You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@openmeetings.apache.org by Дорофеев Сергей <do...@xfit.ru> on 2015/07/03 09:39:18 UTC
openmeetings and AD
Hello.
Im having an issue with authentication through Active Directory. I've tried several configs from this list, which were marked as working, but still not succeed.
Im using 3.0.4-RELEASE rev. 1659257
My om-ldap.cfg now:
ldap_server_type=AD
ldap_conn_host=192.168.XXX.XXX
ldap_conn_port=389
ldap_admin_dn=CN=test,OU=Users,DC=example,DC=local
ldap_passwd=password
ldap_conn_secure=false
ldap_search_base=DC=example,DC=local
ldap_search_scope=ONELEVEL
field_user_principal=userPrincipalName
ldap_search_query=(userPrincipalName=%s) ### ive also tried (sAMAccountName=%s)
ldap_userdn_format=sAMAccountName=%s,DC=example,DC=local
ldap_auth_type=SEARCHANDBIND
ldap_sync_password_to_om=true
ldap_provisionning=AUTOCREATE
ldap_deref_mode=always
ldap_userdn_format=uid=%s,DC=example,DC=local
ldap_user_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=streetAddress
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=ru
ldap_user_attr_town=l
ldap_user_attr_phone=telephoneNumber
ldap_use_lower_case=false
logon window says: Invalid password
debug says:
DEBUG 07-01 12:20:38.820 LdapLoginManagement.java 7614383 171 org.apache.openmeetings.ldap.LdapLoginManagement [http-nio-0.0.0.0-5080-exec-1] - LdapLoginmanagement.doLdapLogin
ERROR 07-01 12:20:38.921 LdapLoginManagement.java 7614484 376 org.apache.openmeetings.ldap.LdapLoginManagement [http-nio-0.0.0.0-5080-exec-1] - Not authenticated.
org.apache.directory.api.ldap.model.exception.LdapAuthenticationException: 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1
Im 100% sure, password is correct.
Can you help me?
WBR
________________________________
Это электронное сообщение и любые документы, приложенные к нему, содержат конфиденциальную информацию и предназначены исключительно для использования сотрудниками компании, физическим или юридическим лицом, которому они адресованы. Уведомляем Вас о том, что если это сообщение не предназначено Вам, использование, копирование, распространение информации, содержащейся в настоящем сообщении, а также осуществление любых действий на основе этой информации, не допускается. Если вы получили это электронное сообщение по ошибке, пожалуйста, свяжитесь с отправителем и удалите электронное сообщение и любые файлы, передаваемые с ним, с компьютера незамедлительно. Спасибо.
Re: openmeetings and AD
Posted by Maxim Solodovnik <so...@gmail.com>.
According to this [1] link it seems like DN/pass can be correct but the
user is not admin
Can you check this?
[1]
https://social.technet.microsoft.com/Forums/windowsserver/en-US/c98f3569-072a-4677-9b89-635ed2b8dffc/ldap-error-code-49-8009030c-ldaperr-dsid0c0903a9-comment-acceptsecuritycontext-error-data?forum=winserverDS
On Fri, Jul 3, 2015 at 5:15 PM, Дорофеев Сергей <do...@xfit.ru> wrote:
> Hello again!
>
>
>
> Here is full log from start to finish at the moment, when im clicking
> “Sign in” button:
>
>
>
> DEBUG 07-03 11:01:29.884 ServletWebRequest.java 73637 189
> org.apache.wicket.protocol.http.servlet.ServletWebRequest
> [http-nio-0.0.0.0-5080-exec-6] - Calculating context relative path from:
> context path '/openmeetings', filterPrefix '', uri '/openmeetings/signin'
>
> DEBUG 07-03 11:01:29.886 PageAccessSynchronizer.java 73639 112
> org.apache.wicket.page.PageAccessSynchronizer
> [http-nio-0.0.0.0-5080-exec-6] - 'http-nio-0.0.0.0-5080-exec-6' attempting
> to acquire lock to page with id '0'
>
> DEBUG 07-03 11:01:29.886 PageAccessSynchronizer.java 73639 137
> org.apache.wicket.page.PageAccessSynchronizer
> [http-nio-0.0.0.0-5080-exec-6] - http-nio-0.0.0.0-5080-exec-6 acquired lock
> to page 0
>
> DEBUG 07-03 11:01:29.891 SessiondataDao.java 73644 68
> org.apache.openmeetings.db.dao.server.SessiondataDao
> [http-nio-0.0.0.0-5080-exec-6] - startsession :: startsession
>
> DEBUG 07-03 11:01:29.891 ManageCryptStyle.java 73644 32
> org.apache.openmeetings.util.crypt.ManageCryptStyle
> [http-nio-0.0.0.0-5080-exec-6] - getInstanceOfCrypt::
> configKeyCryptClassName:
> org.apache.openmeetings.util.crypt.MD5Implementation
>
> DEBUG 07-03 11:01:29.896 LdapLoginManagement.java 73649 171
> org.apache.openmeetings.ldap.LdapLoginManagement
> [http-nio-0.0.0.0-5080-exec-6] - LdapLoginmanagement.doLdapLogin
>
> ERROR 07-03 11:01:29.911 LdapLoginManagement.java 73664 376
> org.apache.openmeetings.ldap.LdapLoginManagement
> [http-nio-0.0.0.0-5080-exec-6] - Not authenticated.
