Hyland Connect

jgionet76 · ‎02-04-2013

Hi,
Just installed alfresco-community-4.2.c-installer-win-x32.exe on my Windows 2003 server with all the latest Windows Update.

I'm trying to get LDAP authentication to work and I'm having a very hard time getting it working!

Here's what I have at the end of my alfresco-global.properties file:


authentication.chain=alfinst:alfrescoNtlm,ldap1:ldap-ad

# This flag enables use of this LDAP subsystem for authentication. It may be
# that this subsytem should only be used for synchronization, in which case
# this flag should be set to false.
ldap.authentication.active=true
 
#
# This properties file brings together the common options for LDAP authentication rather than editing the bean definitions
#
ldap.authentication.allowGuestLogin=false
 
# How to map the user id entered by the user to taht passed through to LDAP
# In Active Directory, this can either be the user principal name (UPN) or DN.
# UPNs are in the form <sAMAccountName>@domain and are held in the userPrincipalName attribute of a user
ldap.authentication.userNameFormat=%s@MyDomain
 
# The LDAP context factory to use
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
 
# The URL to connect to the LDAP server 
ldap.authentication.java.naming.provider.url=ldap://MyDomain.activedir.somedomain.ca:389
 
# The authentication mechanism to use for password validation
ldap.authentication.java.naming.security.authentication=simple
 
# Escape commas entered by the user at bind time
# Useful when using simple authentication and the CN is part of the DN and contains commas
ldap.authentication.escapeCommasInBind=false
 
# Escape commas entered by the user when setting the authenticated user
# Useful when using simple authentication and the CN is part of the DN and contains commas, and the escaped \, is 
# pulled in as part of an LDAP sync
# If this option is set to true it will break the default home folder provider as space names can not contain \
ldap.authentication.escapeCommasInUid=false
 
# Comma separated list of user names who should be considered administrators by default
ldap.authentication.defaultAdministratorUserNames=someUser1,someUser2
 
# This flag enables use of this LDAP subsystem for user and group
# synchronization. It may be that this subsytem should only be used for 
# authentication, in which case this flag should be set to false.
ldap.synchronization.active=true
 
# The authentication mechanism to use for synchronization
ldap.synchronization.java.naming.security.authentication=simple
 
# The default principal to bind with (only used for LDAP sync). This should be a UPN or DN
ldap.synchronization.java.naming.security.principal=someUser1@MyDomain
 
# The password for the default principal (only used for LDAP sync)
ldap.synchronization.java.naming.security.credentials=SomeVeryCoolPass.#98
 
# If positive, this property indicates that RFC 2696 paged results should be
# used to split query results into batches of the specified size. This
# overcomes any size limits imposed by the LDAP server.
ldap.synchronization.queryBatchSize=1000
 
# If positive, this property indicates that range retrieval should be used to fetch
# multi-valued attributes (such as member) in batches of the specified size.
# Overcomes any size limits imposed by Active Directory.        
ldap.synchronization.attributeBatchSize=1000
 
# The query to select all objects that represent the groups to import.
ldap.synchronization.groupQuery=(objectclass\=group)
 
# The query to select objects that represent the groups to import that have changed since a certain time.
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(whenChanged<\={0})))
 
# The query to select all objects that represent the users to import.
ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
 
# The query to select objects that represent the users to import that have changed since a certain time.
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(whenChanged<\={0})))
 
# The group search base restricts the LDAP group query to a sub section of tree on the LDAP server.
ldap.synchronization.groupSearchBase=OU=People,OU=MyOrgDiv,DC=MyDomain,DC=on,DC=ca,DC=gov,DC=ad
 
# The user search base restricts the LDAP user query to a sub section of tree on the LDAP server.
ldap.synchronization.userSearchBase=OU=People,OU=MyOrgDiv,DC=MyDomain,DC=on,DC=ca,DC=gov,DC=ad
 
# The name of the operational attribute recording the last update time for a group or user.
ldap.synchronization.modifyTimestampAttributeName=whenChanged
 
# The timestamp format. Unfortunately, this varies between directory servers.
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
 
# The attribute name on people objects found in LDAP to use as the uid in Alfresco
ldap.synchronization.userIdAttributeName=sAMAccountName
 
