topic md5-digest authetication and openldap in Alfresco Archive https://connect.hyland.com/t5/alfresco-archive/md5-digest-authetication-and-openldap/m-p/272236#M225366 <HTML><HEAD></HEAD><BODY><SPAN>Hi</SPAN><BR /><BR /><SPAN>I have followed the wiki to setup authentication via ldap.</SPAN><BR /><BR /><SPAN>the relevant section in my tomcat/shared/classes/alfresco-global.properties reads:</SPAN><BR /><BR /><BR /><SPAN>#</SPAN><BR /><SPAN># The default authentication chain</SPAN><BR /><SPAN># To configure external authentication subsystems see:</SPAN><BR /><SPAN># </SPAN><A href="http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems" rel="nofollow noopener noreferrer">http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems</A><BR /><SPAN>#————-</SPAN><BR /><SPAN>#authentication.chain=alfrescoNtlm1:alfrescoNtlm</SPAN><BR /><SPAN>authentication.chain=ldap1:ldap,alfrescoNtlm1:alfrescoNtlm</SPAN><BR /><BR /><SPAN>ntlm.authentication.sso.enabled=false</SPAN><BR /><SPAN>ntlm.authentication.authenticateCIFS=true</SPAN><BR /><BR /><SPAN># LDAP</SPAN><BR /><SPAN>ldap.authentication.active=true</SPAN><BR /><SPAN>ldap.synchronization.active=false</SPAN><BR /><SPAN>ldap.authentication.java.naming.security.authentication=DIGEST-MD5</SPAN><BR /><SPAN>ldap.authentication.userNameFormat=%s</SPAN><BR /><BR /><SPAN>ldap.authentication.java.naming.provider.url=ldap://127.0.0.1:389</SPAN><BR /><SPAN>#ldap.authentication.java.naming.provider.url=ldaps://127.0.0.1:636</SPAN><BR /><BR /><SPAN>authentication fails with "Unable to login - unknown username/password."</SPAN><BR /><BR /><SPAN>alfresco.log show no entry, when followed with tail -f</SPAN><BR /><BR /><SPAN>tcpdump shows the following conversation:</SPAN><BR /><BR /><SPAN>0….`………</SPAN><BR /><SPAN>DIGEST-MD50…..a..</SPAN><BR /><SPAN>……SASL(0): successful result: …nonce="9FNZhZzKL/bK4gp0p0w8zDm4d+5wPSON+gvRj4VA/0Q=",realm="&lt;obscured-FQDN-of-server&gt;",qop="auth,auth-int,auth-conf",cipher="rc4-40,rc4-56,rc4,des,3des",maxbuf=65536,charset=utf-8,algorithm=md5-sess0..,…`..%……….</SPAN><BR /><SPAN>DIGEST-MD5….charset=utf-8,username="graylion",realm="&lt;obscured-FQDN-of-server&gt;",nonce="9FNZhZzKL/bK4gp0p0w8zDm4d+5wPSON+gvRj4VA/0Q=",nc=00000001,cnonce="OS6PHN4gmvJLXurtScwftI5ybn7tX2KqTt++fi+F",digest-uri="ldap/127.0.0.1",maxbuf=65536,response=e45bf289ac2786cd10f173714ed2c63d,qop=auth0&lt;…a7</SPAN><BR /><SPAN>.1…0SASL(-13): user not found: no secret in database</SPAN><BR /><BR /><SPAN>my sasl and ldap setup is fully functional and successfully authenticates users for cyrus, apache and postfix.</SPAN><BR /><BR /><SPAN>any ideas?</SPAN><BR /><BR /><SPAN>Thanks in advance.</SPAN></BODY></HTML> Wed, 01 Jun 2011 19:12:50 GMT graylion 2011-06-01T19:12:50Z md5-digest authetication and openldap https://connect.hyland.com/t5/alfresco-archive/md5-digest-authetication-and-openldap/m-p/272236#M225366 HiI have followed the wiki to setup authentication via ldap.the relevant section in my tomcat/shared/classes/alfresco-global.properties reads:## The default authentication chain# To configure external authentication subsystems see:# http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems#—— Wed, 01 Jun 2011 19:12:50 GMT https://connect.hyland.com/t5/alfresco-archive/md5-digest-authetication-and-openldap/m-p/272236#M225366 graylion 2011-06-01T19:12:50Z Re: md5-digest authetication and openldap https://connect.hyland.com/t5/alfresco-archive/md5-digest-authetication-and-openldap/m-p/272237#M225367 <HTML><HEAD></HEAD><BODY><SPAN>If not already done, try to configure your AD server to get reversible encryption for password.</SPAN><BR /><BR /><SPAN>If it still doesn't work, comments here might be insightful:</SPAN><BR /><A href="https://issues.alfresco.com/jira/browse/ETHREEOH-2556" rel="nofollow noopener noreferrer">https://issues.alfresco.com/jira/browse/ETHREEOH-2556</A><BR /><BR /><SPAN>For example try to </SPAN><BLOCKQUOTE class="jive-quote">configure ldap.authentication.userNameFormat using the UPN format</BLOCKQUOTE><SPAN>and maybe try </SPAN><BLOCKQUOTE class="jive-quote">Using FQDN in the ldap.authentication.java.naming.provider.url variable</BLOCKQUOTE><BR /><SPAN>Sincerely,</SPAN><BR /><SPAN>Scouil</SPAN><BR /><BR /><SPAN>EDIT: You should definitely try to change ldap.authentication.userNameFormat. As stated here </SPAN><A href="http://forums.alfresco.com/en/viewtopic.php?t=3156" rel="nofollow noopener noreferrer">http://forums.alfresco.com/en/viewtopic.php?t=3156</A><SPAN> </SPAN><BLOCKQUOTE class="jive-quote">The value you enter here has to be listed in the serverPrincipalName attribute of your domain controller. Things like localhost will most likely not work</BLOCKQUOTE><SPAN> It's an old post and might have changed since but…well… try it!</SPAN></BODY></HTML> Tue, 05 Jul 2011 06:32:27 GMT https://connect.hyland.com/t5/alfresco-archive/md5-digest-authetication-and-openldap/m-p/272237#M225367 scouil 2011-07-05T06:32:27Z