>
> org.apache.directory.api.ldap.model.exception.LdapAuthenticationException:
> 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error,
> data 52e, v1db1
>
> at
> org.apache.directory.api.ldap.model.message.ResultCodeEnum.processResponse(ResultCodeEnum.java:2021)
> ~[api-all-jar-1.0.0-M28.jar:1.0.0-M28]
>
> at
> org.apache.directory.ldap.client.api.AbstractLdapConnection.bind(AbstractLdapConnection.java:129)
> ~[api-all-jar-1.0.0-M28.jar:1.0.0-M28]
>
> at
> org.apache.directory.ldap.client.api.AbstractLdapConnection.bind(AbstractLdapConnection.java:112)
> ~[api-all-jar-1.0.0-M28.jar:1.0.0-M28]
>
> at
> org.apache.openmeetings.ldap.LdapLoginManagement.bindAdmin(LdapLoginManagement.java:152)
> ~[openmeetings-core-3.0.4-RELEASE.jar:na]
>
> at
> org.apache.openmeetings.ldap.LdapLoginManagement.login(LdapLoginManagement.java:262)
> ~[openmeetings-core-3.0.4-RELEASE.jar:na]
>
> at
> org.apache.openmeetings.web.app.WebSession.signIn(WebSession.java:257)
> [openmeetings-web-3.0.4-RELEASE.jar:na]
>
> at
> org.apache.openmeetings.web.pages.auth.SignInDialog.onSubmit(SignInDialog.java:192)
> [openmeetings-web-3.0.4-RELEASE.jar:na]
>
> at
> com.googlecode.wicket.jquery.ui.widget.dialog.AbstractFormDialog$DialogFormSubmitter.onSubmit(AbstractFormDialog.java:303)
> [wicket-jquery-ui-bundle-6.19.0.jar:na]
>
> at
> org.apache.wicket.markup.html.form.Form.delegateSubmit(Form.java:1288)
> [wicket-core-jar-6.19.0.jar:6.19.0]
>
> at
> org.apache.wicket.markup.html.form.Form.process(Form.java:952)
> [wicket-core-jar-6.19.0.jar:6.19.0]
>
> at
> org.apache.wicket.markup.html.form.StatelessForm.process(StatelessForm.java:100)
> [wicket-core-jar-6.19.0.jar:6.19.0]
>
> at
> org.apache.wicket.markup.html.form.Form.onFormSubmitted(Form.java:784)
> [wicket-core-jar-6.19.0.jar:6.19.0]
>
> at
> com.googlecode.wicket.jquery.ui.widget.dialog.AbstractFormDialog.internalOnClick(AbstractFormDialog.java:224)
> [wicket-jquery-ui-bundle-6.19.0.jar:na]
>
> at
> com.googlecode.wicket.jquery.ui.widget.dialog.AbstractDialog$1.onClick(AbstractDialog.java:419)
> [wicket-jquery-ui-bundle-6.19.0.jar:na]
>
> at
> com.googlecode.wicket.jquery.ui.widget.dialog.DialogBehavior.onAjax(DialogBehavior.java:175)
> [wicket-jquery-ui-bundle-6.19.0.jar:na]
>
> at
> com.googlecode.wicket.jquery.core.ajax.JQueryAjaxBehavior.respond(JQueryAjaxBehavior.java:171)
> [wicket-jquery-ui-core-bundle-6.19.0.jar:na]
>
> at
> org.apache.wicket.ajax.AbstractDefaultAjaxBehavior.onRequest(AbstractDefaultAjaxBehavior.java:633)
> [wicket-core-jar-6.19.0.jar:6.19.0]
>
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
> Method) ~[na:1.7.0_79]
>
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> ~[na:1.7.0_79]
>
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[na:1.7.0_79]
>
> at java.lang.reflect.Method.invoke(Method.java:606)
> ~[na:1.7.0_79]
>
> at
> org.apache.wicket.RequestListenerInterface.internalInvoke(RequestListenerInterface.java:258)
> [wicket-core-jar-6.19.0.jar:6.19.0]
>
> at
> org.apache.wicket.RequestListenerInterface.invoke(RequestListenerInterface.java:241)
> [wicket-core-jar-6.19.0.jar:6.19.0]
>
> at
> org.apache.wicket.core.request.handler.ListenerInterfaceRequestHandler.invokeListener(ListenerInterfaceRequestHandler.java:250)
> [wicket-core-jar-6.19.0.jar:6.19.0]
>
> at
> org.apache.wicket.core.request.handler.ListenerInterfaceRequestHandler.respond(ListenerInterfaceRequestHandler.java:236)
> [wicket-core-jar-6.19.0.jar:6.19.0]
>
> at
> org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor.respond(RequestCycle.java:890)
> [wicket-core-jar-6.19.0.jar:6.19.0]
>
> at
> org.apache.wicket.request.RequestHandlerStack.execute(RequestHandlerStack.java:64)
> [wicket-request-jar-6.19.0.jar:6.19.0]
>
> at
> org.apache.wicket.request.cycle.RequestCycle.execute(RequestCycle.java:261)
> [wicket-core-jar-6.19.0.jar:6.19.0]
>
> at
> org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:218)
> [wicket-core-jar-6.19.0.jar:6.19.0]
>
> at
> org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:289)
> [wicket-core-jar-6.19.0.jar:6.19.0]
>
> at
> org.apache.wicket.protocol.ws.AbstractUpgradeFilter.processRequestCycle(AbstractUpgradeFilter.java:59)
> [wicket-native-websocket-core-jar-6.19.0.jar:6.19.0]