# The attribute on person objects in LDAP to map to the first name property in Alfresco
ldap.synchronization.userFirstNameAttributeName=givenName
 
# The attribute on person objects in LDAP to map to the last name property in Alfresco
ldap.synchronization.userLastNameAttributeName=sn
 
# The attribute on person objects in LDAP to map to the email property in Alfresco
ldap.synchronization.userEmailAttributeName=mail
 
# The attribute on person objects in LDAP to map to the organizational id  property in Alfresco
ldap.synchronization.userOrganizationalIdAttributeName=company
 
# The default home folder provider to use for people created via LDAP import
ldap.synchronization.defaultHomeFolderProvider=largeHomeFolderProvider
 
# The attribute on LDAP group objects to map to the authority name property in Alfresco
ldap.synchronization.groupIdAttributeName=cn
 
# The attribute on LDAP group objects to map to the authority display name property in Alfresco
ldap.synchronization.groupDisplayNameAttributeName=displayName
 
# The group type in LDAP
ldap.synchronization.groupType=group
 
# The person type in LDAP
ldap.synchronization.personType=user
 
# The attribute in LDAP on group objects that defines the DN for its members
ldap.synchronization.groupMemberAttributeName=member
 
# If true progress estimation is enabled. When enabled, the user query has to be run twice in order to count entries.
ldap.synchronization.enableProgressEstimation=true
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

In the alfresco.log file all I see is this at some point after I restart the service:


15:36:25,867 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'Synchronization' subsystem, ID: [Synchronization, default]
15:36:25,914 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Synchronizing users and groups with user registry 'ldap1'
15:36:25,976 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Retrieving all groups from user registry 'ldap1'
15:36:26,429 ERROR [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Synchronization aborted due to error
org.alfresco.error.AlfrescoRuntimeException: 01040000 User and group import failed
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1188)
‍‍‍‍‍‍‍‍

I can't figure out what I'm doing wrong! I've loaded a LDAP client to make sure my values make sense! (using Active Directory Explorer)

Any ieads? help?

Thanks

afaust · ‎02-05-2013

Hello,

unfortunately, you didn't post enough of your error for anyone to read a possible cause into it. Please provide more of your alfresco.log.

Regards
Axel

jgionet76 · ‎02-06-2013

I've tweaked my config file and attached the entire log file (with various info changed for web posting)

file: alfresco-global.properties (pasted at the end of this file)

authentication.chain=passthru1:passthru,ldap1:ldap

#Passthru configuration. I don’t want guest users to login into my Alfresco and access my files.
#passthru.authentication.sso.enabled=true
ntlm.authentication.sso.enabled=true
passthru.authentication.allowGuestLogin=true

#Passthru authentication. We are not going to use CIFS/Samba and FTP, thus we are going to disable it.
passthru.authentication.authenticateCIFS=false
passthru.authentication.authenticateFTP=false

#We have to define the Active Directory server where Alfresco users will be authenticated and define the Administrator account who’s going to configure our Alfresco.
passthru.authentication.servers=MyDomain\\MyDomain.ad.SomeDomainName.on.ca
passthru.authentication.domain=MyDomain
passthru.authentication.useLocalServer=false
passthru.authentication.defaultAdministratorUserNames=someUser1,someUser2
passthru.authentication.connectTimeout=5000
passthru.authentication.offlineCheckInterval=300
passthru.authentication.protocolOrder=TCPIP,NETBIOS

#Ldap authentication configuration. I don’t want an LDAP authentication rather I want a passthru authentication
ldap.authentication.active=false
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.userNameFormat=%s
ldap.authentication.allowGuestLogin=false
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://MyDomain.ad.SomeDomainName.on.ca:389
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false

#Ldap Synchronization. You have to define the user that has an administrative account in your Active Directory. This account will login to your Active Directory Server to pull all your users.
ldap.synchronization.active=true

ldap.synchronization.java.naming.security.principal=someUser1@MyDomain
ldap.synchronization.java.naming.security.credentials=myPass.#007

ldap.synchronization.queryBatchSize=1000
ldap.synchronization.groupDifferentialQuery=(&(objectclass=nogroup)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(&(objectclass=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
ldap.synchronization.personDifferentialQuery=(& (objectclass=user)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupQuery=(objectclass\=group)

