bursting by happyness....
Mit freundlichen Grüßen
Mathias Kocks
Teamleitung IT-Infrastruktur
Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)
Überörtliche Berufsausübungsgemeinschaft
Medizinisches Versorgungszentrum
Dr. Eberhard & Partner Dortmund
MVZ-Haus 3: Balkenstr. 12-14
44137 Dortmund, Germany
Tel.: +49 231 9572 7158
Fax.: +49 231 9572 18 159
E-Mail: kocks@labmed.de<ma...@labmed.de>
Web: https://www.labmed.de<https://www.labmed.de/>
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
AW: Can not use LDAP-Sync with Microsoft Active Directory
Posted by Mathias Kocks <ko...@labmed.de>.
[cid:image001.png@01D6134D.397F1E50]
But the tip from Gerald worked fine. Now it is fixed.
Thanks
Mit freundlichen Grüßen
Mathias Kocks
Teamleitung IT-Infrastruktur
Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)
Überörtliche Berufsausübungsgemeinschaft
Medizinisches Versorgungszentrum
Dr. Eberhard & Partner Dortmund
MVZ-Haus 3: Balkenstr. 12-14
44137 Dortmund, Germany
Tel.: +49 231 9572 7158
Fax.: +49 231 9572 18 159
E-Mail: kocks@labmed.de<ma...@labmed.de>
Web: https://www.labmed.de<https://www.labmed.de/>
Von: Maxim Solodovnik <so...@gmail.com>
Gesendet: Mittwoch, 15. April 2020 17:36
An: Openmeetings user-list <us...@openmeetings.apache.org>
Betreff: Re: Can not use LDAP-Sync with Microsoft Active Directory
Do you have additional DB entry on each login?
this shouldn't be possible
(AFAIR I have test to ensure this is impossible)
On Wed, 15 Apr 2020 at 22:32, Rohrbach, Gerald <G....@funkegruppe.de>> wrote:
LDAP Mapping Problem, depends on
ldap_userdn_format=userPrincipalName=%s,CN=Users,DC=mydomain,DC=de
ldap_user_attr_login=sAMAccountName
With debug you can analyse. It depends if users login with userPrinicalName like in our case I use sAMAccountName for storing in db.
Gerald
Von: Mathias Kocks [mailto:kocks@labmed.de<ma...@labmed.de>]
Gesendet: Mittwoch, 15. April 2020 17:19
An: user@openmeetings.apache.org<ma...@openmeetings.apache.org>
Betreff: AW: Can not use LDAP-Sync with Microsoft Active Directory
And another problem:
Every time i log into OpenMeetings, i get a new entry in the user database with login entry null@ourdomain.de<ma...@ourdomain.de>.
Mit freundlichen Grüßen
Mathias Kocks
Teamleitung IT-Infrastruktur
Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)
Überörtliche Berufsausübungsgemeinschaft
Medizinisches Versorgungszentrum
Dr. Eberhard & Partner Dortmund
MVZ-Haus 3: Balkenstr. 12-14
44137 Dortmund, Germany
Tel.: +49 231 9572 7158
Fax.: +49 231 9572 18 159
E-Mail: kocks@labmed.de<ma...@labmed.de>
Web: https://www.labmed.de<https://www.labmed.de/>
Von: Maxim Solodovnik <so...@gmail.com>>
Gesendet: Mittwoch, 15. April 2020 16:58
An: Openmeetings user-list <us...@openmeetings.apache.org>>
Betreff: Re: Can not use LDAP-Sync with Microsoft Active Directory
congrats :)
On Wed, 15 Apr 2020 at 21:53, Rohrbach, Gerald <G....@funkegruppe.de>> wrote:
Under administration you can set the default language to German…
This helped us.
Gerald
Von: Mathias Kocks [mailto:kocks@labmed.de<ma...@labmed.de>]
Gesendet: Mittwoch, 15. April 2020 16:51
An: user@openmeetings.apache.org<ma...@openmeetings.apache.org>
Betreff: AW: Can not use LDAP-Sync with Microsoft Active Directory
Got it.
This configuration runs with our Active Directory:
ldap_server_type=AD
ldap_conn_host=dc2.labmed.de<http://dc2.labmed.de>
ldap_conn_port=389
ldap_conn_secure=false
ldap_admin_dn=CN=Some Username with blanks,OU=User,OU=EDV,OU=labmed,DC=labmed,DC=de
ldap_passwd=SuperSecretPassword
ldap_search_base=DC=labmed,DC=de
ldap_search_query=(userprincipalname=%s)
ldap_search_scope= SUBTREE
ldap_auth_type=SEARCHANDBIND
ldap_deref_mode=never
ldap_userdn_format=%s
ldap_provisionning=AUTOCREATE
ldap_use_admin_to_get_attrs=false
ldap_sync_password_to_om=true
ldap_sync_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_zip=postalCode
ldap_user_attr_country=c
ldap_user_attr_phone=telephoneNumber
#ldap_use_lower_case=false
The only thing that bothers me is, that we do not have an flag for language in our AD, so every new user in OpenMeetings is english by default...
Mit freundlichen Grüßen
Mathias Kocks
Teamleitung IT-Infrastruktur
Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)
Überörtliche Berufsausübungsgemeinschaft
Medizinisches Versorgungszentrum
Dr. Eberhard & Partner Dortmund
MVZ-Haus 3: Balkenstr. 12-14
44137 Dortmund, Germany
Tel.: +49 231 9572 7158
Fax.: +49 231 9572 18 159
E-Mail: kocks@labmed.de<ma...@labmed.de>
Web: https://www.labmed.de<https://www.labmed.de/>
Von: Maxim Solodovnik <so...@gmail.com>>
Gesendet: Mittwoch, 15. April 2020 16:28
An: Openmeetings user-list <us...@openmeetings.apache.org>>
Betreff: Re: Can not use LDAP-Sync with Microsoft Active Directory
will answer here
`%s` mean put passed parameter to this place as string
full options are here https://docs.oracle.com/javase/7/docs/api/java/util/Formatter.html
On Wed, 15 Apr 2020 at 19:37, Rohrbach, Gerald <G....@funkegruppe.de>> wrote:
This is working….
I would not use an DomainAdmin account for query. It can be a simple restricted user…
Maxim pointed already to a link, the debug mode is helpful…
ldap_conn_host=DESVR-AD01.mydomain.de<http://DESVR-AD01.mydomain.de>
ldap_conn_port=389
ldap_conn_secure=false
ldap_admin_dn=CN=ldapopenmeetings,OU=Users-Service-Accounts,DC=mydomain,DC=de
ldap_passwd=#password#
ldap_search_base=DC=mydomain,DC=de
ldap_search_query=(userPrincipalName=%s)
ldap_search_scope=SUBTREE
ldap_auth_type=SEARCHANDBIND
ldap_userdn_format=userPrincipalName=%s,CN=Users,DC=mydomain,DC=de
ldap_provisionning=AUTOCREATE
ldap_deref_mode=always
ldap_use_admin_to_get_attrs=true
ldap_sync_password_to_om=true
ldap_group_mode=NONE
ldap_group_query=(&(memberUid=%s)(objectClass=posixGroup))
# Ldap user attributes mapping
# Set the following internal OM user attributes to their corresponding Ldap-attribute
ldap_user_attr_login=sAMAccountName
ldap_user_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=streetAddress
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=c
ldap_user_attr_town=l
ldap_user_attr_phone=telephoneNumber
ldap_group_attr=memberOf
ldap_use_lower_case=false
# Ldap import query, this query should retrieve all LDAP users
ldap_import_query=(objectClass=inetOrgPerson)
Dortmund is not far away…
Regards
Gerald
Von: Mathias Kocks [mailto:kocks@labmed.de<ma...@labmed.de>]
Gesendet: Mittwoch, 15. April 2020 14:06
An: user@openmeetings.apache.org<ma...@openmeetings.apache.org>
Betreff: Can not use LDAP-Sync with Microsoft Active Directory
Hello,
i am new to this project and a have a problem with the LDAP-Sync. I even can not find any good documentations...
My problem is, that slapd does not find any user in my AD. I am not even shure, if it is searching for real. I found in the mailing list archive some example configs, but they does not work for me.
I found this one:
#LDAP URL
ldap_conn_host=LDAP_server.Company.com<http://LDAP_server.Company.com>
ldap_conn_port=636
ldap_conn_secure=true
# Login distinguished name (DN) for Authentication on LDAP Server
# Use full qualified LDAP DN
ldap_admin_dn=CN=ldapauth,OU=Users,DC=Company,DC=com
# Loginpass for Authentication on LDAP Server
ldap_passwd=ldapauthpasswd
# base to search for userdata(of user, that wants to login)
ldap_search_base=OU=Users,DC=Company,DC=com
#ldap_search_base=DC=Company,DC=com
# Fieldnames (can differ between Ldap servers)
ldap_search_query=(&(objectCategory=person)(objectClass=person)(sAMAccountName=%1$s))
#ldap_search_query=(sAMAccountName=%s)
#ldap_search_query=(CN=%s)
# the scope of the search might be: OBJECT, ONELEVEL, SUBTREE
ldap_search_scope=SUBTREE
# Ldap auth type(NONE, SEARCHANDBIND, SIMPLEBIND)
ldap_auth_type=SEARCHANDBIND
# userDN format, will be used to bind if ldap_auth_type=SIMPLEBIND
ldap_userdn_format=sAMAccountName=%s,OU=Users,DC=beuth-hochschule.de<http://beuth-hochschule.de>,DC=com
#ldap_userdn_format=sAMAccountName=%s,DC=Company,DC=com
#ldap_userdn_format=CN=%s,OU=Users,DC=Company,DC=com
#ldap_userdn_format=CN=%s,DC=Company,DC=com
# Ldap-password synchronization to OM DB
ldap_sync_password_to_om=false
# Ldap user attributes mapping
# Set the following internal OM user attributes to their corresponding
Ldap-attribute
ldap_user_attr_lastname=sn
But even after i changed it to my AD and tried several changes, no users were found.