>
> at
> org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:201)
> [wicket-core-jar-6.19.0.jar:6.19.0]
>
> at
> org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282)
> [wicket-core-jar-6.19.0.jar:6.19.0]
>
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
> [tomcat-embed-core.jar:7.0.57]
>
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
> [tomcat-embed-core.jar:7.0.57]
>
> at
> org.red5.logging.LoggerContextFilter.doFilter(LoggerContextFilter.java:77)
> [red5-server.jar:1.0.5-RELEASE]
>
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
> [tomcat-embed-core.jar:7.0.57]
>
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
> [tomcat-embed-core.jar:7.0.57]
>
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
> [tomcat-embed-core.jar:7.0.57]
>
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
> [tomcat-embed-core.jar:7.0.57]
>
> at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:503)
> [tomcat-embed-core.jar:7.0.57]
>
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
> [tomcat-embed-core.jar:7.0.57]
>
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
> [tomcat-embed-core.jar:7.0.57]
>
> at
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
> [tomcat-embed-core.jar:7.0.57]
>
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
> [tomcat-embed-core.jar:7.0.57]
>
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421)
> [tomcat-embed-core.jar:7.0.57]
>
> at
> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070)
> [tomcat-embed-core.jar:7.0.57]
>
> at
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
> [tomcat-embed-core.jar:7.0.57]
>
> at
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1736)
> [tomcat-embed-core.jar:7.0.57]
>
> at
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1695)
> [tomcat-embed-core.jar:7.0.57]
>
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> [na:1.7.0_79]
>
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> [na:1.7.0_79]
>
> at
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> [tomcat-embed-core.jar:7.0.57]
>
> at java.lang.Thread.run(Thread.java:745) [na:1.7.0_79]
>
> DEBUG 07-03 11:01:29.913 CookieUtils.java 73666 273
> org.apache.wicket.util.cookies.CookieUtils [http-nio-0.0.0.0-5080-exec-6] -
> Unable to find Cookie with name=LoggedIn and request
> URI=signin?0-1.IBehaviorListener.2-signin
>
> DEBUG 07-03 11:01:29.919 FeedbackMessages.java 73672 69
> org.apache.wicket.feedback.FeedbackMessages [http-nio-0.0.0.0-5080-exec-6]
> - Adding feedback message '[FeedbackMessage message = "Invalid password",
> reporter = signin, level = ERROR]'
>
> DEBUG 07-03 11:01:29.920 CookieUtils.java 73673 273
> org.apache.wicket.util.cookies.CookieUtils [http-nio-0.0.0.0-5080-exec-6] -
> Unable to find Cookie with name=LoggedIn and request
> URI=signin?0-1.IBehaviorListener.2-signin
>
> DEBUG 07-03 11:01:29.921 Page.java 73674 871 org.apache.wicket.Page
> [http-nio-0.0.0.0-5080-exec-6] - ending request for page [Page class =
> org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count =
> 1], request
> org.apache.wicket.protocol.http.servlet.ServletWebRequest@1c228b0
>
> DEBUG 07-03 11:01:29.921 Page.java 73674 871 org.apache.wicket.Page
> [http-nio-0.0.0.0-5080-exec-6] - ending request for page [Page class =
> org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count =
> 1], request
> org.apache.wicket.protocol.http.servlet.ServletWebRequest@1c228b0
>
> DEBUG 07-03 11:01:29.922 Page.java 73675 871 org.apache.wicket.Page
> [http-nio-0.0.0.0-5080-exec-6] - ending request for page [Page class =
> org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count =
> 1], request
> org.apache.wicket.protocol.http.servlet.ServletWebRequest@1c228b0
>
> DEBUG 07-03 11:01:29.925 PageAccessSynchronizer.java 73678 207
> org.apache.wicket.page.PageAccessSynchronizer
> [http-nio-0.0.0.0-5080-exec-6] - 'http-nio-0.0.0.0-5080-exec-6' released
> lock to page with id '0'
>
> DEBUG 07-03 11:01:29.925 AsynchronousDataStore.java 73678 354
> org.apache.wicket.pageStore.AsynchronousDataStore$PageSavingRunnable
> [Wicket-PageSavingThread] - Saving asynchronously: Entry
> [sessionId=5C25A5503DF7707CD214290D1FF03160, pageId=0]...