#We are going to synchronize all users and groups from your Domain.
ldap.synchronization.groupSearchBase=cn\=People,dc\=MyDomain,dc\=on,dc\=someD,dc\=ca,dc\=ad
ldap.synchronization.userSearchBase=cn\=People,dc\=MyDomain,dc\=ca

#Other default ldap synchronization configuration
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss’.0Z’
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=msExchALObjectVersion
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupType=Nogroup
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=member

#We want to synchronize the changes that we made from our Active Directory
synchronization.synchronizeChangesOnly=true

#We are not going to use CIFS/Samba
cifs.enabled=false‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

file: alfresco.log

10:38:20,863 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'sysAdmin' subsystem, ID: [sysAdmin, default]
10:38:20,910 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'sysAdmin' subsystem, ID: [sysAdmin, default] complete
10:38:43,441 INFO  [org.springframework.extensions.webscripts.TemplateProcessorRegistry] Registered template processor Repository Template Processor for extension ftl
10:38:43,457 INFO  [org.springframework.extensions.webscripts.ScriptProcessorRegistry] Registered script processor Repository Script Processor for extension js
10:38:53,441 INFO  [org.alfresco.repo.domain.schema.SchemaBootstrap] Connecting to database: jdbc:postgresql://localhost:5432/alfresco, UserName=alfresco, PostgreSQL Native Driver
10:38:53,441 INFO  [org.alfresco.repo.domain.schema.SchemaBootstrap] Schema managed by database dialect org.hibernate.dialect.PostgreSQLDialect.
10:38:57,582 INFO  [org.alfresco.repo.domain.schema.SchemaBootstrap] No changes were made to the schema.
10:38:58,660 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'Search' subsystem, ID: [Search, managed, solr]
10:38:58,863 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'Search' subsystem, ID: [Search, managed, solr] complete
10:38:59,223 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'thirdparty' subsystem, ID: [thirdparty, default]
10:38:59,738 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'thirdparty' subsystem, ID: [thirdparty, default] complete
10:38:59,738 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'OOoDirect' subsystem, ID: [OOoDirect, default]
10:39:01,598 WARN  [org.alfresco.util.OpenOfficeConnectionTester] An initial OpenOffice connection could not be established.
10:39:01,613 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'OOoDirect' subsystem, ID: [OOoDirect, default] complete
10:39:01,613 INFO  [org.alfresco.repo.admin.ConfigurationChecker] The Alfresco root data directory ('dir.root') is: S:\Alfresco\alf_data
10:39:01,660 INFO  [org.alfresco.repo.admin.patch.PatchExecuter] Checking for patches to apply …
10:39:03,473 INFO  [org.alfresco.repo.admin.patch.PatchExecuter] No patches were required.
10:39:03,488 INFO  [org.alfresco.repo.module.ModuleServiceImpl] Found 2 module(s).
10:39:03,566 INFO  [org.alfresco.repo.module.ModuleServiceImpl] Starting module 'org.alfresco.module.vti' version 1.2.
10:39:03,598 INFO  [org.alfresco.repo.module.ModuleServiceImpl] Starting module 'org.alfresco.integrations.google.docs' version 2.0.1.
10:39:03,629 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'fileServers' subsystem, ID: [fileServers, default]
10:39:04,348 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'fileServers' subsystem, ID: [fileServers, default] complete
10:39:04,348 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'imap' subsystem, ID: [imap, default]
10:39:04,629 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'imap' subsystem, ID: [imap, default] complete
10:39:04,629 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'email' subsystem, ID: [email, outbound]
10:39:04,691 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'email' subsystem, ID: [email, outbound] complete
10:39:04,691 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'email' subsystem, ID: [email, inbound]
10:39:04,801 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'email' subsystem, ID: [email, inbound] complete
10:39:04,801 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'googledocs' subsystem, ID: [googledocs, default]
10:39:04,879 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'googledocs' subsystem, ID: [googledocs, default] complete
10:39:04,879 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'Subscriptions' subsystem, ID: [Subscriptions, default]
10:39:04,895 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'Subscriptions' subsystem, ID: [Subscriptions, default] complete
10:39:04,895 INFO  [org.alfresco.repo.usage.UserUsageTrackingComponent] Disabled - clear non-missing user usages …
10:39:04,941 INFO  [org.alfresco.repo.usage.UserUsageTrackingComponent] Found 0 users to clear
10:39:04,941 INFO  [org.alfresco.repo.usage.UserUsageTrackingComponent] … cleared non-missing usages for 0 users
10:39:04,941 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'Synchronization' subsystem, ID: [Synchronization, default]
10:39:05,035 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'Authentication' subsystem, ID: [Authentication, managed, passthru1]
