https://connect.hyland.com/t5/alfresco-archive/hitting-a-wall-with-ldap-authentication/m-p/140423#M98371 <HTML><HEAD></HEAD><BODY><SPAN>Hello, I am installing Alfresco in my company. Everthing is working great and even though I had some issues, it didnt take too long to solve them.</SPAN><BR /><BR /><SPAN>Now I have a problem that I cant seem to solve. I am trying to allow simple auhtentication with LDAP for my users. Without it Alfresco would be useless since we have way too many users to manually create each account.</SPAN><BR /><BR /><SPAN>So I configured the ldap-authentication-context.xml</SPAN><BR /><SPAN>My logs clearly indicate that I am corresponding with the ldap server + I cant login anymore with local users which is the correct behavior.</SPAN><BR /><BR /><SPAN>However it seems that whatever login or password I use from LDAP users, I cant manage to login.</SPAN><BR /><BR /><SPAN>Here is my ldap-authentication-context.xml:</SPAN><BR /><BR /><PRE class="language-none line-numbers"><CODE><BR />&lt;?xml version='1.0' encoding='UTF-8'?&gt; <BR />&lt;!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' '<A href="http://www.springframework.org/dtd/spring-beans.dtd" rel="nofollow noopener noreferrer">http://www.springframework.org/dtd/spring-beans.dtd</A>'&gt; <BR /><BR />&lt;beans&gt; <BR /><BR />&lt;!– DAO that rejects changes - LDAP is read only at the moment. It does allow users to be deleted with out warnings from the UI. –&gt; <BR /><BR />&lt;bean name="authenticationDao" class="org.alfresco.repo.security.authentication.DefaultMutableAuthenticationDao" &gt; <BR />&lt;property name="allowDeleteUser"&gt; <BR />&lt;value&gt;true&lt;/value&gt; <BR />&lt;/property&gt; <BR />&lt;/bean&gt; <BR /><BR /><BR />&lt;!– LDAP authentication configuration –&gt; <BR /><BR />&lt;!– <BR /><BR />You can also use JAAS authentication for Kerberos against Active Directory or NTLM if you also require single sign on from the <BR />web browser. You do not have to use LDAP authentication to synchronise groups and users from an LDAP store if it supports other <BR />authentication routes, like Active Directory. <BR /><BR />–&gt; <BR /><BR />&lt;bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl"&gt; <BR />&lt;property name="LDAPInitialDirContextFactory"&gt; <BR />&lt;ref bean="ldapInitialDirContextFactory"/&gt; <BR />&lt;/property&gt; <BR />&lt;property name="userNameFormat"&gt; <BR />&lt;!– <BR /><BR />This maps between what the user types in and what is passed through to the underlying LDAP authentication. <BR /><BR />"%s" - the user id is passed through without modification. <BR />Used for LDAP authentication such as DIGEST-MD5, anything that is not "simple". <BR /><BR />"cn=%s,ou=London,dc=company,dc=com" - If the user types in "Joe Bloggs" the authentricate as "cn=Joe Bloggs,ou=London,dc=company,dc=com" <BR />Usually for simple authentication. <BR /><BR />–&gt; <BR />&lt;value&gt;uid=%s,ou=***,o=***,c=fr&lt;/value&gt; <BR />&lt;/property&gt; <BR />&lt;/bean&gt; <BR /><BR />&lt;!– <BR /><BR />This bean is used to support general LDAP authentication. It is also used to provide read only access to users and groups <BR />to pull them out of the LDAP reopsitory <BR /><BR />–&gt; <BR /><BR />&lt;bean id="ldapInitialDirContextFactory" class="org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl"&gt; <BR />&lt;property name="initialDirContextEnvironment"&gt; <BR />&lt;map&gt; <BR />&lt;!– The LDAP provider –&gt; <BR />&lt;entry key="java.naming.factory.initial"&gt; <BR />&lt;value&gt;com.sun.jndi.ldap.LdapCtxFactory&lt;/value&gt; <BR />&lt;/entry&gt; <BR /><BR />&lt;!– The url to the LDAP server –&gt; <BR />&lt;!– Note you can use space separated urls - they will be tried in turn until one works –&gt; <BR />&lt;!– This could be used to authenticate against one or more ldap servers (you will not know which one ….) –&gt; <BR />&lt;entry key="java.naming.provider.url"&gt; <BR />&lt;value&gt;ldap://***:50014&lt;/value&gt; <BR />&lt;/entry&gt; <BR /><BR />&lt;!– The authentication mechanism to use –&gt; <BR />&lt;!– Some sasl authentication mechanisms may require a realm to be set –&gt; <BR />&lt;!– java.naming.security.sasl.realm –&gt; <BR />&lt;!– The available options will depend on your LDAP provider –&gt; <BR />&lt;entry key="java.naming.security.authentication"&gt; <BR />&lt;value&gt;simple&lt;/value&gt; <BR />&lt;/entry&gt; <BR />&lt;/map&gt; <BR />&lt;/property&gt; <BR />&lt;/bean&gt; <BR /><BR /><SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><BR /><SPAN>Here are my log files concerning LDAP:</SPAN><BR /><BR /><PRE class="language-none line-numbers"><CODE><BR />12:00:25,918 WARN [org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl] LDAP server supports anonymous bind ldap://***:50014<BR />12:00:25,921 INFO [org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl] LDAP server does not support simple string user ids and invalid credentials at ldap://***:50014<BR />12:00:25,923 INFO [org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl] LDAP server does not fall back to anonymous bind for a simple dn and password at ldap://***:50014<BR /><SPAN class="line-numbers-rows"><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN><SPAN>‍</SPAN></SPAN></CODE></PRE><BR /><SPAN>Any advices or leads would be greatly appreciated.</SPAN><BR /><BR /><SPAN>Greetings from France</SPAN><BR /><BR /><SPAN>Luda</SPAN></BODY></HTML> Fri, 21 Sep 2007 14:35:21 GMT luda12 2007-09-21T14:35:21Z https://connect.hyland.com/t5/alfresco-archive/hitting-a-wall-with-ldap-authentication/m-p/140423#M98371 Hello, I am installing Alfresco in my company. Everthing is working great and even though I had some issues, it didnt take too long to solve them.Now I have a problem that I cant seem to solve. I am trying to allow simple auhtentication with LDAP for my users. Without it Alfresco would be useless si Fri, 21 Sep 2007 14:35:21 GMT https://connect.hyland.com/t5/alfresco-archive/hitting-a-wall-with-ldap-authentication/m-p/140423#M98371 luda12 2007-09-21T14:35:21Z https://connect.hyland.com/t5/alfresco-archive/hitting-a-wall-with-ldap-authentication/m-p/140424#M98372 <HTML><HEAD></HEAD><BODY><SPAN>Hi</SPAN><BR /><BR /><SPAN>LDAP simple suthentication uses the DN of the user. Check the DN of the user in an LDAP browser - and confirm you can authenticate with this browser- The DN is likely to be based on CN and not uid.</SPAN><BR /><BR /><SPAN>Andy</SPAN></BODY></HTML> Thu, 11 Oct 2007 11:58:14 GMT https://connect.hyland.com/t5/alfresco-archive/hitting-a-wall-with-ldap-authentication/m-p/140424#M98372 andy 2007-10-11T11:58:14Z