<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: LDAP and Alfresco problem in Alfresco Archive</title>
    <link>https://connect.hyland.com/t5/alfresco-archive/ldap-and-alfresco-problem/m-p/198739#M151869</link>
    <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;SPAN&gt;Hey Crokette,&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;Could you post the full config (cleaned of anything identifying) and describe your setup.&amp;nbsp; &lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;One thing that trew me for a loop was the encryption. It took a while to figure out.&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;here is the first config i had working in Active Directory&amp;nbsp; and Alfresco 3.0.&amp;nbsp; &lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;If you want run encryption it gets a bit more complicated&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;PRE class="language-none line-numbers"&gt;&lt;CODE&gt;ldap.authentication.userNameFormat=%s&lt;BR /&gt;&lt;BR /&gt;# The LDAP context factory to use&lt;BR /&gt;ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory&lt;BR /&gt;&lt;BR /&gt;# The URL to connect to the LDAP server &lt;BR /&gt;ldap.authentication.java.naming.provider.url=ldap://192.168.1.100:389&lt;BR /&gt;&lt;BR /&gt;# The authentication mechanism to use&lt;BR /&gt;ldap.authentication.java.naming.security.authentication=SIMPLE&lt;BR /&gt;&lt;BR /&gt;# The default principal to use (only used for LDAP sync)&lt;BR /&gt;ldap.authentication.java.naming.security.principal=CN=Login User,OU=Some Group,DC=COMAPNY,DC=com&lt;BR /&gt;&lt;BR /&gt;# The password for the default principal (only used for LDAP sync)&lt;BR /&gt;ldap.authentication.java.naming.security.credentials=PasswordForAboveUser&lt;BR /&gt;&lt;BR /&gt;# Escape commas entered by the user at bind time&lt;BR /&gt;# Useful when using simple authentication and the CN is part of the DN and contains commas&lt;BR /&gt;ldap.authentication.escapeCommasInBind=false&lt;BR /&gt;&lt;BR /&gt;# Escape commas entered by the user when setting the authenticated user&lt;BR /&gt;# Useful when using simple authentication and the CN is part of the DN and contains commas, and the escaped \, is &lt;BR /&gt;# pulled in as part of an LDAP sync&lt;BR /&gt;# If this option is set to true it will break the default home folder provider as space names can not contain \&lt;BR /&gt;ldap.authentication.escapeCommasInUid=false&lt;BR /&gt;&lt;SPAN class="line-numbers-rows"&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/CODE&gt;&lt;/PRE&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
    <pubDate>Fri, 03 Jul 2009 11:44:31 GMT</pubDate>
    <dc:creator>ofrxnz</dc:creator>
    <dc:date>2009-07-03T11:44:31Z</dc:date>
    <item>
      <title>LDAP and Alfresco problem</title>
      <link>https://connect.hyland.com/t5/alfresco-archive/ldap-and-alfresco-problem/m-p/198736#M151866</link>
      <description>Hello,I am having problems getting my alfresco ldap setting work correctly. I have followed the instructions on viewtopic.php?t=3351 and i dont receive any errors on alfresco startup, but my users in ldap can not log in. I dont know where to start troubleshooting. How can i enable logging for ldap a</description>
      <pubDate>Fri, 28 Nov 2008 21:36:04 GMT</pubDate>
      <guid>https://connect.hyland.com/t5/alfresco-archive/ldap-and-alfresco-problem/m-p/198736#M151866</guid>
      <dc:creator>kocoubb</dc:creator>
      <dc:date>2008-11-28T21:36:04Z</dc:date>
    </item>
    <item>
      <title>Re: LDAP and Alfresco problem</title>
      <link>https://connect.hyland.com/t5/alfresco-archive/ldap-and-alfresco-problem/m-p/198737#M151867</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;SPAN&gt;At first guess, it sounds like you need to configure a bind user in alfresco…..&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;Basically there are two (well 3) ways alfresco can bind to an LDAP directory for authentication.&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;1.) anonymous bind and search.&amp;nbsp; Alfresco connects to the server with no credentials and then searched the dirrectory to find your username (%s in the config) and then matches it with it's password.&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;2.) bind and search.&amp;nbsp; alfresco has credentials to first login/connect to the ldap server then it searches as before.