You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@openmeetings.apache.org by "YUUNI, OSAY OSMAN" <O....@AFDB.ORG> on 2013/09/18 18:33:11 UTC
AD Integration Issue
Hi all,
I'm having a peculiar problem with my LDAP integration. I'm integrating with AD and this seems to work but when a user logs in she/he is greeted with "Your account is assigned with multiple usergroups. Please choose one for this session" then a drop down box. The drop down box is empty. When they continue it displays a blank page. I'm not sure where the issue is. I have not assigned any user to any group since they're authenticating through AD.
Here's the relevant snippet of the log:
DEBUG 09-18 18:18:36.257 o.a.o.q.s.MeetingReminderJob:34 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-5] - MeetingReminderJob.execute
DEBUG 09-18 18:18:36.269 o.a.o.d.c.d.AppointmentDao:929 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-5] - startStamp 2013-09-18 18:18:36.269
DEBUG 09-18 18:18:36.271 o.a.o.d.c.d.AppointmentDao:930 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-5] - stopStamp 2013-09-18 18:33:36.269
DEBUG 09-18 18:18:36.280 o.a.o.d.c.m.AppointmentLogic:423 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-5] - doScheduledMeetingReminder : no Appointments in range
WARN 09-18 18:19:09.425 o.a.o.r.MainService:307 [NioProcessor-6] - loginUser: 72e9df24631c6af8bdcc071699217419 yos2653
DEBUG 09-18 18:19:09.426 o.a.o.r.MainService:318 [NioProcessor-6] - Ldap Login
DEBUG 09-18 18:19:09.450 o.a.o.l.LdapLoginManagement:245 [NioProcessor-6] - LdapLoginmanagement.doLdapLogin
DEBUG 09-18 18:19:09.451 o.a.o.l.LdapLoginManagement:209 [NioProcessor-6] - LdapLoginmanagement.getLdapConfigData
DEBUG 09-18 18:19:09.452 o.a.o.l.LdapLoginManagement:222 [NioProcessor-6] - LdapLoginmanagement.readConfig : /usr/lib/red52/webapps/openmeetings/conf/om_ldap.cfg
DEBUG 09-18 18:19:09.454 o.a.o.l.LdapLoginManagement:149 [NioProcessor-6] - isValidAuthType
DEBUG 09-18 18:19:09.455 o.a.o.l.LdapLoginManagement:381 [NioProcessor-6] - Searching userdata with LDAP Search Filter :(userPrincipalName =yos2653)
DEBUG 09-18 18:19:09.456 o.a.o.l.LdapAuthBase:84 [NioProcessor-6] - LdapAuthBase
DEBUG 09-18 18:19:09.457 o.a.o.l.LdapLoginManagement:390 [NioProcessor-6] - authenticating admin...
DEBUG 09-18 18:19:09.458 o.a.o.l.LdapAuthBase:101 [NioProcessor-6] - authenticateUser
ERROR 09-18 18:19:09.463 o.a.o.r.MainService:393 [NioProcessor-6] - loginUser :
java.lang.NullPointerException: null
at java.util.Hashtable.put(Hashtable.java:394) ~[na:1.6.0_45]
at org.apache.openmeetings.ldap.LdapAuthBase.authenticateUser(LdapAuthBase.java:109) ~[openmeetings-2.1.1-RELEASE.jar:na]
at org.apache.openmeetings.ldap.LdapLoginManagement.doLdapLogin(LdapLoginManagement.java:391) ~[openmeetings-2.1.1-RELEASE.jar:na]
at org.apache.openmeetings.remote.MainService.loginUser(MainService.java:333) ~[openmeetings-2.1.1-RELEASE.jar:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.6.0_45]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) ~[na:1.6.0_45]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) ~[na:1.6.0_45]
at java.lang.reflect.Method.invoke(Method.java:597) ~[na:1.6.0_45]
at org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:196) [red5.jar:na]
at org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:115) [red5.jar:na]
at org.red5.server.net.rtmp.RTMPHandler.invokeCall(RTMPHandler.java:157) [red5.jar:na]
at org.red5.server.net.rtmp.RTMPHandler.onInvoke(RTMPHandler.java:399) [red5.jar:na]
at org.red5.server.net.rtmp.BaseRTMPHandler.messageReceived(BaseRTMPHandler.java:130) [red5.jar:na]
at org.red5.server.net.rtmp.RTMPMinaIoHandler.messageReceived(RTMPMinaIoHandler.java:164) [red5.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:716) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796) [mina-core-2.0.4.jar:na]
at org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:427) [mina-core-2.0.4.jar:na]
at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:245) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796) [mina-core-2.0.4.jar:na]
at org.red5.server.net.rtmpe.RTMPEIoFilter.messageReceived(RTMPEIoFilter.java:124) [red5.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:426) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:715) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:668) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:657) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPollingIoProcessor.java:68) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1141) [mina-core-2.0.4.jar:na]
at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64) [mina-core-2.0.4.jar:na]
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:895) [na:1.6.0_45]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:918) [na:1.6.0_45]
at java.lang.Thread.run(Thread.java:662) [na:1.6.0_45]
DEBUG 09-18 18:20:11.267 o.a.o.q.s.TestSetupCleanupJob:34 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-6] - TestSetupClearJob.execute
DEBUG 09-18 18:20:11.327 o.a.o.u.m.MailHandler:241 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-7] - sendMails enter ...
DEBUG 09-18 18:20:11.335 o.a.o.u.m.MailHandler:247 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-7] - ... sendMails done.
DEBUG 09-18 18:20:16.247 o.a.o.d.b.SessiondataDao:410 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-8] - ****** clearSessionTable:
DEBUG 09-18 18:20:16.257 o.a.o.d.b.SessiondataDao:414 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-8] - clearSessionTable: 2
DEBUG 09-18 18:20:16.258 o.a.o.q.s.MeetingReminderJob:34 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-9] - MeetingReminderJob.execute
DEBUG 09-18 18:20:16.270 o.a.o.d.c.d.AppointmentDao:929 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-9] - startStamp 2013-09-18 18:20:16.269
DEBUG 09-18 18:20:16.271 o.a.o.d.c.d.AppointmentDao:930 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-9] - stopStamp 2013-09-18 18:35:16.269
DEBUG 09-18 18:20:16.281 o.a.o.d.c.m.AppointmentLogic:423 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-9] - doScheduledMeetingReminder : no Appointments in range
DEBUG 09-18 18:20:45.167 o.a.o.d.b.SessiondataDao:242 [NioProcessor-6] - updateUserOrg User: null || 72e9df24631c6af8bdcc071699217419
Anyone with any ideas?
==== om_ldap.cfg =====
# This parameter specifies the type of LDAP server your are defining
#
# Supported values are "OpenLDAP" and "AD" for Active Directory (defaults to AD).
ldap_server_type=AD
#LDAP URL
# This is the URL used to access your LDAP server.
# can be a simple URL like:
# ldap_conn_url=ldap://myldap.myorg.com
# or a list of simple URL separated by a space as in:
# ldap_conn_url=ldap://myldap.myorg.com ldap://myldap2.myorg.com
# if you want to use "ldaps://" links, please be aware that you need to import your CA certificate
# to a java keystore and add the -Djavax.net.ssl.keyStore, -Djavax.net.ssl.keyStorePassword,
# -Djavax.net.ssl.trustStore and -Djavax.net.ssl.trustStorePassword parameters to your
# JAVA_OPT environment
ldap_conn_url=ldap://dc1.afdb.local:389
#Login distinguished name (DN) for Authentification on LDAP Server - keep emtpy if not requiered
# Use DN with with ":" instead of "=". The conversion will be done in OM
ldap_admin_dn=afdb\otrs
#Loginpass for Authentification on LDAP Server - keep emtpy if not requiered
#ldap_passwd=myownpasswd
#base to search for userdata(of user, that wants to login)
# Use DN with with ":" instead of "=". The conversion will be done in OM
ldap_search_base=OU:SARC,OU:AFDB_Field_Offices,DC:afdb,DC:local
# Fieldnames (can differ between Ldap servers)
field_user_principal=userPrincipalName
# Ldap auth type(SIMPLE,NONE)
# When using SIMPLE a simple bind is performed on the LDAP server to check user authentication
# When using NONE, the Ldap server is not used for authentication
ldap_auth_type=SIMPLE
# Ldap-password synchronization to OM DB
# Set this to 'yes' if you want OM to synchronize the user Ldap-password to OM's internal DB
# This enables local login of users if the ldap server is offline.
# If you want to disable the feature, set this to 'no'.
# Defautl value is 'yes'
ldap_sync_password_to_om=no
# Ldap user attributes mapping
# Set the following internal OM user attributes to their corresponding Ldap-attribute
ldap_user_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=streetAddress
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=co
ldap_user_attr_town=l
ldap_user_attr_phone=telephoneNumber
# optional, only absolute URLs make sense
#ldap_user_picture_uri=picture_uri
# optional
# the timezone has to mach an entry in the OpenMeetings table "omtimezones" otherwise the user will get
# the timezone defined in the value of the conf_key "default.timezone" in OpenMeetings "configurations" table
#ldap_user_timezone=timezone
# Ldap ignore upper/lower case, convert all input to lower case
ldap_use_lower_case=false
RE: AD Integration Issue
Posted by Maxim Solodovnik <so...@gmail.com>.
To ensure this is the issue you can:
1) add the code print the password (currently is not being printed for
security)
2) hardcode you password to ensure it is what you need
not sure what else :(
On Sep 20, 2013 6:44 PM, "YUUNI, OSAY OSMAN" <O....@afdb.org> wrote:
> Thanks Maxim. We try the same. I’ve also used ldapsearch from the
> Linux server and this is what I observed. The password of the Admin user
> contains a special character (PutMe%0K). When I don’t escape it in the
> ldapsearch I get an error of invalid credentials. However when I escape
> the character the search succeeds. This leads me to think that there might
> be an issue of how OM presents the password to AD. Unfortunately the
> security policy requires that a special character is included. See below*
> ***
>
> ** **
>
> SUCCESS****
>
> ** **
>
> root@omeetings:/usr/lib/red52/webapps/openmeetings/conf#
> /usr/bin/ldapsearch -h dc1.afdb.local -D "cn=Open
> Meetings,dc=afdb,dc=local" -w "PutMe\%0K" "cn=Osay Osman
> Yuuni,dc=afdb,dc=local"****
>
> # extended LDIF****
>
> #****
>
> # LDAPv3****
>
> # base <dc=afdb,dc=local> (default) with scope subtree****
>
> # filter: cn=Osay Osman Yuuni,dc=afdb,dc=local****
>
> # requesting: ALL****
>
> #****
>
> ** **
>
> # search reference****
>
> ref: ldap://DomainDnsZones.afdb.local/DC=DomainDnsZones,DC=afdb,DC=local**
> **
>
> ** **
>
> # search reference****
>
> ref: ldap://ForestDnsZones.afdb.local/DC=ForestDnsZones,DC=afdb,DC=local**
> **
>
> ** **
>
> # search reference****
>
> ref: ldap://afdb.local/CN=Configuration,DC=afdb,DC=local****
>
> ** **
>
> # search result****
>
> search: 2****
>
> result: 0 Success****
>
> ** **
>
> # numResponses: 4****
>
> # numReferences: 3****
>
> ** **
>
> FAILURE ****
>
> root@omeetings:/usr/lib/red52/webapps/openmeetings/conf#
> /usr/bin/ldapsearch -h dc1.afdb.local -D "cn=Open
> Meetings,dc=afdb,dc=local" -w PutMe%0K "cn=Osay Osman
> Yuuni,dc=afdb,dc=local"****
>
> ldap_bind: Invalid credentials (49)****
>
> additional info: 80090308: LdapErr: DSID-0C0903A9, comment:
> AcceptSecurityContext error, data 52e, v1db1****
>
> root@omeetings:/usr/lib/red52/webapps/openmeetings/conf#****
>
> ** **
>
> Cheers,****
>
> ** **
>
> Osay****
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* 20 September 2013 12:39 PM
> *To:* Openmeetings user-list
> *Cc:* Alexei Fedotov
> *Subject:* Re: AD Integration Issue****
>
> ** **
>
> Could you also try this this tool:
> http://technet.microsoft.com/en-us/sysinternals/bb963907****
>
> maybe it will shed some light ....****
>
> ** **
>
> Alternatively it might be good to use some PHP tool to check.****
>
> ** **
>
> I was able to set up integration with OpenLDAP in 10 minutes ...****
>
> Not sure what else can you try :(****
>
> ** **
>
> On Fri, Sep 20, 2013 at 4:58 PM, YUUNI, OSAY OSMAN <O....@afdb.org>
> wrote:****
>
> In trying to resolve this issue I also used Ldp.exe from MS Windows 2008
> server. When I trying binding with the ldap_admin_dn=CN=Open
> Meetings,CN=Users,DC=AFDB,DC=LOCAL (note this is on Windows so no : in
> place of =), I get a successful bind like so:****
>
> ****
>
> -----------****
>
> res = ldap_simple_bind_s(ld, 'cn=Open Meetings,DC=AFDB,DC=LOCAL',
> <unavailable>); // v.3****
>
> Authenticated as: 'AFDB\omeet'.****
>
> -----------****
>
> ****
>
> But with the same setting in om_ldap.cfg I get an invalid credentials
> error. Really weird this!****
>
> ****
>
> Osay****
>
> ****
>
> ****
>
> ****
>
> ****
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* 20 September 2013 05:58 AM
> *To:* Openmeetings user-list
> *Cc:* Alexei Fedotov
> *Subject:* Re: AD Integration Issue****
>
> ****
>
> I'm not LDAP expert :(****
>
> but maybe you need to specify admin user in different way?****
>
> ****
>
> for ex here https://code.google.com/p/openmeetings/wiki/LdapADSINTegration
> ****
>
> ldap_admin_dn is specified as****
>
> *ldap_admin_dn=CN:openmeetings,OU:openmeetings,OU:All
> Users,DC:MYTEST,DC:NET,DC:BR*****
>
> instead of****
>
> *ldap_admin_dn=afdb\otrs*****
>
> ****
>
> ****
>
> On Thu, Sep 19, 2013 at 6:08 PM, YUUNI, OSAY OSMAN <O....@afdb.org>
> wrote:****
>
> Hi all,****
>
> I noted that the error was misleading. The actual problem is with the
> authentication of the admin AD bind user. From my config I inadvertently
> commented out the password for the admin login. I corrected this and I’m
> now getting invalid password. The log seems to point to the same admin
> user. I’ve tried using domain\user as suggested elsewhere by Jason but I
> get same error when I try authenticating.****
>
> ****
>
> Snippets of the relevant log below:****
>
> ****
>
> === openmeetings.log ===****
>
> WARN 09-19 13:06:26.889 o.a.o.r.MainService:307 [NioProcessor-7] -
> loginUser: 25dfde1ef6e6b2bdec024ec6a7937f06 yos2653****
>
> DEBUG 09-19 13:06:26.890 o.a.o.r.MainService:318 [NioProcessor-7] - Ldap
> Login****
>
> DEBUG 09-19 13:06:26.920 o.a.o.l.LdapLoginManagement:245 [NioProcessor-7]
> - LdapLoginmanagement.doLdapLogin****
>
> DEBUG 09-19 13:06:26.922 o.a.o.l.LdapLoginManagement:209 [NioProcessor-7]
> - LdapLoginmanagement.getLdapConfigData****
>
> DEBUG 09-19 13:06:26.923 o.a.o.l.LdapLoginManagement:222 [NioProcessor-7]
> - LdapLoginmanagement.readConfig :
> /usr/lib/red52/webapps/openmeetings/conf/om_ldap.cfg****
>
> DEBUG 09-19 13:06:26.925 o.a.o.l.LdapLoginManagement:149 [NioProcessor-7]
> - isValidAuthType****
>
> DEBUG 09-19 13:06:26.926 o.a.o.l.LdapLoginManagement:381 [NioProcessor-7]
> - Searching userdata with LDAP Search Filter :(userPrincipalName =yos2653)
> ****
>
> DEBUG 09-19 13:06:26.927 o.a.o.l.LdapAuthBase:84 [NioProcessor-7] -
> LdapAuthBase****
>
> DEBUG 09-19 13:06:26.928 o.a.o.l.LdapLoginManagement:390 [NioProcessor-7]
> - authenticating admin...****
>
> DEBUG 09-19 13:06:26.929 o.a.o.l.LdapAuthBase:101 [NioProcessor-7] -
> authenticateUser****
>
> DEBUG 09-19 13:06:26.931 o.a.o.l.LdapAuthBase:117 [NioProcessor-7] -****
>
> ****
>
> Authentification to LDAP - Server start****
>
> DEBUG 09-19 13:06:26.932 o.a.o.l.LdapAuthBase:151 [NioProcessor-7] -
> loginToLdapServer****
>
> DEBUG 09-19 13:06:26.945 o.a.o.l.LdapLoginManagement:393 [NioProcessor-7]
> - Checking server type...****
>
> DEBUG 09-19 13:06:26.947 o.a.o.l.LdapAuthBase:101 [NioProcessor-7] -
> authenticateUser****
>
> DEBUG 09-19 13:06:26.947 o.a.o.l.LdapAuthBase:117 [NioProcessor-7] -****
>
> ****
>
> Authentification to LDAP - Server start****
>
> DEBUG 09-19 13:06:26.948 o.a.o.l.LdapAuthBase:151 [NioProcessor-7] -
> loginToLdapServer****
>
> ERROR 09-19 13:06:26.958 o.a.o.l.LdapAuthBase:123 [NioProcessor-7] -****
>
> ****
>
> Authentification on LDAP Server failed : [LDAP: error code 49 - 80090308:
> LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e,
> v1db1]****
>
> ERROR 09-19 13:06:26.964 o.a.o.l.LdapAuthBase:124 [NioProcessor-7] -
> [Authentification on LDAP Server failed]****
>
> javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308:
> LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e,
> v1db1]****
>
> at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3067)
> ~[na:1.6.0_45]****
>
> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013)
> ~[na:1.6.0_45]****
>
> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2815)
> ~[na:1.6.0_45]****
>
> at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2729)
> ~[na:1.6.0_45]****
>
> at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296)
> ~[na:1.6.0_45]****
>
> at
> com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
> ~[na:1.6.0_45]****
>
> at
> com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
> ~[na:1.6.0_45]****
>
> at
> com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
> ~[na:1.6.0_45]****
>
> at
> com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
> ~[na:1.6.0_45]****
>
> at
> javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
> ~[na:1.6.0_45]****
>
> at
> javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
> ~[na:1.6.0_45]****
>
> at javax.naming.InitialContext.init(InitialContext.java:223)
> ~[na:1.6.0_45]****
>
> at javax.naming.InitialContext.<init>(InitialContext.java:197)
> ~[na:1.6.0_45]****
>
> at
> javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
> ~[na:1.6.0_45]****
>
> at
> org.apache.openmeetings.ldap.LdapAuthBase.authenticateUser(LdapAuthBase.java:121)
> ~[openmeetings-2.1.1-RELEASE.jar:na]****
>
> at
> org.apache.openmeetings.ldap.LdapLoginManagement.doLdapLogin(LdapLoginManagement.java:416)
> [openmeetings-2.1.1-RELEASE.jar:na]****
>
> at
> org.apache.openmeetings.remote.MainService.loginUser(MainService.java:333)
> [openmeetings-2.1.1-RELEASE.jar:na]****
>
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> ~[na:1.6.0_45]****
>
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> ~[na:1.6.0_45]****
>
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> ~[na:1.6.0_45]****
>
> at java.lang.reflect.Method.invoke(Method.java:597) ~[na:1.6.0_45]
> ****
>
> at
> org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:196)
> [red5.jar:na]****
>
> at
> org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:115)
> [red5.jar:na]****
>
> at
> org.red5.server.net.rtmp.RTMPHandler.invokeCall(RTMPHandler.java:157)
> [red5.jar:na]****
>
> at
> org.red5.server.net.rtmp.RTMPHandler.onInvoke(RTMPHandler.java:399)
> [red5.jar:na]****
>
> at
> org.red5.server.net.rtmp.BaseRTMPHandler.messageReceived(BaseRTMPHandler.java:130)
> [red5.jar:na]****
>
> at
> org.red5.server.net.rtmp.RTMPMinaIoHandler.messageReceived(RTMPMinaIoHandler.java:164)
> [red5.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:716)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:427)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:245)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.red5.server.net.rtmpe.RTMPEIoFilter.messageReceived(RTMPEIoFilter.java:124)
> [red5.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:426)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:715)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:668)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:657)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPollingIoProcessor.java:68)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1141)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
> [mina-core-2.0.4.jar:na]****
>
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:895)
> [na:1.6.0_45]****
>
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:918)
> [na:1.6.0_45]****
>
> ****
>
> *From:* Alexei Fedotov [mailto:alexei.fedotov@gmail.com]
> *Sent:* 19 September 2013 11:43 AM
> *To:* YUUNI, OSAY OSMAN; user@openmeetings.apache.org****
>
>
> *Subject:* Re: AD Integration Issue****
>
> ****
>
> Does things work if you manually assign the group for the user?****
>
> 18.09.2013 21:24 пользователь "YUUNI, OSAY OSMAN" <O....@afdb.org>
> написал:****
>
> Does this mean OM (2.1.1) is not passing the password? BTW this is against
> AD 2008 R2.****
>
> ****
>
> ****
>
> ****
>
> ****
>
> Sent from Samsung tablet****
>
>
>
>
> -------- Original message --------
> From: Maxim Solodovnik <so...@gmail.com>
> Date: 18/09/2013 7:20 PM (GMT+02:00)
> To: Openmeetings user-list <us...@openmeetings.apache.org>
> Subject: Re: AD Integration Issue ****
>
> It seems like password is null somehow (according to the code)****
>
> ****
>