>
> DEBUG 07-03 11:01:29.925 PageAccessSynchronizer.java 73678 358
> org.apache.wicket.page.PageAccessSynchronizer
> [http-nio-0.0.0.0-5080-exec-6] - 'http-nio-0.0.0.0-5080-exec-6' notifying
> blocked threads
>
> DEBUG 07-03 11:01:29.925 DiskDataStore.java 73678 186
> org.apache.wicket.pageStore.DiskDataStore [Wicket-PageSavingThread] -
> Storing data for page with id '0' in session with id
> '5C25A5503DF7707CD214290D1FF03160'
>
>
>
>
>
>
>
> WBR
>
>
>
> *From:* Maxim Solodovnik [mailto:solomax666@gmail.com]
> *Sent:* Friday, July 03, 2015 12:59 PM
> *To:* Openmeetings user-list
> *Subject:* Re: openmeetings and AD
>
>
>
> I guess this user:
>
> ldap_conn_host=192.168.XXX.XXX
>
> ldap_conn_port=389
>
> ldap_admin_dn=CN=test,OU=Users,DC=example,DC=local
>
> ldap_passwd=password
>
> ldap_conn_secure=false
>
>
>
> is failed to authenticate
>
> Can you provide bigger stacktrace so I can try to guess which operation
> failed?
>
>
>
>
>
> 2015-07-03 13:39 GMT+06:00 Дорофеев Сергей <do...@xfit.ru>:
>
> Hello.
>
>
>
> Im having an issue with authentication through Active Directory. I’ve
> tried several configs from this list, which were marked as working, but
> still not succeed.
>
> Im using 3.0.4-RELEASE rev. 1659257
>
> My om-ldap.cfg now:
>
>
>
> ldap_server_type=AD
>
> ldap_conn_host=192.168.XXX.XXX
>
> ldap_conn_port=389
>
> ldap_admin_dn=CN=test,OU=Users,DC=example,DC=local
>
> ldap_passwd=password
>
> ldap_conn_secure=false
>
> ldap_search_base=DC=example,DC=local
>
> ldap_search_scope=ONELEVEL
>
> field_user_principal=userPrincipalName
>
> ldap_search_query=(userPrincipalName=%s) ### ive also tried
> (sAMAccountName=%s)
>
> ldap_userdn_format=sAMAccountName=%s,DC=example,DC=local
>
> ldap_auth_type=SEARCHANDBIND
>
> ldap_sync_password_to_om=true
>
> ldap_provisionning=AUTOCREATE
>
> ldap_deref_mode=always
>
> ldap_userdn_format=uid=%s,DC=example,DC=local
>
>
>
> ldap_user_attr_lastname=sn
>
> ldap_user_attr_firstname=givenName
>
> ldap_user_attr_mail=mail
>
> ldap_user_attr_street=streetAddress
>
> ldap_user_attr_additionalname=description
>
> ldap_user_attr_fax=facsimileTelephoneNumber
>
> ldap_user_attr_zip=postalCode
>
> ldap_user_attr_country=ru
>
> ldap_user_attr_town=l
>
> ldap_user_attr_phone=telephoneNumber
>
> ldap_use_lower_case=false
>
>
>
> logon window says: Invalid password
>
> debug says:
>
> DEBUG 07-01 12:20:38.820 LdapLoginManagement.java 7614383 171
> org.apache.openmeetings.ldap.LdapLoginManagement
> [http-nio-0.0.0.0-5080-exec-1] - LdapLoginmanagement.doLdapLogin
>
> ERROR 07-01 12:20:38.921 LdapLoginManagement.java 7614484 376
> org.apache.openmeetings.ldap.LdapLoginManagement
> [http-nio-0.0.0.0-5080-exec-1] - Not authenticated.
>
> org.apache.directory.api.ldap.model.exception.LdapAuthenticationException:
> 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error,
> data 52e, v1db1
>
>
>
> Im 100% sure, password is correct.
>
>
>
> Can you help me?