&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;3.) bind dirrectly as user…..it can kind of be rigged to work but is a hack.&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;It sounds like you are attempting to use method 1 but fedora does not allow anonymous connections for security reasons.&amp;nbsp; so you need to configure alfresco to use method 2.&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;The following lines are from Alfresco 3.0 so the file has changed some but the basic values should be similar.&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;PRE class="language-none line-numbers"&gt;&lt;CODE&gt;ldap.authentication.java.naming.security.principal=CN=John Doe,CN=Users,dc=SOMEDOMAIN,dc=com&lt;SPAN class="line-numbers-rows"&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/CODE&gt;&lt;/PRE&gt;&lt;BR /&gt;&lt;SPAN&gt;This line basically says use this user account….It must be the full DN of the user account.&amp;nbsp; for example on an ldap server, user&amp;nbsp; with the account name johnDoe could have a full DN of CN=John Doe,CN=Users,dc=SOMEDOMAIN,dc=com.&amp;nbsp; I dont know what the fedora structure in terms of CN, DN, etc but the basic style should be the same.&lt;/SPAN&gt;&lt;BR /&gt;&lt;PRE class="language-none line-numbers"&gt;&lt;CODE&gt;&lt;BR /&gt;ldap.authentication.java.naming.security.credentials=PasswordForJohnDoeInPlainText&lt;SPAN class="line-numbers-rows"&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/CODE&gt;&lt;/PRE&gt;&lt;BR /&gt;&lt;SPAN&gt;This is just the password for the previous user&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;Hopefully this is some help.&amp;nbsp;&amp;nbsp; If that doesn't help, post your ldap config (cleaned of your specific information)….I don't have an Alfresco 2.1 config handy&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;Adam&lt;/SPAN&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Wed, 03 Dec 2008 18:53:17 GMT</pubDate>
      <guid>https://connect.hyland.com/t5/alfresco-archive/ldap-and-alfresco-problem/m-p/198737#M151867</guid>
      <dc:creator>ofrxnz</dc:creator>
      <dc:date>2008-12-03T18:53:17Z</dc:date>
    </item>
    <item>
      <title>Re: LDAP and Alfresco problem</title>
      <link>https://connect.hyland.com/t5/alfresco-archive/ldap-and-alfresco-problem/m-p/198738#M151868</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;SPAN&gt;hi,&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;i have the same problem with an Alfesco labs 3.1 version,&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;however my conf files seems correct&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;PRE class="language-none line-numbers"&gt;&lt;CODE&gt;&lt;BR /&gt;&lt;BR /&gt;# The default principal to use (only used for LDAP sync)&lt;BR /&gt;ldap.authentication.java.naming.security.principal=(cn=administrateur,cn=users,dc=my_domain,dc=fr)&lt;BR /&gt;&lt;BR /&gt;# The password for the default principal (only used for LDAP sync)&lt;BR /&gt;ldap.authentication.java.naming.security.credentials=my_password&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN class="line-numbers-rows"&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/CODE&gt;&lt;/PRE&gt;&lt;BR /&gt;&lt;SPAN&gt;can you help me ?&lt;/SPAN&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Fri, 03 Jul 2009 08:11:34 GMT</pubDate>
      <guid>https://connect.hyland.com/t5/alfresco-archive/ldap-and-alfresco-problem/m-p/198738#M151868</guid>
      <dc:creator>crokette</dc:creator>
      <dc:date>2009-07-03T08:11:34Z</dc:date>
    </item>
    <item>
      <title>Re: LDAP and Alfresco problem</title>
      <link>https://connect.hyland.com/t5/alfresco-archive/ldap-and-alfresco-problem/m-p/198739#M151869</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;SPAN&gt;Hey Crokette,&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;Could you post the full config (cleaned of anything identifying) and describe your setup.&amp;nbsp; &lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;One thing that trew me for a loop was the encryption. It took a while to figure out.&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;here is the first config i had working in Active Directory&amp;nbsp; and Alfresco 3.0.