10:39:05,270 WARN  [org.alfresco.util.OpenOfficeConnectionTester] Error trying to query Open Office version information. OpenOffice.org's ConfigurationRegistry not implemented in this version of OOo. This should not affect the operation of OOo.
10:39:05,270 INFO  [org.alfresco.util.OpenOfficeConnectionTester] The OpenOffice connection was re-established.
10:39:05,660 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'Authentication' subsystem, ID: [Authentication, managed, passthru1] complete
10:39:05,660 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'Authentication' subsystem, ID: [Authentication, managed, ldap1]
10:39:05,910 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'Authentication' subsystem, ID: [Authentication, managed, ldap1] complete
10:39:05,910 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Synchronizing users and groups with user registry 'ldap1'
10:39:05,957 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Retrieving all groups from user registry 'ldap1'
10:39:06,176 ERROR [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Synchronization aborted due to error
org.alfresco.error.AlfrescoRuntimeException: 01060000 User and group import failed
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1188)
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getGroups(LDAPUserRegistry.java:675)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncWithPlugin(ChainingUserRegistrySynchronizer.java:796)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:587)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$7.doWork(ChainingUserRegistrySynchronizer.java:1919)
   at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:529)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.onBootstrap(ChainingUserRegistrySynchronizer.java:1913)
   at org.springframework.extensions.surf.util.AbstractLifecycleBean.onApplicationEvent(AbstractLifecycleBean.java:56)
   at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:97)
   at org.alfresco.repo.management.subsystems.ChildApplicationContextFactory$ChildApplicationContext.publishEvent(ChildApplicationContextFactory.java:513)
   at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:911)
   at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:428)
   at org.alfresco.repo.management.subsystems.ChildApplicationContextFactory$ApplicationContextState.start(ChildApplicationContextFactory.java:714)
   at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.start(AbstractPropertyBackedBean.java:667)
   at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.onApplicationEvent(AbstractPropertyBackedBean.java:473)
   at org.alfresco.repo.management.SafeApplicationEventMulticaster.multicastEventInternal(SafeApplicationEventMulticaster.java:209)
   at org.alfresco.repo.management.SafeApplicationEventMulticaster.multicastEvent(SafeApplicationEventMulticaster.java:180)
   at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:303)
   at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:911)
   at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:428)
   at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:276)
   at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:197)
   at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:47)
   at org.alfresco.web.app.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:63)
   at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4791)
   at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5285)
   at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
   at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:901)
   at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:877)
   at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:618)
   at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:963)
   at org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1600)
   at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
   at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
   at java.util.concurrent.FutureTask.run(FutureTask.java:166)
   at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
   at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
   at java.lang.Thread.run(Thread.java:722)
Caused by: javax.naming.CommunicationException: MyDomain.on.SomeDomainName.ca.ad:389 [Root exception is java.net.UnknownHostException: MyDomain.on.someD.ca.ad]
   at com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:92)
   at com.sun.jndi.ldap.LdapReferralException.getReferralContext(LdapReferralException.java:150)
   at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1861)
   at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1772)
   at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:386)
   at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:356)
   at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:339)
   at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1176)
   … 37 more
Caused by: java.net.UnknownHostException: MyDomain.on.someD.ca.ad
   at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:178)
   at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:157)
   at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:391)
   at java.net.Socket.connect(Socket.java:579)
   at java.net.Socket.connect(Socket.java:528)
   at java.net.Socket.<init>(Socket.java:425)