My actual config:
ldap_server_type=AD
ldap_conn_host=dc2.labmed.de<http://dc2.labmed.de>
ldap_conn_port=389
ldap_conn_secure=false
ldap_admin_dn=CN=Administrator,CN=Users,DC=labmed,DC=de
ldap_passwd=SuperSecretPassword
ldap_search_base=OU=labmed,DC=labmed,DC=de
#ldap_search_query=(&(objectCategory=*)(objectClass=*)(sAMAccountName=%s))
ldap_search_query=(sAMAccountName=%s)
ldap_search_scope= SUBTREE
ldap_auth_type=SEARCHANDBIND
ldap_deref_mode=never
ldap_userdn_format=sAMAccountName=%s,DC=labmed,DC=de
ldap_provisionning=NONE
ldap_use_admin_to_get_attrs=true
ldap_sync_password_to_om=false
ldap_sync_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=streetAddress
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=co
ldap_user_attr_town=l
ldap_user_attr_phone=telephoneNumber
ldap_use_lower_case=false
It is the second day by now were i am bursting by happyness....
Mit freundlichen Grüßen
Mathias Kocks
Teamleitung IT-Infrastruktur
Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)
Überörtliche Berufsausübungsgemeinschaft
Medizinisches Versorgungszentrum
Dr. Eberhard & Partner Dortmund
MVZ-Haus 3: Balkenstr. 12-14
44137 Dortmund, Germany
Tel.: +49 231 9572 7158
Fax.: +49 231 9572 18 159
E-Mail: kocks@labmed.de<ma...@labmed.de>
Web: https://www.labmed.de<https://www.labmed.de/>
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
Re: Can not use LDAP-Sync with Microsoft Active Directory
Posted by Maxim Solodovnik <so...@gmail.com>.
Do you have additional DB entry on each login?
this shouldn't be possible
(AFAIR I have test to ensure this is impossible)
On Wed, 15 Apr 2020 at 22:32, Rohrbach, Gerald <G....@funkegruppe.de>
wrote:
> LDAP Mapping Problem, depends on
>
> ldap_userdn_format=userPrincipalName=%s,CN=Users,DC=mydomain,DC=de
>
>
>
> ldap_user_attr_login=sAMAccountName
>
>
>
> With debug you can analyse. It depends if users login with
> userPrinicalName like in our case I use sAMAccountName for storing in db.
>
>
>
>
>
> Gerald
>
>
>
> *Von:* Mathias Kocks [mailto:kocks@labmed.de]
> *Gesendet:* Mittwoch, 15. April 2020 17:19
> *An:* user@openmeetings.apache.org
> *Betreff:* AW: Can not use LDAP-Sync with Microsoft Active Directory
>
>
>
> And another problem:
>
> Every time i log into OpenMeetings, i get a new entry in the user database
> with login entry null@ourdomain.de.
>
>
>
> Mit freundlichen Grüßen
>
>
>
> *Mathias Kocks*
>
> *Teamleitung IT-Infrastruktur*
>
> *Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)*
>
>
>
> Überörtliche Berufsausübungsgemeinschaft
>
> *Medizinisches Versorgungszentrum*
>
> *Dr. Eberhard & Partner Dortmund*
>
> MVZ-Haus 3: Balkenstr. 12-14
>
> 44137 Dortmund, Germany
>
>
>
> Tel.: +49 231 9572 7158
>
> Fax.: +49 231 9572 18 159
>
> E-Mail: kocks@labmed.de
>
> Web: https://www.labmed.de
>
>
>
> *Von:* Maxim Solodovnik <so...@gmail.com>
> *Gesendet:* Mittwoch, 15. April 2020 16:58
> *An:* Openmeetings user-list <us...@openmeetings.apache.org>
> *Betreff:* Re: Can not use LDAP-Sync with Microsoft Active Directory
>
>
>
> congrats :)
>
>
>
> On Wed, 15 Apr 2020 at 21:53, Rohrbach, Gerald <G....@funkegruppe.de>
> wrote:
>
> Under administration you can set the default language to German…
>
> This helped us.
>
>
>
> Gerald
>
>
>
> *Von:* Mathias Kocks [mailto:kocks@labmed.de]
> *Gesendet:* Mittwoch, 15. April 2020 16:51
> *An:* user@openmeetings.apache.org
> *Betreff:* AW: Can not use LDAP-Sync with Microsoft Active Directory
>
>
>
> Got it.
>
>
>
> This configuration runs with our Active Directory:
>
>
>
> ldap_server_type=AD
>
> ldap_conn_host=dc2.labmed.de
>
> ldap_conn_port=389
>
> ldap_conn_secure=false
>
> ldap_admin_dn=CN=Some Username with
> blanks,OU=User,OU=EDV,OU=labmed,DC=labmed,DC=de
>
> ldap_passwd=SuperSecretPassword
>
> ldap_search_base=DC=labmed,DC=de
>
> ldap_search_query=(userprincipalname=%s)
>
> ldap_search_scope= SUBTREE
>
> ldap_auth_type=SEARCHANDBIND
>
> ldap_deref_mode=never
>
> ldap_userdn_format=%s
>
> ldap_provisionning=AUTOCREATE
>
> ldap_use_admin_to_get_attrs=false
>
>
>
> ldap_sync_password_to_om=true
>
> ldap_sync_attr_lastname=sn
>
> ldap_user_attr_firstname=givenName
>
> ldap_user_attr_mail=mail
>
> ldap_user_attr_zip=postalCode
>
> ldap_user_attr_country=c
>
> ldap_user_attr_phone=telephoneNumber
>
> #ldap_use_lower_case=false
>
>
>
>
>
>
>
> The only thing that bothers me is, that we do not have an flag for
> language in our AD, so every new user in OpenMeetings is english by
> default...
>
>
>
>
>
>
>
>
>
>
>
> Mit freundlichen Grüßen
>
>
>
> *Mathias Kocks*
>
> *Teamleitung IT-Infrastruktur*
>
> *Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)*
>
>
>
> Überörtliche Berufsausübungsgemeinschaft
>
> *Medizinisches Versorgungszentrum*
>
> *Dr. Eberhard & Partner Dortmund*
>
> MVZ-Haus 3: Balkenstr. 12-14
>
> 44137 Dortmund, Germany
>
>
>
> Tel.: +49 231 9572 7158
>
> Fax.: +49 231 9572 18 159
>
> E-Mail: kocks@labmed.de
>
> Web: https://www.labmed.de
>
>
>
> *Von:* Maxim Solodovnik <so...@gmail.com>
> *Gesendet:* Mittwoch, 15. April 2020 16:28
> *An:* Openmeetings user-list <us...@openmeetings.apache.org>
> *Betreff:* Re: Can not use LDAP-Sync with Microsoft Active Directory
>
>
>
> will answer here
>
>
>
> `%s` mean put passed parameter to this place as string
>
> full options are here
> https://docs.oracle.com/javase/7/docs/api/java/util/Formatter.html
>
>
>
> On Wed, 15 Apr 2020 at 19:37, Rohrbach, Gerald <G....@funkegruppe.de>
> wrote:
>
> This is working….
>
> I would not use an DomainAdmin account for query. It can be a simple
> restricted user…
>
>
>
> Maxim pointed already to a link, the debug mode is helpful…
>
>
>
>
>
> ldap_conn_host=DESVR-AD01.mydomain.de
>
> ldap_conn_port=389
>
> ldap_conn_secure=false
>
>
>
>
> ldap_admin_dn=CN=ldapopenmeetings,OU=Users-Service-Accounts,DC=mydomain,DC=de
>
>
>
> ldap_passwd=#password#
>
> ldap_search_base=DC=mydomain,DC=de
>
>
>
> ldap_search_query=(userPrincipalName=%s)
>
>
>
> ldap_search_scope=SUBTREE
>
>
>
> ldap_auth_type=SEARCHANDBIND
>
>
>
> ldap_userdn_format=userPrincipalName=%s,CN=Users,DC=mydomain,DC=de
>
>
>
> ldap_provisionning=AUTOCREATE
>
>
>
> ldap_deref_mode=always
>
>
>
> ldap_use_admin_to_get_attrs=true
>
> ldap_sync_password_to_om=true
>
>
>
> ldap_group_mode=NONE
>
>
>
> ldap_group_query=(&(memberUid=%s)(objectClass=posixGroup))
>
>
>
> # Ldap user attributes mapping
>
> # Set the following internal OM user attributes to their corresponding
> Ldap-attribute
>
> ldap_user_attr_login=sAMAccountName
>
> ldap_user_attr_lastname=sn
>
> ldap_user_attr_firstname=givenName
>
> ldap_user_attr_mail=mail
>
> ldap_user_attr_street=streetAddress
>
> ldap_user_attr_additionalname=description
>
> ldap_user_attr_fax=facsimileTelephoneNumber
>
> ldap_user_attr_zip=postalCode
>
> ldap_user_attr_country=c
>
> ldap_user_attr_town=l
>
> ldap_user_attr_phone=telephoneNumber
>
>
>
> ldap_group_attr=memberOf
>
>
>
>
>
> ldap_use_lower_case=false
>
>
>
> # Ldap import query, this query should retrieve all LDAP users
>
> ldap_import_query=(objectClass=inetOrgPerson)
>
>
>
> Dortmund is not far away…
>
>
>
> Regards
>
>
>
> Gerald
>
>
>
> *Von:* Mathias Kocks [mailto:kocks@labmed.de]
> *Gesendet:* Mittwoch, 15. April 2020 14:06
> *An:* user@openmeetings.apache.org
> *Betreff:* Can not use LDAP-Sync with Microsoft Active Directory
>
>
>
> Hello,
>
> i am new to this project and a have a problem with the LDAP-Sync. I even
> can not find any good documentations...
>
>
>
> My problem is, that slapd does not find any user in my AD. I am not even
> shure, if it is searching for real. I found in the mailing list archive
> some example configs, but they does not work for me.