>
>
>
> WBR
> ------------------------------
>
> Это электронное сообщение и любые документы, приложенные к нему, содержат
> конфиденциальную информацию и предназначены исключительно для использования
> сотрудниками компании, физическим или юридическим лицом, которому они
> адресованы. Уведомляем Вас о том, что если это сообщение не предназначено
> Вам, использование, копирование, распространение информации, содержащейся в
> настоящем сообщении, а также осуществление любых действий на основе этой
> информации, не допускается. Если вы получили это электронное сообщение по
> ошибке, пожалуйста, свяжитесь с отправителем и удалите электронное
> сообщение и любые файлы, передаваемые с ним, с компьютера незамедлительно.
> Спасибо.
>
>
>
>
>
> --
>
> WBR
> Maxim aka solomax
>
--
WBR
Maxim aka solomax
RE: openmeetings and AD
Posted by Дорофеев Сергей <do...@xfit.ru>.
Hello again!
Here is full log from start to finish at the moment, when im clicking “Sign in” button:
DEBUG 07-03 11:01:29.884 ServletWebRequest.java 73637 189 org.apache.wicket.protocol.http.servlet.ServletWebRequest [http-nio-0.0.0.0-5080-exec-6] - Calculating context relative path from: context path '/openmeetings', filterPrefix '', uri '/openmeetings/signin'
DEBUG 07-03 11:01:29.886 PageAccessSynchronizer.java 73639 112 org.apache.wicket.page.PageAccessSynchronizer [http-nio-0.0.0.0-5080-exec-6] - 'http-nio-0.0.0.0-5080-exec-6' attempting to acquire lock to page with id '0'
DEBUG 07-03 11:01:29.886 PageAccessSynchronizer.java 73639 137 org.apache.wicket.page.PageAccessSynchronizer [http-nio-0.0.0.0-5080-exec-6] - http-nio-0.0.0.0-5080-exec-6 acquired lock to page 0
DEBUG 07-03 11:01:29.891 SessiondataDao.java 73644 68 org.apache.openmeetings.db.dao.server.SessiondataDao [http-nio-0.0.0.0-5080-exec-6] - startsession :: startsession
DEBUG 07-03 11:01:29.891 ManageCryptStyle.java 73644 32 org.apache.openmeetings.util.crypt.ManageCryptStyle [http-nio-0.0.0.0-5080-exec-6] - getInstanceOfCrypt:: configKeyCryptClassName: org.apache.openmeetings.util.crypt.MD5Implementation
DEBUG 07-03 11:01:29.896 LdapLoginManagement.java 73649 171 org.apache.openmeetings.ldap.LdapLoginManagement [http-nio-0.0.0.0-5080-exec-6] - LdapLoginmanagement.doLdapLogin
ERROR 07-03 11:01:29.911 LdapLoginManagement.java 73664 376 org.apache.openmeetings.ldap.LdapLoginManagement [http-nio-0.0.0.0-5080-exec-6] - Not authenticated.
org.apache.directory.api.ldap.model.exception.LdapAuthenticationException: 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1
at org.apache.directory.api.ldap.model.message.ResultCodeEnum.processResponse(ResultCodeEnum.java:2021) ~[api-all-jar-1.0.0-M28.jar:1.0.0-M28]
at org.apache.directory.ldap.client.api.AbstractLdapConnection.bind(AbstractLdapConnection.java:129) ~[api-all-jar-1.0.0-M28.jar:1.0.0-M28]
at org.apache.directory.ldap.client.api.AbstractLdapConnection.bind(AbstractLdapConnection.java:112) ~[api-all-jar-1.0.0-M28.jar:1.0.0-M28]
at org.apache.openmeetings.ldap.LdapLoginManagement.bindAdmin(LdapLoginManagement.java:152) ~[openmeetings-core-3.0.4-RELEASE.jar:na]
at org.apache.openmeetings.ldap.LdapLoginManagement.login(LdapLoginManagement.java:262) ~[openmeetings-core-3.0.4-RELEASE.jar:na]
at org.apache.openmeetings.web.app.WebSession.signIn(WebSession.java:257) [openmeetings-web-3.0.4-RELEASE.jar:na]
at org.apache.openmeetings.web.pages.auth.SignInDialog.onSubmit(SignInDialog.java:192) [openmeetings-web-3.0.4-RELEASE.jar:na]
at com.googlecode.wicket.jquery.ui.widget.dialog.AbstractFormDialog$DialogFormSubmitter.onSubmit(AbstractFormDialog.java:303) [wicket-jquery-ui-bundle-6.19.0.jar:na]
at org.apache.wicket.markup.html.form.Form.delegateSubmit(Form.java:1288) [wicket-core-jar-6.19.0.jar:6.19.0]
at org.apache.wicket.markup.html.form.Form.process(Form.java:952) [wicket-core-jar-6.19.0.jar:6.19.0]
at org.apache.wicket.markup.html.form.StatelessForm.process(StatelessForm.java:100) [wicket-core-jar-6.19.0.jar:6.19.0]
at org.apache.wicket.markup.html.form.Form.onFormSubmitted(Form.java:784) [wicket-core-jar-6.19.0.jar:6.19.0]
at com.googlecode.wicket.jquery.ui.widget.dialog.AbstractFormDialog.internalOnClick(AbstractFormDialog.java:224) [wicket-jquery-ui-bundle-6.19.0.jar:na]
at com.googlecode.wicket.jquery.ui.widget.dialog.AbstractDialog$1.onClick(AbstractDialog.java:419) [wicket-jquery-ui-bundle-6.19.0.jar:na]