&amp;nbsp; &lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;If you want run encryption it gets a bit more complicated&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;PRE class="language-none line-numbers"&gt;&lt;CODE&gt;ldap.authentication.userNameFormat=%s&lt;BR /&gt;&lt;BR /&gt;# The LDAP context factory to use&lt;BR /&gt;ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory&lt;BR /&gt;&lt;BR /&gt;# The URL to connect to the LDAP server &lt;BR /&gt;ldap.authentication.java.naming.provider.url=ldap://192.168.1.100:389&lt;BR /&gt;&lt;BR /&gt;# The authentication mechanism to use&lt;BR /&gt;ldap.authentication.java.naming.security.authentication=SIMPLE&lt;BR /&gt;&lt;BR /&gt;# The default principal to use (only used for LDAP sync)&lt;BR /&gt;ldap.authentication.java.naming.security.principal=CN=Login User,OU=Some Group,DC=COMAPNY,DC=com&lt;BR /&gt;&lt;BR /&gt;# The password for the default principal (only used for LDAP sync)&lt;BR /&gt;ldap.authentication.java.naming.security.credentials=PasswordForAboveUser&lt;BR /&gt;&lt;BR /&gt;# Escape commas entered by the user at bind time&lt;BR /&gt;# Useful when using simple authentication and the CN is part of the DN and contains commas&lt;BR /&gt;ldap.authentication.escapeCommasInBind=false&lt;BR /&gt;&lt;BR /&gt;# Escape commas entered by the user when setting the authenticated user&lt;BR /&gt;# Useful when using simple authentication and the CN is part of the DN and contains commas, and the escaped \, is &lt;BR /&gt;# pulled in as part of an LDAP sync&lt;BR /&gt;# If this option is set to true it will break the default home folder provider as space names can not contain \&lt;BR /&gt;ldap.authentication.escapeCommasInUid=false&lt;BR /&gt;&lt;SPAN class="line-numbers-rows"&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/CODE&gt;&lt;/PRE&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Fri, 03 Jul 2009 11:44:31 GMT</pubDate>
      <guid>https://connect.hyland.com/t5/alfresco-archive/ldap-and-alfresco-problem/m-p/198739#M151869</guid>
      <dc:creator>ofrxnz</dc:creator>
      <dc:date>2009-07-03T11:44:31Z</dc:date>
    </item>
    <item>
      <title>Re: LDAP and Alfresco problem</title>
      <link>https://connect.hyland.com/t5/alfresco-archive/ldap-and-alfresco-problem/m-p/198740#M151870</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;SPAN&gt;hi,&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;my system is Windows Server 2003 and i use Alfresco Labs 3.1 with MySQL 5&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;and&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;this is my &lt;/SPAN&gt;&lt;STRONG&gt;ldap-synchronisation.properties&lt;/STRONG&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;PRE class="language-none line-numbers"&gt;&lt;CODE&gt;# &lt;BR /&gt;# This properties file is used to configure LDAP syncronisation&lt;BR /&gt;#&lt;BR /&gt;&lt;BR /&gt;# The query to find the people to import&lt;BR /&gt;ldap.synchronisation.personQuery=(objectclass=inetOrgPerson)&lt;BR /&gt;&lt;BR /&gt;# The search base of the query to find people to import&lt;BR /&gt;ldap.synchronisation.personSearchBase=(OU=utilisateurs,DC=my_domain,DC=fr)&lt;BR /&gt;&lt;BR /&gt;# The attribute name on people objects found in LDAP to use as the uid in Alfresco&lt;BR /&gt;ldap.synchronisation.userIdAttributeName=sAMAccountName&lt;BR /&gt;&lt;BR /&gt;# The attribute on person objects in LDAP to map to the first name property in Alfresco&lt;BR /&gt;ldap.synchronisation.userFirstNameAttributeName=givenName&lt;BR /&gt;&lt;BR /&gt;# The attribute on person objects in LDAP to map to the last name property in Alfresco&lt;BR /&gt;ldap.synchronisation.userLastNameAttributeName=sn&lt;BR /&gt;&lt;BR /&gt;# The attribute on person objects in LDAP to map to the email property in Alfresco&lt;BR /&gt;ldap.synchronisation.userEmailAttributeName=mail&lt;BR /&gt;&lt;BR /&gt;# The attribute on person objects in LDAP to map to the organizational id&amp;nbsp; property in Alfresco&lt;BR /&gt;ldap.synchronisation.userOrganizationalIdAttributeName=o&lt;BR /&gt;&lt;BR /&gt;# The default home folder provider to use for people created via LDAP import&lt;BR /&gt;ldap.synchronisation.defaultHomeFolderProvider=personalHomeFolderProvider&lt;BR /&gt;&lt;BR /&gt;# The query to find group objects&lt;BR /&gt;ldap.synchronisation.groupQuery=(objectclass=group)&lt;BR /&gt;&lt;BR /&gt;# The search base to use to find group objects&lt;BR /&gt;ldap.synchronisation.groupSearchBase=(DC=my_domain,DC=fr)&lt;BR /&gt;&lt;BR /&gt;# The attribute on LDAP group objects to map to the gid property in Alfrecso&lt;BR /&gt;ldap.synchronisation.groupIdAttributeName=cn&lt;BR /&gt;&lt;BR /&gt;# The group type in LDAP&lt;BR /&gt;ldap.synchronisation.groupType=group&lt;BR /&gt;&lt;BR /&gt;# The person type in LDAP&lt;BR /&gt;ldap.synchronisation.personType=inetOrgPerson&lt;BR /&gt;&lt;BR /&gt;# The attribute in LDAP on group objects that defines the DN for its members&lt;BR /&gt;ldap.synchronisation.groupMemberAttributeName=member&lt;BR /&gt;&lt;BR /&gt;# The cron expression defining when people imports should take place&lt;BR /&gt;ldap.synchronisation.import.person.cron=0 0 * * * ?