>
> I found this one:
>
>
>
> #LDAP URL
>
> ldap_conn_host=LDAP_server.Company.com
>
> ldap_conn_port=636
>
> ldap_conn_secure=true
>
>
>
> # Login distinguished name (DN) for Authentication on LDAP Server
>
> # Use full qualified LDAP DN
>
> ldap_admin_dn=CN=ldapauth,OU=Users,DC=Company,DC=com
>
>
>
> # Loginpass for Authentication on LDAP Server
>
> ldap_passwd=ldapauthpasswd
>
>
>
> # base to search for userdata(of user, that wants to login)
>
> ldap_search_base=OU=Users,DC=Company,DC=com
>
> #ldap_search_base=DC=Company,DC=com
>
>
>
> # Fieldnames (can differ between Ldap servers)
>
>
> ldap_search_query=(&(objectCategory=person)(objectClass=person)(sAMAccountName=%1$s))
>
> #ldap_search_query=(sAMAccountName=%s)
>
> #ldap_search_query=(CN=%s)
>
>
>
> # the scope of the search might be: OBJECT, ONELEVEL, SUBTREE
>
> ldap_search_scope=SUBTREE
>
>
>
> # Ldap auth type(NONE, SEARCHANDBIND, SIMPLEBIND)
>
> ldap_auth_type=SEARCHANDBIND
>
>
>
> # userDN format, will be used to bind if ldap_auth_type=SIMPLEBIND
>
> ldap_userdn_format=sAMAccountName=%s,OU=Users,DC=beuth-hochschule.de
> ,DC=com
>
> #ldap_userdn_format=sAMAccountName=%s,DC=Company,DC=com
>
> #ldap_userdn_format=CN=%s,OU=Users,DC=Company,DC=com
>
> #ldap_userdn_format=CN=%s,DC=Company,DC=com
>
>
>
> # Ldap-password synchronization to OM DB
>
> ldap_sync_password_to_om=false
>
>
>
> # Ldap user attributes mapping
>
> # Set the following internal OM user attributes to their corresponding
>
> Ldap-attribute
>
> ldap_user_attr_lastname=sn
>
>
>
> But even after i changed it to my AD and tried several changes, no users
> were found.
>
>
>
> My actual config:
>
>
>
> ldap_server_type=AD
>
> ldap_conn_host=dc2.labmed.de
>
> ldap_conn_port=389
>
> ldap_conn_secure=false
>
> ldap_admin_dn=CN=Administrator,CN=Users,DC=labmed,DC=de
>
> ldap_passwd=SuperSecretPassword
>
> ldap_search_base=OU=labmed,DC=labmed,DC=de
>
> #ldap_search_query=(&(objectCategory=*)(objectClass=*)(sAMAccountName=%s))
>
> ldap_search_query=(sAMAccountName=%s)
>
> ldap_search_scope= SUBTREE
>
> ldap_auth_type=SEARCHANDBIND
>
> ldap_deref_mode=never
>
> ldap_userdn_format=sAMAccountName=%s,DC=labmed,DC=de
>
> ldap_provisionning=NONE
>
> ldap_use_admin_to_get_attrs=true
>
> ldap_sync_password_to_om=false
>
> ldap_sync_attr_lastname=sn
>
> ldap_user_attr_firstname=givenName
>
> ldap_user_attr_mail=mail
>
> ldap_user_attr_street=streetAddress
>
> ldap_user_attr_additionalname=description
>
> ldap_user_attr_fax=facsimileTelephoneNumber
>
> ldap_user_attr_zip=postalCode
>
> ldap_user_attr_country=co
>
> ldap_user_attr_town=l
>
> ldap_user_attr_phone=telephoneNumber
>
> ldap_use_lower_case=false
>
>
>
>
>
> It is the second day by now were i am bursting by happyness....
>
>
>
>
>
>
>
> Mit freundlichen Grüßen
>
>
>
> *Mathias Kocks*
>
> *Teamleitung IT-Infrastruktur*
>
> *Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)*
>
>
>
> Überörtliche Berufsausübungsgemeinschaft
>
> *Medizinisches Versorgungszentrum*
>
> *Dr. Eberhard & Partner Dortmund*
>
> MVZ-Haus 3: Balkenstr. 12-14
>
> 44137 Dortmund, Germany
>
>
>
> Tel.: +49 231 9572 7158
>
> Fax.: +49 231 9572 18 159
>
> E-Mail: kocks@labmed.de
>
> Web: https://www.labmed.de
>
>
>
>
>
>
> --
>
> Best regards,
> Maxim
>
>
>
>
> --
>
> Best regards,
> Maxim
>
--
Best regards,
Maxim
AW: Can not use LDAP-Sync with Microsoft Active Directory
Posted by "Rohrbach, Gerald" <G....@funkegruppe.de>.
LDAP Mapping Problem, depends on
ldap_userdn_format=userPrincipalName=%s,CN=Users,DC=mydomain,DC=de
ldap_user_attr_login=sAMAccountName
With debug you can analyse. It depends if users login with userPrinicalName like in our case I use sAMAccountName for storing in db.
Gerald
Von: Mathias Kocks [mailto:kocks@labmed.de]
Gesendet: Mittwoch, 15. April 2020 17:19
An: user@openmeetings.apache.org
Betreff: AW: Can not use LDAP-Sync with Microsoft Active Directory
And another problem:
Every time i log into OpenMeetings, i get a new entry in the user database with login entry null@ourdomain.de<ma...@ourdomain.de>.
Mit freundlichen Grüßen
Mathias Kocks
Teamleitung IT-Infrastruktur
Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)
Überörtliche Berufsausübungsgemeinschaft
Medizinisches Versorgungszentrum
Dr. Eberhard & Partner Dortmund
MVZ-Haus 3: Balkenstr. 12-14
44137 Dortmund, Germany
Tel.: +49 231 9572 7158
Fax.: +49 231 9572 18 159
E-Mail: kocks@labmed.de<ma...@labmed.de>
Web: https://www.labmed.de<https://www.labmed.de/>
Von: Maxim Solodovnik <so...@gmail.com>>
Gesendet: Mittwoch, 15. April 2020 16:58
An: Openmeetings user-list <us...@openmeetings.apache.org>>
Betreff: Re: Can not use LDAP-Sync with Microsoft Active Directory
congrats :)
On Wed, 15 Apr 2020 at 21:53, Rohrbach, Gerald <G....@funkegruppe.de>> wrote:
Under administration you can set the default language to German…
This helped us.
Gerald
Von: Mathias Kocks [mailto:kocks@labmed.de<ma...@labmed.de>]
Gesendet: Mittwoch, 15. April 2020 16:51
An: user@openmeetings.apache.org<ma...@openmeetings.apache.org>
Betreff: AW: Can not use LDAP-Sync with Microsoft Active Directory
Got it.
This configuration runs with our Active Directory:
ldap_server_type=AD
ldap_conn_host=dc2.labmed.de<http://dc2.labmed.de>
ldap_conn_port=389
ldap_conn_secure=false
ldap_admin_dn=CN=Some Username with blanks,OU=User,OU=EDV,OU=labmed,DC=labmed,DC=de
ldap_passwd=SuperSecretPassword
ldap_search_base=DC=labmed,DC=de
ldap_search_query=(userprincipalname=%s)
ldap_search_scope= SUBTREE
ldap_auth_type=SEARCHANDBIND
ldap_deref_mode=never
ldap_userdn_format=%s
ldap_provisionning=AUTOCREATE
ldap_use_admin_to_get_attrs=false
ldap_sync_password_to_om=true
ldap_sync_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_zip=postalCode
ldap_user_attr_country=c
ldap_user_attr_phone=telephoneNumber
#ldap_use_lower_case=false
The only thing that bothers me is, that we do not have an flag for language in our AD, so every new user in OpenMeetings is english by default...
Mit freundlichen Grüßen
Mathias Kocks
Teamleitung IT-Infrastruktur
Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)
Überörtliche Berufsausübungsgemeinschaft
Medizinisches Versorgungszentrum
Dr. Eberhard & Partner Dortmund
MVZ-Haus 3: Balkenstr. 12-14
44137 Dortmund, Germany
Tel.: +49 231 9572 7158
Fax.: +49 231 9572 18 159
E-Mail: kocks@labmed.de<ma...@labmed.de>
Web: https://www.labmed.de<https://www.labmed.de/>
Von: Maxim Solodovnik <so...@gmail.com>>
Gesendet: Mittwoch, 15. April 2020 16:28
An: Openmeetings user-list <us...@openmeetings.apache.org>>
Betreff: Re: Can not use LDAP-Sync with Microsoft Active Directory
will answer here
`%s` mean put passed parameter to this place as string
full options are here https://docs.oracle.com/javase/7/docs/api/java/util/Formatter.html
On Wed, 15 Apr 2020 at 19:37, Rohrbach, Gerald <G....@funkegruppe.de>> wrote:
This is working….
I would not use an DomainAdmin account for query. It can be a simple restricted user…
Maxim pointed already to a link, the debug mode is helpful…
ldap_conn_host=DESVR-AD01.mydomain.de<http://DESVR-AD01.mydomain.de>
ldap_conn_port=389
ldap_conn_secure=false
ldap_admin_dn=CN=ldapopenmeetings,OU=Users-Service-Accounts,DC=mydomain,DC=de
ldap_passwd=#password#
ldap_search_base=DC=mydomain,DC=de
ldap_search_query=(userPrincipalName=%s)
ldap_search_scope=SUBTREE
ldap_auth_type=SEARCHANDBIND
ldap_userdn_format=userPrincipalName=%s,CN=Users,DC=mydomain,DC=de
ldap_provisionning=AUTOCREATE
ldap_deref_mode=always
ldap_use_admin_to_get_attrs=true
ldap_sync_password_to_om=true
ldap_group_mode=NONE
ldap_group_query=(&(memberUid=%s)(objectClass=posixGroup))
# Ldap user attributes mapping
# Set the following internal OM user attributes to their corresponding Ldap-attribute
ldap_user_attr_login=sAMAccountName
ldap_user_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=streetAddress
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=c
ldap_user_attr_town=l
ldap_user_attr_phone=telephoneNumber
ldap_group_attr=memberOf
ldap_use_lower_case=false
# Ldap import query, this query should retrieve all LDAP users
ldap_import_query=(objectClass=inetOrgPerson)
Dortmund is not far away…
Regards
Gerald
Von: Mathias Kocks [mailto:kocks@labmed.de<ma...@labmed.de>]
Gesendet: Mittwoch, 15. April 2020 14:06
An: user@openmeetings.apache.org<ma...@openmeetings.apache.org>
Betreff: Can not use LDAP-Sync with Microsoft Active Directory
Hello,
i am new to this project and a have a problem with the LDAP-Sync. I even can not find any good documentations...
My problem is, that slapd does not find any user in my AD. I am not even shure, if it is searching for real. I found in the mailing list archive some example configs, but they does not work for me.