> On Wed, Sep 18, 2013 at 11:33 PM, YUUNI, OSAY OSMAN <O....@afdb.org>
> wrote:****
>
> Hi all,****
>
> ****
>
> I’m having a peculiar problem with my LDAP integration. I’m integrating
> with AD and this seems to work but when a user logs in she/he is greeted
> with “Your account is assigned with multiple usergroups. Please choose one
> for this session” then a drop down box. The drop down box is empty. When
> they continue it displays a blank page. I’m not sure where the issue is. I
> have not assigned any user to any group since they’re authenticating
> through AD.****
>
> ****
>
> Here’s the relevant snippet of the log:****
>
> ****
>
> DEBUG 09-18 18:18:36.257 o.a.o.q.s.MeetingReminderJob:34
> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-5] -
> MeetingReminderJob.execute****
>
> DEBUG 09-18 18:18:36.269 o.a.o.d.c.d.AppointmentDao:929
> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-5] -
> startStamp 2013-09-18 18:18:36.269****
>
> DEBUG 09-18 18:18:36.271 o.a.o.d.c.d.AppointmentDao:930
> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-5] -
> stopStamp 2013-09-18 18:33:36.269****
>
> DEBUG 09-18 18:18:36.280 o.a.o.d.c.m.AppointmentLogic:423
> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-5] -
> doScheduledMeetingReminder : no Appointments in range****
>
> WARN 09-18 18:19:09.425 o.a.o.r.MainService:307 [NioProcessor-6] -
> loginUser: 72e9df24631c6af8bdcc071699217419 yos2653****
>
> DEBUG 09-18 18:19:09.426 o.a.o.r.MainService:318 [NioProcessor-6] - Ldap
> Login****
>
> DEBUG 09-18 18:19:09.450 o.a.o.l.LdapLoginManagement:245 [NioProcessor-6]
> - LdapLoginmanagement.doLdapLogin****
>
> DEBUG 09-18 18:19:09.451 o.a.o.l.LdapLoginManagement:209 [NioProcessor-6]
> - LdapLoginmanagement.getLdapConfigData****
>
> DEBUG 09-18 18:19:09.452 o.a.o.l.LdapLoginManagement:222 [NioProcessor-6]
> - LdapLoginmanagement.readConfig :
> /usr/lib/red52/webapps/openmeetings/conf/om_ldap.cfg****
>
> DEBUG 09-18 18:19:09.454 o.a.o.l.LdapLoginManagement:149 [NioProcessor-6]
> - isValidAuthType****
>
> DEBUG 09-18 18:19:09.455 o.a.o.l.LdapLoginManagement:381 [NioProcessor-6]
> - Searching userdata with LDAP Search Filter :(userPrincipalName =yos2653)
> ****
>
> DEBUG 09-18 18:19:09.456 o.a.o.l.LdapAuthBase:84 [NioProcessor-6] -
> LdapAuthBase****
>
> DEBUG 09-18 18:19:09.457 o.a.o.l.LdapLoginManagement:390 [NioProcessor-6]
> - authenticating admin...****
>
> DEBUG 09-18 18:19:09.458 o.a.o.l.LdapAuthBase:101 [NioProcessor-6] -
> authenticateUser****
>
> ERROR 09-18 18:19:09.463 o.a.o.r.MainService:393 [NioProcessor-6] -
> loginUser :****
>
> java.lang.NullPointerException: null****
>
> at java.util.Hashtable.put(Hashtable.java:394) ~[na:1.6.0_45]****
>
> at
> org.apache.openmeetings.ldap.LdapAuthBase.authenticateUser(LdapAuthBase.java:109)
> ~[openmeetings-2.1.1-RELEASE.jar:na]****
>
> at
> org.apache.openmeetings.ldap.LdapLoginManagement.doLdapLogin(LdapLoginManagement.java:391)
> ~[openmeetings-2.1.1-RELEASE.jar:na]****
>
> at
> org.apache.openmeetings.remote.MainService.loginUser(MainService.java:333)
> ~[openmeetings-2.1.1-RELEASE.jar:na]****
>
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> ~[na:1.6.0_45]****
>
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> ~[na:1.6.0_45]****
>
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> ~[na:1.6.0_45]****
>
> at java.lang.reflect.Method.invoke(Method.java:597) ~[na:1.6.0_45]
> ****
>
> at
> org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:196)
> [red5.jar:na]****
>
> at
> org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:115)
> [red5.jar:na]****
>
> at
> org.red5.server.net.rtmp.RTMPHandler.invokeCall(RTMPHandler.java:157)
> [red5.jar:na]****
>
> at
> org.red5.server.net.rtmp.RTMPHandler.onInvoke(RTMPHandler.java:399)
> [red5.jar:na]****
>
> at
> org.red5.server.net.rtmp.BaseRTMPHandler.messageReceived(BaseRTMPHandler.java:130)
> [red5.jar:na]****
>
> at
> org.red5.server.net.rtmp.RTMPMinaIoHandler.messageReceived(RTMPMinaIoHandler.java:164)
> [red5.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:716)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:427)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:245)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.red5.server.net.rtmpe.RTMPEIoFilter.messageReceived(RTMPEIoFilter.java:124)
> [red5.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:426)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:715)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:668)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:657)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPollingIoProcessor.java:68)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1141)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
> [mina-core-2.0.4.jar:na]****
>
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:895)
> [na:1.6.0_45]****
>
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:918)
> [na:1.6.0_45]****
>
> at java.lang.Thread.run(Thread.java:662) [na:1.6.0_45]****
>
> DEBUG 09-18 18:20:11.267 o.a.o.q.s.TestSetupCleanupJob:34
> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-6] -
> TestSetupClearJob.execute****
>
> DEBUG 09-18 18:20:11.327 o.a.o.u.m.MailHandler:241
> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-7] -
> sendMails enter ...****
>
> DEBUG 09-18 18:20:11.335 o.a.o.u.m.MailHandler:247
> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-7] -
> ... sendMails done.****
>
> DEBUG 09-18 18:20:16.247 o.a.o.d.b.SessiondataDao:410
> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-8] -
> ****** clearSessionTable:****
>
> DEBUG 09-18 18:20:16.257 o.a.o.d.b.SessiondataDao:414
> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-8] -
> clearSessionTable: 2****
>
> DEBUG 09-18 18:20:16.258 o.a.o.q.s.MeetingReminderJob:34
> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-9] -
> MeetingReminderJob.execute****
>
> DEBUG 09-18 18:20:16.270 o.a.o.d.c.d.AppointmentDao:929
> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-9] -
> startStamp 2013-09-18 18:20:16.269****
>
> DEBUG 09-18 18:20:16.271 o.a.o.d.c.d.AppointmentDao:930
> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-9] -
> stopStamp 2013-09-18 18:35:16.269****
>
> DEBUG 09-18 18:20:16.281 o.a.o.d.c.m.AppointmentLogic:423
> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-9] -
> doScheduledMeetingReminder : no Appointments in range****
>
> DEBUG 09-18 18:20:45.167 o.a.o.d.b.SessiondataDao:242 [NioProcessor-6] -
> updateUserOrg User: null || 72e9df24631c6af8bdcc071699217419****
>
> ****
>
> ****
>
> Anyone with any ideas?****
>
> ****
>
> ==== om_ldap.cfg =====****
>
> ****
>
> # This parameter specifies the type of LDAP server your are defining****
>
> #****
>
> # Supported values are "OpenLDAP" and "AD" for Active Directory (defaults
> to AD).****
>
> ldap_server_type=AD****
>
> ****
>
> #LDAP URL****
>
> # This is the URL used to access your LDAP server.****
>
> ****
>
> # can be a simple URL like:****
>
> # ldap_conn_url=ldap://myldap.myorg.com****
>
> # or a list of simple URL separated by a space as in:****
>
> # ldap_conn_url=ldap://myldap.myorg.com ldap://myldap2.myorg.com****
>
> # if you want to use "ldaps://" links, please be aware that you need to
> import your CA certificate****
>
> # to a java keystore and add the -Djavax.net.ssl.keyStore,
> -Djavax.net.ssl.keyStorePassword,****
>
> # -Djavax.net.ssl.trustStore and -Djavax.net.ssl.trustStorePassword
> parameters to your****
>
> # JAVA_OPT environment****
>
> ldap_conn_url=ldap://dc1.afdb.local:389****
>
> ****
>
> #Login distinguished name (DN) for Authentification on LDAP Server - keep
> emtpy if not requiered****
>
> # Use DN with with ":" instead of "=". The conversion will be done in OM**
> **
>
> ldap_admin_dn=afdb\otrs****
>
> ****
>
> #Loginpass for Authentification on LDAP Server - keep emtpy if not
> requiered****
>
> #ldap_passwd=myownpasswd****
>
> ****
>
> #base to search for userdata(of user, that wants to login)****
>
> # Use DN with with ":" instead of "=". The conversion will be done in OM**
> **
>
> ldap_search_base=OU:SARC,OU:AFDB_Field_Offices,DC:afdb,DC:local****
>
> ****
>
> # Fieldnames (can differ between Ldap servers)****
>
> field_user_principal=userPrincipalName****
>
> ****
>
> # Ldap auth type(SIMPLE,NONE)****
>
> # When using SIMPLE a simple bind is performed on the LDAP server to
> check user authentication****
>
> # When using NONE, the Ldap server is not used for authentication****
>
> ldap_auth_type=SIMPLE****
>
> ****
>
> # Ldap-password synchronization to OM DB****
>
> # Set this to 'yes' if you want OM to synchronize the user Ldap-password
> to OM's internal DB****
>
> # This enables local login of users if the ldap server is offline.****
>
> # If you want to disable the feature, set this to 'no'.****
>
> # Defautl value is 'yes'****
>
> ldap_sync_password_to_om=no****
>
> ****
>
> ****
>
> # Ldap user attributes mapping****
>
> # Set the following internal OM user attributes to their corresponding
> Ldap-attribute****
>
> ldap_user_attr_lastname=sn****
>
> ldap_user_attr_firstname=givenName****
>
> ldap_user_attr_mail=mail****
>
> ldap_user_attr_street=streetAddress****
>
> ldap_user_attr_additionalname=description****
>
> ldap_user_attr_fax=facsimileTelephoneNumber****
>
> ldap_user_attr_zip=postalCode****
>
> ldap_user_attr_country=co****
>
> ldap_user_attr_town=l****
>
> ldap_user_attr_phone=telephoneNumber****
>
> ****
>
> # optional, only absolute URLs make sense****
>
> #ldap_user_picture_uri=picture_uri****
>
> ****
>
> # optional****
>
> # the timezone has to mach an entry in the OpenMeetings table
> "omtimezones" otherwise the user will get****
>
> # the timezone defined in the value of the conf_key "default.timezone" in
> OpenMeetings "configurations" table****
>
> #ldap_user_timezone=timezone****
>
> ****
>
> # Ldap ignore upper/lower case, convert all input to lower case****
>
> ldap_use_lower_case=false****
>
>
>
> ****
>
> ****
>
> --
> WBR
> Maxim aka solomax ****
>
>
>
> ****
>
> ****
>
> --
> WBR
> Maxim aka solomax ****
>
>
>
> ****
>
> ** **
>
> --
> WBR
> Maxim aka solomax ****
>
RE: AD Integration Issue
Posted by "YUUNI, OSAY OSMAN" <O....@AFDB.ORG>.
Thanks Maxim. We try the same. I’ve also used ldapsearch from the Linux server and this is what I observed. The password of the Admin user contains a special character (PutMe%0K). When I don’t escape it in the ldapsearch I get an error of invalid credentials. However when I escape the character the search succeeds. This leads me to think that there might be an issue of how OM presents the password to AD. Unfortunately the security policy requires that a special character is included. See below
SUCCESS
root@omeetings:/usr/lib/red52/webapps/openmeetings/conf# /usr/bin/ldapsearch -h dc1.afdb.local -D "cn=Open Meetings,dc=afdb,dc=local" -w "PutMe\%0K" "cn=Osay Osman Yuuni,dc=afdb,dc=local"
# extended LDIF
#
# LDAPv3
# base <dc=afdb,dc=local> (default) with scope subtree
# filter: cn=Osay Osman Yuuni,dc=afdb,dc=local
# requesting: ALL
#
# search reference
ref: ldap://DomainDnsZones.afdb.local/DC=DomainDnsZones,DC=afdb,DC=local
# search reference
ref: ldap://ForestDnsZones.afdb.local/DC=ForestDnsZones,DC=afdb,DC=local
# search reference
ref: ldap://afdb.local/CN=Configuration,DC=afdb,DC=local
# search result
search: 2
result: 0 Success
# numResponses: 4
# numReferences: 3
FAILURE
root@omeetings:/usr/lib/red52/webapps/openmeetings/conf# /usr/bin/ldapsearch -h dc1.afdb.local -D "cn=Open Meetings,dc=afdb,dc=local" -w PutMe%0K "cn=Osay Osman Yuuni,dc=afdb,dc=local"
ldap_bind: Invalid credentials (49)
additional info: 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1
root@omeetings:/usr/lib/red52/webapps/openmeetings/conf#
Cheers,
Osay
From: Maxim Solodovnik [mailto:solomax666@gmail.com]
Sent: 20 September 2013 12:39 PM
To: Openmeetings user-list
Cc: Alexei Fedotov
Subject: Re: AD Integration Issue
Could you also try this this tool: http://technet.microsoft.com/en-us/sysinternals/bb963907
maybe it will shed some light ....
Alternatively it might be good to use some PHP tool to check.
I was able to set up integration with OpenLDAP in 10 minutes ...
Not sure what else can you try :(
On Fri, Sep 20, 2013 at 4:58 PM, YUUNI, OSAY OSMAN <O....@afdb.org>> wrote:
In trying to resolve this issue I also used Ldp.exe from MS Windows 2008 server. When I trying binding with the ldap_admin_dn=CN=Open Meetings,CN=Users,DC=AFDB,DC=LOCAL (note this is on Windows so no : in place of =), I get a successful bind like so:
-----------
res = ldap_simple_bind_s(ld, 'cn=Open Meetings,DC=AFDB,DC=LOCAL', <unavailable>); // v.3
Authenticated as: 'AFDB\omeet'.
-----------
But with the same setting in om_ldap.cfg I get an invalid credentials error. Really weird this!
Osay
From: Maxim Solodovnik [mailto:solomax666@gmail.com<ma...@gmail.com>]
Sent: 20 September 2013 05:58 AM
To: Openmeetings user-list
Cc: Alexei Fedotov
Subject: Re: AD Integration Issue
I'm not LDAP expert :(
but maybe you need to specify admin user in different way?
for ex here https://code.google.com/p/openmeetings/wiki/LdapADSINTegration
ldap_admin_dn is specified as
ldap_admin_dn=CN:openmeetings,OU:openmeetings,OU:All Users,DC:MYTEST,DC:NET,DC:BR
instead of
ldap_admin_dn=afdb\otrs
On Thu, Sep 19, 2013 at 6:08 PM, YUUNI, OSAY OSMAN <O....@afdb.org>> wrote:
Hi all,
I noted that the error was misleading. The actual problem is with the authentication of the admin AD bind user. From my config I inadvertently commented out the password for the admin login. I corrected this and I’m now getting invalid password. The log seems to point to the same admin user. I’ve tried using domain\user as suggested elsewhere by Jason but I get same error when I try authenticating.
Snippets of the relevant log below:
=== openmeetings.log ===
WARN 09-19 13:06:26.889 o.a.o.r.MainService:307 [NioProcessor-7] - loginUser: 25dfde1ef6e6b2bdec024ec6a7937f06 yos2653
DEBUG 09-19 13:06:26.890 o.a.o.r.MainService:318 [NioProcessor-7] - Ldap Login
DEBUG 09-19 13:06:26.920 o.a.o.l.LdapLoginManagement:245 [NioProcessor-7] - LdapLoginmanagement.doLdapLogin
DEBUG 09-19 13:06:26.922 o.a.o.l.LdapLoginManagement:209 [NioProcessor-7] - LdapLoginmanagement.getLdapConfigData
DEBUG 09-19 13:06:26.923 o.a.o.l.LdapLoginManagement:222 [NioProcessor-7] - LdapLoginmanagement.readConfig : /usr/lib/red52/webapps/openmeetings/conf/om_ldap.cfg
DEBUG 09-19 13:06:26.925 o.a.o.l.LdapLoginManagement:149 [NioProcessor-7] - isValidAuthType
DEBUG 09-19 13:06:26.926 o.a.o.l.LdapLoginManagement:381 [NioProcessor-7] - Searching userdata with LDAP Search Filter :(userPrincipalName =yos2653)
DEBUG 09-19 13:06:26.927 o.a.o.l.LdapAuthBase:84 [NioProcessor-7] - LdapAuthBase
DEBUG 09-19 13:06:26.928 o.a.o.l.LdapLoginManagement:390 [NioProcessor-7] - authenticating admin...
DEBUG 09-19 13:06:26.929 o.a.o.l.LdapAuthBase:101 [NioProcessor-7] - authenticateUser
DEBUG 09-19 13:06:26.931 o.a.o.l.LdapAuthBase:117 [NioProcessor-7] -
Authentification to LDAP - Server start
DEBUG 09-19 13:06:26.932 o.a.o.l.LdapAuthBase:151 [NioProcessor-7] - loginToLdapServer
DEBUG 09-19 13:06:26.945 o.a.o.l.LdapLoginManagement:393 [NioProcessor-7] - Checking server type...
DEBUG 09-19 13:06:26.947 o.a.o.l.LdapAuthBase:101 [NioProcessor-7] - authenticateUser
DEBUG 09-19 13:06:26.947 o.a.o.l.LdapAuthBase:117 [NioProcessor-7] -
Authentification to LDAP - Server start
DEBUG 09-19 13:06:26.948 o.a.o.l.LdapAuthBase:151 [NioProcessor-7] - loginToLdapServer
ERROR 09-19 13:06:26.958 o.a.o.l.LdapAuthBase:123 [NioProcessor-7] -
Authentification on LDAP Server failed : [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]
ERROR 09-19 13:06:26.964 o.a.o.l.LdapAuthBase:124 [NioProcessor-7] - [Authentification on LDAP Server failed]
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3067) ~[na:1.6.0_45]
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013) ~[na:1.6.0_45]
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2815) ~[na:1.6.0_45]
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2729) ~[na:1.6.0_45]
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296) ~[na:1.6.0_45]
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175) ~[na:1.6.0_45]
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193) ~[na:1.6.0_45]
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136) ~[na:1.6.0_45]
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66) ~[na:1.6.0_45]
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667) ~[na:1.6.0_45]
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288) ~[na:1.6.0_45]
at javax.naming.InitialContext.init(InitialContext.java:223) ~[na:1.6.0_45]
at javax.naming.InitialContext.<init>(InitialContext.java:197) ~[na:1.6.0_45]
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82) ~[na:1.6.0_45]
at org.apache.openmeetings.ldap.LdapAuthBase.authenticateUser(LdapAuthBase.java:121) ~[openmeetings-2.1.1-RELEASE.jar:na]
at org.apache.openmeetings.ldap.LdapLoginManagement.doLdapLogin(LdapLoginManagement.java:416) [openmeetings-2.1.1-RELEASE.jar:na]
at org.apache.openmeetings.remote.MainService.loginUser(MainService.java:333) [openmeetings-2.1.1-RELEASE.jar:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.6.0_45]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) ~[na:1.6.0_45]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) ~[na:1.6.0_45]
at java.lang.reflect.Method.invoke(Method.java:597) ~[na:1.6.0_45]
at org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:196) [red5.jar:na]
at org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:115) [red5.jar:na]
at org.red5.server.net.rtmp.RTMPHandler.invokeCall(RTMPHandler.java:157) [red5.jar:na]
at org.red5.server.net.rtmp.RTMPHandler.onInvoke(RTMPHandler.java:399) [red5.jar:na]
at org.red5.server.net.rtmp.BaseRTMPHandler.messageReceived(BaseRTMPHandler.java:130) [red5.jar:na]
at org.red5.server.net.rtmp.RTMPMinaIoHandler.messageReceived(RTMPMinaIoHandler.java:164) [red5.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:716) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796) [mina-core-2.0.4.jar:na]
at org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:427) [mina-core-2.0.4.jar:na]
at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:245) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796) [mina-core-2.0.4.jar:na]
at org.red5.server.net.rtmpe.RTMPEIoFilter.messageReceived(RTMPEIoFilter.java:124) [red5.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:426) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:715) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:668) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:657) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPollingIoProcessor.java:68) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1141) [mina-core-2.0.4.jar:na]
at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64) [mina-core-2.0.4.jar:na]
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:895) [na:1.6.0_45]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:918) [na:1.6.0_45]
From: Alexei Fedotov [mailto:alexei.fedotov@gmail.com<ma...@gmail.com>]
Sent: 19 September 2013 11:43 AM
To: YUUNI, OSAY OSMAN; user@openmeetings.apache.org<ma...@openmeetings.apache.org>
Subject: Re: AD Integration Issue
Does things work if you manually assign the group for the user?
18.09.2013 21:24 пользователь "YUUNI, OSAY OSMAN" <O....@afdb.org>> написал:
Does this mean OM (2.1.1) is not passing the password? BTW this is against AD 2008 R2.
Sent from Samsung tablet
-------- Original message --------
From: Maxim Solodovnik <so...@gmail.com>>
Date: 18/09/2013 7:20 PM (GMT+02:00)
To: Openmeetings user-list <us...@openmeetings.apache.org>>
Subject: Re: AD Integration Issue
It seems like password is null somehow (according to the code)
On Wed, Sep 18, 2013 at 11:33 PM, YUUNI, OSAY OSMAN <O....@afdb.org>> wrote:
Hi all,
I’m having a peculiar problem with my LDAP integration. I’m integrating with AD and this seems to work but when a user logs in she/he is greeted with “Your account is assigned with multiple usergroups. Please choose one for this session” then a drop down box. The drop down box is empty. When they continue it displays a blank page. I’m not sure where the issue is. I have not assigned any user to any group since they’re authenticating through AD.
