Connection to LDAP fails when common names are non-English

[GoogleCodeExporter]

Which version of OpenMeetings are you running?
1900

Dear development team! I was trying to start LDAP authentification on a 
server with windows Active Directory running on it, and had a lot of 
problems until I realized what was the reason of those. The case is in 
encoding and the way the DN of the admin user is constructed. Here is the 
appropriate code:

String dn = "CN=" + ldap_admin + "," + ldap_login_base;

the case is, on our server CNs are on Russian, such as "Родион 
Волков" etc. 
And whatever I tried to put into ldap_admin field of ldap.cfg file and 
whatever encoding I used, I failed to make the script to work properly, so 
I found a workaround - the case is, AD server can also accept DNs in form 
of user@domain.com so the only thing I needed was to get rid of "CN=" part 
and somehow pass an empty ldap_login_base and "user@domain.com" as 
ldap_admin. The patch I attached does exactly what was needed and now my AD 
authentification works perfectly. The case is, patch is not so good for 
being implemented as a feature, so I ask your ideas on how to fix this in 
better way - whether is will be as a support for other encodings in config 
parsing or support for user-defined DNs and not just a plain "CN=" + 
ldap_admin + "," + ldap_login_base formula. Thanks for your attention

Original issue reported on code.google.com by volkov.r...@gmail.com on 30 Mar 2009 at 12:19

Attachments:

• test.patch

[GoogleCodeExporter]

hola,

your workaround is a valid solution, we could take over easily (making the whole
security principal dn configurable...), so the building of "CN=" + ldap_admin + 
"," 
+ ldap_login_base wouldnt be requiered any more....

-> work would be extending the existing configkey ldap_admin to contain the 
whole DN
-> would u be interested in doing it yourself? otherwise i would take over the 
issue...

see ya

Smoeker

Original comment by i...@oliver-becherer.name on 30 Mar 2009 at 1:30

[GoogleCodeExporter]

I've made an appropriate patch for the latest sources - the ldap_login_base has 
been 
removed, there is only one ldap_admin_dn field that contains the whole admin 
distinguished name. Please take a look

Original comment by volkov.r...@gmail.com on 31 Mar 2009 at 7:33

Attachments:

• patch_ldap_latest.patch

[GoogleCodeExporter]

I've tested this patch for r1980 and found, that it fixes the problem

Original comment by e.rovin...@gmail.com on 14 Apr 2009 at 12:37

[GoogleCodeExporter]

hola,

i also tested the patch against my AD and it worked - i applyied the patch and 
commited the changes....

see ya

Smoeker

Original comment by i...@oliver-becherer.name on 14 Apr 2009 at 1:44

• Changed state: Fixed

[GoogleCodeExporter]

Original comment by seba.wag...@gmail.com on 29 Aug 2011 at 8:03

• Added labels: Restrict-AddIssueComment-Commit