I found this one:
#LDAP URL
ldap_conn_host=LDAP_server.Company.com<http://LDAP_server.Company.com>
ldap_conn_port=636
ldap_conn_secure=true
# Login distinguished name (DN) for Authentication on LDAP Server
# Use full qualified LDAP DN
ldap_admin_dn=CN=ldapauth,OU=Users,DC=Company,DC=com
# Loginpass for Authentication on LDAP Server
ldap_passwd=ldapauthpasswd
# base to search for userdata(of user, that wants to login)
ldap_search_base=OU=Users,DC=Company,DC=com
#ldap_search_base=DC=Company,DC=com
# Fieldnames (can differ between Ldap servers)
ldap_search_query=(&(objectCategory=person)(objectClass=person)(sAMAccountName=%1$s))
#ldap_search_query=(sAMAccountName=%s)
#ldap_search_query=(CN=%s)
# the scope of the search might be: OBJECT, ONELEVEL, SUBTREE
ldap_search_scope=SUBTREE
# Ldap auth type(NONE, SEARCHANDBIND, SIMPLEBIND)
ldap_auth_type=SEARCHANDBIND
# userDN format, will be used to bind if ldap_auth_type=SIMPLEBIND
ldap_userdn_format=sAMAccountName=%s,OU=Users,DC=beuth-hochschule.de<http://beuth-hochschule.de>,DC=com
#ldap_userdn_format=sAMAccountName=%s,DC=Company,DC=com
#ldap_userdn_format=CN=%s,OU=Users,DC=Company,DC=com
#ldap_userdn_format=CN=%s,DC=Company,DC=com
# Ldap-password synchronization to OM DB
ldap_sync_password_to_om=false
# Ldap user attributes mapping
# Set the following internal OM user attributes to their corresponding
Ldap-attribute
ldap_user_attr_lastname=sn
But even after i changed it to my AD and tried several changes, no users were found.
My actual config:
ldap_server_type=AD
ldap_conn_host=dc2.labmed.de<http://dc2.labmed.de>
ldap_conn_port=389
ldap_conn_secure=false
ldap_admin_dn=CN=Administrator,CN=Users,DC=labmed,DC=de
ldap_passwd=SuperSecretPassword
ldap_search_base=OU=labmed,DC=labmed,DC=de
#ldap_search_query=(&(objectCategory=*)(objectClass=*)(sAMAccountName=%s))
ldap_search_query=(sAMAccountName=%s)
ldap_search_scope= SUBTREE
ldap_auth_type=SEARCHANDBIND
ldap_deref_mode=never
ldap_userdn_format=sAMAccountName=%s,DC=labmed,DC=de
ldap_provisionning=NONE
ldap_use_admin_to_get_attrs=true
ldap_sync_password_to_om=false
ldap_sync_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=streetAddress
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=co
ldap_user_attr_town=l
ldap_user_attr_phone=telephoneNumber
ldap_use_lower_case=false
It is the second day by now were i am bursting by happyness....
Mit freundlichen Grüßen
Mathias Kocks
Teamleitung IT-Infrastruktur
Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)
Überörtliche Berufsausübungsgemeinschaft
Medizinisches Versorgungszentrum
Dr. Eberhard & Partner Dortmund
MVZ-Haus 3: Balkenstr. 12-14
44137 Dortmund, Germany
Tel.: +49 231 9572 7158
Fax.: +49 231 9572 18 159
E-Mail: kocks@labmed.de<ma...@labmed.de>
Web: https://www.labmed.de<https://www.labmed.de/>
--
Best regards,
Maxim
--
Best regards,
Maxim
AW: Can not use LDAP-Sync with Microsoft Active Directory
Posted by Mathias Kocks <ko...@labmed.de>.
And another problem:
Every time i log into OpenMeetings, i get a new entry in the user database with login entry null@ourdomain.de.
Mit freundlichen Grüßen
Mathias Kocks
Teamleitung IT-Infrastruktur
Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)
Überörtliche Berufsausübungsgemeinschaft
Medizinisches Versorgungszentrum
Dr. Eberhard & Partner Dortmund
MVZ-Haus 3: Balkenstr. 12-14
44137 Dortmund, Germany
Tel.: +49 231 9572 7158
Fax.: +49 231 9572 18 159
E-Mail: kocks@labmed.de<ma...@labmed.de>
Web: https://www.labmed.de<https://www.labmed.de/>
Von: Maxim Solodovnik <so...@gmail.com>
Gesendet: Mittwoch, 15. April 2020 16:58
An: Openmeetings user-list <us...@openmeetings.apache.org>
Betreff: Re: Can not use LDAP-Sync with Microsoft Active Directory
congrats :)
On Wed, 15 Apr 2020 at 21:53, Rohrbach, Gerald <G....@funkegruppe.de>> wrote:
Under administration you can set the default language to German…
This helped us.
Gerald
Von: Mathias Kocks [mailto:kocks@labmed.de<ma...@labmed.de>]
Gesendet: Mittwoch, 15. April 2020 16:51
An: user@openmeetings.apache.org<ma...@openmeetings.apache.org>
Betreff: AW: Can not use LDAP-Sync with Microsoft Active Directory
Got it.
This configuration runs with our Active Directory:
ldap_server_type=AD
ldap_conn_host=dc2.labmed.de<http://dc2.labmed.de>
ldap_conn_port=389
ldap_conn_secure=false
ldap_admin_dn=CN=Some Username with blanks,OU=User,OU=EDV,OU=labmed,DC=labmed,DC=de
ldap_passwd=SuperSecretPassword
ldap_search_base=DC=labmed,DC=de
ldap_search_query=(userprincipalname=%s)
ldap_search_scope= SUBTREE
ldap_auth_type=SEARCHANDBIND
ldap_deref_mode=never
ldap_userdn_format=%s
ldap_provisionning=AUTOCREATE
ldap_use_admin_to_get_attrs=false
ldap_sync_password_to_om=true
ldap_sync_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_zip=postalCode
ldap_user_attr_country=c
ldap_user_attr_phone=telephoneNumber
#ldap_use_lower_case=false
The only thing that bothers me is, that we do not have an flag for language in our AD, so every new user in OpenMeetings is english by default...
Mit freundlichen Grüßen
Mathias Kocks
Teamleitung IT-Infrastruktur
Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)
Überörtliche Berufsausübungsgemeinschaft
Medizinisches Versorgungszentrum
Dr. Eberhard & Partner Dortmund
MVZ-Haus 3: Balkenstr. 12-14
44137 Dortmund, Germany
Tel.: +49 231 9572 7158
Fax.: +49 231 9572 18 159
E-Mail: kocks@labmed.de<ma...@labmed.de>
Web: https://www.labmed.de<https://www.labmed.de/>
Von: Maxim Solodovnik <so...@gmail.com>>
Gesendet: Mittwoch, 15. April 2020 16:28
An: Openmeetings user-list <us...@openmeetings.apache.org>>
Betreff: Re: Can not use LDAP-Sync with Microsoft Active Directory
will answer here
`%s` mean put passed parameter to this place as string
full options are here https://docs.oracle.com/javase/7/docs/api/java/util/Formatter.html
On Wed, 15 Apr 2020 at 19:37, Rohrbach, Gerald <G....@funkegruppe.de>> wrote:
This is working….
I would not use an DomainAdmin account for query. It can be a simple restricted user…
Maxim pointed already to a link, the debug mode is helpful…
ldap_conn_host=DESVR-AD01.mydomain.de<http://DESVR-AD01.mydomain.de>
ldap_conn_port=389
ldap_conn_secure=false
ldap_admin_dn=CN=ldapopenmeetings,OU=Users-Service-Accounts,DC=mydomain,DC=de
ldap_passwd=#password#
ldap_search_base=DC=mydomain,DC=de
ldap_search_query=(userPrincipalName=%s)
ldap_search_scope=SUBTREE
ldap_auth_type=SEARCHANDBIND
ldap_userdn_format=userPrincipalName=%s,CN=Users,DC=mydomain,DC=de
ldap_provisionning=AUTOCREATE
ldap_deref_mode=always
ldap_use_admin_to_get_attrs=true
ldap_sync_password_to_om=true
ldap_group_mode=NONE
ldap_group_query=(&(memberUid=%s)(objectClass=posixGroup))
# Ldap user attributes mapping
# Set the following internal OM user attributes to their corresponding Ldap-attribute
ldap_user_attr_login=sAMAccountName
ldap_user_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=streetAddress
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=c
ldap_user_attr_town=l
ldap_user_attr_phone=telephoneNumber
ldap_group_attr=memberOf
ldap_use_lower_case=false
# Ldap import query, this query should retrieve all LDAP users
ldap_import_query=(objectClass=inetOrgPerson)
Dortmund is not far away…
Regards
Gerald
Von: Mathias Kocks [mailto:kocks@labmed.de<ma...@labmed.de>]
Gesendet: Mittwoch, 15. April 2020 14:06
An: user@openmeetings.apache.org<ma...@openmeetings.apache.org>
Betreff: Can not use LDAP-Sync with Microsoft Active Directory
Hello,
i am new to this project and a have a problem with the LDAP-Sync. I even can not find any good documentations...
My problem is, that slapd does not find any user in my AD. I am not even shure, if it is searching for real. I found in the mailing list archive some example configs, but they does not work for me.
I found this one:
#LDAP URL
ldap_conn_host=LDAP_server.Company.com<http://LDAP_server.Company.com>
ldap_conn_port=636
ldap_conn_secure=true
# Login distinguished name (DN) for Authentication on LDAP Server
# Use full qualified LDAP DN
ldap_admin_dn=CN=ldapauth,OU=Users,DC=Company,DC=com
# Loginpass for Authentication on LDAP Server
ldap_passwd=ldapauthpasswd
# base to search for userdata(of user, that wants to login)
ldap_search_base=OU=Users,DC=Company,DC=com
#ldap_search_base=DC=Company,DC=com
# Fieldnames (can differ between Ldap servers)
ldap_search_query=(&(objectCategory=person)(objectClass=person)(sAMAccountName=%1$s))
#ldap_search_query=(sAMAccountName=%s)
#ldap_search_query=(CN=%s)
# the scope of the search might be: OBJECT, ONELEVEL, SUBTREE
ldap_search_scope=SUBTREE
# Ldap auth type(NONE, SEARCHANDBIND, SIMPLEBIND)
ldap_auth_type=SEARCHANDBIND
# userDN format, will be used to bind if ldap_auth_type=SIMPLEBIND
ldap_userdn_format=sAMAccountName=%s,OU=Users,DC=beuth-hochschule.de<http://beuth-hochschule.de>,DC=com
#ldap_userdn_format=sAMAccountName=%s,DC=Company,DC=com
#ldap_userdn_format=CN=%s,OU=Users,DC=Company,DC=com
#ldap_userdn_format=CN=%s,DC=Company,DC=com
# Ldap-password synchronization to OM DB
ldap_sync_password_to_om=false
# Ldap user attributes mapping
# Set the following internal OM user attributes to their corresponding
Ldap-attribute
ldap_user_attr_lastname=sn
But even after i changed it to my AD and tried several changes, no users were found.