Here’s the relevant snippet of the log:
DEBUG 09-18 18:18:36.257 o.a.o.q.s.MeetingReminderJob:34 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-5] - MeetingReminderJob.execute
DEBUG 09-18 18:18:36.269 o.a.o.d.c.d.AppointmentDao:929 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-5] - startStamp 2013-09-18 18:18:36.269
DEBUG 09-18 18:18:36.271 o.a.o.d.c.d.AppointmentDao:930 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-5] - stopStamp 2013-09-18 18:33:36.269
DEBUG 09-18 18:18:36.280 o.a.o.d.c.m.AppointmentLogic:423 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-5] - doScheduledMeetingReminder : no Appointments in range
WARN 09-18 18:19:09.425 o.a.o.r.MainService:307 [NioProcessor-6] - loginUser: 72e9df24631c6af8bdcc071699217419 yos2653
DEBUG 09-18 18:19:09.426 o.a.o.r.MainService:318 [NioProcessor-6] - Ldap Login
DEBUG 09-18 18:19:09.450 o.a.o.l.LdapLoginManagement:245 [NioProcessor-6] - LdapLoginmanagement.doLdapLogin
DEBUG 09-18 18:19:09.451 o.a.o.l.LdapLoginManagement:209 [NioProcessor-6] - LdapLoginmanagement.getLdapConfigData
DEBUG 09-18 18:19:09.452 o.a.o.l.LdapLoginManagement:222 [NioProcessor-6] - LdapLoginmanagement.readConfig : /usr/lib/red52/webapps/openmeetings/conf/om_ldap.cfg
DEBUG 09-18 18:19:09.454 o.a.o.l.LdapLoginManagement:149 [NioProcessor-6] - isValidAuthType
DEBUG 09-18 18:19:09.455 o.a.o.l.LdapLoginManagement:381 [NioProcessor-6] - Searching userdata with LDAP Search Filter :(userPrincipalName =yos2653)
DEBUG 09-18 18:19:09.456 o.a.o.l.LdapAuthBase:84 [NioProcessor-6] - LdapAuthBase
DEBUG 09-18 18:19:09.457 o.a.o.l.LdapLoginManagement:390 [NioProcessor-6] - authenticating admin...
DEBUG 09-18 18:19:09.458 o.a.o.l.LdapAuthBase:101 [NioProcessor-6] - authenticateUser
ERROR 09-18 18:19:09.463 o.a.o.r.MainService:393 [NioProcessor-6] - loginUser :
java.lang.NullPointerException: null
at java.util.Hashtable.put(Hashtable.java:394) ~[na:1.6.0_45]
at org.apache.openmeetings.ldap.LdapAuthBase.authenticateUser(LdapAuthBase.java:109) ~[openmeetings-2.1.1-RELEASE.jar:na]
at org.apache.openmeetings.ldap.LdapLoginManagement.doLdapLogin(LdapLoginManagement.java:391) ~[openmeetings-2.1.1-RELEASE.jar:na]
at org.apache.openmeetings.remote.MainService.loginUser(MainService.java:333) ~[openmeetings-2.1.1-RELEASE.jar:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.6.0_45]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) ~[na:1.6.0_45]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) ~[na:1.6.0_45]
at java.lang.reflect.Method.invoke(Method.java:597) ~[na:1.6.0_45]
at org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:196) [red5.jar:na]
at org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:115) [red5.jar:na]
at org.red5.server.net.rtmp.RTMPHandler.invokeCall(RTMPHandler.java:157) [red5.jar:na]
at org.red5.server.net.rtmp.RTMPHandler.onInvoke(RTMPHandler.java:399) [red5.jar:na]
at org.red5.server.net.rtmp.BaseRTMPHandler.messageReceived(BaseRTMPHandler.java:130) [red5.jar:na]
at org.red5.server.net.rtmp.RTMPMinaIoHandler.messageReceived(RTMPMinaIoHandler.java:164) [red5.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:716) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796) [mina-core-2.0.4.jar:na]
at org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:427) [mina-core-2.0.4.jar:na]
at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:245) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796) [mina-core-2.0.4.jar:na]
at org.red5.server.net.rtmpe.RTMPEIoFilter.messageReceived(RTMPEIoFilter.java:124) [red5.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:426) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:715) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:668) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:657) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPollingIoProcessor.java:68) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1141) [mina-core-2.0.4.jar:na]
at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64) [mina-core-2.0.4.jar:na]
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:895) [na:1.6.0_45]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:918) [na:1.6.0_45]
at java.lang.Thread.run(Thread.java:662) [na:1.6.0_45]
DEBUG 09-18 18:20:11.267 o.a.o.q.s.TestSetupCleanupJob:34 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-6] - TestSetupClearJob.execute
DEBUG 09-18 18:20:11.327 o.a.o.u.m.MailHandler:241 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-7] - sendMails enter ...
DEBUG 09-18 18:20:11.335 o.a.o.u.m.MailHandler:247 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-7] - ... sendMails done.
DEBUG 09-18 18:20:16.247 o.a.o.d.b.SessiondataDao:410 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-8] - ****** clearSessionTable:
DEBUG 09-18 18:20:16.257 o.a.o.d.b.SessiondataDao:414 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-8] - clearSessionTable: 2
DEBUG 09-18 18:20:16.258 o.a.o.q.s.MeetingReminderJob:34 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-9] - MeetingReminderJob.execute
DEBUG 09-18 18:20:16.270 o.a.o.d.c.d.AppointmentDao:929 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-9] - startStamp 2013-09-18 18:20:16.269
DEBUG 09-18 18:20:16.271 o.a.o.d.c.d.AppointmentDao:930 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-9] - stopStamp 2013-09-18 18:35:16.269
DEBUG 09-18 18:20:16.281 o.a.o.d.c.m.AppointmentLogic:423 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-9] - doScheduledMeetingReminder : no Appointments in range
DEBUG 09-18 18:20:45.167 o.a.o.d.b.SessiondataDao:242 [NioProcessor-6] - updateUserOrg User: null || 72e9df24631c6af8bdcc071699217419
Anyone with any ideas?
==== om_ldap.cfg =====
# This parameter specifies the type of LDAP server your are defining
#
# Supported values are "OpenLDAP" and "AD" for Active Directory (defaults to AD).
ldap_server_type=AD
#LDAP URL
# This is the URL used to access your LDAP server.
# can be a simple URL like:
# ldap_conn_url=ldap://myldap.myorg.com<http://myldap.myorg.com>
# or a list of simple URL separated by a space as in:
# ldap_conn_url=ldap://myldap.myorg.com<http://myldap.myorg.com> ldap://myldap2.myorg.com<http://myldap2.myorg.com>
# if you want to use "ldaps://" links, please be aware that you need to import your CA certificate
# to a java keystore and add the -Djavax.net.ssl.keyStore, -Djavax.net.ssl.keyStorePassword,
# -Djavax.net.ssl.trustStore and -Djavax.net.ssl.trustStorePassword parameters to your
# JAVA_OPT environment
ldap_conn_url=ldap://dc1.afdb.local:389
#Login distinguished name (DN) for Authentification on LDAP Server - keep emtpy if not requiered
# Use DN with with ":" instead of "=". The conversion will be done in OM
ldap_admin_dn=afdb\otrs
#Loginpass for Authentification on LDAP Server - keep emtpy if not requiered
#ldap_passwd=myownpasswd
#base to search for userdata(of user, that wants to login)
# Use DN with with ":" instead of "=". The conversion will be done in OM
ldap_search_base=OU:SARC,OU:AFDB_Field_Offices,DC:afdb,DC:local
# Fieldnames (can differ between Ldap servers)
field_user_principal=userPrincipalName
# Ldap auth type(SIMPLE,NONE)
# When using SIMPLE a simple bind is performed on the LDAP server to check user authentication
# When using NONE, the Ldap server is not used for authentication
ldap_auth_type=SIMPLE
# Ldap-password synchronization to OM DB
# Set this to 'yes' if you want OM to synchronize the user Ldap-password to OM's internal DB
# This enables local login of users if the ldap server is offline.
# If you want to disable the feature, set this to 'no'.
# Defautl value is 'yes'
ldap_sync_password_to_om=no
# Ldap user attributes mapping
# Set the following internal OM user attributes to their corresponding Ldap-attribute
ldap_user_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=streetAddress
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=co
ldap_user_attr_town=l
ldap_user_attr_phone=telephoneNumber
# optional, only absolute URLs make sense
#ldap_user_picture_uri=picture_uri
# optional
# the timezone has to mach an entry in the OpenMeetings table "omtimezones" otherwise the user will get
# the timezone defined in the value of the conf_key "default.timezone" in OpenMeetings "configurations" table
#ldap_user_timezone=timezone
# Ldap ignore upper/lower case, convert all input to lower case
ldap_use_lower_case=false
--
WBR
Maxim aka solomax
--
WBR
Maxim aka solomax
--
WBR
Maxim aka solomax
Re: AD Integration Issue
Posted by Maxim Solodovnik <so...@gmail.com>.
Could you also try this this tool:
http://technet.microsoft.com/en-us/sysinternals/bb963907
maybe it will shed some light ....
Alternatively it might be good to use some PHP tool to check.
I was able to set up integration with OpenLDAP in 10 minutes ...
Not sure what else can you try :(
On Fri, Sep 20, 2013 at 4:58 PM, YUUNI, OSAY OSMAN <O....@afdb.org> wrote:
> In trying to resolve this issue I also used Ldp.exe from MS Windows 2008
> server. When I trying binding with the ldap_admin_dn=CN=Open
> Meetings,CN=Users,DC=AFDB,DC=LOCAL (note this is on Windows so no : in
> place of =), I get a successful bind like so:****
>
> ** **
>
> -----------****
>
> res = ldap_simple_bind_s(ld, 'cn=Open Meetings,DC=AFDB,DC=LOCAL',
> <unavailable>); // v.3****
>
> Authenticated as: 'AFDB\omeet'.****
>
> -----------****
>
> ** **
>
> But with the same setting in om_ldap.cfg I get an invalid credentials
> error. Really weird this!****
>
> ** **
>
> Osay****
>
> ** **
>
> ** **
>
> ** **
>
> ** **
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* 20 September 2013 05:58 AM
> *To:* Openmeetings user-list
> *Cc:* Alexei Fedotov
> *Subject:* Re: AD Integration Issue****
>
> ** **
>
> I'm not LDAP expert :(****
>
> but maybe you need to specify admin user in different way?****
>
> ** **
>
> for ex here https://code.google.com/p/openmeetings/wiki/LdapADSINTegration
> ****
>
> ldap_admin_dn is specified as****
>
> *ldap_admin_dn=CN:openmeetings,OU:openmeetings,OU:All
> Users,DC:MYTEST,DC:NET,DC:BR*****
>
> instead of****
>
> *ldap_admin_dn=afdb\otrs*****
>
> ****
>
> ** **
>
> On Thu, Sep 19, 2013 at 6:08 PM, YUUNI, OSAY OSMAN <O....@afdb.org>
> wrote:****
>
> Hi all,****
>
> I noted that the error was misleading. The actual problem is with the
> authentication of the admin AD bind user. From my config I inadvertently
> commented out the password for the admin login. I corrected this and I’m
> now getting invalid password. The log seems to point to the same admin
> user. I’ve tried using domain\user as suggested elsewhere by Jason but I
> get same error when I try authenticating.****
>
> ****
>
> Snippets of the relevant log below:****
>
> ****
>
> === openmeetings.log ===****
>
> WARN 09-19 13:06:26.889 o.a.o.r.MainService:307 [NioProcessor-7] -
> loginUser: 25dfde1ef6e6b2bdec024ec6a7937f06 yos2653****
>
> DEBUG 09-19 13:06:26.890 o.a.o.r.MainService:318 [NioProcessor-7] - Ldap
> Login****
>
> DEBUG 09-19 13:06:26.920 o.a.o.l.LdapLoginManagement:245 [NioProcessor-7]
> - LdapLoginmanagement.doLdapLogin****
>
> DEBUG 09-19 13:06:26.922 o.a.o.l.LdapLoginManagement:209 [NioProcessor-7]
> - LdapLoginmanagement.getLdapConfigData****
>
> DEBUG 09-19 13:06:26.923 o.a.o.l.LdapLoginManagement:222 [NioProcessor-7]
> - LdapLoginmanagement.readConfig :
> /usr/lib/red52/webapps/openmeetings/conf/om_ldap.cfg****
>
> DEBUG 09-19 13:06:26.925 o.a.o.l.LdapLoginManagement:149 [NioProcessor-7]
> - isValidAuthType****
>
> DEBUG 09-19 13:06:26.926 o.a.o.l.LdapLoginManagement:381 [NioProcessor-7]
> - Searching userdata with LDAP Search Filter :(userPrincipalName =yos2653)
> ****
>
> DEBUG 09-19 13:06:26.927 o.a.o.l.LdapAuthBase:84 [NioProcessor-7] -
> LdapAuthBase****
>
> DEBUG 09-19 13:06:26.928 o.a.o.l.LdapLoginManagement:390 [NioProcessor-7]
> - authenticating admin...****
>
> DEBUG 09-19 13:06:26.929 o.a.o.l.LdapAuthBase:101 [NioProcessor-7] -
> authenticateUser****
>
> DEBUG 09-19 13:06:26.931 o.a.o.l.LdapAuthBase:117 [NioProcessor-7] -****
>
> ****
>
> Authentification to LDAP - Server start****
>
> DEBUG 09-19 13:06:26.932 o.a.o.l.LdapAuthBase:151 [NioProcessor-7] -
> loginToLdapServer****
>
> DEBUG 09-19 13:06:26.945 o.a.o.l.LdapLoginManagement:393 [NioProcessor-7]
> - Checking server type...****
>
> DEBUG 09-19 13:06:26.947 o.a.o.l.LdapAuthBase:101 [NioProcessor-7] -
> authenticateUser****
>
> DEBUG 09-19 13:06:26.947 o.a.o.l.LdapAuthBase:117 [NioProcessor-7] -****
>
> ****
>
> Authentification to LDAP - Server start****
>
> DEBUG 09-19 13:06:26.948 o.a.o.l.LdapAuthBase:151 [NioProcessor-7] -
> loginToLdapServer****
>
> ERROR 09-19 13:06:26.958 o.a.o.l.LdapAuthBase:123 [NioProcessor-7] -****
>
> ****
>
> Authentification on LDAP Server failed : [LDAP: error code 49 - 80090308:
> LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e,
> v1db1]****
>
> ERROR 09-19 13:06:26.964 o.a.o.l.LdapAuthBase:124 [NioProcessor-7] -
> [Authentification on LDAP Server failed]****
>
> javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308:
> LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e,
> v1db1]****
>
> at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3067)
> ~[na:1.6.0_45]****
>
> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013)
> ~[na:1.6.0_45]****
>
> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2815)
> ~[na:1.6.0_45]****
>
> at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2729)
> ~[na:1.6.0_45]****
>
> at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296)
> ~[na:1.6.0_45]****
>
> at
> com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
> ~[na:1.6.0_45]****
>
> at
> com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
> ~[na:1.6.0_45]****
>
> at
> com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
> ~[na:1.6.0_45]****
>
> at
> com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
> ~[na:1.6.0_45]****
>
> at
> javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
> ~[na:1.6.0_45]****
>
> at
> javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
> ~[na:1.6.0_45]****
>
> at javax.naming.InitialContext.init(InitialContext.java:223)
> ~[na:1.6.0_45]****
>
> at javax.naming.InitialContext.<init>(InitialContext.java:197)
> ~[na:1.6.0_45]****
>
> at
> javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
> ~[na:1.6.0_45]****
>
> at
> org.apache.openmeetings.ldap.LdapAuthBase.authenticateUser(LdapAuthBase.java:121)
> ~[openmeetings-2.1.1-RELEASE.jar:na]****
>
> at
> org.apache.openmeetings.ldap.LdapLoginManagement.doLdapLogin(LdapLoginManagement.java:416)
> [openmeetings-2.1.1-RELEASE.jar:na]****
>
> at
> org.apache.openmeetings.remote.MainService.loginUser(MainService.java:333)
> [openmeetings-2.1.1-RELEASE.jar:na]****
>
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> ~[na:1.6.0_45]****
>
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> ~[na:1.6.0_45]****
>
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> ~[na:1.6.0_45]****
>
> at java.lang.reflect.Method.invoke(Method.java:597) ~[na:1.6.0_45]
> ****
>
> at
> org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:196)
> [red5.jar:na]****
>
> at
> org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:115)
> [red5.jar:na]****
>
> at
> org.red5.server.net.rtmp.RTMPHandler.invokeCall(RTMPHandler.java:157)
> [red5.jar:na]****
>
> at
> org.red5.server.net.rtmp.RTMPHandler.onInvoke(RTMPHandler.java:399)
> [red5.jar:na]****
>
> at
> org.red5.server.net.rtmp.BaseRTMPHandler.messageReceived(BaseRTMPHandler.java:130)
> [red5.jar:na]****
>
> at
> org.red5.server.net.rtmp.RTMPMinaIoHandler.messageReceived(RTMPMinaIoHandler.java:164)
> [red5.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:716)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:427)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:245)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.red5.server.net.rtmpe.RTMPEIoFilter.messageReceived(RTMPEIoFilter.java:124)
> [red5.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:426)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:715)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:668)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:657)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPollingIoProcessor.java:68)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1141)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
> [mina-core-2.0.4.jar:na]****
>
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:895)
> [na:1.6.0_45]****
>
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:918)
> [na:1.6.0_45]****
>
> ****
>
> *From:* Alexei Fedotov [mailto:alexei.fedotov@gmail.com]
> *Sent:* 19 September 2013 11:43 AM
> *To:* YUUNI, OSAY OSMAN; user@openmeetings.apache.org****
>
>
> *Subject:* Re: AD Integration Issue****
>
> ****
>
> Does things work if you manually assign the group for the user?****
>
> 18.09.2013 21:24 пользователь "YUUNI, OSAY OSMAN" <O....@afdb.org>
> написал:****
>
> Does this mean OM (2.1.1) is not passing the password? BTW this is against
> AD 2008 R2.****
>
> ****
>
> ****
>
> ****
>
> ****
>
> Sent from Samsung tablet****
>
>
>
>
> -------- Original message --------
> From: Maxim Solodovnik <so...@gmail.com>
> Date: 18/09/2013 7:20 PM (GMT+02:00)
> To: Openmeetings user-list <us...@openmeetings.apache.org>
> Subject: Re: AD Integration Issue ****
>
> It seems like password is null somehow (according to the code)****
>
> ****
>
> On Wed, Sep 18, 2013 at 11:33 PM, YUUNI, OSAY OSMAN <O....@afdb.org>
> wrote:****
>
> Hi all,****
>
> ****
>
> I’m having a peculiar problem with my LDAP integration. I’m integrating
> with AD and this seems to work but when a user logs in she/he is greeted
> with “Your account is assigned with multiple usergroups. Please choose one
> for this session” then a drop down box. The drop down box is empty. When
> they continue it displays a blank page. I’m not sure where the issue is. I
> have not assigned any user to any group since they’re authenticating
> through AD.****
>
> ****
>
> Here’s the relevant snippet of the log:****
>
> ****
>
> DEBUG 09-18 18:18:36.257 o.a.o.q.s.MeetingReminderJob:34
> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-5] -
> MeetingReminderJob.execute****
>
> DEBUG 09-18 18:18:36.269 o.a.o.d.c.d.AppointmentDao:929
> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-5] -
> startStamp 2013-09-18 18:18:36.269****
>
> DEBUG 09-18 18:18:36.271 o.a.o.d.c.d.AppointmentDao:930
> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-5] -
> stopStamp 2013-09-18 18:33:36.269****
>
> DEBUG 09-18 18:18:36.280 o.a.o.d.c.m.AppointmentLogic:423
> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-5] -
> doScheduledMeetingReminder : no Appointments in range****
>
> WARN 09-18 18:19:09.425 o.a.o.r.MainService:307 [NioProcessor-6] -
> loginUser: 72e9df24631c6af8bdcc071699217419 yos2653****
>
> DEBUG 09-18 18:19:09.426 o.a.o.r.MainService:318 [NioProcessor-6] - Ldap
> Login****
>
> DEBUG 09-18 18:19:09.450 o.a.o.l.LdapLoginManagement:245 [NioProcessor-6]
> - LdapLoginmanagement.doLdapLogin****
>
> DEBUG 09-18 18:19:09.451 o.a.o.l.LdapLoginManagement:209 [NioProcessor-6]
> - LdapLoginmanagement.getLdapConfigData****
>
> DEBUG 09-18 18:19:09.452 o.a.o.l.LdapLoginManagement:222 [NioProcessor-6]
> - LdapLoginmanagement.readConfig :
> /usr/lib/red52/webapps/openmeetings/conf/om_ldap.cfg****
>
> DEBUG 09-18 18:19:09.454 o.a.o.l.LdapLoginManagement:149 [NioProcessor-6]
> - isValidAuthType****
>
> DEBUG 09-18 18:19:09.455 o.a.o.l.LdapLoginManagement:381 [NioProcessor-6]
> - Searching userdata with LDAP Search Filter :(userPrincipalName =yos2653)
> ****
>
> DEBUG 09-18 18:19:09.456 o.a.o.l.LdapAuthBase:84 [NioProcessor-6] -
> LdapAuthBase****
>
> DEBUG 09-18 18:19:09.457 o.a.o.l.LdapLoginManagement:390 [NioProcessor-6]
> - authenticating admin...****
>
> DEBUG 09-18 18:19:09.458 o.a.o.l.LdapAuthBase:101 [NioProcessor-6] -
> authenticateUser****
>
> ERROR 09-18 18:19:09.463 o.a.o.r.MainService:393 [NioProcessor-6] -
> loginUser :****
>
> java.lang.NullPointerException: null****
>
> at java.util.Hashtable.put(Hashtable.java:394) ~[na:1.6.0_45]****
>
> at
> org.apache.openmeetings.ldap.LdapAuthBase.authenticateUser(LdapAuthBase.java:109)
> ~[openmeetings-2.1.1-RELEASE.jar:na]****
>
> at
> org.apache.openmeetings.ldap.LdapLoginManagement.doLdapLogin(LdapLoginManagement.java:391)
> ~[openmeetings-2.1.1-RELEASE.jar:na]****
>
> at
> org.apache.openmeetings.remote.MainService.loginUser(MainService.java:333)
> ~[openmeetings-2.1.1-RELEASE.jar:na]****
>
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> ~[na:1.6.0_45]****
>
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> ~[na:1.6.0_45]****
>
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> ~[na:1.6.0_45]****
>
> at java.lang.reflect.Method.invoke(Method.java:597) ~[na:1.6.0_45]
> ****
>
> at
> org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:196)
> [red5.jar:na]****
>
> at
> org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:115)
> [red5.jar:na]****
>
> at
> org.red5.server.net.rtmp.RTMPHandler.invokeCall(RTMPHandler.java:157)
> [red5.jar:na]****
>
> at
> org.red5.server.net.rtmp.RTMPHandler.onInvoke(RTMPHandler.java:399)
> [red5.jar:na]****
>
> at
> org.red5.server.net.rtmp.BaseRTMPHandler.messageReceived(BaseRTMPHandler.java:130)
> [red5.jar:na]****
>
> at
> org.red5.server.net.rtmp.RTMPMinaIoHandler.messageReceived(RTMPMinaIoHandler.java:164)
> [red5.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:716)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:427)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:245)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.red5.server.net.rtmpe.RTMPEIoFilter.messageReceived(RTMPEIoFilter.java:124)
> [red5.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:426)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:715)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:668)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:657)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPollingIoProcessor.java:68)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1141)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
> [mina-core-2.0.4.jar:na]****
>
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:895)
> [na:1.6.0_45]****
>
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:918)
> [na:1.6.0_45]****
>
> at java.lang.Thread.run(Thread.java:662) [na:1.6.0_45]****
>
> DEBUG 09-18 18:20:11.267 o.a.o.q.s.TestSetupCleanupJob:34
> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-6] -
> TestSetupClearJob.execute****
>
> DEBUG 09-18 18:20:11.327 o.a.o.u.m.MailHandler:241
> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-7] -
> sendMails enter ...****
>
> DEBUG 09-18 18:20:11.335 o.a.o.u.m.MailHandler:247
> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-7] -
> ... sendMails done.****
>
> DEBUG 09-18 18:20:16.247 o.a.o.d.b.SessiondataDao:410
> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-8] -
> ****** clearSessionTable:****
>
> DEBUG 09-18 18:20:16.257 o.a.o.d.b.SessiondataDao:414
> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-8] -
> clearSessionTable: 2****
>
> DEBUG 09-18 18:20:16.258 o.a.o.q.s.MeetingReminderJob:34
> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-9] -
> MeetingReminderJob.execute****
>
> DEBUG 09-18 18:20:16.270 o.a.o.d.c.d.AppointmentDao:929
> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-9] -
> startStamp 2013-09-18 18:20:16.269****
>
> DEBUG 09-18 18:20:16.271 o.a.o.d.c.d.AppointmentDao:930
> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-9] -
> stopStamp 2013-09-18 18:35:16.269****
>
> DEBUG 09-18 18:20:16.281 o.a.o.d.c.m.AppointmentLogic:423
> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-9] -
> doScheduledMeetingReminder : no Appointments in range****
>
> DEBUG 09-18 18:20:45.167 o.a.o.d.b.SessiondataDao:242 [NioProcessor-6] -
> updateUserOrg User: null || 72e9df24631c6af8bdcc071699217419****
>
> ****
>
> ****
>
> Anyone with any ideas?****
>
> ****
>
> ==== om_ldap.cfg =====****
>
> ****
>
> # This parameter specifies the type of LDAP server your are defining****
>
> #****
>
> # Supported values are "OpenLDAP" and "AD" for Active Directory (defaults
> to AD).****
>
> ldap_server_type=AD****
>
> ****
>
> #LDAP URL****
>
> # This is the URL used to access your LDAP server.****
>
> ****
>
> # can be a simple URL like:****
>
> # ldap_conn_url=ldap://myldap.myorg.com****
>
> # or a list of simple URL separated by a space as in:****
>
> # ldap_conn_url=ldap://myldap.myorg.com ldap://myldap2.myorg.com****
>
> # if you want to use "ldaps://" links, please be aware that you need to
> import your CA certificate****
>
> # to a java keystore and add the -Djavax.net.ssl.keyStore,
> -Djavax.net.ssl.keyStorePassword,****
>
> # -Djavax.net.ssl.trustStore and -Djavax.net.ssl.trustStorePassword
> parameters to your****
>
> # JAVA_OPT environment****
>
> ldap_conn_url=ldap://dc1.afdb.local:389****
>
> ****
>
> #Login distinguished name (DN) for Authentification on LDAP Server - keep
> emtpy if not requiered****
>
> # Use DN with with ":" instead of "=". The conversion will be done in OM**
> **
>
> ldap_admin_dn=afdb\otrs****
>
> ****
>
> #Loginpass for Authentification on LDAP Server - keep emtpy if not
> requiered****
>
> #ldap_passwd=myownpasswd****
>
> ****
>
> #base to search for userdata(of user, that wants to login)****
>
> # Use DN with with ":" instead of "=". The conversion will be done in OM**
> **
>
> ldap_search_base=OU:SARC,OU:AFDB_Field_Offices,DC:afdb,DC:local****
>
> ****
>
> # Fieldnames (can differ between Ldap servers)****
>
> field_user_principal=userPrincipalName****
>
> ****
>
> # Ldap auth type(SIMPLE,NONE)****
>
> # When using SIMPLE a simple bind is performed on the LDAP server to
> check user authentication****
>
> # When using NONE, the Ldap server is not used for authentication****
>
> ldap_auth_type=SIMPLE****
>
> ****
>
> # Ldap-password synchronization to OM DB****
>
> # Set this to 'yes' if you want OM to synchronize the user Ldap-password
> to OM's internal DB****
>
> # This enables local login of users if the ldap server is offline.****
>
> # If you want to disable the feature, set this to 'no'.****
>
> # Defautl value is 'yes'****
>
> ldap_sync_password_to_om=no****
>
> ****
>
> ****
>
> # Ldap user attributes mapping****
>
> # Set the following internal OM user attributes to their corresponding
> Ldap-attribute****
>
> ldap_user_attr_lastname=sn****
>
> ldap_user_attr_firstname=givenName****
>
> ldap_user_attr_mail=mail****
>
> ldap_user_attr_street=streetAddress****
>
> ldap_user_attr_additionalname=description****
>
> ldap_user_attr_fax=facsimileTelephoneNumber****
>
> ldap_user_attr_zip=postalCode****
>
> ldap_user_attr_country=co****
>
> ldap_user_attr_town=l****
>
> ldap_user_attr_phone=telephoneNumber****
>
> ****
>
> # optional, only absolute URLs make sense****
>
> #ldap_user_picture_uri=picture_uri****
>
> ****
>
> # optional****
>
> # the timezone has to mach an entry in the OpenMeetings table
> "omtimezones" otherwise the user will get****
>
> # the timezone defined in the value of the conf_key "default.timezone" in
> OpenMeetings "configurations" table****
>
> #ldap_user_timezone=timezone****
>
> ****
>
> # Ldap ignore upper/lower case, convert all input to lower case****
>
> ldap_use_lower_case=false****
>
>
>
> ****
>
> ****
>
> --
> WBR
> Maxim aka solomax ****
>
>
>
> ****
>
> ** **
>
> --
> WBR
> Maxim aka solomax ****
>
--
WBR
Maxim aka solomax
RE: AD Integration Issue
Posted by "YUUNI, OSAY OSMAN" <O....@AFDB.ORG>.