at com.googlecode.wicket.jquery.ui.widget.dialog.DialogBehavior.onAjax(DialogBehavior.java:175) [wicket-jquery-ui-bundle-6.19.0.jar:na]
at com.googlecode.wicket.jquery.core.ajax.JQueryAjaxBehavior.respond(JQueryAjaxBehavior.java:171) [wicket-jquery-ui-core-bundle-6.19.0.jar:na]
at org.apache.wicket.ajax.AbstractDefaultAjaxBehavior.onRequest(AbstractDefaultAjaxBehavior.java:633) [wicket-core-jar-6.19.0.jar:6.19.0]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.7.0_79]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) ~[na:1.7.0_79]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.7.0_79]
at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_79]
at org.apache.wicket.RequestListenerInterface.internalInvoke(RequestListenerInterface.java:258) [wicket-core-jar-6.19.0.jar:6.19.0]
at org.apache.wicket.RequestListenerInterface.invoke(RequestListenerInterface.java:241) [wicket-core-jar-6.19.0.jar:6.19.0]
at org.apache.wicket.core.request.handler.ListenerInterfaceRequestHandler.invokeListener(ListenerInterfaceRequestHandler.java:250) [wicket-core-jar-6.19.0.jar:6.19.0]
at org.apache.wicket.core.request.handler.ListenerInterfaceRequestHandler.respond(ListenerInterfaceRequestHandler.java:236) [wicket-core-jar-6.19.0.jar:6.19.0]
at org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor.respond(RequestCycle.java:890) [wicket-core-jar-6.19.0.jar:6.19.0]
at org.apache.wicket.request.RequestHandlerStack.execute(RequestHandlerStack.java:64) [wicket-request-jar-6.19.0.jar:6.19.0]
at org.apache.wicket.request.cycle.RequestCycle.execute(RequestCycle.java:261) [wicket-core-jar-6.19.0.jar:6.19.0]
at org.apache.wicket.request.cycle.RequestCycle.processRequest(RequestCycle.java:218) [wicket-core-jar-6.19.0.jar:6.19.0]
at org.apache.wicket.request.cycle.RequestCycle.processRequestAndDetach(RequestCycle.java:289) [wicket-core-jar-6.19.0.jar:6.19.0]
at org.apache.wicket.protocol.ws.AbstractUpgradeFilter.processRequestCycle(AbstractUpgradeFilter.java:59) [wicket-native-websocket-core-jar-6.19.0.jar:6.19.0]
at org.apache.wicket.protocol.http.WicketFilter.processRequest(WicketFilter.java:201) [wicket-core-jar-6.19.0.jar:6.19.0]
at org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:282) [wicket-core-jar-6.19.0.jar:6.19.0]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) [tomcat-embed-core.jar:7.0.57]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) [tomcat-embed-core.jar:7.0.57]
at org.red5.logging.LoggerContextFilter.doFilter(LoggerContextFilter.java:77) [red5-server.jar:1.0.5-RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) [tomcat-embed-core.jar:7.0.57]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) [tomcat-embed-core.jar:7.0.57]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) [tomcat-embed-core.jar:7.0.57]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) [tomcat-embed-core.jar:7.0.57]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:503) [tomcat-embed-core.jar:7.0.57]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170) [tomcat-embed-core.jar:7.0.57]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) [tomcat-embed-core.jar:7.0.57]
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950) [tomcat-embed-core.jar:7.0.57]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) [tomcat-embed-core.jar:7.0.57]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421) [tomcat-embed-core.jar:7.0.57]
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070) [tomcat-embed-core.jar:7.0.57]
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611) [tomcat-embed-core.jar:7.0.57]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1736) [tomcat-embed-core.jar:7.0.57]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1695) [tomcat-embed-core.jar:7.0.57]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [na:1.7.0_79]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [na:1.7.0_79]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core.jar:7.0.57]
at java.lang.Thread.run(Thread.java:745) [na:1.7.0_79]
DEBUG 07-03 11:01:29.913 CookieUtils.java 73666 273 org.apache.wicket.util.cookies.CookieUtils [http-nio-0.0.0.0-5080-exec-6] - Unable to find Cookie with name=LoggedIn and request URI=signin?0-1.IBehaviorListener.2-signin