&lt;BR /&gt;&lt;BR /&gt;# The cron expression defining when group imports should take place &lt;BR /&gt;ldap.synchronisation.import.group.cron=0 30 * * * ?&lt;BR /&gt;&lt;BR /&gt;# Should all groups be cleared out at import time?&lt;BR /&gt;# - this is safe as groups are not used in Alfresco for other things (unlike person objects which you should never clear out during an import)&lt;BR /&gt;# - setting this to true means old group definitions will be tidied up.&lt;BR /&gt;ldap.synchronisation.import.group.clearAllChildren=true&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN class="line-numbers-rows"&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/CODE&gt;&lt;/PRE&gt;&lt;BR /&gt;&lt;SPAN&gt;and this is my&lt;/SPAN&gt;&lt;STRONG&gt; ldap-authentication.properties&lt;/STRONG&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;PRE class="language-none line-numbers"&gt;&lt;CODE&gt;#&lt;BR /&gt;# This properties file brings together the common options for LDAP authentication rather than editing the bean definitions&lt;BR /&gt;#&lt;BR /&gt;&lt;BR /&gt;# How to map the user id entered by the user to taht passed through to LDAP&lt;BR /&gt;# - simple &lt;BR /&gt;#&amp;nbsp;&amp;nbsp;&amp;nbsp; - this must be a DN and would be something like&lt;BR /&gt;#&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; CN=%s,DC=company,DC=com&lt;BR /&gt;# - digest&lt;BR /&gt;#&amp;nbsp;&amp;nbsp;&amp;nbsp; - usually pass through what is entered&lt;BR /&gt;#&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; %s&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; &lt;BR /&gt;ldap.authentication.userNameFormat=%s&lt;BR /&gt;&lt;BR /&gt;# The LDAP context factory to use&lt;BR /&gt;ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory&lt;BR /&gt;&lt;BR /&gt;# The URL to connect to the LDAP server &lt;BR /&gt;ldap.authentication.java.naming.provider.url=(ldap://my-ldap:389)&lt;BR /&gt;&lt;BR /&gt;# The authentication mechanism to use&lt;BR /&gt;ldap.authentication.java.naming.security.authentication=DIGEST-MD5&lt;BR /&gt;#ldap.authentication.java.naming.security.authentication=SIMPLE&lt;BR /&gt;&lt;BR /&gt;# The default principal to use (only used for LDAP sync)&lt;BR /&gt;ldap.authentication.java.naming.security.principal=(cn=administrateur,cn=users,dc=my_domain,dc=fr)&lt;BR /&gt;&lt;BR /&gt;# The password for the default principal (only used for LDAP sync)&lt;BR /&gt;ldap.authentication.java.naming.security.credentials=my_password&lt;BR /&gt;&lt;BR /&gt;# Escape commas entered by the user at bind time&lt;BR /&gt;# Useful when using simple authentication and the CN is part of the DN and contains commas&lt;BR /&gt;ldap.authentication.escapeCommasInBind=false&lt;BR /&gt;&lt;BR /&gt;# Escape commas entered by the user when setting the authenticated user&lt;BR /&gt;# Useful when using simple authentication and the CN is part of the DN and contains commas, and the escaped \, is &lt;BR /&gt;# pulled in as part of an LDAP sync&lt;BR /&gt;# If this option is set to true it will break the default home folder provider as space names can not contain \&lt;BR /&gt;ldap.authentication.escapeCommasInUid=false&lt;SPAN class="line-numbers-rows"&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;SPAN&gt;‍&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/CODE&gt;&lt;/PRE&gt;&lt;BR /&gt;&lt;SPAN&gt;i have seen that you used SIMPLE instead of DIGEST-MD5, SIMPLE is used to anonymous auth ? and DIGEST for crypted auth ?&lt;/SPAN&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Fri, 03 Jul 2009 12:22:49 GMT</pubDate>
      <guid>https://connect.hyland.com/t5/alfresco-archive/ldap-and-alfresco-problem/m-p/198740#M151870</guid>
      <dc:creator>crokette</dc:creator>
      <dc:date>2009-07-03T12:22:49Z</dc:date>
    </item>
    <item>
      <title>Re: LDAP and Alfresco problem</title>