In trying to resolve this issue I also used Ldp.exe from MS Windows 2008 server. When I trying binding with the ldap_admin_dn=CN=Open Meetings,CN=Users,DC=AFDB,DC=LOCAL (note this is on Windows so no : in place of =), I get a successful bind like so:
-----------
res = ldap_simple_bind_s(ld, 'cn=Open Meetings,DC=AFDB,DC=LOCAL', <unavailable>); // v.3
Authenticated as: 'AFDB\omeet'.
-----------
But with the same setting in om_ldap.cfg I get an invalid credentials error. Really weird this!
Osay
From: Maxim Solodovnik [mailto:solomax666@gmail.com]
Sent: 20 September 2013 05:58 AM
To: Openmeetings user-list
Cc: Alexei Fedotov
Subject: Re: AD Integration Issue
I'm not LDAP expert :(
but maybe you need to specify admin user in different way?
for ex here https://code.google.com/p/openmeetings/wiki/LdapADSINTegration
ldap_admin_dn is specified as
ldap_admin_dn=CN:openmeetings,OU:openmeetings,OU:All Users,DC:MYTEST,DC:NET,DC:BR
instead of
ldap_admin_dn=afdb\otrs
On Thu, Sep 19, 2013 at 6:08 PM, YUUNI, OSAY OSMAN <O....@afdb.org>> wrote:
Hi all,
I noted that the error was misleading. The actual problem is with the authentication of the admin AD bind user. From my config I inadvertently commented out the password for the admin login. I corrected this and I’m now getting invalid password. The log seems to point to the same admin user. I’ve tried using domain\user as suggested elsewhere by Jason but I get same error when I try authenticating.
Snippets of the relevant log below:
=== openmeetings.log ===
WARN 09-19 13:06:26.889 o.a.o.r.MainService:307 [NioProcessor-7] - loginUser: 25dfde1ef6e6b2bdec024ec6a7937f06 yos2653
DEBUG 09-19 13:06:26.890 o.a.o.r.MainService:318 [NioProcessor-7] - Ldap Login
DEBUG 09-19 13:06:26.920 o.a.o.l.LdapLoginManagement:245 [NioProcessor-7] - LdapLoginmanagement.doLdapLogin
DEBUG 09-19 13:06:26.922 o.a.o.l.LdapLoginManagement:209 [NioProcessor-7] - LdapLoginmanagement.getLdapConfigData
DEBUG 09-19 13:06:26.923 o.a.o.l.LdapLoginManagement:222 [NioProcessor-7] - LdapLoginmanagement.readConfig : /usr/lib/red52/webapps/openmeetings/conf/om_ldap.cfg
DEBUG 09-19 13:06:26.925 o.a.o.l.LdapLoginManagement:149 [NioProcessor-7] - isValidAuthType
DEBUG 09-19 13:06:26.926 o.a.o.l.LdapLoginManagement:381 [NioProcessor-7] - Searching userdata with LDAP Search Filter :(userPrincipalName =yos2653)
DEBUG 09-19 13:06:26.927 o.a.o.l.LdapAuthBase:84 [NioProcessor-7] - LdapAuthBase
DEBUG 09-19 13:06:26.928 o.a.o.l.LdapLoginManagement:390 [NioProcessor-7] - authenticating admin...
DEBUG 09-19 13:06:26.929 o.a.o.l.LdapAuthBase:101 [NioProcessor-7] - authenticateUser
DEBUG 09-19 13:06:26.931 o.a.o.l.LdapAuthBase:117 [NioProcessor-7] -
Authentification to LDAP - Server start
DEBUG 09-19 13:06:26.932 o.a.o.l.LdapAuthBase:151 [NioProcessor-7] - loginToLdapServer
DEBUG 09-19 13:06:26.945 o.a.o.l.LdapLoginManagement:393 [NioProcessor-7] - Checking server type...
DEBUG 09-19 13:06:26.947 o.a.o.l.LdapAuthBase:101 [NioProcessor-7] - authenticateUser
DEBUG 09-19 13:06:26.947 o.a.o.l.LdapAuthBase:117 [NioProcessor-7] -
Authentification to LDAP - Server start
DEBUG 09-19 13:06:26.948 o.a.o.l.LdapAuthBase:151 [NioProcessor-7] - loginToLdapServer
ERROR 09-19 13:06:26.958 o.a.o.l.LdapAuthBase:123 [NioProcessor-7] -
Authentification on LDAP Server failed : [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]
ERROR 09-19 13:06:26.964 o.a.o.l.LdapAuthBase:124 [NioProcessor-7] - [Authentification on LDAP Server failed]
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3067) ~[na:1.6.0_45]
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013) ~[na:1.6.0_45]
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2815) ~[na:1.6.0_45]
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2729) ~[na:1.6.0_45]
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296) ~[na:1.6.0_45]
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175) ~[na:1.6.0_45]
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193) ~[na:1.6.0_45]
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136) ~[na:1.6.0_45]
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66) ~[na:1.6.0_45]
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667) ~[na:1.6.0_45]
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288) ~[na:1.6.0_45]
at javax.naming.InitialContext.init(InitialContext.java:223) ~[na:1.6.0_45]
at javax.naming.InitialContext.<init>(InitialContext.java:197) ~[na:1.6.0_45]
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82) ~[na:1.6.0_45]
at org.apache.openmeetings.ldap.LdapAuthBase.authenticateUser(LdapAuthBase.java:121) ~[openmeetings-2.1.1-RELEASE.jar:na]
at org.apache.openmeetings.ldap.LdapLoginManagement.doLdapLogin(LdapLoginManagement.java:416) [openmeetings-2.1.1-RELEASE.jar:na]
at org.apache.openmeetings.remote.MainService.loginUser(MainService.java:333) [openmeetings-2.1.1-RELEASE.jar:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.6.0_45]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) ~[na:1.6.0_45]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) ~[na:1.6.0_45]
at java.lang.reflect.Method.invoke(Method.java:597) ~[na:1.6.0_45]
at org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:196) [red5.jar:na]
at org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:115) [red5.jar:na]
at org.red5.server.net.rtmp.RTMPHandler.invokeCall(RTMPHandler.java:157) [red5.jar:na]
at org.red5.server.net.rtmp.RTMPHandler.onInvoke(RTMPHandler.java:399) [red5.jar:na]
at org.red5.server.net.rtmp.BaseRTMPHandler.messageReceived(BaseRTMPHandler.java:130) [red5.jar:na]
at org.red5.server.net.rtmp.RTMPMinaIoHandler.messageReceived(RTMPMinaIoHandler.java:164) [red5.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:716) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796) [mina-core-2.0.4.jar:na]
at org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:427) [mina-core-2.0.4.jar:na]
at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:245) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796) [mina-core-2.0.4.jar:na]
at org.red5.server.net.rtmpe.RTMPEIoFilter.messageReceived(RTMPEIoFilter.java:124) [red5.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:426) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:715) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:668) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:657) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPollingIoProcessor.java:68) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1141) [mina-core-2.0.4.jar:na]
at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64) [mina-core-2.0.4.jar:na]
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:895) [na:1.6.0_45]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:918) [na:1.6.0_45]
From: Alexei Fedotov [mailto:alexei.fedotov@gmail.com<ma...@gmail.com>]
Sent: 19 September 2013 11:43 AM
To: YUUNI, OSAY OSMAN; user@openmeetings.apache.org<ma...@openmeetings.apache.org>
Subject: Re: AD Integration Issue
Does things work if you manually assign the group for the user?
18.09.2013 21:24 пользователь "YUUNI, OSAY OSMAN" <O....@afdb.org>> написал:
Does this mean OM (2.1.1) is not passing the password? BTW this is against AD 2008 R2.
Sent from Samsung tablet
-------- Original message --------
From: Maxim Solodovnik <so...@gmail.com>>
Date: 18/09/2013 7:20 PM (GMT+02:00)
To: Openmeetings user-list <us...@openmeetings.apache.org>>
Subject: Re: AD Integration Issue
It seems like password is null somehow (according to the code)
On Wed, Sep 18, 2013 at 11:33 PM, YUUNI, OSAY OSMAN <O....@afdb.org>> wrote:
Hi all,
I’m having a peculiar problem with my LDAP integration. I’m integrating with AD and this seems to work but when a user logs in she/he is greeted with “Your account is assigned with multiple usergroups. Please choose one for this session” then a drop down box. The drop down box is empty. When they continue it displays a blank page. I’m not sure where the issue is. I have not assigned any user to any group since they’re authenticating through AD.
Here’s the relevant snippet of the log:
DEBUG 09-18 18:18:36.257 o.a.o.q.s.MeetingReminderJob:34 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-5] - MeetingReminderJob.execute
DEBUG 09-18 18:18:36.269 o.a.o.d.c.d.AppointmentDao:929 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-5] - startStamp 2013-09-18 18:18:36.269
DEBUG 09-18 18:18:36.271 o.a.o.d.c.d.AppointmentDao:930 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-5] - stopStamp 2013-09-18 18:33:36.269
DEBUG 09-18 18:18:36.280 o.a.o.d.c.m.AppointmentLogic:423 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-5] - doScheduledMeetingReminder : no Appointments in range
WARN 09-18 18:19:09.425 o.a.o.r.MainService:307 [NioProcessor-6] - loginUser: 72e9df24631c6af8bdcc071699217419 yos2653
DEBUG 09-18 18:19:09.426 o.a.o.r.MainService:318 [NioProcessor-6] - Ldap Login
DEBUG 09-18 18:19:09.450 o.a.o.l.LdapLoginManagement:245 [NioProcessor-6] - LdapLoginmanagement.doLdapLogin
DEBUG 09-18 18:19:09.451 o.a.o.l.LdapLoginManagement:209 [NioProcessor-6] - LdapLoginmanagement.getLdapConfigData
DEBUG 09-18 18:19:09.452 o.a.o.l.LdapLoginManagement:222 [NioProcessor-6] - LdapLoginmanagement.readConfig : /usr/lib/red52/webapps/openmeetings/conf/om_ldap.cfg
DEBUG 09-18 18:19:09.454 o.a.o.l.LdapLoginManagement:149 [NioProcessor-6] - isValidAuthType
DEBUG 09-18 18:19:09.455 o.a.o.l.LdapLoginManagement:381 [NioProcessor-6] - Searching userdata with LDAP Search Filter :(userPrincipalName =yos2653)
DEBUG 09-18 18:19:09.456 o.a.o.l.LdapAuthBase:84 [NioProcessor-6] - LdapAuthBase
DEBUG 09-18 18:19:09.457 o.a.o.l.LdapLoginManagement:390 [NioProcessor-6] - authenticating admin...
DEBUG 09-18 18:19:09.458 o.a.o.l.LdapAuthBase:101 [NioProcessor-6] - authenticateUser
ERROR 09-18 18:19:09.463 o.a.o.r.MainService:393 [NioProcessor-6] - loginUser :
java.lang.NullPointerException: null
at java.util.Hashtable.put(Hashtable.java:394) ~[na:1.6.0_45]
at org.apache.openmeetings.ldap.LdapAuthBase.authenticateUser(LdapAuthBase.java:109) ~[openmeetings-2.1.1-RELEASE.jar:na]
at org.apache.openmeetings.ldap.LdapLoginManagement.doLdapLogin(LdapLoginManagement.java:391) ~[openmeetings-2.1.1-RELEASE.jar:na]
at org.apache.openmeetings.remote.MainService.loginUser(MainService.java:333) ~[openmeetings-2.1.1-RELEASE.jar:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.6.0_45]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) ~[na:1.6.0_45]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) ~[na:1.6.0_45]
at java.lang.reflect.Method.invoke(Method.java:597) ~[na:1.6.0_45]
at org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:196) [red5.jar:na]
at org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:115) [red5.jar:na]
at org.red5.server.net.rtmp.RTMPHandler.invokeCall(RTMPHandler.java:157) [red5.jar:na]
at org.red5.server.net.rtmp.RTMPHandler.onInvoke(RTMPHandler.java:399) [red5.jar:na]
at org.red5.server.net.rtmp.BaseRTMPHandler.messageReceived(BaseRTMPHandler.java:130) [red5.jar:na]
at org.red5.server.net.rtmp.RTMPMinaIoHandler.messageReceived(RTMPMinaIoHandler.java:164) [red5.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:716) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796) [mina-core-2.0.4.jar:na]
at org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:427) [mina-core-2.0.4.jar:na]
at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:245) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796) [mina-core-2.0.4.jar:na]
at org.red5.server.net.rtmpe.RTMPEIoFilter.messageReceived(RTMPEIoFilter.java:124) [red5.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:426) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:715) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:668) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:657) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPollingIoProcessor.java:68) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1141) [mina-core-2.0.4.jar:na]
at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64) [mina-core-2.0.4.jar:na]
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:895) [na:1.6.0_45]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:918) [na:1.6.0_45]
at java.lang.Thread.run(Thread.java:662) [na:1.6.0_45]
DEBUG 09-18 18:20:11.267 o.a.o.q.s.TestSetupCleanupJob:34 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-6] - TestSetupClearJob.execute
DEBUG 09-18 18:20:11.327 o.a.o.u.m.MailHandler:241 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-7] - sendMails enter ...
DEBUG 09-18 18:20:11.335 o.a.o.u.m.MailHandler:247 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-7] - ... sendMails done.
DEBUG 09-18 18:20:16.247 o.a.o.d.b.SessiondataDao:410 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-8] - ****** clearSessionTable:
DEBUG 09-18 18:20:16.257 o.a.o.d.b.SessiondataDao:414 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-8] - clearSessionTable: 2
DEBUG 09-18 18:20:16.258 o.a.o.q.s.MeetingReminderJob:34 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-9] - MeetingReminderJob.execute
DEBUG 09-18 18:20:16.270 o.a.o.d.c.d.AppointmentDao:929 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-9] - startStamp 2013-09-18 18:20:16.269
DEBUG 09-18 18:20:16.271 o.a.o.d.c.d.AppointmentDao:930 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-9] - stopStamp 2013-09-18 18:35:16.269
DEBUG 09-18 18:20:16.281 o.a.o.d.c.m.AppointmentLogic:423 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-9] - doScheduledMeetingReminder : no Appointments in range
DEBUG 09-18 18:20:45.167 o.a.o.d.b.SessiondataDao:242 [NioProcessor-6] - updateUserOrg User: null || 72e9df24631c6af8bdcc071699217419
Anyone with any ideas?
==== om_ldap.cfg =====
# This parameter specifies the type of LDAP server your are defining
#
# Supported values are "OpenLDAP" and "AD" for Active Directory (defaults to AD).
ldap_server_type=AD
#LDAP URL
# This is the URL used to access your LDAP server.
# can be a simple URL like:
# ldap_conn_url=ldap://myldap.myorg.com<http://myldap.myorg.com>
# or a list of simple URL separated by a space as in:
# ldap_conn_url=ldap://myldap.myorg.com<http://myldap.myorg.com> ldap://myldap2.myorg.com<http://myldap2.myorg.com>
# if you want to use "ldaps://" links, please be aware that you need to import your CA certificate
# to a java keystore and add the -Djavax.net.ssl.keyStore, -Djavax.net.ssl.keyStorePassword,
# -Djavax.net.ssl.trustStore and -Djavax.net.ssl.trustStorePassword parameters to your
# JAVA_OPT environment
ldap_conn_url=ldap://dc1.afdb.local:389
#Login distinguished name (DN) for Authentification on LDAP Server - keep emtpy if not requiered
# Use DN with with ":" instead of "=". The conversion will be done in OM
ldap_admin_dn=afdb\otrs
#Loginpass for Authentification on LDAP Server - keep emtpy if not requiered
#ldap_passwd=myownpasswd
#base to search for userdata(of user, that wants to login)
# Use DN with with ":" instead of "=". The conversion will be done in OM
ldap_search_base=OU:SARC,OU:AFDB_Field_Offices,DC:afdb,DC:local
# Fieldnames (can differ between Ldap servers)
field_user_principal=userPrincipalName
# Ldap auth type(SIMPLE,NONE)
# When using SIMPLE a simple bind is performed on the LDAP server to check user authentication
# When using NONE, the Ldap server is not used for authentication
ldap_auth_type=SIMPLE
# Ldap-password synchronization to OM DB
# Set this to 'yes' if you want OM to synchronize the user Ldap-password to OM's internal DB
# This enables local login of users if the ldap server is offline.
# If you want to disable the feature, set this to 'no'.
# Defautl value is 'yes'
ldap_sync_password_to_om=no
# Ldap user attributes mapping
# Set the following internal OM user attributes to their corresponding Ldap-attribute
ldap_user_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=streetAddress
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=co
ldap_user_attr_town=l
ldap_user_attr_phone=telephoneNumber
# optional, only absolute URLs make sense
#ldap_user_picture_uri=picture_uri
# optional
# the timezone has to mach an entry in the OpenMeetings table "omtimezones" otherwise the user will get
# the timezone defined in the value of the conf_key "default.timezone" in OpenMeetings "configurations" table
#ldap_user_timezone=timezone
# Ldap ignore upper/lower case, convert all input to lower case
ldap_use_lower_case=false
--
WBR
Maxim aka solomax
--
WBR
Maxim aka solomax
RE: AD Integration Issue
Posted by "YUUNI, OSAY OSMAN" <O....@AFDB.ORG>.