DEBUG 07-03 11:01:29.919 FeedbackMessages.java 73672 69 org.apache.wicket.feedback.FeedbackMessages [http-nio-0.0.0.0-5080-exec-6] - Adding feedback message '[FeedbackMessage message = "Invalid password", reporter = signin, level = ERROR]'
DEBUG 07-03 11:01:29.920 CookieUtils.java 73673 273 org.apache.wicket.util.cookies.CookieUtils [http-nio-0.0.0.0-5080-exec-6] - Unable to find Cookie with name=LoggedIn and request URI=signin?0-1.IBehaviorListener.2-signin
DEBUG 07-03 11:01:29.921 Page.java 73674 871 org.apache.wicket.Page [http-nio-0.0.0.0-5080-exec-6] - ending request for page [Page class = org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count = 1], request org.apache.wicket.protocol.http.servlet.ServletWebRequest@1c228b0
DEBUG 07-03 11:01:29.921 Page.java 73674 871 org.apache.wicket.Page [http-nio-0.0.0.0-5080-exec-6] - ending request for page [Page class = org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count = 1], request org.apache.wicket.protocol.http.servlet.ServletWebRequest@1c228b0
DEBUG 07-03 11:01:29.922 Page.java 73675 871 org.apache.wicket.Page [http-nio-0.0.0.0-5080-exec-6] - ending request for page [Page class = org.apache.openmeetings.web.pages.auth.SignInPage, id = 0, render count = 1], request org.apache.wicket.protocol.http.servlet.ServletWebRequest@1c228b0
DEBUG 07-03 11:01:29.925 PageAccessSynchronizer.java 73678 207 org.apache.wicket.page.PageAccessSynchronizer [http-nio-0.0.0.0-5080-exec-6] - 'http-nio-0.0.0.0-5080-exec-6' released lock to page with id '0'
DEBUG 07-03 11:01:29.925 AsynchronousDataStore.java 73678 354 org.apache.wicket.pageStore.AsynchronousDataStore$PageSavingRunnable [Wicket-PageSavingThread] - Saving asynchronously: Entry [sessionId=5C25A5503DF7707CD214290D1FF03160, pageId=0]...
DEBUG 07-03 11:01:29.925 PageAccessSynchronizer.java 73678 358 org.apache.wicket.page.PageAccessSynchronizer [http-nio-0.0.0.0-5080-exec-6] - 'http-nio-0.0.0.0-5080-exec-6' notifying blocked threads
DEBUG 07-03 11:01:29.925 DiskDataStore.java 73678 186 org.apache.wicket.pageStore.DiskDataStore [Wicket-PageSavingThread] - Storing data for page with id '0' in session with id '5C25A5503DF7707CD214290D1FF03160'
WBR
From: Maxim Solodovnik [mailto:solomax666@gmail.com]
Sent: Friday, July 03, 2015 12:59 PM
To: Openmeetings user-list
Subject: Re: openmeetings and AD
I guess this user:
ldap_conn_host=192.168.XXX.XXX
ldap_conn_port=389
ldap_admin_dn=CN=test,OU=Users,DC=example,DC=local
ldap_passwd=password
ldap_conn_secure=false
is failed to authenticate
Can you provide bigger stacktrace so I can try to guess which operation failed?
2015-07-03 13:39 GMT+06:00 Дорофеев Сергей <do...@xfit.ru>>:
Hello.
Im having an issue with authentication through Active Directory. I’ve tried several configs from this list, which were marked as working, but still not succeed.
Im using 3.0.4-RELEASE rev. 1659257
My om-ldap.cfg now:
ldap_server_type=AD
ldap_conn_host=192.168.XXX.XXX
ldap_conn_port=389
ldap_admin_dn=CN=test,OU=Users,DC=example,DC=local
ldap_passwd=password
ldap_conn_secure=false
ldap_search_base=DC=example,DC=local
ldap_search_scope=ONELEVEL
field_user_principal=userPrincipalName
ldap_search_query=(userPrincipalName=%s) ### ive also tried (sAMAccountName=%s)
ldap_userdn_format=sAMAccountName=%s,DC=example,DC=local
ldap_auth_type=SEARCHANDBIND
ldap_sync_password_to_om=true
ldap_provisionning=AUTOCREATE
ldap_deref_mode=always
ldap_userdn_format=uid=%s,DC=example,DC=local
ldap_user_attr_lastname=sn
ldap_user_attr_firstname=givenName
ldap_user_attr_mail=mail
ldap_user_attr_street=streetAddress
ldap_user_attr_additionalname=description
ldap_user_attr_fax=facsimileTelephoneNumber
ldap_user_attr_zip=postalCode
ldap_user_attr_country=ru
ldap_user_attr_town=l
ldap_user_attr_phone=telephoneNumber
ldap_use_lower_case=false
logon window says: Invalid password
debug says:
DEBUG 07-01 12:20:38.820 LdapLoginManagement.java 7614383 171 org.apache.openmeetings.ldap.LdapLoginManagement [http-nio-0.0.0.0-5080-exec-1] - LdapLoginmanagement.doLdapLogin
ERROR 07-01 12:20:38.921 LdapLoginManagement.java 7614484 376 org.apache.openmeetings.ldap.LdapLoginManagement [http-nio-0.0.0.0-5080-exec-1] - Not authenticated.
org.apache.directory.api.ldap.model.exception.LdapAuthenticationException: 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1
Im 100% sure, password is correct.