My actual config:
ldap_server_type=AD
ldap_conn_host=dc2.labmed.de<http://dc2.labmed.de>
ldap_conn_port=389
ldap_conn_secure=false
ldap_admin_dn=CN=Administrator,CN=Users,DC=labmed,DC=de
ldap_passwd=SuperSecretPassword
ldap_search_base=OU=labmed,DC=labmed,DC=de
#ldap_search_query=(&(objectCategory=*)(objectClass=*)(sAMAccountName=%s))
ldap_search_query=(sAMAccountName=%s)
ldap_search_scope= SUBTREE
ldap_auth_type=SEARCHANDBIND
ldap_deref_mode=never
ldap_userdn_format=sAMAccountName=%s,DC=labmed,DC=de
ldap_provisionning=NONE
ldap_use_admin_to_get_attrs=true
ldap_sync_password_to_om=false
ldap_sync_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=streetAddress
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=co
ldap_user_attr_town=l
ldap_user_attr_phone=telephoneNumber
ldap_use_lower_case=false
It is the second day by now were i am bursting by happyness....
Mit freundlichen Grüßen
Mathias Kocks
Teamleitung IT-Infrastruktur
Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)
Überörtliche Berufsausübungsgemeinschaft
Medizinisches Versorgungszentrum
Dr. Eberhard & Partner Dortmund
MVZ-Haus 3: Balkenstr. 12-14
44137 Dortmund, Germany
Tel.: +49 231 9572 7158
Fax.: +49 231 9572 18 159
E-Mail: kocks@labmed.de<ma...@labmed.de>
Web: https://www.labmed.de<https://www.labmed.de/>
--
Best regards,
Maxim
--
Best regards,
Maxim
Re: Can not use LDAP-Sync with Microsoft Active Directory
Posted by Maxim Solodovnik <so...@gmail.com>.
congrats :)
On Wed, 15 Apr 2020 at 21:53, Rohrbach, Gerald <G....@funkegruppe.de>
wrote:
> Under administration you can set the default language to German…
>
> This helped us.
>
>
>
> Gerald
>
>
>
> *Von:* Mathias Kocks [mailto:kocks@labmed.de]
> *Gesendet:* Mittwoch, 15. April 2020 16:51
> *An:* user@openmeetings.apache.org
> *Betreff:* AW: Can not use LDAP-Sync with Microsoft Active Directory
>
>
>
> Got it.
>
>
>
> This configuration runs with our Active Directory:
>
>
>
> ldap_server_type=AD
>
> ldap_conn_host=dc2.labmed.de
>
> ldap_conn_port=389
>
> ldap_conn_secure=false
>
> ldap_admin_dn=CN=Some Username with
> blanks,OU=User,OU=EDV,OU=labmed,DC=labmed,DC=de
>
> ldap_passwd=SuperSecretPassword
>
> ldap_search_base=DC=labmed,DC=de
>
> ldap_search_query=(userprincipalname=%s)
>
> ldap_search_scope= SUBTREE
>
> ldap_auth_type=SEARCHANDBIND
>
> ldap_deref_mode=never
>
> ldap_userdn_format=%s
>
> ldap_provisionning=AUTOCREATE
>
> ldap_use_admin_to_get_attrs=false
>
>
>
> ldap_sync_password_to_om=true
>
> ldap_sync_attr_lastname=sn
>
> ldap_user_attr_firstname=givenName
>
> ldap_user_attr_mail=mail
>
> ldap_user_attr_zip=postalCode
>
> ldap_user_attr_country=c
>
> ldap_user_attr_phone=telephoneNumber
>
> #ldap_use_lower_case=false
>
>
>
>
>
>
>
> The only thing that bothers me is, that we do not have an flag for
> language in our AD, so every new user in OpenMeetings is english by
> default...
>
>
>
>
>
>
>
>
>
>
>
> Mit freundlichen Grüßen
>
>
>
> *Mathias Kocks*
>
> *Teamleitung IT-Infrastruktur*
>
> *Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)*
>
>
>
> Überörtliche Berufsausübungsgemeinschaft
>
> *Medizinisches Versorgungszentrum*
>
> *Dr. Eberhard & Partner Dortmund*
>
> MVZ-Haus 3: Balkenstr. 12-14
>
> 44137 Dortmund, Germany
>
>
>
> Tel.: +49 231 9572 7158
>
> Fax.: +49 231 9572 18 159
>
> E-Mail: kocks@labmed.de
>
> Web: https://www.labmed.de
>
>
>
> *Von:* Maxim Solodovnik <so...@gmail.com>
> *Gesendet:* Mittwoch, 15. April 2020 16:28
> *An:* Openmeetings user-list <us...@openmeetings.apache.org>
> *Betreff:* Re: Can not use LDAP-Sync with Microsoft Active Directory
>
>
>
> will answer here
>
>
>
> `%s` mean put passed parameter to this place as string
>
> full options are here
> https://docs.oracle.com/javase/7/docs/api/java/util/Formatter.html
>
>
>
> On Wed, 15 Apr 2020 at 19:37, Rohrbach, Gerald <G....@funkegruppe.de>
> wrote:
>
> This is working….
>
> I would not use an DomainAdmin account for query. It can be a simple
> restricted user…
>
>
>
> Maxim pointed already to a link, the debug mode is helpful…
>
>
>
>
>
> ldap_conn_host=DESVR-AD01.mydomain.de
>
> ldap_conn_port=389
>
> ldap_conn_secure=false
>
>
>
>
> ldap_admin_dn=CN=ldapopenmeetings,OU=Users-Service-Accounts,DC=mydomain,DC=de
>
>
>
> ldap_passwd=#password#
>
> ldap_search_base=DC=mydomain,DC=de
>
>
>
> ldap_search_query=(userPrincipalName=%s)
>
>
>
> ldap_search_scope=SUBTREE
>
>
>
> ldap_auth_type=SEARCHANDBIND
>
>
>
> ldap_userdn_format=userPrincipalName=%s,CN=Users,DC=mydomain,DC=de
>
>
>
> ldap_provisionning=AUTOCREATE
>
>
>
> ldap_deref_mode=always
>
>
>
> ldap_use_admin_to_get_attrs=true
>
> ldap_sync_password_to_om=true
>
>
>
> ldap_group_mode=NONE
>
>
>
> ldap_group_query=(&(memberUid=%s)(objectClass=posixGroup))
>
>
>
> # Ldap user attributes mapping
>
> # Set the following internal OM user attributes to their corresponding
> Ldap-attribute
>
> ldap_user_attr_login=sAMAccountName
>
> ldap_user_attr_lastname=sn
>
> ldap_user_attr_firstname=givenName
>
> ldap_user_attr_mail=mail
>
> ldap_user_attr_street=streetAddress
>
> ldap_user_attr_additionalname=description
>
> ldap_user_attr_fax=facsimileTelephoneNumber
>
> ldap_user_attr_zip=postalCode
>
> ldap_user_attr_country=c
>
> ldap_user_attr_town=l
>
> ldap_user_attr_phone=telephoneNumber
>
>
>
> ldap_group_attr=memberOf
>
>
>
>
>
> ldap_use_lower_case=false
>
>
>
> # Ldap import query, this query should retrieve all LDAP users
>
> ldap_import_query=(objectClass=inetOrgPerson)
>
>
>
> Dortmund is not far away…
>
>
>
> Regards
>
>
>
> Gerald
>
>
>
> *Von:* Mathias Kocks [mailto:kocks@labmed.de]
> *Gesendet:* Mittwoch, 15. April 2020 14:06
> *An:* user@openmeetings.apache.org
> *Betreff:* Can not use LDAP-Sync with Microsoft Active Directory
>
>
>
> Hello,
>
> i am new to this project and a have a problem with the LDAP-Sync. I even
> can not find any good documentations...
>
>
>
> My problem is, that slapd does not find any user in my AD. I am not even
> shure, if it is searching for real. I found in the mailing list archive
> some example configs, but they does not work for me.
>
> I found this one:
>
>
>
> #LDAP URL
>
> ldap_conn_host=LDAP_server.Company.com
>
> ldap_conn_port=636
>
> ldap_conn_secure=true
>
>
>
> # Login distinguished name (DN) for Authentication on LDAP Server
>
> # Use full qualified LDAP DN
>
> ldap_admin_dn=CN=ldapauth,OU=Users,DC=Company,DC=com
>
>
>
> # Loginpass for Authentication on LDAP Server
>
> ldap_passwd=ldapauthpasswd
>
>
>
> # base to search for userdata(of user, that wants to login)
>
> ldap_search_base=OU=Users,DC=Company,DC=com
>
> #ldap_search_base=DC=Company,DC=com
>
>
>
> # Fieldnames (can differ between Ldap servers)
>
>
> ldap_search_query=(&(objectCategory=person)(objectClass=person)(sAMAccountName=%1$s))
>
> #ldap_search_query=(sAMAccountName=%s)
>
> #ldap_search_query=(CN=%s)
>
>
>
> # the scope of the search might be: OBJECT, ONELEVEL, SUBTREE
>
> ldap_search_scope=SUBTREE
>
>
>
> # Ldap auth type(NONE, SEARCHANDBIND, SIMPLEBIND)
>
> ldap_auth_type=SEARCHANDBIND
>
>
>
> # userDN format, will be used to bind if ldap_auth_type=SIMPLEBIND
>
> ldap_userdn_format=sAMAccountName=%s,OU=Users,DC=beuth-hochschule.de
> ,DC=com
>
> #ldap_userdn_format=sAMAccountName=%s,DC=Company,DC=com
>
> #ldap_userdn_format=CN=%s,OU=Users,DC=Company,DC=com
>
> #ldap_userdn_format=CN=%s,DC=Company,DC=com
>
>
>
> # Ldap-password synchronization to OM DB
>
> ldap_sync_password_to_om=false
>
>
>
> # Ldap user attributes mapping
>
> # Set the following internal OM user attributes to their corresponding
>
> Ldap-attribute
>
> ldap_user_attr_lastname=sn
>
>
>
> But even after i changed it to my AD and tried several changes, no users
> were found.