Hi Maxim,
Thanks. I followed same document initially and was getting the error. I then searched the list where Jason had a similar issue and used wireshark to determine that AD is expecting DOMAIN\user. However I have changed back to the notation used in the documentation with no success. I’ve taken particular attention to put the display name in CN instead of the sAMAccountName i.e. CN:ORTS Service,CN:Users,DC:AFDB,DC:LOCAL but I get the same error of authentication failure.
I’m miffed.
Osay
From: Maxim Solodovnik [mailto:solomax666@gmail.com]
Sent: 20 September 2013 05:58 AM
To: Openmeetings user-list
Cc: Alexei Fedotov
Subject: Re: AD Integration Issue
I'm not LDAP expert :(
but maybe you need to specify admin user in different way?
for ex here https://code.google.com/p/openmeetings/wiki/LdapADSINTegration
ldap_admin_dn is specified as
ldap_admin_dn=CN:openmeetings,OU:openmeetings,OU:All Users,DC:MYTEST,DC:NET,DC:BR
instead of
ldap_admin_dn=afdb\otrs
On Thu, Sep 19, 2013 at 6:08 PM, YUUNI, OSAY OSMAN <O....@afdb.org>> wrote:
Hi all,
I noted that the error was misleading. The actual problem is with the authentication of the admin AD bind user. From my config I inadvertently commented out the password for the admin login. I corrected this and I’m now getting invalid password. The log seems to point to the same admin user. I’ve tried using domain\user as suggested elsewhere by Jason but I get same error when I try authenticating.
Snippets of the relevant log below:
=== openmeetings.log ===
WARN 09-19 13:06:26.889 o.a.o.r.MainService:307 [NioProcessor-7] - loginUser: 25dfde1ef6e6b2bdec024ec6a7937f06 yos2653
DEBUG 09-19 13:06:26.890 o.a.o.r.MainService:318 [NioProcessor-7] - Ldap Login
DEBUG 09-19 13:06:26.920 o.a.o.l.LdapLoginManagement:245 [NioProcessor-7] - LdapLoginmanagement.doLdapLogin
DEBUG 09-19 13:06:26.922 o.a.o.l.LdapLoginManagement:209 [NioProcessor-7] - LdapLoginmanagement.getLdapConfigData
DEBUG 09-19 13:06:26.923 o.a.o.l.LdapLoginManagement:222 [NioProcessor-7] - LdapLoginmanagement.readConfig : /usr/lib/red52/webapps/openmeetings/conf/om_ldap.cfg
DEBUG 09-19 13:06:26.925 o.a.o.l.LdapLoginManagement:149 [NioProcessor-7] - isValidAuthType
DEBUG 09-19 13:06:26.926 o.a.o.l.LdapLoginManagement:381 [NioProcessor-7] - Searching userdata with LDAP Search Filter :(userPrincipalName =yos2653)
DEBUG 09-19 13:06:26.927 o.a.o.l.LdapAuthBase:84 [NioProcessor-7] - LdapAuthBase
DEBUG 09-19 13:06:26.928 o.a.o.l.LdapLoginManagement:390 [NioProcessor-7] - authenticating admin...
DEBUG 09-19 13:06:26.929 o.a.o.l.LdapAuthBase:101 [NioProcessor-7] - authenticateUser
DEBUG 09-19 13:06:26.931 o.a.o.l.LdapAuthBase:117 [NioProcessor-7] -
Authentification to LDAP - Server start
DEBUG 09-19 13:06:26.932 o.a.o.l.LdapAuthBase:151 [NioProcessor-7] - loginToLdapServer
DEBUG 09-19 13:06:26.945 o.a.o.l.LdapLoginManagement:393 [NioProcessor-7] - Checking server type...
DEBUG 09-19 13:06:26.947 o.a.o.l.LdapAuthBase:101 [NioProcessor-7] - authenticateUser
DEBUG 09-19 13:06:26.947 o.a.o.l.LdapAuthBase:117 [NioProcessor-7] -
Authentification to LDAP - Server start
DEBUG 09-19 13:06:26.948 o.a.o.l.LdapAuthBase:151 [NioProcessor-7] - loginToLdapServer
ERROR 09-19 13:06:26.958 o.a.o.l.LdapAuthBase:123 [NioProcessor-7] -
Authentification on LDAP Server failed : [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]
ERROR 09-19 13:06:26.964 o.a.o.l.LdapAuthBase:124 [NioProcessor-7] - [Authentification on LDAP Server failed]
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3067) ~[na:1.6.0_45]
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013) ~[na:1.6.0_45]
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2815) ~[na:1.6.0_45]
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2729) ~[na:1.6.0_45]
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296) ~[na:1.6.0_45]
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175) ~[na:1.6.0_45]
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193) ~[na:1.6.0_45]
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136) ~[na:1.6.0_45]
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66) ~[na:1.6.0_45]
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667) ~[na:1.6.0_45]
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288) ~[na:1.6.0_45]
at javax.naming.InitialContext.init(InitialContext.java:223) ~[na:1.6.0_45]
at javax.naming.InitialContext.<init>(InitialContext.java:197) ~[na:1.6.0_45]
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82) ~[na:1.6.0_45]
at org.apache.openmeetings.ldap.LdapAuthBase.authenticateUser(LdapAuthBase.java:121) ~[openmeetings-2.1.1-RELEASE.jar:na]
at org.apache.openmeetings.ldap.LdapLoginManagement.doLdapLogin(LdapLoginManagement.java:416) [openmeetings-2.1.1-RELEASE.jar:na]
at org.apache.openmeetings.remote.MainService.loginUser(MainService.java:333) [openmeetings-2.1.1-RELEASE.jar:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.6.0_45]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) ~[na:1.6.0_45]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) ~[na:1.6.0_45]
at java.lang.reflect.Method.invoke(Method.java:597) ~[na:1.6.0_45]
at org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:196) [red5.jar:na]
at org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:115) [red5.jar:na]
at org.red5.server.net.rtmp.RTMPHandler.invokeCall(RTMPHandler.java:157) [red5.jar:na]
at org.red5.server.net.rtmp.RTMPHandler.onInvoke(RTMPHandler.java:399) [red5.jar:na]
at org.red5.server.net.rtmp.BaseRTMPHandler.messageReceived(BaseRTMPHandler.java:130) [red5.jar:na]
at org.red5.server.net.rtmp.RTMPMinaIoHandler.messageReceived(RTMPMinaIoHandler.java:164) [red5.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:716) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796) [mina-core-2.0.4.jar:na]
at org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:427) [mina-core-2.0.4.jar:na]
at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:245) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796) [mina-core-2.0.4.jar:na]
at org.red5.server.net.rtmpe.RTMPEIoFilter.messageReceived(RTMPEIoFilter.java:124) [red5.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:426) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:715) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:668) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:657) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPollingIoProcessor.java:68) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1141) [mina-core-2.0.4.jar:na]
at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64) [mina-core-2.0.4.jar:na]
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:895) [na:1.6.0_45]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:918) [na:1.6.0_45]
From: Alexei Fedotov [mailto:alexei.fedotov@gmail.com<ma...@gmail.com>]
Sent: 19 September 2013 11:43 AM
To: YUUNI, OSAY OSMAN; user@openmeetings.apache.org<ma...@openmeetings.apache.org>
Subject: Re: AD Integration Issue
Does things work if you manually assign the group for the user?
18.09.2013 21:24 пользователь "YUUNI, OSAY OSMAN" <O....@afdb.org>> написал:
Does this mean OM (2.1.1) is not passing the password? BTW this is against AD 2008 R2.
Sent from Samsung tablet
-------- Original message --------
From: Maxim Solodovnik <so...@gmail.com>>
Date: 18/09/2013 7:20 PM (GMT+02:00)
To: Openmeetings user-list <us...@openmeetings.apache.org>>
Subject: Re: AD Integration Issue
It seems like password is null somehow (according to the code)
On Wed, Sep 18, 2013 at 11:33 PM, YUUNI, OSAY OSMAN <O....@afdb.org>> wrote:
Hi all,
I’m having a peculiar problem with my LDAP integration. I’m integrating with AD and this seems to work but when a user logs in she/he is greeted with “Your account is assigned with multiple usergroups. Please choose one for this session” then a drop down box. The drop down box is empty. When they continue it displays a blank page. I’m not sure where the issue is. I have not assigned any user to any group since they’re authenticating through AD.
Here’s the relevant snippet of the log:
DEBUG 09-18 18:18:36.257 o.a.o.q.s.MeetingReminderJob:34 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-5] - MeetingReminderJob.execute
DEBUG 09-18 18:18:36.269 o.a.o.d.c.d.AppointmentDao:929 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-5] - startStamp 2013-09-18 18:18:36.269
DEBUG 09-18 18:18:36.271 o.a.o.d.c.d.AppointmentDao:930 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-5] - stopStamp 2013-09-18 18:33:36.269
DEBUG 09-18 18:18:36.280 o.a.o.d.c.m.AppointmentLogic:423 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-5] - doScheduledMeetingReminder : no Appointments in range
WARN 09-18 18:19:09.425 o.a.o.r.MainService:307 [NioProcessor-6] - loginUser: 72e9df24631c6af8bdcc071699217419 yos2653
DEBUG 09-18 18:19:09.426 o.a.o.r.MainService:318 [NioProcessor-6] - Ldap Login
DEBUG 09-18 18:19:09.450 o.a.o.l.LdapLoginManagement:245 [NioProcessor-6] - LdapLoginmanagement.doLdapLogin
DEBUG 09-18 18:19:09.451 o.a.o.l.LdapLoginManagement:209 [NioProcessor-6] - LdapLoginmanagement.getLdapConfigData
DEBUG 09-18 18:19:09.452 o.a.o.l.LdapLoginManagement:222 [NioProcessor-6] - LdapLoginmanagement.readConfig : /usr/lib/red52/webapps/openmeetings/conf/om_ldap.cfg
DEBUG 09-18 18:19:09.454 o.a.o.l.LdapLoginManagement:149 [NioProcessor-6] - isValidAuthType
DEBUG 09-18 18:19:09.455 o.a.o.l.LdapLoginManagement:381 [NioProcessor-6] - Searching userdata with LDAP Search Filter :(userPrincipalName =yos2653)
DEBUG 09-18 18:19:09.456 o.a.o.l.LdapAuthBase:84 [NioProcessor-6] - LdapAuthBase
DEBUG 09-18 18:19:09.457 o.a.o.l.LdapLoginManagement:390 [NioProcessor-6] - authenticating admin...
DEBUG 09-18 18:19:09.458 o.a.o.l.LdapAuthBase:101 [NioProcessor-6] - authenticateUser
ERROR 09-18 18:19:09.463 o.a.o.r.MainService:393 [NioProcessor-6] - loginUser :
java.lang.NullPointerException: null
at java.util.Hashtable.put(Hashtable.java:394) ~[na:1.6.0_45]
at org.apache.openmeetings.ldap.LdapAuthBase.authenticateUser(LdapAuthBase.java:109) ~[openmeetings-2.1.1-RELEASE.jar:na]
at org.apache.openmeetings.ldap.LdapLoginManagement.doLdapLogin(LdapLoginManagement.java:391) ~[openmeetings-2.1.1-RELEASE.jar:na]
at org.apache.openmeetings.remote.MainService.loginUser(MainService.java:333) ~[openmeetings-2.1.1-RELEASE.jar:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.6.0_45]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) ~[na:1.6.0_45]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) ~[na:1.6.0_45]
at java.lang.reflect.Method.invoke(Method.java:597) ~[na:1.6.0_45]
at org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:196) [red5.jar:na]
at org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:115) [red5.jar:na]
at org.red5.server.net.rtmp.RTMPHandler.invokeCall(RTMPHandler.java:157) [red5.jar:na]
at org.red5.server.net.rtmp.RTMPHandler.onInvoke(RTMPHandler.java:399) [red5.jar:na]
at org.red5.server.net.rtmp.BaseRTMPHandler.messageReceived(BaseRTMPHandler.java:130) [red5.jar:na]
at org.red5.server.net.rtmp.RTMPMinaIoHandler.messageReceived(RTMPMinaIoHandler.java:164) [red5.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:716) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796) [mina-core-2.0.4.jar:na]
at org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:427) [mina-core-2.0.4.jar:na]
at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:245) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796) [mina-core-2.0.4.jar:na]
at org.red5.server.net.rtmpe.RTMPEIoFilter.messageReceived(RTMPEIoFilter.java:124) [red5.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:426) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:715) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:668) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:657) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPollingIoProcessor.java:68) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1141) [mina-core-2.0.4.jar:na]
at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64) [mina-core-2.0.4.jar:na]
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:895) [na:1.6.0_45]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:918) [na:1.6.0_45]
at java.lang.Thread.run(Thread.java:662) [na:1.6.0_45]
DEBUG 09-18 18:20:11.267 o.a.o.q.s.TestSetupCleanupJob:34 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-6] - TestSetupClearJob.execute
DEBUG 09-18 18:20:11.327 o.a.o.u.m.MailHandler:241 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-7] - sendMails enter ...
DEBUG 09-18 18:20:11.335 o.a.o.u.m.MailHandler:247 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-7] - ... sendMails done.
DEBUG 09-18 18:20:16.247 o.a.o.d.b.SessiondataDao:410 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-8] - ****** clearSessionTable:
DEBUG 09-18 18:20:16.257 o.a.o.d.b.SessiondataDao:414 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-8] - clearSessionTable: 2
DEBUG 09-18 18:20:16.258 o.a.o.q.s.MeetingReminderJob:34 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-9] - MeetingReminderJob.execute
DEBUG 09-18 18:20:16.270 o.a.o.d.c.d.AppointmentDao:929 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-9] - startStamp 2013-09-18 18:20:16.269
DEBUG 09-18 18:20:16.271 o.a.o.d.c.d.AppointmentDao:930 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-9] - stopStamp 2013-09-18 18:35:16.269
DEBUG 09-18 18:20:16.281 o.a.o.d.c.m.AppointmentLogic:423 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-9] - doScheduledMeetingReminder : no Appointments in range
DEBUG 09-18 18:20:45.167 o.a.o.d.b.SessiondataDao:242 [NioProcessor-6] - updateUserOrg User: null || 72e9df24631c6af8bdcc071699217419
Anyone with any ideas?
==== om_ldap.cfg =====
# This parameter specifies the type of LDAP server your are defining
#
# Supported values are "OpenLDAP" and "AD" for Active Directory (defaults to AD).
ldap_server_type=AD
#LDAP URL
# This is the URL used to access your LDAP server.
# can be a simple URL like:
# ldap_conn_url=ldap://myldap.myorg.com<http://myldap.myorg.com>
# or a list of simple URL separated by a space as in:
# ldap_conn_url=ldap://myldap.myorg.com<http://myldap.myorg.com> ldap://myldap2.myorg.com<http://myldap2.myorg.com>
# if you want to use "ldaps://" links, please be aware that you need to import your CA certificate
# to a java keystore and add the -Djavax.net.ssl.keyStore, -Djavax.net.ssl.keyStorePassword,
# -Djavax.net.ssl.trustStore and -Djavax.net.ssl.trustStorePassword parameters to your
# JAVA_OPT environment
ldap_conn_url=ldap://dc1.afdb.local:389
#Login distinguished name (DN) for Authentification on LDAP Server - keep emtpy if not requiered
# Use DN with with ":" instead of "=". The conversion will be done in OM
ldap_admin_dn=afdb\otrs
#Loginpass for Authentification on LDAP Server - keep emtpy if not requiered
#ldap_passwd=myownpasswd
#base to search for userdata(of user, that wants to login)
# Use DN with with ":" instead of "=". The conversion will be done in OM
ldap_search_base=OU:SARC,OU:AFDB_Field_Offices,DC:afdb,DC:local
# Fieldnames (can differ between Ldap servers)
field_user_principal=userPrincipalName
# Ldap auth type(SIMPLE,NONE)
# When using SIMPLE a simple bind is performed on the LDAP server to check user authentication
# When using NONE, the Ldap server is not used for authentication
ldap_auth_type=SIMPLE
# Ldap-password synchronization to OM DB
# Set this to 'yes' if you want OM to synchronize the user Ldap-password to OM's internal DB
# This enables local login of users if the ldap server is offline.
# If you want to disable the feature, set this to 'no'.
# Defautl value is 'yes'
ldap_sync_password_to_om=no
# Ldap user attributes mapping
# Set the following internal OM user attributes to their corresponding Ldap-attribute
ldap_user_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=streetAddress
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=co
ldap_user_attr_town=l
ldap_user_attr_phone=telephoneNumber
# optional, only absolute URLs make sense
#ldap_user_picture_uri=picture_uri
# optional
# the timezone has to mach an entry in the OpenMeetings table "omtimezones" otherwise the user will get
# the timezone defined in the value of the conf_key "default.timezone" in OpenMeetings "configurations" table
#ldap_user_timezone=timezone
# Ldap ignore upper/lower case, convert all input to lower case
ldap_use_lower_case=false
--
WBR
Maxim aka solomax
--
WBR
Maxim aka solomax
Re: AD Integration Issue
Posted by Maxim Solodovnik <so...@gmail.com>.
I'm not LDAP expert :(
but maybe you need to specify admin user in different way?