Can you help me?
WBR
________________________________
Это электронное сообщение и любые документы, приложенные к нему, содержат конфиденциальную информацию и предназначены исключительно для использования сотрудниками компании, физическим или юридическим лицом, которому они адресованы. Уведомляем Вас о том, что если это сообщение не предназначено Вам, использование, копирование, распространение информации, содержащейся в настоящем сообщении, а также осуществление любых действий на основе этой информации, не допускается. Если вы получили это электронное сообщение по ошибке, пожалуйста, свяжитесь с отправителем и удалите электронное сообщение и любые файлы, передаваемые с ним, с компьютера незамедлительно. Спасибо.
--
WBR
Maxim aka solomax
Re: openmeetings and AD
Posted by Maxim Solodovnik <so...@gmail.com>.
I guess this user:
ldap_conn_host=192.168.XXX.XXX
ldap_conn_port=389
ldap_admin_dn=CN=test,OU=Users,DC=example,DC=local
ldap_passwd=password
ldap_conn_secure=false
is failed to authenticate
Can you provide bigger stacktrace so I can try to guess which operation
failed?
2015-07-03 13:39 GMT+06:00 Дорофеев Сергей <do...@xfit.ru>:
> Hello.
>
>
>
> Im having an issue with authentication through Active Directory. I’ve
> tried several configs from this list, which were marked as working, but
> still not succeed.
>
> Im using 3.0.4-RELEASE rev. 1659257
>
> My om-ldap.cfg now:
>
>
>
> ldap_server_type=AD
>
> ldap_conn_host=192.168.XXX.XXX
>
> ldap_conn_port=389
>
> ldap_admin_dn=CN=test,OU=Users,DC=example,DC=local
>
> ldap_passwd=password
>
> ldap_conn_secure=false
>
> ldap_search_base=DC=example,DC=local
>
> ldap_search_scope=ONELEVEL
>
> field_user_principal=userPrincipalName
>
> ldap_search_query=(userPrincipalName=%s) ### ive also tried
> (sAMAccountName=%s)
>
> ldap_userdn_format=sAMAccountName=%s,DC=example,DC=local
>
> ldap_auth_type=SEARCHANDBIND
>
> ldap_sync_password_to_om=true
>
> ldap_provisionning=AUTOCREATE
>
> ldap_deref_mode=always
>
> ldap_userdn_format=uid=%s,DC=example,DC=local
>
>
>
> ldap_user_attr_lastname=sn
>
> ldap_user_attr_firstname=givenName
>
> ldap_user_attr_mail=mail
>
> ldap_user_attr_street=streetAddress
>
> ldap_user_attr_additionalname=description
>
> ldap_user_attr_fax=facsimileTelephoneNumber
>
> ldap_user_attr_zip=postalCode
>
> ldap_user_attr_country=ru
>
> ldap_user_attr_town=l
>
> ldap_user_attr_phone=telephoneNumber
>
> ldap_use_lower_case=false
>
>
>
> logon window says: Invalid password
>
> debug says:
>
> DEBUG 07-01 12:20:38.820 LdapLoginManagement.java 7614383 171
> org.apache.openmeetings.ldap.LdapLoginManagement
> [http-nio-0.0.0.0-5080-exec-1] - LdapLoginmanagement.doLdapLogin
>
> ERROR 07-01 12:20:38.921 LdapLoginManagement.java 7614484 376
> org.apache.openmeetings.ldap.LdapLoginManagement
> [http-nio-0.0.0.0-5080-exec-1] - Not authenticated.
>
> org.apache.directory.api.ldap.model.exception.LdapAuthenticationException:
> 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error,
> data 52e, v1db1
>
>
>
> Im 100% sure, password is correct.
>
>
>
> Can you help me?
>
>
>
> WBR
> ------------------------------
> Это электронное сообщение и любые документы, приложенные к нему,
> содержат конфиденциальную информацию и предназначены исключительно для
> использования сотрудниками компании, физическим или юридическим лицом,
> которому они адресованы. Уведомляем Вас о том, что если это сообщение не
> предназначено Вам, использование, копирование, распространение информации,
> содержащейся в настоящем сообщении, а также осуществление любых действий на
> основе этой информации, не допускается. Если вы получили это электронное
> сообщение по ошибке, пожалуйста, свяжитесь с отправителем и удалите
> электронное сообщение и любые файлы, передаваемые с ним, с компьютера
> незамедлительно. Спасибо.
>
--
WBR
Maxim aka solomax