Problem with OpenLDAP Sync and Alfresco Community 5.0.c

bbaale — Thu, 05 Feb 2015 16:35:08 GMT

I am having difficulty integrating OpenLdap with Alfresco Community 5.0.c. My configurations work for Community 4.2.e<blockcode>19:12:16,486 WARN [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User

Re: Problem with OpenLDAP Sync and Alfresco Community 5.0.c

ellequ — Wed, 11 Feb 2015 10:31:00 GMT

Hi,
I have the same problem. I can split problem in 3 steps.
1) some tutorial says to do this
<blockcode>
$ mkdir {ALFRESCO_HOME}/shared/classes/alfresco/extension/subsystems/Authentication/myldap
$ cd {ALFRESCO_HOME}/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/
$ cp ./ldap/*.properties {ALFRESCO_HOME}/shared/classes/alfresco/extension/subsystems/Authentication/ldap/myldap
</blockcode>

but this is impossible because i don't find ldap subfolder with sample file in my 5.0.c release

2) So I added the configuraztion in alfresco-global.properties and I see that works. On startup i see by log that gorup and users are found but not imported and so LDAP users can't login.

This is teh configuration
<blockcode>
authentication.chain=alfinst:alfrescoNtlm,ldap:ldap-ad

synchronization.sinchronyzeChangesOnly=false
synchronization.syncWhenMissingPeopleLogIn=true
synchronization.syncOnStartup=true
synchronization.import.cron=0 0 18 * * ?

ntlm.authentication.sso.enabled=false

ldap.authentication.active=true

ldap.synchronization.active=true

ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=uid=%s,dc=example,dc=com

ldap.authentication.java.naming.provider.url=ldap://localhost:10389
ldap.authentication.defaultAdministratorUserNames=Administrator,amministrazione
ldap.synchronization.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.principal=uid=test,ou=system
ldap.synchronization.java.naming.security.credentials=test

ldap.synchronization.groupSearchBase=dc=example,dc=com
ldap.synchronization.userSearchBase=dc=example,dc=com

ldap.synchronization.userIdAttributeName=uid
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
#ldap.synchronization.userOrganizationalIdAttributeName=o
ldap.synchronization.defaultHomeFolderProvider=largeHomeFolderProvider

ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupDisplayNameAttributeName=description
ldap.synchronization.groupType=groupOfUniqueNames
ldap.synchronization.personType=inetOrgPerson
ldap.synchronization.groupMemberAttributeName=uniqueMember

</blockcode>

With this configuration on alfresco startup I see that some group and user are found but not imported.

So I added this configuration
<blockcode>

ldap.synchronization.groupQuery=(objectclass=groupOfUniqueNames)
ldap.synchronization.groupDifferentialQuery=(&(objectclass=groupOfUniqueNames)(!(modifyTimestamp<={0})))

ldap.synchronization.personQuery=(objectclass=inetOrgPerson)
ldap.synchronization.personDifferentialQuery=(&(objectclass=inetOrgPerson)(!(modifyTimestamp<={0})))
</blockcode>

After I added this configuration option alfresco startup stops and i see thi smessage in LDAP server
<blockquote>
Diagnostic message : 'INVALID_CREDENTIALS: Bind failed: ERR_268 Cannot find a partition for cn=daftAsABrush,dc=woof
</blockquote>

3) last change: authentication.chain from
authentication.chain=alfinst:alfrescoNtlm,ldap:<strong>ldap-ad</strong>
to
authentication.chain=alfinst:alfrescoNtlm,ldap:<strong>ldap</strong>

because i m using apacheds server as LDAP server

and now I don't have any message in alfresco startup about user and group and also i can't login.

I hope someone can help me.

Best regards

topic Re: Problem with OpenLDAP Sync and Alfresco Community 5.0.c in Alfresco Archive

Problem with OpenLDAP Sync and Alfresco Community 5.0.c

Re: Problem with OpenLDAP Sync and Alfresco Community 5.0.c