for ex here https://code.google.com/p/openmeetings/wiki/LdapADSINTegration
ldap_admin_dn is specified as
*ldap_admin_dn=CN:openmeetings,OU:openmeetings,OU:All
Users,DC:MYTEST,DC:NET,DC:BR*
instead of
*ldap_admin_dn=afdb\otrs*
On Thu, Sep 19, 2013 at 6:08 PM, YUUNI, OSAY OSMAN <O....@afdb.org> wrote:
> Hi all,****
>
> I noted that the error was misleading. The actual problem is with the
> authentication of the admin AD bind user. From my config I inadvertently
> commented out the password for the admin login. I corrected this and I’m
> now getting invalid password. The log seems to point to the same admin
> user. I’ve tried using domain\user as suggested elsewhere by Jason but I
> get same error when I try authenticating.****
>
> ** **
>
> Snippets of the relevant log below:****
>
> ** **
>
> === openmeetings.log ===****
>
> WARN 09-19 13:06:26.889 o.a.o.r.MainService:307 [NioProcessor-7] -
> loginUser: 25dfde1ef6e6b2bdec024ec6a7937f06 yos2653****
>
> DEBUG 09-19 13:06:26.890 o.a.o.r.MainService:318 [NioProcessor-7] - Ldap
> Login****
>
> DEBUG 09-19 13:06:26.920 o.a.o.l.LdapLoginManagement:245 [NioProcessor-7]
> - LdapLoginmanagement.doLdapLogin****
>
> DEBUG 09-19 13:06:26.922 o.a.o.l.LdapLoginManagement:209 [NioProcessor-7]
> - LdapLoginmanagement.getLdapConfigData****
>
> DEBUG 09-19 13:06:26.923 o.a.o.l.LdapLoginManagement:222 [NioProcessor-7]
> - LdapLoginmanagement.readConfig :
> /usr/lib/red52/webapps/openmeetings/conf/om_ldap.cfg****
>
> DEBUG 09-19 13:06:26.925 o.a.o.l.LdapLoginManagement:149 [NioProcessor-7]
> - isValidAuthType****
>
> DEBUG 09-19 13:06:26.926 o.a.o.l.LdapLoginManagement:381 [NioProcessor-7]
> - Searching userdata with LDAP Search Filter :(userPrincipalName =yos2653)
> ****
>
> DEBUG 09-19 13:06:26.927 o.a.o.l.LdapAuthBase:84 [NioProcessor-7] -
> LdapAuthBase****
>
> DEBUG 09-19 13:06:26.928 o.a.o.l.LdapLoginManagement:390 [NioProcessor-7]
> - authenticating admin...****
>
> DEBUG 09-19 13:06:26.929 o.a.o.l.LdapAuthBase:101 [NioProcessor-7] -
> authenticateUser****
>
> DEBUG 09-19 13:06:26.931 o.a.o.l.LdapAuthBase:117 [NioProcessor-7] -****
>
> ** **
>
> Authentification to LDAP - Server start****
>
> DEBUG 09-19 13:06:26.932 o.a.o.l.LdapAuthBase:151 [NioProcessor-7] -
> loginToLdapServer****
>
> DEBUG 09-19 13:06:26.945 o.a.o.l.LdapLoginManagement:393 [NioProcessor-7]
> - Checking server type...****
>
> DEBUG 09-19 13:06:26.947 o.a.o.l.LdapAuthBase:101 [NioProcessor-7] -
> authenticateUser****
>
> DEBUG 09-19 13:06:26.947 o.a.o.l.LdapAuthBase:117 [NioProcessor-7] -****
>
> ** **
>
> Authentification to LDAP - Server start****
>
> DEBUG 09-19 13:06:26.948 o.a.o.l.LdapAuthBase:151 [NioProcessor-7] -
> loginToLdapServer****
>
> ERROR 09-19 13:06:26.958 o.a.o.l.LdapAuthBase:123 [NioProcessor-7] -****
>
> ** **
>
> Authentification on LDAP Server failed : [LDAP: error code 49 - 80090308:
> LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e,
> v1db1]****
>
> ERROR 09-19 13:06:26.964 o.a.o.l.LdapAuthBase:124 [NioProcessor-7] -
> [Authentification on LDAP Server failed]****
>
> javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308:
> LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e,
> v1db1]****
>
> at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3067)
> ~[na:1.6.0_45]****
>
> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013)
> ~[na:1.6.0_45]****
>
> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2815)
> ~[na:1.6.0_45]****
>
> at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2729)
> ~[na:1.6.0_45]****
>
> at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296)
> ~[na:1.6.0_45]****
>
> at
> com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
> ~[na:1.6.0_45]****
>
> at
> com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
> ~[na:1.6.0_45]****
>
> at
> com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
> ~[na:1.6.0_45]****
>
> at
> com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
> ~[na:1.6.0_45]****
>
> at
> javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
> ~[na:1.6.0_45]****
>
> at
> javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
> ~[na:1.6.0_45]****
>
> at javax.naming.InitialContext.init(InitialContext.java:223)
> ~[na:1.6.0_45]****
>
> at javax.naming.InitialContext.<init>(InitialContext.java:197)
> ~[na:1.6.0_45]****
>
> at
> javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
> ~[na:1.6.0_45]****
>
> at
> org.apache.openmeetings.ldap.LdapAuthBase.authenticateUser(LdapAuthBase.java:121)
> ~[openmeetings-2.1.1-RELEASE.jar:na]****
>
> at
> org.apache.openmeetings.ldap.LdapLoginManagement.doLdapLogin(LdapLoginManagement.java:416)
> [openmeetings-2.1.1-RELEASE.jar:na]****
>
> at
> org.apache.openmeetings.remote.MainService.loginUser(MainService.java:333)
> [openmeetings-2.1.1-RELEASE.jar:na]****
>
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> ~[na:1.6.0_45]****
>
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> ~[na:1.6.0_45]****
>
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> ~[na:1.6.0_45]****
>
> at java.lang.reflect.Method.invoke(Method.java:597) ~[na:1.6.0_45]
> ****
>
> at
> org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:196)
> [red5.jar:na]****
>
> at
> org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:115)
> [red5.jar:na]****
>
> at
> org.red5.server.net.rtmp.RTMPHandler.invokeCall(RTMPHandler.java:157)
> [red5.jar:na]****
>
> at
> org.red5.server.net.rtmp.RTMPHandler.onInvoke(RTMPHandler.java:399)
> [red5.jar:na]****
>
> at
> org.red5.server.net.rtmp.BaseRTMPHandler.messageReceived(BaseRTMPHandler.java:130)
> [red5.jar:na]****
>
> at
> org.red5.server.net.rtmp.RTMPMinaIoHandler.messageReceived(RTMPMinaIoHandler.java:164)
> [red5.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:716)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:427)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:245)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.red5.server.net.rtmpe.RTMPEIoFilter.messageReceived(RTMPEIoFilter.java:124)
> [red5.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:426)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:715)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:668)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:657)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPollingIoProcessor.java:68)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1141)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
> [mina-core-2.0.4.jar:na]****
>
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:895)
> [na:1.6.0_45]****
>
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:918)
> [na:1.6.0_45]****
>
> ** **
>
> *From:* Alexei Fedotov [mailto:alexei.fedotov@gmail.com]
> *Sent:* 19 September 2013 11:43 AM
> *To:* YUUNI, OSAY OSMAN; user@openmeetings.apache.org
>
> *Subject:* Re: AD Integration Issue****
>
> ** **
>
> Does things work if you manually assign the group for the user?****
>
> 18.09.2013 21:24 пользователь "YUUNI, OSAY OSMAN" <O....@afdb.org>
> написал:****
>
> Does this mean OM (2.1.1) is not passing the password? BTW this is against
> AD 2008 R2.****
>
> ** **
>
> ** **
>
> ** **
>
> ** **
>
> Sent from Samsung tablet****
>
>
>
>
> -------- Original message --------
> From: Maxim Solodovnik <so...@gmail.com>
> Date: 18/09/2013 7:20 PM (GMT+02:00)
> To: Openmeetings user-list <us...@openmeetings.apache.org>
> Subject: Re: AD Integration Issue
>
> ****
>
> It seems like password is null somehow (according to the code)****
>
> ** **
>
> On Wed, Sep 18, 2013 at 11:33 PM, YUUNI, OSAY OSMAN <O....@afdb.org>
> wrote:****
>
> Hi all,****
>
> ****
>
> I’m having a peculiar problem with my LDAP integration. I’m integrating
> with AD and this seems to work but when a user logs in she/he is greeted
> with “Your account is assigned with multiple usergroups. Please choose one
> for this session” then a drop down box. The drop down box is empty. When
> they continue it displays a blank page. I’m not sure where the issue is. I
> have not assigned any user to any group since they’re authenticating
> through AD.****
>
> ****
>
> Here’s the relevant snippet of the log:****
>
> ****
>
> DEBUG 09-18 18:18:36.257 o.a.o.q.s.MeetingReminderJob:34
> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-5] -
> MeetingReminderJob.execute****
>
> DEBUG 09-18 18:18:36.269 o.a.o.d.c.d.AppointmentDao:929
> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-5] -
> startStamp 2013-09-18 18:18:36.269****
>
> DEBUG 09-18 18:18:36.271 o.a.o.d.c.d.AppointmentDao:930
> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-5] -
> stopStamp 2013-09-18 18:33:36.269****
>
> DEBUG 09-18 18:18:36.280 o.a.o.d.c.m.AppointmentLogic:423
> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-5] -
> doScheduledMeetingReminder : no Appointments in range****
>
> WARN 09-18 18:19:09.425 o.a.o.r.MainService:307 [NioProcessor-6] -
> loginUser: 72e9df24631c6af8bdcc071699217419 yos2653****
>
> DEBUG 09-18 18:19:09.426 o.a.o.r.MainService:318 [NioProcessor-6] - Ldap
> Login****
>
> DEBUG 09-18 18:19:09.450 o.a.o.l.LdapLoginManagement:245 [NioProcessor-6]
> - LdapLoginmanagement.doLdapLogin****
>
> DEBUG 09-18 18:19:09.451 o.a.o.l.LdapLoginManagement:209 [NioProcessor-6]
> - LdapLoginmanagement.getLdapConfigData****
>
> DEBUG 09-18 18:19:09.452 o.a.o.l.LdapLoginManagement:222 [NioProcessor-6]
> - LdapLoginmanagement.readConfig :
> /usr/lib/red52/webapps/openmeetings/conf/om_ldap.cfg****
>
> DEBUG 09-18 18:19:09.454 o.a.o.l.LdapLoginManagement:149 [NioProcessor-6]
> - isValidAuthType****
>
> DEBUG 09-18 18:19:09.455 o.a.o.l.LdapLoginManagement:381 [NioProcessor-6]
> - Searching userdata with LDAP Search Filter :(userPrincipalName =yos2653)
> ****
>
> DEBUG 09-18 18:19:09.456 o.a.o.l.LdapAuthBase:84 [NioProcessor-6] -
> LdapAuthBase****
>
> DEBUG 09-18 18:19:09.457 o.a.o.l.LdapLoginManagement:390 [NioProcessor-6]
> - authenticating admin...****
>
> DEBUG 09-18 18:19:09.458 o.a.o.l.LdapAuthBase:101 [NioProcessor-6] -
> authenticateUser****
>
> ERROR 09-18 18:19:09.463 o.a.o.r.MainService:393 [NioProcessor-6] -
> loginUser :****
>
> java.lang.NullPointerException: null****
>
> at java.util.Hashtable.put(Hashtable.java:394) ~[na:1.6.0_45]****
>
> at
> org.apache.openmeetings.ldap.LdapAuthBase.authenticateUser(LdapAuthBase.java:109)
> ~[openmeetings-2.1.1-RELEASE.jar:na]****
>
> at
> org.apache.openmeetings.ldap.LdapLoginManagement.doLdapLogin(LdapLoginManagement.java:391)
> ~[openmeetings-2.1.1-RELEASE.jar:na]****
>
> at
> org.apache.openmeetings.remote.MainService.loginUser(MainService.java:333)
> ~[openmeetings-2.1.1-RELEASE.jar:na]****
>
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> ~[na:1.6.0_45]****
>
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> ~[na:1.6.0_45]****
>
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> ~[na:1.6.0_45]****
>
> at java.lang.reflect.Method.invoke(Method.java:597) ~[na:1.6.0_45]
> ****
>
> at
> org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:196)
> [red5.jar:na]****
>
> at
> org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:115)
> [red5.jar:na]****
>
> at
> org.red5.server.net.rtmp.RTMPHandler.invokeCall(RTMPHandler.java:157)
> [red5.jar:na]****
>
> at
> org.red5.server.net.rtmp.RTMPHandler.onInvoke(RTMPHandler.java:399)
> [red5.jar:na]****
>
> at
> org.red5.server.net.rtmp.BaseRTMPHandler.messageReceived(BaseRTMPHandler.java:130)
> [red5.jar:na]****
>
> at
> org.red5.server.net.rtmp.RTMPMinaIoHandler.messageReceived(RTMPMinaIoHandler.java:164)
> [red5.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:716)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:427)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:245)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.red5.server.net.rtmpe.RTMPEIoFilter.messageReceived(RTMPEIoFilter.java:124)
> [red5.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:426)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:715)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:668)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:657)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPollingIoProcessor.java:68)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1141)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
> [mina-core-2.0.4.jar:na]****
>
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:895)
> [na:1.6.0_45]****
>
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:918)
> [na:1.6.0_45]****
>
> at java.lang.Thread.run(Thread.java:662) [na:1.6.0_45]****
>
> DEBUG 09-18 18:20:11.267 o.a.o.q.s.TestSetupCleanupJob:34
> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-6] -
> TestSetupClearJob.execute****
>
> DEBUG 09-18 18:20:11.327 o.a.o.u.m.MailHandler:241
> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-7] -
> sendMails enter ...****
>
> DEBUG 09-18 18:20:11.335 o.a.o.u.m.MailHandler:247
> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-7] -
> ... sendMails done.****
>
> DEBUG 09-18 18:20:16.247 o.a.o.d.b.SessiondataDao:410
> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-8] -
> ****** clearSessionTable:****
>
> DEBUG 09-18 18:20:16.257 o.a.o.d.b.SessiondataDao:414
> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-8] -
> clearSessionTable: 2****
>
> DEBUG 09-18 18:20:16.258 o.a.o.q.s.MeetingReminderJob:34
> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-9] -
> MeetingReminderJob.execute****
>
> DEBUG 09-18 18:20:16.270 o.a.o.d.c.d.AppointmentDao:929
> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-9] -
> startStamp 2013-09-18 18:20:16.269****
>
> DEBUG 09-18 18:20:16.271 o.a.o.d.c.d.AppointmentDao:930
> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-9] -
> stopStamp 2013-09-18 18:35:16.269****
>
> DEBUG 09-18 18:20:16.281 o.a.o.d.c.m.AppointmentLogic:423
> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-9] -
> doScheduledMeetingReminder : no Appointments in range****
>
> DEBUG 09-18 18:20:45.167 o.a.o.d.b.SessiondataDao:242 [NioProcessor-6] -
> updateUserOrg User: null || 72e9df24631c6af8bdcc071699217419****
>
> ****
>
> ****
>
> Anyone with any ideas?****
>
> ****
>
> ==== om_ldap.cfg =====****
>
> ****
>
> # This parameter specifies the type of LDAP server your are defining****
>
> #****
>
> # Supported values are "OpenLDAP" and "AD" for Active Directory (defaults
> to AD).****
>
> ldap_server_type=AD****
>
> ****
>
> #LDAP URL****
>
> # This is the URL used to access your LDAP server.****
>
> ****
>
> # can be a simple URL like:****
>
> # ldap_conn_url=ldap://myldap.myorg.com****
>
> # or a list of simple URL separated by a space as in:****
>
> # ldap_conn_url=ldap://myldap.myorg.com ldap://myldap2.myorg.com****
>
> # if you want to use "ldaps://" links, please be aware that you need to
> import your CA certificate****
>
> # to a java keystore and add the -Djavax.net.ssl.keyStore,
> -Djavax.net.ssl.keyStorePassword,****
>
> # -Djavax.net.ssl.trustStore and -Djavax.net.ssl.trustStorePassword
> parameters to your****
>
> # JAVA_OPT environment****
>
> ldap_conn_url=ldap://dc1.afdb.local:389****
>
> ****
>
> #Login distinguished name (DN) for Authentification on LDAP Server - keep
> emtpy if not requiered****
>
> # Use DN with with ":" instead of "=". The conversion will be done in OM**
> **
>
> ldap_admin_dn=afdb\otrs****
>
> ****
>
> #Loginpass for Authentification on LDAP Server - keep emtpy if not
> requiered****
>
> #ldap_passwd=myownpasswd****
>
> ****
>
> #base to search for userdata(of user, that wants to login)****
>
> # Use DN with with ":" instead of "=". The conversion will be done in OM**
> **
>
> ldap_search_base=OU:SARC,OU:AFDB_Field_Offices,DC:afdb,DC:local****
>
> ****
>
> # Fieldnames (can differ between Ldap servers)****
>
> field_user_principal=userPrincipalName****
>
> ****
>
> # Ldap auth type(SIMPLE,NONE)****
>
> # When using SIMPLE a simple bind is performed on the LDAP server to
> check user authentication****
>
> # When using NONE, the Ldap server is not used for authentication****
>
> ldap_auth_type=SIMPLE****
>
> ****
>
> # Ldap-password synchronization to OM DB****
>
> # Set this to 'yes' if you want OM to synchronize the user Ldap-password
> to OM's internal DB****
>
> # This enables local login of users if the ldap server is offline.****
>
> # If you want to disable the feature, set this to 'no'.****
>
> # Defautl value is 'yes'****
>
> ldap_sync_password_to_om=no****
>
> ****
>
> ****
>
> # Ldap user attributes mapping****
>
> # Set the following internal OM user attributes to their corresponding
> Ldap-attribute****
>
> ldap_user_attr_lastname=sn****
>
> ldap_user_attr_firstname=givenName****
>
> ldap_user_attr_mail=mail****
>
> ldap_user_attr_street=streetAddress****
>
> ldap_user_attr_additionalname=description****
>
> ldap_user_attr_fax=facsimileTelephoneNumber****
>
> ldap_user_attr_zip=postalCode****
>
> ldap_user_attr_country=co****
>
> ldap_user_attr_town=l****
>
> ldap_user_attr_phone=telephoneNumber****
>
> ****
>
> # optional, only absolute URLs make sense****
>
> #ldap_user_picture_uri=picture_uri****
>
> ****
>
> # optional****
>
> # the timezone has to mach an entry in the OpenMeetings table
> "omtimezones" otherwise the user will get****
>
> # the timezone defined in the value of the conf_key "default.timezone" in
> OpenMeetings "configurations" table****
>
> #ldap_user_timezone=timezone****
>
> ****
>
> # Ldap ignore upper/lower case, convert all input to lower case****
>
> ldap_use_lower_case=false****
>
>
>
> ****
>
> ** **
>
> --
> WBR
> Maxim aka solomax ****
>
--
WBR
Maxim aka solomax
Re: Embed an swf file
Posted by Maxim Solodovnik <so...@gmail.com>.
you can add code of your file (or compiled swf as a resource) to the code
of the room
and recompile (I believe this should work)
On Thu, Sep 19, 2013 at 7:07 PM, "Mathias Bässler" <01...@web.de> wrote:
> Hello,
>
> I want to use an swf file (sample codefile and compiled swf attached) in
> OM. Is it possible to put it in a view or sth similar and let it keep the
> whole functionality? And if yes, how is it done?
>
> Greetings,
>
> Mathias
--
WBR
Maxim aka solomax
Embed an swf file
Posted by Mathias Bässler <01...@web.de>.
Hello,
I want to use an swf file (sample codefile and compiled swf attached) in OM. Is it possible to put it in a view or sth similar and let it keep the whole functionality? And if yes, how is it done?
Greetings,
Mathias
RE: AD Integration Issue
Posted by "YUUNI, OSAY OSMAN" <O....@AFDB.ORG>.
Hi all,
I noted that the error was misleading. The actual problem is with the authentication of the admin AD bind user. From my config I inadvertently commented out the password for the admin login. I corrected this and I’m now getting invalid password. The log seems to point to the same admin user. I’ve tried using domain\user as suggested elsewhere by Jason but I get same error when I try authenticating.
Snippets of the relevant log below:
=== openmeetings.log ===
WARN 09-19 13:06:26.889 o.a.o.r.MainService:307 [NioProcessor-7] - loginUser: 25dfde1ef6e6b2bdec024ec6a7937f06 yos2653
DEBUG 09-19 13:06:26.890 o.a.o.r.MainService:318 [NioProcessor-7] - Ldap Login
DEBUG 09-19 13:06:26.920 o.a.o.l.LdapLoginManagement:245 [NioProcessor-7] - LdapLoginmanagement.doLdapLogin
DEBUG 09-19 13:06:26.922 o.a.o.l.LdapLoginManagement:209 [NioProcessor-7] - LdapLoginmanagement.getLdapConfigData
DEBUG 09-19 13:06:26.923 o.a.o.l.LdapLoginManagement:222 [NioProcessor-7] - LdapLoginmanagement.readConfig : /usr/lib/red52/webapps/openmeetings/conf/om_ldap.cfg
DEBUG 09-19 13:06:26.925 o.a.o.l.LdapLoginManagement:149 [NioProcessor-7] - isValidAuthType
DEBUG 09-19 13:06:26.926 o.a.o.l.LdapLoginManagement:381 [NioProcessor-7] - Searching userdata with LDAP Search Filter :(userPrincipalName =yos2653)
DEBUG 09-19 13:06:26.927 o.a.o.l.LdapAuthBase:84 [NioProcessor-7] - LdapAuthBase
DEBUG 09-19 13:06:26.928 o.a.o.l.LdapLoginManagement:390 [NioProcessor-7] - authenticating admin...
DEBUG 09-19 13:06:26.929 o.a.o.l.LdapAuthBase:101 [NioProcessor-7] - authenticateUser
DEBUG 09-19 13:06:26.931 o.a.o.l.LdapAuthBase:117 [NioProcessor-7] -
Authentification to LDAP - Server start
DEBUG 09-19 13:06:26.932 o.a.o.l.LdapAuthBase:151 [NioProcessor-7] - loginToLdapServer
DEBUG 09-19 13:06:26.945 o.a.o.l.LdapLoginManagement:393 [NioProcessor-7] - Checking server type...
DEBUG 09-19 13:06:26.947 o.a.o.l.LdapAuthBase:101 [NioProcessor-7] - authenticateUser
DEBUG 09-19 13:06:26.947 o.a.o.l.LdapAuthBase:117 [NioProcessor-7] -
Authentification to LDAP - Server start
DEBUG 09-19 13:06:26.948 o.a.o.l.LdapAuthBase:151 [NioProcessor-7] - loginToLdapServer
ERROR 09-19 13:06:26.958 o.a.o.l.LdapAuthBase:123 [NioProcessor-7] -
Authentification on LDAP Server failed : [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]
ERROR 09-19 13:06:26.964 o.a.o.l.LdapAuthBase:124 [NioProcessor-7] - [Authentification on LDAP Server failed]
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3067) ~[na:1.6.0_45]
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013) ~[na:1.6.0_45]
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2815) ~[na:1.6.0_45]
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2729) ~[na:1.6.0_45]
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296) ~[na:1.6.0_45]
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175) ~[na:1.6.0_45]
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193) ~[na:1.6.0_45]
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136) ~[na:1.6.0_45]
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66) ~[na:1.6.0_45]
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667) ~[na:1.6.0_45]
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288) ~[na:1.6.0_45]
at javax.naming.InitialContext.init(InitialContext.java:223) ~[na:1.6.0_45]
at javax.naming.InitialContext.<init>(InitialContext.java:197) ~[na:1.6.0_45]
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82) ~[na:1.6.0_45]
at org.apache.openmeetings.ldap.LdapAuthBase.authenticateUser(LdapAuthBase.java:121) ~[openmeetings-2.1.1-RELEASE.jar:na]
at org.apache.openmeetings.ldap.LdapLoginManagement.doLdapLogin(LdapLoginManagement.java:416) [openmeetings-2.1.1-RELEASE.jar:na]
at org.apache.openmeetings.remote.MainService.loginUser(MainService.java:333) [openmeetings-2.1.1-RELEASE.jar:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.6.0_45]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) ~[na:1.6.0_45]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) ~[na:1.6.0_45]
at java.lang.reflect.Method.invoke(Method.java:597) ~[na:1.6.0_45]
at org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:196) [red5.jar:na]
at org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:115) [red5.jar:na]
at org.red5.server.net.rtmp.RTMPHandler.invokeCall(RTMPHandler.java:157) [red5.jar:na]
at org.red5.server.net.rtmp.RTMPHandler.onInvoke(RTMPHandler.java:399) [red5.jar:na]
at org.red5.server.net.rtmp.BaseRTMPHandler.messageReceived(BaseRTMPHandler.java:130) [red5.jar:na]
at org.red5.server.net.rtmp.RTMPMinaIoHandler.messageReceived(RTMPMinaIoHandler.java:164) [red5.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:716) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796) [mina-core-2.0.4.jar:na]
at org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:427) [mina-core-2.0.4.jar:na]
at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:245) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796) [mina-core-2.0.4.jar:na]
at org.red5.server.net.rtmpe.RTMPEIoFilter.messageReceived(RTMPEIoFilter.java:124) [red5.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:426) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:715) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:668) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:657) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPollingIoProcessor.java:68) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1141) [mina-core-2.0.4.jar:na]
at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64) [mina-core-2.0.4.jar:na]
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:895) [na:1.6.0_45]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:918) [na:1.6.0_45]
From: Alexei Fedotov [mailto:alexei.fedotov@gmail.com]
Sent: 19 September 2013 11:43 AM
To: YUUNI, OSAY OSMAN; user@openmeetings.apache.org
Subject: Re: AD Integration Issue
Does things work if you manually assign the group for the user?
18.09.2013 21:24 пользователь "YUUNI, OSAY OSMAN" <O....@afdb.org>> написал:
Does this mean OM (2.1.1) is not passing the password? BTW this is against AD 2008 R2.