>
>
>
> My actual config:
>
>
>
> ldap_server_type=AD
>
> ldap_conn_host=dc2.labmed.de
>
> ldap_conn_port=389
>
> ldap_conn_secure=false
>
> ldap_admin_dn=CN=Administrator,CN=Users,DC=labmed,DC=de
>
> ldap_passwd=SuperSecretPassword
>
> ldap_search_base=OU=labmed,DC=labmed,DC=de
>
> #ldap_search_query=(&(objectCategory=*)(objectClass=*)(sAMAccountName=%s))
>
> ldap_search_query=(sAMAccountName=%s)
>
> ldap_search_scope= SUBTREE
>
> ldap_auth_type=SEARCHANDBIND
>
> ldap_deref_mode=never
>
> ldap_userdn_format=sAMAccountName=%s,DC=labmed,DC=de
>
> ldap_provisionning=NONE
>
> ldap_use_admin_to_get_attrs=true
>
> ldap_sync_password_to_om=false
>
> ldap_sync_attr_lastname=sn
>
> ldap_user_attr_firstname=givenName
>
> ldap_user_attr_mail=mail
>
> ldap_user_attr_street=streetAddress
>
> ldap_user_attr_additionalname=description
>
> ldap_user_attr_fax=facsimileTelephoneNumber
>
> ldap_user_attr_zip=postalCode
>
> ldap_user_attr_country=co
>
> ldap_user_attr_town=l
>
> ldap_user_attr_phone=telephoneNumber
>
> ldap_use_lower_case=false
>
>
>
>
>
> It is the second day by now were i am bursting by happyness....
>
>
>
>
>
>
>
> Mit freundlichen Grüßen
>
>
>
> *Mathias Kocks*
>
> *Teamleitung IT-Infrastruktur*
>
> *Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)*
>
>
>
> Überörtliche Berufsausübungsgemeinschaft
>
> *Medizinisches Versorgungszentrum*
>
> *Dr. Eberhard & Partner Dortmund*
>
> MVZ-Haus 3: Balkenstr. 12-14
>
> 44137 Dortmund, Germany
>
>
>
> Tel.: +49 231 9572 7158
>
> Fax.: +49 231 9572 18 159
>
> E-Mail: kocks@labmed.de
>
> Web: https://www.labmed.de
>
>
>
>
>
>
> --
>
> Best regards,
> Maxim
>
--
Best regards,
Maxim
AW: Can not use LDAP-Sync with Microsoft Active Directory
Posted by "Rohrbach, Gerald" <G....@funkegruppe.de>.
Under administration you can set the default language to German…
This helped us.
Gerald
Von: Mathias Kocks [mailto:kocks@labmed.de]
Gesendet: Mittwoch, 15. April 2020 16:51
An: user@openmeetings.apache.org
Betreff: AW: Can not use LDAP-Sync with Microsoft Active Directory
Got it.
This configuration runs with our Active Directory:
ldap_server_type=AD
ldap_conn_host=dc2.labmed.de
ldap_conn_port=389
ldap_conn_secure=false
ldap_admin_dn=CN=Some Username with blanks,OU=User,OU=EDV,OU=labmed,DC=labmed,DC=de
ldap_passwd=SuperSecretPassword
ldap_search_base=DC=labmed,DC=de
ldap_search_query=(userprincipalname=%s)
ldap_search_scope= SUBTREE
ldap_auth_type=SEARCHANDBIND
ldap_deref_mode=never
ldap_userdn_format=%s
ldap_provisionning=AUTOCREATE
ldap_use_admin_to_get_attrs=false
ldap_sync_password_to_om=true
ldap_sync_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_zip=postalCode
ldap_user_attr_country=c
ldap_user_attr_phone=telephoneNumber
#ldap_use_lower_case=false
The only thing that bothers me is, that we do not have an flag for language in our AD, so every new user in OpenMeetings is english by default...
Mit freundlichen Grüßen
Mathias Kocks
Teamleitung IT-Infrastruktur
Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)
Überörtliche Berufsausübungsgemeinschaft
Medizinisches Versorgungszentrum
Dr. Eberhard & Partner Dortmund
MVZ-Haus 3: Balkenstr. 12-14
44137 Dortmund, Germany
Tel.: +49 231 9572 7158
Fax.: +49 231 9572 18 159
E-Mail: kocks@labmed.de<ma...@labmed.de>
Web: https://www.labmed.de<https://www.labmed.de/>
Von: Maxim Solodovnik <so...@gmail.com>>
Gesendet: Mittwoch, 15. April 2020 16:28
An: Openmeetings user-list <us...@openmeetings.apache.org>>
Betreff: Re: Can not use LDAP-Sync with Microsoft Active Directory
will answer here
`%s` mean put passed parameter to this place as string
full options are here https://docs.oracle.com/javase/7/docs/api/java/util/Formatter.html
On Wed, 15 Apr 2020 at 19:37, Rohrbach, Gerald <G....@funkegruppe.de>> wrote:
This is working….
I would not use an DomainAdmin account for query. It can be a simple restricted user…
Maxim pointed already to a link, the debug mode is helpful…
ldap_conn_host=DESVR-AD01.mydomain.de<http://DESVR-AD01.mydomain.de>
ldap_conn_port=389
ldap_conn_secure=false
ldap_admin_dn=CN=ldapopenmeetings,OU=Users-Service-Accounts,DC=mydomain,DC=de
ldap_passwd=#password#
ldap_search_base=DC=mydomain,DC=de
ldap_search_query=(userPrincipalName=%s)
ldap_search_scope=SUBTREE
ldap_auth_type=SEARCHANDBIND
ldap_userdn_format=userPrincipalName=%s,CN=Users,DC=mydomain,DC=de
ldap_provisionning=AUTOCREATE
ldap_deref_mode=always
ldap_use_admin_to_get_attrs=true
ldap_sync_password_to_om=true
ldap_group_mode=NONE
ldap_group_query=(&(memberUid=%s)(objectClass=posixGroup))
# Ldap user attributes mapping
# Set the following internal OM user attributes to their corresponding Ldap-attribute
ldap_user_attr_login=sAMAccountName
ldap_user_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=streetAddress
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=c
ldap_user_attr_town=l
ldap_user_attr_phone=telephoneNumber
ldap_group_attr=memberOf
ldap_use_lower_case=false
# Ldap import query, this query should retrieve all LDAP users
ldap_import_query=(objectClass=inetOrgPerson)
Dortmund is not far away…
Regards
Gerald
Von: Mathias Kocks [mailto:kocks@labmed.de<ma...@labmed.de>]
Gesendet: Mittwoch, 15. April 2020 14:06
An: user@openmeetings.apache.org<ma...@openmeetings.apache.org>
Betreff: Can not use LDAP-Sync with Microsoft Active Directory
Hello,
i am new to this project and a have a problem with the LDAP-Sync. I even can not find any good documentations...
My problem is, that slapd does not find any user in my AD. I am not even shure, if it is searching for real. I found in the mailing list archive some example configs, but they does not work for me.
I found this one:
#LDAP URL
ldap_conn_host=LDAP_server.Company.com<http://LDAP_server.Company.com>
ldap_conn_port=636
ldap_conn_secure=true
# Login distinguished name (DN) for Authentication on LDAP Server
# Use full qualified LDAP DN
ldap_admin_dn=CN=ldapauth,OU=Users,DC=Company,DC=com
# Loginpass for Authentication on LDAP Server
ldap_passwd=ldapauthpasswd
# base to search for userdata(of user, that wants to login)
ldap_search_base=OU=Users,DC=Company,DC=com
#ldap_search_base=DC=Company,DC=com
# Fieldnames (can differ between Ldap servers)
ldap_search_query=(&(objectCategory=person)(objectClass=person)(sAMAccountName=%1$s))
#ldap_search_query=(sAMAccountName=%s)
#ldap_search_query=(CN=%s)
# the scope of the search might be: OBJECT, ONELEVEL, SUBTREE
ldap_search_scope=SUBTREE
# Ldap auth type(NONE, SEARCHANDBIND, SIMPLEBIND)
ldap_auth_type=SEARCHANDBIND
# userDN format, will be used to bind if ldap_auth_type=SIMPLEBIND
ldap_userdn_format=sAMAccountName=%s,OU=Users,DC=beuth-hochschule.de<http://beuth-hochschule.de>,DC=com
#ldap_userdn_format=sAMAccountName=%s,DC=Company,DC=com
#ldap_userdn_format=CN=%s,OU=Users,DC=Company,DC=com
#ldap_userdn_format=CN=%s,DC=Company,DC=com
# Ldap-password synchronization to OM DB
ldap_sync_password_to_om=false
# Ldap user attributes mapping
# Set the following internal OM user attributes to their corresponding
Ldap-attribute
ldap_user_attr_lastname=sn
But even after i changed it to my AD and tried several changes, no users were found.
My actual config:
ldap_server_type=AD
ldap_conn_host=dc2.labmed.de<http://dc2.labmed.de>
ldap_conn_port=389
ldap_conn_secure=false
ldap_admin_dn=CN=Administrator,CN=Users,DC=labmed,DC=de
ldap_passwd=SuperSecretPassword
ldap_search_base=OU=labmed,DC=labmed,DC=de
#ldap_search_query=(&(objectCategory=*)(objectClass=*)(sAMAccountName=%s))
ldap_search_query=(sAMAccountName=%s)
ldap_search_scope= SUBTREE
ldap_auth_type=SEARCHANDBIND
ldap_deref_mode=never
ldap_userdn_format=sAMAccountName=%s,DC=labmed,DC=de
ldap_provisionning=NONE
ldap_use_admin_to_get_attrs=true
ldap_sync_password_to_om=false
ldap_sync_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=streetAddress
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=co
ldap_user_attr_town=l
ldap_user_attr_phone=telephoneNumber
ldap_use_lower_case=false
It is the second day by now were i am bursting by happyness....
Mit freundlichen Grüßen
Mathias Kocks
Teamleitung IT-Infrastruktur
Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)
Überörtliche Berufsausübungsgemeinschaft
Medizinisches Versorgungszentrum
Dr. Eberhard & Partner Dortmund
MVZ-Haus 3: Balkenstr. 12-14
44137 Dortmund, Germany
Tel.: +49 231 9572 7158
Fax.: +49 231 9572 18 159
E-Mail: kocks@labmed.de<ma...@labmed.de>
Web: https://www.labmed.de<https://www.labmed.de/>
--
Best regards,
Maxim
AW: Can not use LDAP-Sync with Microsoft Active Directory
Posted by Mathias Kocks <ko...@labmed.de>.