   at java.net.Socket.<init>(Socket.java:208)
   at com.sun.jndi.ldap.Connection.createSocket(Connection.java:366)
   at com.sun.jndi.ldap.Connection.<init>(Connection.java:201)
   at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:136)
   at com.sun.jndi.ldap.LdapClientFactory.createPooledConnection(LdapClientFactory.java:64)
   at com.sun.jndi.ldap.pool.Connections.<init>(Connections.java:115)
   at com.sun.jndi.ldap.pool.Pool.getPooledConnection(Pool.java:132)
   at com.sun.jndi.ldap.LdapPoolManager.getLdapClient(LdapPoolManager.java:328)
   at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1592)
   at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2698)
   at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:316)
   at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193)
   at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:152)
   at com.sun.jndi.url.ldap.ldapURLContextFactory.getObjectInstance(ldapURLContextFactory.java:52)
   at javax.naming.spi.NamingManager.getURLObject(NamingManager.java:601)
   at javax.naming.spi.NamingManager.processURL(NamingManager.java:381)
   at javax.naming.spi.NamingManager.processURLAddrs(NamingManager.java:361)
   at javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:333)
   at com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:111)
   … 45 more
10:39:06,191 WARN  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Failed initial synchronize with user registries
org.alfresco.error.AlfrescoRuntimeException: 01060000 User and group import failed
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1188)
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getGroups(LDAPUserRegistry.java:675)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncWithPlugin(ChainingUserRegistrySynchronizer.java:796)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:587)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$7.doWork(ChainingUserRegistrySynchronizer.java:1919)
   at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:529)
   at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.onBootstrap(ChainingUserRegistrySynchronizer.java:1913)
   at org.springframework.extensions.surf.util.AbstractLifecycleBean.onApplicationEvent(AbstractLifecycleBean.java:56)
   at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:97)
   at org.alfresco.repo.management.subsystems.ChildApplicationContextFactory$ChildApplicationContext.publishEvent(ChildApplicationContextFactory.java:513)
   at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:911)
   at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:428)
   at org.alfresco.repo.management.subsystems.ChildApplicationContextFactory$ApplicationContextState.start(ChildApplicationContextFactory.java:714)
   at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.start(AbstractPropertyBackedBean.java:667)
   at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.onApplicationEvent(AbstractPropertyBackedBean.java:473)
   at org.alfresco.repo.management.SafeApplicationEventMulticaster.multicastEventInternal(SafeApplicationEventMulticaster.java:209)
   at org.alfresco.repo.management.SafeApplicationEventMulticaster.multicastEvent(SafeApplicationEventMulticaster.java:180)
   at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:303)
   at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:911)
   at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:428)
   at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:276)
   at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:197)
   at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:47)
   at org.alfresco.web.app.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:63)
   at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4791)
   at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5285)
   at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
   at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:901)
   at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:877)
   at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:618)
   at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:963)
   at org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1600)
   at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
   at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
   at java.util.concurrent.FutureTask.run(FutureTask.java:166)
   at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
   at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
   at java.lang.Thread.run(Thread.java:722)
Caused by: javax.naming.CommunicationException: MyDomain.on.someD.ca.ad:389 [Root exception is java.net.UnknownHostException: MyDomain.on.someD.ca.ad]
   at com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:92)
   at com.sun.jndi.ldap.LdapReferralException.getReferralContext(LdapReferralException.java:150)
   at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1861)
   at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1772)
   at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:386)
   at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:356)
   at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:339)
   at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
   at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1176)