Sent from Samsung tablet
-------- Original message --------
From: Maxim Solodovnik <so...@gmail.com>>
Date: 18/09/2013 7:20 PM (GMT+02:00)
To: Openmeetings user-list <us...@openmeetings.apache.org>>
Subject: Re: AD Integration Issue
It seems like password is null somehow (according to the code)
On Wed, Sep 18, 2013 at 11:33 PM, YUUNI, OSAY OSMAN <O....@afdb.org>> wrote:
Hi all,
I’m having a peculiar problem with my LDAP integration. I’m integrating with AD and this seems to work but when a user logs in she/he is greeted with “Your account is assigned with multiple usergroups. Please choose one for this session” then a drop down box. The drop down box is empty. When they continue it displays a blank page. I’m not sure where the issue is. I have not assigned any user to any group since they’re authenticating through AD.
Here’s the relevant snippet of the log:
DEBUG 09-18 18:18:36.257 o.a.o.q.s.MeetingReminderJob:34 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-5] - MeetingReminderJob.execute
DEBUG 09-18 18:18:36.269 o.a.o.d.c.d.AppointmentDao:929 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-5] - startStamp 2013-09-18 18:18:36.269
DEBUG 09-18 18:18:36.271 o.a.o.d.c.d.AppointmentDao:930 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-5] - stopStamp 2013-09-18 18:33:36.269
DEBUG 09-18 18:18:36.280 o.a.o.d.c.m.AppointmentLogic:423 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-5] - doScheduledMeetingReminder : no Appointments in range
WARN 09-18 18:19:09.425 o.a.o.r.MainService:307 [NioProcessor-6] - loginUser: 72e9df24631c6af8bdcc071699217419 yos2653
DEBUG 09-18 18:19:09.426 o.a.o.r.MainService:318 [NioProcessor-6] - Ldap Login
DEBUG 09-18 18:19:09.450 o.a.o.l.LdapLoginManagement:245 [NioProcessor-6] - LdapLoginmanagement.doLdapLogin
DEBUG 09-18 18:19:09.451 o.a.o.l.LdapLoginManagement:209 [NioProcessor-6] - LdapLoginmanagement.getLdapConfigData
DEBUG 09-18 18:19:09.452 o.a.o.l.LdapLoginManagement:222 [NioProcessor-6] - LdapLoginmanagement.readConfig : /usr/lib/red52/webapps/openmeetings/conf/om_ldap.cfg
DEBUG 09-18 18:19:09.454 o.a.o.l.LdapLoginManagement:149 [NioProcessor-6] - isValidAuthType
DEBUG 09-18 18:19:09.455 o.a.o.l.LdapLoginManagement:381 [NioProcessor-6] - Searching userdata with LDAP Search Filter :(userPrincipalName =yos2653)
DEBUG 09-18 18:19:09.456 o.a.o.l.LdapAuthBase:84 [NioProcessor-6] - LdapAuthBase
DEBUG 09-18 18:19:09.457 o.a.o.l.LdapLoginManagement:390 [NioProcessor-6] - authenticating admin...
DEBUG 09-18 18:19:09.458 o.a.o.l.LdapAuthBase:101 [NioProcessor-6] - authenticateUser
ERROR 09-18 18:19:09.463 o.a.o.r.MainService:393 [NioProcessor-6] - loginUser :
java.lang.NullPointerException: null
at java.util.Hashtable.put(Hashtable.java:394) ~[na:1.6.0_45]
at org.apache.openmeetings.ldap.LdapAuthBase.authenticateUser(LdapAuthBase.java:109) ~[openmeetings-2.1.1-RELEASE.jar:na]
at org.apache.openmeetings.ldap.LdapLoginManagement.doLdapLogin(LdapLoginManagement.java:391) ~[openmeetings-2.1.1-RELEASE.jar:na]
at org.apache.openmeetings.remote.MainService.loginUser(MainService.java:333) ~[openmeetings-2.1.1-RELEASE.jar:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.6.0_45]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) ~[na:1.6.0_45]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) ~[na:1.6.0_45]
at java.lang.reflect.Method.invoke(Method.java:597) ~[na:1.6.0_45]
at org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:196) [red5.jar:na]
at org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:115) [red5.jar:na]
at org.red5.server.net.rtmp.RTMPHandler.invokeCall(RTMPHandler.java:157) [red5.jar:na]
at org.red5.server.net.rtmp.RTMPHandler.onInvoke(RTMPHandler.java:399) [red5.jar:na]
at org.red5.server.net.rtmp.BaseRTMPHandler.messageReceived(BaseRTMPHandler.java:130) [red5.jar:na]
at org.red5.server.net.rtmp.RTMPMinaIoHandler.messageReceived(RTMPMinaIoHandler.java:164) [red5.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:716) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796) [mina-core-2.0.4.jar:na]
at org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:427) [mina-core-2.0.4.jar:na]
at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:245) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796) [mina-core-2.0.4.jar:na]
at org.red5.server.net.rtmpe.RTMPEIoFilter.messageReceived(RTMPEIoFilter.java:124) [red5.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:426) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:715) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:668) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:657) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPollingIoProcessor.java:68) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1141) [mina-core-2.0.4.jar:na]
at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64) [mina-core-2.0.4.jar:na]
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:895) [na:1.6.0_45]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:918) [na:1.6.0_45]
at java.lang.Thread.run(Thread.java:662) [na:1.6.0_45]
DEBUG 09-18 18:20:11.267 o.a.o.q.s.TestSetupCleanupJob:34 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-6] - TestSetupClearJob.execute
DEBUG 09-18 18:20:11.327 o.a.o.u.m.MailHandler:241 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-7] - sendMails enter ...
DEBUG 09-18 18:20:11.335 o.a.o.u.m.MailHandler:247 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-7] - ... sendMails done.
DEBUG 09-18 18:20:16.247 o.a.o.d.b.SessiondataDao:410 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-8] - ****** clearSessionTable:
DEBUG 09-18 18:20:16.257 o.a.o.d.b.SessiondataDao:414 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-8] - clearSessionTable: 2
DEBUG 09-18 18:20:16.258 o.a.o.q.s.MeetingReminderJob:34 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-9] - MeetingReminderJob.execute
DEBUG 09-18 18:20:16.270 o.a.o.d.c.d.AppointmentDao:929 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-9] - startStamp 2013-09-18 18:20:16.269
DEBUG 09-18 18:20:16.271 o.a.o.d.c.d.AppointmentDao:930 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-9] - stopStamp 2013-09-18 18:35:16.269
DEBUG 09-18 18:20:16.281 o.a.o.d.c.m.AppointmentLogic:423 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-9] - doScheduledMeetingReminder : no Appointments in range
DEBUG 09-18 18:20:45.167 o.a.o.d.b.SessiondataDao:242 [NioProcessor-6] - updateUserOrg User: null || 72e9df24631c6af8bdcc071699217419
Anyone with any ideas?
==== om_ldap.cfg =====
# This parameter specifies the type of LDAP server your are defining
#
# Supported values are "OpenLDAP" and "AD" for Active Directory (defaults to AD).
ldap_server_type=AD
#LDAP URL
# This is the URL used to access your LDAP server.
# can be a simple URL like:
# ldap_conn_url=ldap://myldap.myorg.com<http://myldap.myorg.com>
# or a list of simple URL separated by a space as in:
# ldap_conn_url=ldap://myldap.myorg.com<http://myldap.myorg.com> ldap://myldap2.myorg.com<http://myldap2.myorg.com>
# if you want to use "ldaps://" links, please be aware that you need to import your CA certificate
# to a java keystore and add the -Djavax.net.ssl.keyStore, -Djavax.net.ssl.keyStorePassword,
# -Djavax.net.ssl.trustStore and -Djavax.net.ssl.trustStorePassword parameters to your
# JAVA_OPT environment
ldap_conn_url=ldap://dc1.afdb.local:389
#Login distinguished name (DN) for Authentification on LDAP Server - keep emtpy if not requiered
# Use DN with with ":" instead of "=". The conversion will be done in OM
ldap_admin_dn=afdb\otrs
#Loginpass for Authentification on LDAP Server - keep emtpy if not requiered
#ldap_passwd=myownpasswd
#base to search for userdata(of user, that wants to login)
# Use DN with with ":" instead of "=". The conversion will be done in OM
ldap_search_base=OU:SARC,OU:AFDB_Field_Offices,DC:afdb,DC:local
# Fieldnames (can differ between Ldap servers)
field_user_principal=userPrincipalName
# Ldap auth type(SIMPLE,NONE)
# When using SIMPLE a simple bind is performed on the LDAP server to check user authentication
# When using NONE, the Ldap server is not used for authentication
ldap_auth_type=SIMPLE
# Ldap-password synchronization to OM DB
# Set this to 'yes' if you want OM to synchronize the user Ldap-password to OM's internal DB
# This enables local login of users if the ldap server is offline.
# If you want to disable the feature, set this to 'no'.
# Defautl value is 'yes'
ldap_sync_password_to_om=no
# Ldap user attributes mapping
# Set the following internal OM user attributes to their corresponding Ldap-attribute
ldap_user_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=streetAddress
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=co
ldap_user_attr_town=l
ldap_user_attr_phone=telephoneNumber
# optional, only absolute URLs make sense
#ldap_user_picture_uri=picture_uri
# optional
# the timezone has to mach an entry in the OpenMeetings table "omtimezones" otherwise the user will get
# the timezone defined in the value of the conf_key "default.timezone" in OpenMeetings "configurations" table
#ldap_user_timezone=timezone
# Ldap ignore upper/lower case, convert all input to lower case
ldap_use_lower_case=false
--
WBR
Maxim aka solomax
Re: AD Integration Issue
Posted by Alexei Fedotov <al...@gmail.com>.
Does things work if you manually assign the group for the user?
18.09.2013 21:24 пользователь "YUUNI, OSAY OSMAN" <O....@afdb.org>
написал:
> Does this mean OM (2.1.1) is not passing the password? BTW this is
> against AD 2008 R2.
>
>
>
>
> Sent from Samsung tablet
>
>
>
> -------- Original message --------
> From: Maxim Solodovnik <so...@gmail.com>
> Date: 18/09/2013 7:20 PM (GMT+02:00)
> To: Openmeetings user-list <us...@openmeetings.apache.org>
> Subject: Re: AD Integration Issue
>
>
> It seems like password is null somehow (according to the code)
>
>
> On Wed, Sep 18, 2013 at 11:33 PM, YUUNI, OSAY OSMAN <O....@afdb.org>wrote:
>
>> Hi all,****
>>
>> ** **
>>
>> I’m having a peculiar problem with my LDAP integration. I’m integrating
>> with AD and this seems to work but when a user logs in she/he is greeted
>> with “Your account is assigned with multiple usergroups. Please choose one
>> for this session” then a drop down box. The drop down box is empty. When
>> they continue it displays a blank page. I’m not sure where the issue is. I
>> have not assigned any user to any group since they’re authenticating
>> through AD.****
>>
>> ** **
>>
>> Here’s the relevant snippet of the log:****
>>
>> ** **
>>
>> DEBUG 09-18 18:18:36.257 o.a.o.q.s.MeetingReminderJob:34
>> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-5] -
>> MeetingReminderJob.execute****
>>
>> DEBUG 09-18 18:18:36.269 o.a.o.d.c.d.AppointmentDao:929
>> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-5] -
>> startStamp 2013-09-18 18:18:36.269****
>>
>> DEBUG 09-18 18:18:36.271 o.a.o.d.c.d.AppointmentDao:930
>> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-5] -
>> stopStamp 2013-09-18 18:33:36.269****
>>
>> DEBUG 09-18 18:18:36.280 o.a.o.d.c.m.AppointmentLogic:423
>> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-5] -
>> doScheduledMeetingReminder : no Appointments in range****
>>
>> WARN 09-18 18:19:09.425 o.a.o.r.MainService:307 [NioProcessor-6] -
>> loginUser: 72e9df24631c6af8bdcc071699217419 yos2653****
>>
>> DEBUG 09-18 18:19:09.426 o.a.o.r.MainService:318 [NioProcessor-6] - Ldap
>> Login****
>>
>> DEBUG 09-18 18:19:09.450 o.a.o.l.LdapLoginManagement:245 [NioProcessor-6]
>> - LdapLoginmanagement.doLdapLogin****
>>
>> DEBUG 09-18 18:19:09.451 o.a.o.l.LdapLoginManagement:209 [NioProcessor-6]
>> - LdapLoginmanagement.getLdapConfigData****
>>
>> DEBUG 09-18 18:19:09.452 o.a.o.l.LdapLoginManagement:222 [NioProcessor-6]
>> - LdapLoginmanagement.readConfig :
>> /usr/lib/red52/webapps/openmeetings/conf/om_ldap.cfg****
>>
>> DEBUG 09-18 18:19:09.454 o.a.o.l.LdapLoginManagement:149 [NioProcessor-6]
>> - isValidAuthType****
>>
>> DEBUG 09-18 18:19:09.455 o.a.o.l.LdapLoginManagement:381 [NioProcessor-6]
>> - Searching userdata with LDAP Search Filter :(userPrincipalName =yos2653)
>> ****
>>
>> DEBUG 09-18 18:19:09.456 o.a.o.l.LdapAuthBase:84 [NioProcessor-6] -
>> LdapAuthBase****
>>
>> DEBUG 09-18 18:19:09.457 o.a.o.l.LdapLoginManagement:390 [NioProcessor-6]
>> - authenticating admin...****
>>
>> DEBUG 09-18 18:19:09.458 o.a.o.l.LdapAuthBase:101 [NioProcessor-6] -
>> authenticateUser****
>>
>> ERROR 09-18 18:19:09.463 o.a.o.r.MainService:393 [NioProcessor-6] -
>> loginUser :****
>>
>> java.lang.NullPointerException: null****
>>
>> at java.util.Hashtable.put(Hashtable.java:394) ~[na:1.6.0_45]****
>>
>> at
>> org.apache.openmeetings.ldap.LdapAuthBase.authenticateUser(LdapAuthBase.java:109)
>> ~[openmeetings-2.1.1-RELEASE.jar:na]****
>>
>> at
>> org.apache.openmeetings.ldap.LdapLoginManagement.doLdapLogin(LdapLoginManagement.java:391)
>> ~[openmeetings-2.1.1-RELEASE.jar:na]****
>>
>> at
>> org.apache.openmeetings.remote.MainService.loginUser(MainService.java:333)
>> ~[openmeetings-2.1.1-RELEASE.jar:na]****
>>
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> ~[na:1.6.0_45]****
>>
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>> ~[na:1.6.0_45]****
>>
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>> ~[na:1.6.0_45]****
>>
>> at java.lang.reflect.Method.invoke(Method.java:597) ~[na:1.6.0_45]
>> ****
>>
>> at
>> org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:196)
>> [red5.jar:na]****
>>
>> at
>> org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:115)
>> [red5.jar:na]****
>>
>> at
>> org.red5.server.net.rtmp.RTMPHandler.invokeCall(RTMPHandler.java:157)
>> [red5.jar:na]****
>>
>> at
>> org.red5.server.net.rtmp.RTMPHandler.onInvoke(RTMPHandler.java:399)
>> [red5.jar:na]****
>>
>> at
>> org.red5.server.net.rtmp.BaseRTMPHandler.messageReceived(BaseRTMPHandler.java:130)
>> [red5.jar:na]****
>>
>> at
>> org.red5.server.net.rtmp.RTMPMinaIoHandler.messageReceived(RTMPMinaIoHandler.java:164)
>> [red5.jar:na]****
>>
>> at
>> org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:716)
>> [mina-core-2.0.4.jar:na]****
>>
>> at
>> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
>> [mina-core-2.0.4.jar:na]****
>>
>> at
>> org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
>> [mina-core-2.0.4.jar:na]****
>>
>> at
>> org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796)
>> [mina-core-2.0.4.jar:na]****
>>
>> at
>> org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:427)
>> [mina-core-2.0.4.jar:na]****
>>
>> at
>> org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:245)
>> [mina-core-2.0.4.jar:na]****
>>
>> at
>> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
>> [mina-core-2.0.4.jar:na]****
>>
>> at
>> org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
>> [mina-core-2.0.4.jar:na]****
>>
>> at
>> org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796)
>> [mina-core-2.0.4.jar:na]****
>>
>> at
>> org.red5.server.net.rtmpe.RTMPEIoFilter.messageReceived(RTMPEIoFilter.java:124)
>> [red5.jar:na]****
>>
>> at
>> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
>> [mina-core-2.0.4.jar:na]****
>>
>> at
>> org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
>> [mina-core-2.0.4.jar:na]****
>>
>> at
>> org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796)
>> [mina-core-2.0.4.jar:na]****
>>
>> at
>> org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119)
>> [mina-core-2.0.4.jar:na]****
>>
>> at
>> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
>> [mina-core-2.0.4.jar:na]****
>>
>> at
>> org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:426)
>> [mina-core-2.0.4.jar:na]****
>>
>> at
>> org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:715)
>> [mina-core-2.0.4.jar:na]****
>>
>> at
>> org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:668)
>> [mina-core-2.0.4.jar:na]****
>>
>> at
>> org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:657)
>> [mina-core-2.0.4.jar:na]****
>>
>> at
>> org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPollingIoProcessor.java:68)
>> [mina-core-2.0.4.jar:na]****
>>
>> at
>> org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1141)
>> [mina-core-2.0.4.jar:na]****
>>
>> at
>> org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
>> [mina-core-2.0.4.jar:na]****
>>
>> at
>> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:895)
>> [na:1.6.0_45]****
>>
>> at
>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:918)
>> [na:1.6.0_45]****
>>
>> at java.lang.Thread.run(Thread.java:662) [na:1.6.0_45]****
>>
>> DEBUG 09-18 18:20:11.267 o.a.o.q.s.TestSetupCleanupJob:34
>> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-6] -
>> TestSetupClearJob.execute****
>>
>> DEBUG 09-18 18:20:11.327 o.a.o.u.m.MailHandler:241
>> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-7] -
>> sendMails enter ...****
>>
>> DEBUG 09-18 18:20:11.335 o.a.o.u.m.MailHandler:247
>> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-7] -
>> ... sendMails done.****
>>
>> DEBUG 09-18 18:20:16.247 o.a.o.d.b.SessiondataDao:410
>> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-8] -
>> ****** clearSessionTable:****
>>
>> DEBUG 09-18 18:20:16.257 o.a.o.d.b.SessiondataDao:414
>> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-8] -
>> clearSessionTable: 2****
>>
>> DEBUG 09-18 18:20:16.258 o.a.o.q.s.MeetingReminderJob:34
>> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-9] -
>> MeetingReminderJob.execute****
>>
>> DEBUG 09-18 18:20:16.270 o.a.o.d.c.d.AppointmentDao:929
>> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-9] -
>> startStamp 2013-09-18 18:20:16.269****
>>
>> DEBUG 09-18 18:20:16.271 o.a.o.d.c.d.AppointmentDao:930
>> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-9] -
>> stopStamp 2013-09-18 18:35:16.269****
>>
>> DEBUG 09-18 18:20:16.281 o.a.o.d.c.m.AppointmentLogic:423
>> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-9] -
>> doScheduledMeetingReminder : no Appointments in range****
>>
>> DEBUG 09-18 18:20:45.167 o.a.o.d.b.SessiondataDao:242 [NioProcessor-6] -
>> updateUserOrg User: null || 72e9df24631c6af8bdcc071699217419****
>>
>> ** **
>>
>> ** **
>>
>> Anyone with any ideas?****
>>
>> ** **
>>
>> ==== om_ldap.cfg =====****
>>
>> ** **
>>
>> # This parameter specifies the type of LDAP server your are defining****
>>
>> #****
>>
>> # Supported values are "OpenLDAP" and "AD" for Active Directory (defaults
>> to AD).****
>>
>> ldap_server_type=AD****
>>
>> ** **
>>
>> #LDAP URL****
>>
>> # This is the URL used to access your LDAP server.****
>>
>> ** **
>>
>> # can be a simple URL like:****
>>
>> # ldap_conn_url=ldap://myldap.myorg.com****
>>
>> # or a list of simple URL separated by a space as in:****
>>
>> # ldap_conn_url=ldap://myldap.myorg.com ldap://myldap2.myorg.com****
>>
>> # if you want to use "ldaps://" links, please be aware that you need to
>> import your CA certificate****
>>
>> # to a java keystore and add the -Djavax.net.ssl.keyStore,
>> -Djavax.net.ssl.keyStorePassword,****
>>
>> # -Djavax.net.ssl.trustStore and -Djavax.net.ssl.trustStorePassword
>> parameters to your****
>>
>> # JAVA_OPT environment****
>>
>> ldap_conn_url=ldap://dc1.afdb.local:389****
>>
>> ** **
>>
>> #Login distinguished name (DN) for Authentification on LDAP Server - keep
>> emtpy if not requiered****
>>
>> # Use DN with with ":" instead of "=". The conversion will be done in OM*
>> ***
>>
>> ldap_admin_dn=afdb\otrs****
>>
>> ** **
>>
>> #Loginpass for Authentification on LDAP Server - keep emtpy if not
>> requiered****
>>
>> #ldap_passwd=myownpasswd****
>>
>> ** **
>>
>> #base to search for userdata(of user, that wants to login)****
>>
>> # Use DN with with ":" instead of "=". The conversion will be done in OM*
>> ***
>>
>> ldap_search_base=OU:SARC,OU:AFDB_Field_Offices,DC:afdb,DC:local****
>>
>> ** **
>>
>> # Fieldnames (can differ between Ldap servers)****
>>
>> field_user_principal=userPrincipalName****
>>
>> ** **
>>
>> # Ldap auth type(SIMPLE,NONE)****
>>
>> # When using SIMPLE a simple bind is performed on the LDAP server to
>> check user authentication****
>>
>> # When using NONE, the Ldap server is not used for authentication****
>>
>> ldap_auth_type=SIMPLE****
>>
>> ** **
>>
>> # Ldap-password synchronization to OM DB****
>>
>> # Set this to 'yes' if you want OM to synchronize the user Ldap-password
>> to OM's internal DB****
>>
>> # This enables local login of users if the ldap server is offline.****
>>
>> # If you want to disable the feature, set this to 'no'.****
>>
>> # Defautl value is 'yes'****
>>
>> ldap_sync_password_to_om=no****
>>
>> ** **
>>
>> ** **
>>
>> # Ldap user attributes mapping****
>>
>> # Set the following internal OM user attributes to their corresponding
>> Ldap-attribute****
>>
>> ldap_user_attr_lastname=sn****
>>
>> ldap_user_attr_firstname=givenName****
>>
>> ldap_user_attr_mail=mail****
>>
>> ldap_user_attr_street=streetAddress****
>>
>> ldap_user_attr_additionalname=description****
>>
>> ldap_user_attr_fax=facsimileTelephoneNumber****
>>
>> ldap_user_attr_zip=postalCode****
>>
>> ldap_user_attr_country=co****
>>
>> ldap_user_attr_town=l****
>>
>> ldap_user_attr_phone=telephoneNumber****
>>
>> ** **
>>
>> # optional, only absolute URLs make sense****
>>
>> #ldap_user_picture_uri=picture_uri****
>>
>> ** **
>>
>> # optional****
>>
>> # the timezone has to mach an entry in the OpenMeetings table
>> "omtimezones" otherwise the user will get****
>>
>> # the timezone defined in the value of the conf_key "default.timezone" in
>> OpenMeetings "configurations" table****
>>
>> #ldap_user_timezone=timezone****
>>
>> ** **
>>
>> # Ldap ignore upper/lower case, convert all input to lower case****
>>
>> ldap_use_lower_case=false****
>>
>
>
>
> --
> WBR
> Maxim aka solomax
>
Re: AD Integration Issue
Posted by "YUUNI, OSAY OSMAN" <O....@AFDB.ORG>.