Got it.
This configuration runs with our Active Directory:
ldap_server_type=AD
ldap_conn_host=dc2.labmed.de
ldap_conn_port=389
ldap_conn_secure=false
ldap_admin_dn=CN=Some Username with blanks,OU=User,OU=EDV,OU=labmed,DC=labmed,DC=de
ldap_passwd=SuperSecretPassword
ldap_search_base=DC=labmed,DC=de
ldap_search_query=(userprincipalname=%s)
ldap_search_scope= SUBTREE
ldap_auth_type=SEARCHANDBIND
ldap_deref_mode=never
ldap_userdn_format=%s
ldap_provisionning=AUTOCREATE
ldap_use_admin_to_get_attrs=false
ldap_sync_password_to_om=true
ldap_sync_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_zip=postalCode
ldap_user_attr_country=c
ldap_user_attr_phone=telephoneNumber
#ldap_use_lower_case=false
The only thing that bothers me is, that we do not have an flag for language in our AD, so every new user in OpenMeetings is english by default...
Mit freundlichen Grüßen
Mathias Kocks
Teamleitung IT-Infrastruktur
Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)
Überörtliche Berufsausübungsgemeinschaft
Medizinisches Versorgungszentrum
Dr. Eberhard & Partner Dortmund
MVZ-Haus 3: Balkenstr. 12-14
44137 Dortmund, Germany
Tel.: +49 231 9572 7158
Fax.: +49 231 9572 18 159
E-Mail: kocks@labmed.de<ma...@labmed.de>
Web: https://www.labmed.de<https://www.labmed.de/>
Von: Maxim Solodovnik <so...@gmail.com>
Gesendet: Mittwoch, 15. April 2020 16:28
An: Openmeetings user-list <us...@openmeetings.apache.org>
Betreff: Re: Can not use LDAP-Sync with Microsoft Active Directory
will answer here
`%s` mean put passed parameter to this place as string
full options are here https://docs.oracle.com/javase/7/docs/api/java/util/Formatter.html
On Wed, 15 Apr 2020 at 19:37, Rohrbach, Gerald <G....@funkegruppe.de>> wrote:
This is working….
I would not use an DomainAdmin account for query. It can be a simple restricted user…
Maxim pointed already to a link, the debug mode is helpful…
ldap_conn_host=DESVR-AD01.mydomain.de<http://DESVR-AD01.mydomain.de>
ldap_conn_port=389
ldap_conn_secure=false
ldap_admin_dn=CN=ldapopenmeetings,OU=Users-Service-Accounts,DC=mydomain,DC=de
ldap_passwd=#password#
ldap_search_base=DC=mydomain,DC=de
ldap_search_query=(userPrincipalName=%s)
ldap_search_scope=SUBTREE
ldap_auth_type=SEARCHANDBIND
ldap_userdn_format=userPrincipalName=%s,CN=Users,DC=mydomain,DC=de
ldap_provisionning=AUTOCREATE
ldap_deref_mode=always
ldap_use_admin_to_get_attrs=true
ldap_sync_password_to_om=true
ldap_group_mode=NONE
ldap_group_query=(&(memberUid=%s)(objectClass=posixGroup))
# Ldap user attributes mapping
# Set the following internal OM user attributes to their corresponding Ldap-attribute
ldap_user_attr_login=sAMAccountName
ldap_user_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=streetAddress
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=c
ldap_user_attr_town=l
ldap_user_attr_phone=telephoneNumber
ldap_group_attr=memberOf
ldap_use_lower_case=false
# Ldap import query, this query should retrieve all LDAP users
ldap_import_query=(objectClass=inetOrgPerson)
Dortmund is not far away…
Regards
Gerald
Von: Mathias Kocks [mailto:kocks@labmed.de<ma...@labmed.de>]
Gesendet: Mittwoch, 15. April 2020 14:06
An: user@openmeetings.apache.org<ma...@openmeetings.apache.org>
Betreff: Can not use LDAP-Sync with Microsoft Active Directory
Hello,
i am new to this project and a have a problem with the LDAP-Sync. I even can not find any good documentations...
My problem is, that slapd does not find any user in my AD. I am not even shure, if it is searching for real. I found in the mailing list archive some example configs, but they does not work for me.
I found this one:
#LDAP URL
ldap_conn_host=LDAP_server.Company.com<http://LDAP_server.Company.com>
ldap_conn_port=636
ldap_conn_secure=true
# Login distinguished name (DN) for Authentication on LDAP Server
# Use full qualified LDAP DN
ldap_admin_dn=CN=ldapauth,OU=Users,DC=Company,DC=com
# Loginpass for Authentication on LDAP Server
ldap_passwd=ldapauthpasswd
# base to search for userdata(of user, that wants to login)
ldap_search_base=OU=Users,DC=Company,DC=com
#ldap_search_base=DC=Company,DC=com
# Fieldnames (can differ between Ldap servers)
ldap_search_query=(&(objectCategory=person)(objectClass=person)(sAMAccountName=%1$s))
#ldap_search_query=(sAMAccountName=%s)
#ldap_search_query=(CN=%s)
# the scope of the search might be: OBJECT, ONELEVEL, SUBTREE
ldap_search_scope=SUBTREE
# Ldap auth type(NONE, SEARCHANDBIND, SIMPLEBIND)
ldap_auth_type=SEARCHANDBIND
# userDN format, will be used to bind if ldap_auth_type=SIMPLEBIND
ldap_userdn_format=sAMAccountName=%s,OU=Users,DC=beuth-hochschule.de<http://beuth-hochschule.de>,DC=com
#ldap_userdn_format=sAMAccountName=%s,DC=Company,DC=com
#ldap_userdn_format=CN=%s,OU=Users,DC=Company,DC=com
#ldap_userdn_format=CN=%s,DC=Company,DC=com
# Ldap-password synchronization to OM DB
ldap_sync_password_to_om=false
# Ldap user attributes mapping
# Set the following internal OM user attributes to their corresponding
Ldap-attribute
ldap_user_attr_lastname=sn
But even after i changed it to my AD and tried several changes, no users were found.
My actual config:
ldap_server_type=AD
ldap_conn_host=dc2.labmed.de<http://dc2.labmed.de>
ldap_conn_port=389
ldap_conn_secure=false
ldap_admin_dn=CN=Administrator,CN=Users,DC=labmed,DC=de
ldap_passwd=SuperSecretPassword
ldap_search_base=OU=labmed,DC=labmed,DC=de
#ldap_search_query=(&(objectCategory=*)(objectClass=*)(sAMAccountName=%s))
ldap_search_query=(sAMAccountName=%s)
ldap_search_scope= SUBTREE
ldap_auth_type=SEARCHANDBIND
ldap_deref_mode=never
ldap_userdn_format=sAMAccountName=%s,DC=labmed,DC=de
ldap_provisionning=NONE
ldap_use_admin_to_get_attrs=true
ldap_sync_password_to_om=false
ldap_sync_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=streetAddress
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=co
ldap_user_attr_town=l
ldap_user_attr_phone=telephoneNumber
ldap_use_lower_case=false
It is the second day by now were i am bursting by happyness....
Mit freundlichen Grüßen
Mathias Kocks
Teamleitung IT-Infrastruktur
Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)
Überörtliche Berufsausübungsgemeinschaft
Medizinisches Versorgungszentrum
Dr. Eberhard & Partner Dortmund
MVZ-Haus 3: Balkenstr. 12-14
44137 Dortmund, Germany
Tel.: +49 231 9572 7158
Fax.: +49 231 9572 18 159
E-Mail: kocks@labmed.de<ma...@labmed.de>
Web: https://www.labmed.de<https://www.labmed.de/>
--
Best regards,
Maxim
Re: Can not use LDAP-Sync with Microsoft Active Directory
Posted by Maxim Solodovnik <so...@gmail.com>.
will answer here
`%s` mean put passed parameter to this place as string
full options are here
https://docs.oracle.com/javase/7/docs/api/java/util/Formatter.html
On Wed, 15 Apr 2020 at 19:37, Rohrbach, Gerald <G....@funkegruppe.de>
wrote:
> This is working….
>
> I would not use an DomainAdmin account for query. It can be a simple
> restricted user…
>
>
>
> Maxim pointed already to a link, the debug mode is helpful…
>
>
>
>
>
> ldap_conn_host=DESVR-AD01.mydomain.de
>
> ldap_conn_port=389
>
> ldap_conn_secure=false
>
>
>
>
> ldap_admin_dn=CN=ldapopenmeetings,OU=Users-Service-Accounts,DC=mydomain,DC=de
>
>
>
> ldap_passwd=#password#
>
> ldap_search_base=DC=mydomain,DC=de
>
>
>
> ldap_search_query=(userPrincipalName=%s)
>
>
>
> ldap_search_scope=SUBTREE
>
>
>
> ldap_auth_type=SEARCHANDBIND
>
>
>
> ldap_userdn_format=userPrincipalName=%s,CN=Users,DC=mydomain,DC=de
>
>
>
> ldap_provisionning=AUTOCREATE
>
>
>
> ldap_deref_mode=always
>
>
>
> ldap_use_admin_to_get_attrs=true
>
> ldap_sync_password_to_om=true
>
>
>
> ldap_group_mode=NONE
>
>
>
> ldap_group_query=(&(memberUid=%s)(objectClass=posixGroup))
>
>
>
> # Ldap user attributes mapping
>
> # Set the following internal OM user attributes to their corresponding
> Ldap-attribute
>
> ldap_user_attr_login=sAMAccountName
>
> ldap_user_attr_lastname=sn
>
> ldap_user_attr_firstname=givenName
>
> ldap_user_attr_mail=mail
>
> ldap_user_attr_street=streetAddress
>
> ldap_user_attr_additionalname=description
>
> ldap_user_attr_fax=facsimileTelephoneNumber
>
> ldap_user_attr_zip=postalCode
>
> ldap_user_attr_country=c
>
> ldap_user_attr_town=l
>
> ldap_user_attr_phone=telephoneNumber
>
>
>
> ldap_group_attr=memberOf
>
>
>
>
>
> ldap_use_lower_case=false
>
>
>
> # Ldap import query, this query should retrieve all LDAP users
>
> ldap_import_query=(objectClass=inetOrgPerson)
>
>
>
> Dortmund is not far away…
>
>
>
> Regards
>
>
>
> Gerald
>
>
>
> *Von:* Mathias Kocks [mailto:kocks@labmed.de]
> *Gesendet:* Mittwoch, 15. April 2020 14:06
> *An:* user@openmeetings.apache.org
> *Betreff:* Can not use LDAP-Sync with Microsoft Active Directory
>
>
>
> Hello,
>
> i am new to this project and a have a problem with the LDAP-Sync. I even
> can not find any good documentations...