      <link>https://connect.hyland.com/t5/alfresco-archive/ldap-and-alfresco-problem/m-p/198741#M151871</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;SPAN&gt;Your configuration looks about right.&amp;nbsp; &lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;But the encryption would do it.&amp;nbsp; Windows 2k3 does not support MD5 out of the box last time i checked.&amp;nbsp; You can install MD5 into windows though. also, the LDAP over SSL port used in windows is 636 &lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;i dont remember if alfresco uses ldap://server.company.com:636 or ldaps://server.company.com:636 for secure connections. &lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;What i think is happening in your case is Alfresco tries to use MD5 but Windows doesn't support it.&amp;nbsp; Then because the encryption is unsupported the connection fails and Alfresco fails back to anonymous authentication and Active Directory does not support anonymous binding by default so that fails as well.&amp;nbsp; &lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;SIMPLE authentication is unencrypted.&amp;nbsp; When you are debugging, i would suggest using SIMPLE authentication so you can get it to work without worrying about encryption.&amp;nbsp; &lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;The drawbacks to SIMPLE are all traffic is plain text and Active directory wont let you change passwords and other things with unencrypted connections &lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;But first, try using SIMPLE and if you can get that to work then work towards encryption&lt;/SPAN&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Fri, 03 Jul 2009 12:55:00 GMT</pubDate>
      <guid>https://connect.hyland.com/t5/alfresco-archive/ldap-and-alfresco-problem/m-p/198741#M151871</guid>
      <dc:creator>ofrxnz</dc:creator>
      <dc:date>2009-07-03T12:55:00Z</dc:date>
    </item>
    <item>
      <title>Re: LDAP and Alfresco problem</title>
      <link>https://connect.hyland.com/t5/alfresco-archive/ldap-and-alfresco-problem/m-p/198742#M151872</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;SPAN&gt;-_-' i have problems&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;when i use the 636 port or when i #Digest-MD5 and un-# SIMPLE i can't join the Alfresco's web interface, i have 404 error.&lt;/SPAN&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Fri, 03 Jul 2009 13:18:42 GMT</pubDate>
      <guid>https://connect.hyland.com/t5/alfresco-archive/ldap-and-alfresco-problem/m-p/198742#M151872</guid>
      <dc:creator>crokette</dc:creator>
      <dc:date>2009-07-03T13:18:42Z</dc:date>
    </item>
    <item>
      <title>Re: LDAP and Alfresco problem</title>
      <link>https://connect.hyland.com/t5/alfresco-archive/ldap-and-alfresco-problem/m-p/198743#M151873</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;SPAN&gt;hummm….&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;Only other thing i notice is you have some () around your ldap://server and OU=,DC=,DC=.. lines in your config.&amp;nbsp; &lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;The config i posted worked in 3.0.0 against Active Directory.&amp;nbsp; I dont know if something has changed in 3.1.&amp;nbsp; &lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;Just to put some trouble shooting out there…have you restarted alfresco? Are your LDAP ports open on the directory server and if you are using Active Directory, is ldap enabled?&lt;/SPAN&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Fri, 03 Jul 2009 13:45:45 GMT</pubDate>
      <guid>https://connect.hyland.com/t5/alfresco-archive/ldap-and-alfresco-problem/m-p/198743#M151873</guid>
      <dc:creator>ofrxnz</dc:creator>
      <dc:date>2009-07-03T13:45:45Z</dc:date>
    </item>
    <item>
      <title>Re: LDAP and Alfresco problem</title>
      <link>https://connect.hyland.com/t5/alfresco-archive/ldap-and-alfresco-problem/m-p/198744#M151874</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;SPAN&gt;yes, i have used&amp;nbsp; '(' ')' and i succed to import active directory's group in alfresco but i failed to users.&lt;/SPAN&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;SPAN&gt;with ldap admin tool, i can't connect my active directory with 636 port.&lt;/SPAN&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Fri, 03 Jul 2009 14:12:38 GMT</pubDate>
      <guid>https://connect.hyland.com/t5/alfresco-archive/ldap-and-alfresco-problem/m-p/198744#M151874</guid>
      <dc:creator>crokette</dc:creator>
      <dc:date>2009-07-03T14:12:38Z</dc:date>
    </item>
  </channel>
</rss>