   … 37 more
Caused by: java.net.UnknownHostException: MyDomain.on.someD.ca.ad
   at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:178)
   at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:157)
   at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:391)
   at java.net.Socket.connect(Socket.java:579)
   at java.net.Socket.connect(Socket.java:528)
   at java.net.Socket.<init>(Socket.java:425)
   at java.net.Socket.<init>(Socket.java:208)
   at com.sun.jndi.ldap.Connection.createSocket(Connection.java:366)
   at com.sun.jndi.ldap.Connection.<init>(Connection.java:201)
   at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:136)
   at com.sun.jndi.ldap.LdapClientFactory.createPooledConnection(LdapClientFactory.java:64)
   at com.sun.jndi.ldap.pool.Connections.<init>(Connections.java:115)
   at com.sun.jndi.ldap.pool.Pool.getPooledConnection(Pool.java:132)
   at com.sun.jndi.ldap.LdapPoolManager.getLdapClient(LdapPoolManager.java:328)
   at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1592)
   at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2698)
   at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:316)
   at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193)
   at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:152)
   at com.sun.jndi.url.ldap.ldapURLContextFactory.getObjectInstance(ldapURLContextFactory.java:52)
   at javax.naming.spi.NamingManager.getURLObject(NamingManager.java:601)
   at javax.naming.spi.NamingManager.processURL(NamingManager.java:381)
   at javax.naming.spi.NamingManager.processURLAddrs(NamingManager.java:361)
   at javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:333)
   at com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:111)
   … 45 more
10:39:06,207 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'Synchronization' subsystem, ID: [Synchronization, default] complete
10:39:06,332 INFO  [org.alfresco.service.descriptor.DescriptorService] Alfresco JVM - v1.7.0_07-b10; maximum heap size 682.688MB
10:39:06,332 INFO  [org.alfresco.service.descriptor.DescriptorService] Alfresco started (Community). Current version: 4.2.0 (4576) schema 6,022. Originally installed version: 4.2.0 (4576) schema 6,022.
10:39:06,332 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'ActivitiesFeed' subsystem, ID: [ActivitiesFeed, default]
10:39:06,441 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'ActivitiesFeed' subsystem, ID: [ActivitiesFeed, default] complete
10:39:06,441 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'Replication' subsystem, ID: [Replication, default]
10:39:06,457 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'Replication' subsystem, ID: [Replication, default] complete
10:39:11,879 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'googledocs' subsystem, ID: [googledocs, v2]
10:39:12,004 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'googledocs' subsystem, ID: [googledocs, v2] complete
10:39:12,113 INFO  [org.alfresco.module.vti.VtiServer] Vti server started successfully on port: 7070
10:39:12,113 INFO  [org.alfresco.module.vti.VtiServer] Vti server SessionIdManagerWorkerName: jetty1
10:39:21,957 INFO  [org.springframework.extensions.webscripts.DeclarativeRegistry] Registered 486 Web Scripts (+0 failed), 766 URLs
10:39:21,957 INFO  [org.springframework.extensions.webscripts.DeclarativeRegistry] Registered 2 Package Description Documents (+0 failed) 
10:39:21,957 INFO  [org.springframework.extensions.webscripts.DeclarativeRegistry] Registered 1 Schema Description Documents (+0 failed) 
10:39:21,957 INFO  [org.springframework.extensions.webscripts.AbstractRuntimeContainer] Initialised Repository Web Script Container (in 9805.567ms)
10:39:22,004 INFO  [org.springframework.extensions.webscripts.TemplateProcessorRegistry] Registered template processor freemarker for extension ftl
10:39:22,004 INFO  [org.springframework.extensions.webscripts.ScriptProcessorRegistry] Registered script processor javascript for extension js
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

3 things stick out to me:

this line:

org.alfresco.error.AlfrescoRuntimeException: 01060000 User and group import failed‍

this one:

Caused by: javax.naming.CommunicationException: MyDomain.on.SomeDomainName.ca.ad:389 [Root exception is java.net.UnknownHostException: MyDomain.on.someD.ca.ad]‍

and this one:

Caused by: java.net.UnknownHostException: MyDomain.on.someD.ca.ad‍

It seems whatever I put for:

ldap.synchronization.groupSearchBase=cn\=People,dc\=MyDomain,dc\=on,dc\=someD,dc\=ca,dc\=ad‍

is being converted/changed to a URL:

MyDomain.on.SomeDomainName.ca.ad:389‍

I've tried tweaking that line to make it more simple (dc\=MyDomain,dc\=on), however I get the same results. It simply converts whatever I have as a groupSearchBase to a URL.

jgionet76 · ‎02-11-2013

well after spending several hours on this.. I finally got it working thanks to various posts on these forums and other sites..

one main issue for me was my

cn\=People‍

had to be set to

ou\=People‍

my

ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp‍

line had to have this value:

whenChanged‍

I may have tweaked some other values.. I just don't recall them all.. I will post my full config file once I get some other syncing issues resolved..

thanks