>
>
>
> My problem is, that slapd does not find any user in my AD. I am not even
> shure, if it is searching for real. I found in the mailing list archive
> some example configs, but they does not work for me.
>
> I found this one:
>
>
>
> #LDAP URL
>
> ldap_conn_host=LDAP_server.Company.com
>
> ldap_conn_port=636
>
> ldap_conn_secure=true
>
>
>
> # Login distinguished name (DN) for Authentication on LDAP Server
>
> # Use full qualified LDAP DN
>
> ldap_admin_dn=CN=ldapauth,OU=Users,DC=Company,DC=com
>
>
>
> # Loginpass for Authentication on LDAP Server
>
> ldap_passwd=ldapauthpasswd
>
>
>
> # base to search for userdata(of user, that wants to login)
>
> ldap_search_base=OU=Users,DC=Company,DC=com
>
> #ldap_search_base=DC=Company,DC=com
>
>
>
> # Fieldnames (can differ between Ldap servers)
>
>
> ldap_search_query=(&(objectCategory=person)(objectClass=person)(sAMAccountName=%1$s))
>
> #ldap_search_query=(sAMAccountName=%s)
>
> #ldap_search_query=(CN=%s)
>
>
>
> # the scope of the search might be: OBJECT, ONELEVEL, SUBTREE
>
> ldap_search_scope=SUBTREE
>
>
>
> # Ldap auth type(NONE, SEARCHANDBIND, SIMPLEBIND)
>
> ldap_auth_type=SEARCHANDBIND
>
>
>
> # userDN format, will be used to bind if ldap_auth_type=SIMPLEBIND
>
> ldap_userdn_format=sAMAccountName=%s,OU=Users,DC=beuth-hochschule.de
> ,DC=com
>
> #ldap_userdn_format=sAMAccountName=%s,DC=Company,DC=com
>
> #ldap_userdn_format=CN=%s,OU=Users,DC=Company,DC=com
>
> #ldap_userdn_format=CN=%s,DC=Company,DC=com
>
>
>
> # Ldap-password synchronization to OM DB
>
> ldap_sync_password_to_om=false
>
>
>
> # Ldap user attributes mapping
>
> # Set the following internal OM user attributes to their corresponding
>
> Ldap-attribute
>
> ldap_user_attr_lastname=sn
>
>
>
> But even after i changed it to my AD and tried several changes, no users
> were found.
>
>
>
> My actual config:
>
>
>
> ldap_server_type=AD
>
> ldap_conn_host=dc2.labmed.de
>
> ldap_conn_port=389
>
> ldap_conn_secure=false
>
> ldap_admin_dn=CN=Administrator,CN=Users,DC=labmed,DC=de
>
> ldap_passwd=SuperSecretPassword
>
> ldap_search_base=OU=labmed,DC=labmed,DC=de
>
> #ldap_search_query=(&(objectCategory=*)(objectClass=*)(sAMAccountName=%s))
>
> ldap_search_query=(sAMAccountName=%s)
>
> ldap_search_scope= SUBTREE
>
> ldap_auth_type=SEARCHANDBIND
>
> ldap_deref_mode=never
>
> ldap_userdn_format=sAMAccountName=%s,DC=labmed,DC=de
>
> ldap_provisionning=NONE
>
> ldap_use_admin_to_get_attrs=true
>
> ldap_sync_password_to_om=false
>
> ldap_sync_attr_lastname=sn
>
> ldap_user_attr_firstname=givenName
>
> ldap_user_attr_mail=mail
>
> ldap_user_attr_street=streetAddress
>
> ldap_user_attr_additionalname=description
>
> ldap_user_attr_fax=facsimileTelephoneNumber
>
> ldap_user_attr_zip=postalCode
>
> ldap_user_attr_country=co
>
> ldap_user_attr_town=l
>
> ldap_user_attr_phone=telephoneNumber
>
> ldap_use_lower_case=false
>
>
>
>
>
> It is the second day by now were i am bursting by happyness....
>
>
>
>
>
>
>
> Mit freundlichen Grüßen
>
>
>
> *Mathias Kocks*
>
> *Teamleitung IT-Infrastruktur*
>
> *Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)*
>
>
>
> Überörtliche Berufsausübungsgemeinschaft
>
> *Medizinisches Versorgungszentrum*
>
> *Dr. Eberhard & Partner Dortmund*
>
> MVZ-Haus 3: Balkenstr. 12-14
>
> 44137 Dortmund, Germany
>
>
>
> Tel.: +49 231 9572 7158
>
> Fax.: +49 231 9572 18 159
>
> E-Mail: kocks@labmed.de
>
> Web: https://www.labmed.de
>
>
>
--
Best regards,
Maxim
AW: Can not use LDAP-Sync with Microsoft Active Directory
Posted by "Rohrbach, Gerald" <G....@funkegruppe.de>.
This is working....
I would not use an DomainAdmin account for query. It can be a simple restricted user...
Maxim pointed already to a link, the debug mode is helpful...
ldap_conn_host=DESVR-AD01.mydomain.de
ldap_conn_port=389
ldap_conn_secure=false
ldap_admin_dn=CN=ldapopenmeetings,OU=Users-Service-Accounts,DC=mydomain,DC=de
ldap_passwd=#password#
ldap_search_base=DC=mydomain,DC=de
ldap_search_query=(userPrincipalName=%s)
ldap_search_scope=SUBTREE
ldap_auth_type=SEARCHANDBIND
ldap_userdn_format=userPrincipalName=%s,CN=Users,DC=mydomain,DC=de
ldap_provisionning=AUTOCREATE
ldap_deref_mode=always
ldap_use_admin_to_get_attrs=true
ldap_sync_password_to_om=true
ldap_group_mode=NONE
ldap_group_query=(&(memberUid=%s)(objectClass=posixGroup))
# Ldap user attributes mapping
# Set the following internal OM user attributes to their corresponding Ldap-attribute
ldap_user_attr_login=sAMAccountName
ldap_user_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=streetAddress
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=c
ldap_user_attr_town=l
ldap_user_attr_phone=telephoneNumber
ldap_group_attr=memberOf
ldap_use_lower_case=false
# Ldap import query, this query should retrieve all LDAP users
ldap_import_query=(objectClass=inetOrgPerson)
Dortmund is not far away...
Regards
Gerald
Von: Mathias Kocks [mailto:kocks@labmed.de]
Gesendet: Mittwoch, 15. April 2020 14:06
An: user@openmeetings.apache.org
Betreff: Can not use LDAP-Sync with Microsoft Active Directory
Hello,
i am new to this project and a have a problem with the LDAP-Sync. I even can not find any good documentations...
My problem is, that slapd does not find any user in my AD. I am not even shure, if it is searching for real. I found in the mailing list archive some example configs, but they does not work for me.
I found this one:
#LDAP URL
ldap_conn_host=LDAP_server.Company.com
ldap_conn_port=636
ldap_conn_secure=true
# Login distinguished name (DN) for Authentication on LDAP Server
# Use full qualified LDAP DN
ldap_admin_dn=CN=ldapauth,OU=Users,DC=Company,DC=com
# Loginpass for Authentication on LDAP Server
ldap_passwd=ldapauthpasswd
# base to search for userdata(of user, that wants to login)
ldap_search_base=OU=Users,DC=Company,DC=com
#ldap_search_base=DC=Company,DC=com
# Fieldnames (can differ between Ldap servers)
ldap_search_query=(&(objectCategory=person)(objectClass=person)(sAMAccountName=%1$s))
#ldap_search_query=(sAMAccountName=%s)
#ldap_search_query=(CN=%s)
# the scope of the search might be: OBJECT, ONELEVEL, SUBTREE
ldap_search_scope=SUBTREE
# Ldap auth type(NONE, SEARCHANDBIND, SIMPLEBIND)
ldap_auth_type=SEARCHANDBIND
# userDN format, will be used to bind if ldap_auth_type=SIMPLEBIND
ldap_userdn_format=sAMAccountName=%s,OU=Users,DC=beuth-hochschule.de,DC=com
#ldap_userdn_format=sAMAccountName=%s,DC=Company,DC=com
#ldap_userdn_format=CN=%s,OU=Users,DC=Company,DC=com
#ldap_userdn_format=CN=%s,DC=Company,DC=com
# Ldap-password synchronization to OM DB
ldap_sync_password_to_om=false
# Ldap user attributes mapping
# Set the following internal OM user attributes to their corresponding
Ldap-attribute
ldap_user_attr_lastname=sn
But even after i changed it to my AD and tried several changes, no users were found.
My actual config:
ldap_server_type=AD
ldap_conn_host=dc2.labmed.de
ldap_conn_port=389
ldap_conn_secure=false
ldap_admin_dn=CN=Administrator,CN=Users,DC=labmed,DC=de
ldap_passwd=SuperSecretPassword
ldap_search_base=OU=labmed,DC=labmed,DC=de
#ldap_search_query=(&(objectCategory=*)(objectClass=*)(sAMAccountName=%s))
ldap_search_query=(sAMAccountName=%s)
ldap_search_scope= SUBTREE
ldap_auth_type=SEARCHANDBIND
ldap_deref_mode=never
ldap_userdn_format=sAMAccountName=%s,DC=labmed,DC=de
ldap_provisionning=NONE
ldap_use_admin_to_get_attrs=true
ldap_sync_password_to_om=false
ldap_sync_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=streetAddress
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=co
ldap_user_attr_town=l
ldap_user_attr_phone=telephoneNumber
ldap_use_lower_case=false
It is the second day by now were i am bursting by happyness....
Mit freundlichen Grüßen
Mathias Kocks
Teamleitung IT-Infrastruktur
Zertifizierter Information Security Officer ISO 27001 (TÜV Süd)
Überörtliche Berufsausübungsgemeinschaft
Medizinisches Versorgungszentrum
Dr. Eberhard & Partner Dortmund
MVZ-Haus 3: Balkenstr. 12-14
44137 Dortmund, Germany
Tel.: +49 231 9572 7158
Fax.: +49 231 9572 18 159
E-Mail: kocks@labmed.de<ma...@labmed.de>
Web: https://www.labmed.de<https://www.labmed.de/>