Does this mean OM (2.1.1) is not passing the password? BTW this is against AD 2008 R2.
Sent from Samsung tablet
-------- Original message --------
From: Maxim Solodovnik <so...@gmail.com>
Date: 18/09/2013 7:20 PM (GMT+02:00)
To: Openmeetings user-list <us...@openmeetings.apache.org>
Subject: Re: AD Integration Issue
It seems like password is null somehow (according to the code)
On Wed, Sep 18, 2013 at 11:33 PM, YUUNI, OSAY OSMAN <O....@afdb.org>> wrote:
Hi all,
I’m having a peculiar problem with my LDAP integration. I’m integrating with AD and this seems to work but when a user logs in she/he is greeted with “Your account is assigned with multiple usergroups. Please choose one for this session” then a drop down box. The drop down box is empty. When they continue it displays a blank page. I’m not sure where the issue is. I have not assigned any user to any group since they’re authenticating through AD.
Here’s the relevant snippet of the log:
DEBUG 09-18 18:18:36.257 o.a.o.q.s.MeetingReminderJob:34 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-5] - MeetingReminderJob.execute
DEBUG 09-18 18:18:36.269 o.a.o.d.c.d.AppointmentDao:929 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-5] - startStamp 2013-09-18 18:18:36.269
DEBUG 09-18 18:18:36.271 o.a.o.d.c.d.AppointmentDao:930 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-5] - stopStamp 2013-09-18 18:33:36.269
DEBUG 09-18 18:18:36.280 o.a.o.d.c.m.AppointmentLogic:423 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-5] - doScheduledMeetingReminder : no Appointments in range
WARN 09-18 18:19:09.425 o.a.o.r.MainService:307 [NioProcessor-6] - loginUser: 72e9df24631c6af8bdcc071699217419 yos2653
DEBUG 09-18 18:19:09.426 o.a.o.r.MainService:318 [NioProcessor-6] - Ldap Login
DEBUG 09-18 18:19:09.450 o.a.o.l.LdapLoginManagement:245 [NioProcessor-6] - LdapLoginmanagement.doLdapLogin
DEBUG 09-18 18:19:09.451 o.a.o.l.LdapLoginManagement:209 [NioProcessor-6] - LdapLoginmanagement.getLdapConfigData
DEBUG 09-18 18:19:09.452 o.a.o.l.LdapLoginManagement:222 [NioProcessor-6] - LdapLoginmanagement.readConfig : /usr/lib/red52/webapps/openmeetings/conf/om_ldap.cfg
DEBUG 09-18 18:19:09.454 o.a.o.l.LdapLoginManagement:149 [NioProcessor-6] - isValidAuthType
DEBUG 09-18 18:19:09.455 o.a.o.l.LdapLoginManagement:381 [NioProcessor-6] - Searching userdata with LDAP Search Filter :(userPrincipalName =yos2653)
DEBUG 09-18 18:19:09.456 o.a.o.l.LdapAuthBase:84 [NioProcessor-6] - LdapAuthBase
DEBUG 09-18 18:19:09.457 o.a.o.l.LdapLoginManagement:390 [NioProcessor-6] - authenticating admin...
DEBUG 09-18 18:19:09.458 o.a.o.l.LdapAuthBase:101 [NioProcessor-6] - authenticateUser
ERROR 09-18 18:19:09.463 o.a.o.r.MainService:393 [NioProcessor-6] - loginUser :
java.lang.NullPointerException: null
at java.util.Hashtable.put(Hashtable.java:394) ~[na:1.6.0_45]
at org.apache.openmeetings.ldap.LdapAuthBase.authenticateUser(LdapAuthBase.java:109) ~[openmeetings-2.1.1-RELEASE.jar:na]
at org.apache.openmeetings.ldap.LdapLoginManagement.doLdapLogin(LdapLoginManagement.java:391) ~[openmeetings-2.1.1-RELEASE.jar:na]
at org.apache.openmeetings.remote.MainService.loginUser(MainService.java:333) ~[openmeetings-2.1.1-RELEASE.jar:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.6.0_45]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) ~[na:1.6.0_45]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) ~[na:1.6.0_45]
at java.lang.reflect.Method.invoke(Method.java:597) ~[na:1.6.0_45]
at org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:196) [red5.jar:na]
at org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:115) [red5.jar:na]
at org.red5.server.net.rtmp.RTMPHandler.invokeCall(RTMPHandler.java:157) [red5.jar:na]
at org.red5.server.net.rtmp.RTMPHandler.onInvoke(RTMPHandler.java:399) [red5.jar:na]
at org.red5.server.net.rtmp.BaseRTMPHandler.messageReceived(BaseRTMPHandler.java:130) [red5.jar:na]
at org.red5.server.net.rtmp.RTMPMinaIoHandler.messageReceived(RTMPMinaIoHandler.java:164) [red5.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:716) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796) [mina-core-2.0.4.jar:na]
at org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:427) [mina-core-2.0.4.jar:na]
at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:245) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796) [mina-core-2.0.4.jar:na]
at org.red5.server.net.rtmpe.RTMPEIoFilter.messageReceived(RTMPEIoFilter.java:124) [red5.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:426) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:715) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:668) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:657) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPollingIoProcessor.java:68) [mina-core-2.0.4.jar:na]
at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1141) [mina-core-2.0.4.jar:na]
at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64) [mina-core-2.0.4.jar:na]
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:895) [na:1.6.0_45]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:918) [na:1.6.0_45]
at java.lang.Thread.run(Thread.java:662) [na:1.6.0_45]
DEBUG 09-18 18:20:11.267 o.a.o.q.s.TestSetupCleanupJob:34 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-6] - TestSetupClearJob.execute
DEBUG 09-18 18:20:11.327 o.a.o.u.m.MailHandler:241 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-7] - sendMails enter ...
DEBUG 09-18 18:20:11.335 o.a.o.u.m.MailHandler:247 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-7] - ... sendMails done.
DEBUG 09-18 18:20:16.247 o.a.o.d.b.SessiondataDao:410 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-8] - ****** clearSessionTable:
DEBUG 09-18 18:20:16.257 o.a.o.d.b.SessiondataDao:414 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-8] - clearSessionTable: 2
DEBUG 09-18 18:20:16.258 o.a.o.q.s.MeetingReminderJob:34 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-9] - MeetingReminderJob.execute
DEBUG 09-18 18:20:16.270 o.a.o.d.c.d.AppointmentDao:929 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-9] - startStamp 2013-09-18 18:20:16.269
DEBUG 09-18 18:20:16.271 o.a.o.d.c.d.AppointmentDao:930 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-9] - stopStamp 2013-09-18 18:35:16.269
DEBUG 09-18 18:20:16.281 o.a.o.d.c.m.AppointmentLogic:423 [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-9] - doScheduledMeetingReminder : no Appointments in range
DEBUG 09-18 18:20:45.167 o.a.o.d.b.SessiondataDao:242 [NioProcessor-6] - updateUserOrg User: null || 72e9df24631c6af8bdcc071699217419
Anyone with any ideas?
==== om_ldap.cfg =====
# This parameter specifies the type of LDAP server your are defining
#
# Supported values are "OpenLDAP" and "AD" for Active Directory (defaults to AD).
ldap_server_type=AD
#LDAP URL
# This is the URL used to access your LDAP server.
# can be a simple URL like:
# ldap_conn_url=ldap://myldap.myorg.com<http://myldap.myorg.com>
# or a list of simple URL separated by a space as in:
# ldap_conn_url=ldap://myldap.myorg.com<http://myldap.myorg.com> ldap://myldap2.myorg.com<http://myldap2.myorg.com>
# if you want to use "ldaps://" links, please be aware that you need to import your CA certificate
# to a java keystore and add the -Djavax.net.ssl.keyStore, -Djavax.net.ssl.keyStorePassword,
# -Djavax.net.ssl.trustStore and -Djavax.net.ssl.trustStorePassword parameters to your
# JAVA_OPT environment
ldap_conn_url=ldap://dc1.afdb.local:389
#Login distinguished name (DN) for Authentification on LDAP Server - keep emtpy if not requiered
# Use DN with with ":" instead of "=". The conversion will be done in OM
ldap_admin_dn=afdb\otrs
#Loginpass for Authentification on LDAP Server - keep emtpy if not requiered
#ldap_passwd=myownpasswd
#base to search for userdata(of user, that wants to login)
# Use DN with with ":" instead of "=". The conversion will be done in OM
ldap_search_base=OU:SARC,OU:AFDB_Field_Offices,DC:afdb,DC:local
# Fieldnames (can differ between Ldap servers)
field_user_principal=userPrincipalName
# Ldap auth type(SIMPLE,NONE)
# When using SIMPLE a simple bind is performed on the LDAP server to check user authentication
# When using NONE, the Ldap server is not used for authentication
ldap_auth_type=SIMPLE
# Ldap-password synchronization to OM DB
# Set this to 'yes' if you want OM to synchronize the user Ldap-password to OM's internal DB
# This enables local login of users if the ldap server is offline.
# If you want to disable the feature, set this to 'no'.
# Defautl value is 'yes'
ldap_sync_password_to_om=no
# Ldap user attributes mapping
# Set the following internal OM user attributes to their corresponding Ldap-attribute
ldap_user_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=streetAddress
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=co
ldap_user_attr_town=l
ldap_user_attr_phone=telephoneNumber
# optional, only absolute URLs make sense
#ldap_user_picture_uri=picture_uri
# optional
# the timezone has to mach an entry in the OpenMeetings table "omtimezones" otherwise the user will get
# the timezone defined in the value of the conf_key "default.timezone" in OpenMeetings "configurations" table
#ldap_user_timezone=timezone
# Ldap ignore upper/lower case, convert all input to lower case
ldap_use_lower_case=false
--
WBR
Maxim aka solomax
Re: AD Integration Issue
Posted by Maxim Solodovnik <so...@gmail.com>.
It seems like password is null somehow (according to the code)
On Wed, Sep 18, 2013 at 11:33 PM, YUUNI, OSAY OSMAN <O....@afdb.org>wrote:
> Hi all,****
>
> ** **
>
> I’m having a peculiar problem with my LDAP integration. I’m integrating
> with AD and this seems to work but when a user logs in she/he is greeted
> with “Your account is assigned with multiple usergroups. Please choose one
> for this session” then a drop down box. The drop down box is empty. When
> they continue it displays a blank page. I’m not sure where the issue is. I
> have not assigned any user to any group since they’re authenticating
> through AD.****
>
> ** **
>
> Here’s the relevant snippet of the log:****
>
> ** **
>
> DEBUG 09-18 18:18:36.257 o.a.o.q.s.MeetingReminderJob:34
> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-5] -
> MeetingReminderJob.execute****
>
> DEBUG 09-18 18:18:36.269 o.a.o.d.c.d.AppointmentDao:929
> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-5] -
> startStamp 2013-09-18 18:18:36.269****
>
> DEBUG 09-18 18:18:36.271 o.a.o.d.c.d.AppointmentDao:930
> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-5] -
> stopStamp 2013-09-18 18:33:36.269****
>
> DEBUG 09-18 18:18:36.280 o.a.o.d.c.m.AppointmentLogic:423
> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-5] -
> doScheduledMeetingReminder : no Appointments in range****
>
> WARN 09-18 18:19:09.425 o.a.o.r.MainService:307 [NioProcessor-6] -
> loginUser: 72e9df24631c6af8bdcc071699217419 yos2653****
>
> DEBUG 09-18 18:19:09.426 o.a.o.r.MainService:318 [NioProcessor-6] - Ldap
> Login****
>
> DEBUG 09-18 18:19:09.450 o.a.o.l.LdapLoginManagement:245 [NioProcessor-6]
> - LdapLoginmanagement.doLdapLogin****
>
> DEBUG 09-18 18:19:09.451 o.a.o.l.LdapLoginManagement:209 [NioProcessor-6]
> - LdapLoginmanagement.getLdapConfigData****
>
> DEBUG 09-18 18:19:09.452 o.a.o.l.LdapLoginManagement:222 [NioProcessor-6]
> - LdapLoginmanagement.readConfig :
> /usr/lib/red52/webapps/openmeetings/conf/om_ldap.cfg****
>
> DEBUG 09-18 18:19:09.454 o.a.o.l.LdapLoginManagement:149 [NioProcessor-6]
> - isValidAuthType****
>
> DEBUG 09-18 18:19:09.455 o.a.o.l.LdapLoginManagement:381 [NioProcessor-6]
> - Searching userdata with LDAP Search Filter :(userPrincipalName =yos2653)
> ****
>
> DEBUG 09-18 18:19:09.456 o.a.o.l.LdapAuthBase:84 [NioProcessor-6] -
> LdapAuthBase****
>
> DEBUG 09-18 18:19:09.457 o.a.o.l.LdapLoginManagement:390 [NioProcessor-6]
> - authenticating admin...****
>
> DEBUG 09-18 18:19:09.458 o.a.o.l.LdapAuthBase:101 [NioProcessor-6] -
> authenticateUser****
>
> ERROR 09-18 18:19:09.463 o.a.o.r.MainService:393 [NioProcessor-6] -
> loginUser :****
>
> java.lang.NullPointerException: null****
>
> at java.util.Hashtable.put(Hashtable.java:394) ~[na:1.6.0_45]****
>
> at
> org.apache.openmeetings.ldap.LdapAuthBase.authenticateUser(LdapAuthBase.java:109)
> ~[openmeetings-2.1.1-RELEASE.jar:na]****
>
> at
> org.apache.openmeetings.ldap.LdapLoginManagement.doLdapLogin(LdapLoginManagement.java:391)
> ~[openmeetings-2.1.1-RELEASE.jar:na]****
>
> at
> org.apache.openmeetings.remote.MainService.loginUser(MainService.java:333)
> ~[openmeetings-2.1.1-RELEASE.jar:na]****
>
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> ~[na:1.6.0_45]****
>
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> ~[na:1.6.0_45]****
>
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> ~[na:1.6.0_45]****
>
> at java.lang.reflect.Method.invoke(Method.java:597) ~[na:1.6.0_45]
> ****
>
> at
> org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:196)
> [red5.jar:na]****
>
> at
> org.red5.server.service.ServiceInvoker.invoke(ServiceInvoker.java:115)
> [red5.jar:na]****
>
> at
> org.red5.server.net.rtmp.RTMPHandler.invokeCall(RTMPHandler.java:157)
> [red5.jar:na]****
>
> at
> org.red5.server.net.rtmp.RTMPHandler.onInvoke(RTMPHandler.java:399)
> [red5.jar:na]****
>
> at
> org.red5.server.net.rtmp.BaseRTMPHandler.messageReceived(BaseRTMPHandler.java:130)
> [red5.jar:na]****
>
> at
> org.red5.server.net.rtmp.RTMPMinaIoHandler.messageReceived(RTMPMinaIoHandler.java:164)
> [red5.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:716)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:427)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:245)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.red5.server.net.rtmpe.RTMPEIoFilter.messageReceived(RTMPEIoFilter.java:124)
> [red5.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:796)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:119)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:426)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:715)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:668)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:657)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.polling.AbstractPollingIoProcessor.access$600(AbstractPollingIoProcessor.java:68)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:1141)
> [mina-core-2.0.4.jar:na]****
>
> at
> org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
> [mina-core-2.0.4.jar:na]****
>
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:895)
> [na:1.6.0_45]****
>
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:918)
> [na:1.6.0_45]****
>
> at java.lang.Thread.run(Thread.java:662) [na:1.6.0_45]****
>
> DEBUG 09-18 18:20:11.267 o.a.o.q.s.TestSetupCleanupJob:34
> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-6] -
> TestSetupClearJob.execute****
>
> DEBUG 09-18 18:20:11.327 o.a.o.u.m.MailHandler:241
> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-7] -
> sendMails enter ...****
>
> DEBUG 09-18 18:20:11.335 o.a.o.u.m.MailHandler:247
> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-7] -
> ... sendMails done.****
>
> DEBUG 09-18 18:20:16.247 o.a.o.d.b.SessiondataDao:410
> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-8] -
> ****** clearSessionTable:****
>
> DEBUG 09-18 18:20:16.257 o.a.o.d.b.SessiondataDao:414
> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-8] -
> clearSessionTable: 2****
>
> DEBUG 09-18 18:20:16.258 o.a.o.q.s.MeetingReminderJob:34
> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-9] -
> MeetingReminderJob.execute****
>
> DEBUG 09-18 18:20:16.270 o.a.o.d.c.d.AppointmentDao:929
> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-9] -
> startStamp 2013-09-18 18:20:16.269****
>
> DEBUG 09-18 18:20:16.271 o.a.o.d.c.d.AppointmentDao:930
> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-9] -
> stopStamp 2013-09-18 18:35:16.269****
>
> DEBUG 09-18 18:20:16.281 o.a.o.d.c.m.AppointmentLogic:423
> [org.springframework.scheduling.quartz.SchedulerFactoryBean#0_Worker-9] -
> doScheduledMeetingReminder : no Appointments in range****
>
> DEBUG 09-18 18:20:45.167 o.a.o.d.b.SessiondataDao:242 [NioProcessor-6] -
> updateUserOrg User: null || 72e9df24631c6af8bdcc071699217419****
>
> ** **
>
> ** **
>
> Anyone with any ideas?****
>
> ** **
>
> ==== om_ldap.cfg =====****
>
> ** **
>
> # This parameter specifies the type of LDAP server your are defining****
>
> #****
>
> # Supported values are "OpenLDAP" and "AD" for Active Directory (defaults
> to AD).****
>
> ldap_server_type=AD****
>
> ** **
>
> #LDAP URL****
>
> # This is the URL used to access your LDAP server.****
>
> ** **
>
> # can be a simple URL like:****
>
> # ldap_conn_url=ldap://myldap.myorg.com****
>
> # or a list of simple URL separated by a space as in:****
>
> # ldap_conn_url=ldap://myldap.myorg.com ldap://myldap2.myorg.com****
>
> # if you want to use "ldaps://" links, please be aware that you need to
> import your CA certificate****
>
> # to a java keystore and add the -Djavax.net.ssl.keyStore,
> -Djavax.net.ssl.keyStorePassword,****
>
> # -Djavax.net.ssl.trustStore and -Djavax.net.ssl.trustStorePassword
> parameters to your****
>
> # JAVA_OPT environment****
>
> ldap_conn_url=ldap://dc1.afdb.local:389****
>
> ** **
>
> #Login distinguished name (DN) for Authentification on LDAP Server - keep
> emtpy if not requiered****
>
> # Use DN with with ":" instead of "=". The conversion will be done in OM**
> **
>
> ldap_admin_dn=afdb\otrs****
>
> ** **
>
> #Loginpass for Authentification on LDAP Server - keep emtpy if not
> requiered****
>
> #ldap_passwd=myownpasswd****
>
> ** **
>
> #base to search for userdata(of user, that wants to login)****
>
> # Use DN with with ":" instead of "=". The conversion will be done in OM**
> **
>
> ldap_search_base=OU:SARC,OU:AFDB_Field_Offices,DC:afdb,DC:local****
>
> ** **
>
> # Fieldnames (can differ between Ldap servers)****
>
> field_user_principal=userPrincipalName****
>
> ** **
>
> # Ldap auth type(SIMPLE,NONE)****
>
> # When using SIMPLE a simple bind is performed on the LDAP server to
> check user authentication****
>
> # When using NONE, the Ldap server is not used for authentication****
>
> ldap_auth_type=SIMPLE****
>
> ** **
>
> # Ldap-password synchronization to OM DB****
>
> # Set this to 'yes' if you want OM to synchronize the user Ldap-password
> to OM's internal DB****
>
> # This enables local login of users if the ldap server is offline.****
>
> # If you want to disable the feature, set this to 'no'.****
>
> # Defautl value is 'yes'****
>
> ldap_sync_password_to_om=no****
>
> ** **
>
> ** **
>
> # Ldap user attributes mapping****
>
> # Set the following internal OM user attributes to their corresponding
> Ldap-attribute****
>
> ldap_user_attr_lastname=sn****
>
> ldap_user_attr_firstname=givenName****
>
> ldap_user_attr_mail=mail****
>
> ldap_user_attr_street=streetAddress****
>
> ldap_user_attr_additionalname=description****
>
> ldap_user_attr_fax=facsimileTelephoneNumber****
>
> ldap_user_attr_zip=postalCode****
>
> ldap_user_attr_country=co****
>
> ldap_user_attr_town=l****
>
> ldap_user_attr_phone=telephoneNumber****
>
> ** **
>
> # optional, only absolute URLs make sense****
>
> #ldap_user_picture_uri=picture_uri****
>
> ** **
>
> # optional****
>
> # the timezone has to mach an entry in the OpenMeetings table
> "omtimezones" otherwise the user will get****
>
> # the timezone defined in the value of the conf_key "default.timezone" in
> OpenMeetings "configurations" table****
>
> #ldap_user_timezone=timezone****
>
> ** **
>
> # Ldap ignore upper/lower case, convert all input to lower case****
>
> ldap_use_lower_case=false****
>
--
WBR
Maxim aka solomax