Hi,
Been trawling through various blogs, forum entries and the Alfresco wiki for the past few days and think I understand how the Alfresco LDAP sync works. I have the system working fine logging users on through AD rather than using the local ntml accounts. So this will stop using AD as a ondemand per user logon request and use a LDAP usergroup sync / export using an LDAP query and registry export.
The working config to get Alfresco working with LDAP i used the following changes in global config file.
### Authentication###
authentication.chain=ldap1:ldap,alfrescoNtlm1:alfrescoNtlm
ldap.authentication.active=true
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.userNameFormat=%s@mydomain.uk
ldap.authentication.allowGuestLogin=false
ldap.authentication.java.naming.provider.url=ldap://myadserver:389
###ldap.authentication.defaultAdministratorUserNames=sewellb
ldap.synchronization.active=false
With this setup I can login with the local admin account or with any user in our AD server. They have no rights until the Alfresco administrator grants the relevant rights.
Now I want to switch to AD groups and import users who are based in the "All IT Department" so after looking at a few articles including:
http://wiki.alfresco.com/wiki/The_Synchronization_Subsystem
http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems
http://forums.alfresco.com/en/viewtopic.php?f=6&t=20360
http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems#Sample_Data
http://wiki.alfresco.com/wiki/The_Synchronization_Subsystem#Triggering_a_full_ldap_sync
http://forums.alfresco.com/en/viewtopic.php?t=14737
http://forums.alfresco.com/en/viewtopic.php?f=9&t=38188
http://forums.alfresco.com/en/viewtopic.php?f=9&t=27340
So i need to switch the way that Alfresco logs in to using LDAP sync rather than lookup on demand so this can be done by changing the following:
dap.authentication.active=false
ldap.synchronization.active=true
So can this be changed on the global config file or in the relevant ldap authentication / ldap sync subsystem folder config files.
I’m a bit confused as there is conflicting information to how to do this with variations of versions and OS.
In one article (Alfresco 3 Enterprise Content Management Implementation Book) it says to copy the ldap-synchronisation-context.xml.sample and rename to ldap-synchronisation-context.xml but I cant find this file anywhere on my centos box. Lots of ldap files like common-ldap-context.xml and ldap-ad-authenication.properties kind of files but can’t find this specific file so this option is a no go.
The next option is from the another strange me article (http://www.anotherstrangerme.com/alfresco-3-3g-integration-with-active-directory-and-google-docs/) which is aimed at a Windows installation and involves changing the global properties file to swap the chaining line order to passthru, ldap, alfrescoNtlm which was done. Then creating a passthru file with the following data in:
passthru.authentication.useLocalServer=false
passthru.authentication.domain=domaina.a.com
# (domain specific property): NetBIOS name of your domain and
# domain controller’s IP address, add more separated by commas
passthru.authentication.servers=domaina@a.com\\192.168.0.1,192.168.0.1
ntlm.authentication.sso.enabled=true
alfresco.authentication.allowGuestLogin=false
ntlm.authentication.mapUnknownUserToGuest=false
passthru.authentication.authenticateCIFS=true
passthru.authentication.authenticateFTP=false
passthru.authentication.guestAccess=false
# (domain specific property): list of usernames from AD
# that are to be Alfresco administrators
passthru.authentication.defaultAdministratorUserNames=sewellb@domaina.com,sewellb
I think this guidance might be wrong and the following required.
passthru.authentication.domain=domaina.a.com
passthru.authentication.servers=192.168.0.1,192.168.0.1
Next the guide reccomends editing the web.xml file which I have found in the
/opt/alfresco-3.4.d/tomcat/webapps/share/webinf directory and then put the following into the file:
Then copy and rename the share-config-custom.xml.sample file to share-config-custom.xml and save this in the /opt/alfresco-3.4.d/tomcat/shared/classes/alfresco/web-extension and add the following into the file.
<!–
NTLM authentication config for Share
NOTE: you will also need to enable the NTLM authentication filter in Share web.xml
change localhost:8080 below to appropriate alfresco server location if required
–>
<config evaluator="string-compare" condition="Remote">
<remote>
<connector>
<id>alfrescoCookie</id>
<name>Alfresco Connector</name>
<description>Connects to an Alfresco instance using cookie-based authentication</description>
<class>org.springframework.extensions.webscripts.connector.AlfrescoConnector</class>
</connector>
<endpoint>
<id>alfresco</id>
<name>Alfresco – user access</name>
<description>Access to Alfresco Repository WebScripts that require user authentication</description>
<connector-id>alfrescoCookie</connector-id>
<endpoint-url>http://localhost:8080/alfresco/wcs</endpoint-url>
<identity>user</identity>
<external-auth>true</external-auth>
</endpoint>
</remote>
</config>
This was already in the file so wasn’t required to edit.
Next to edit a file in the subsystems folder ldap-ad\ldap-ad1\changes.properties.
I didn’t have this file so created one and added it to the (/opt/alfresco-3.4.d/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/ldap-ad) the following into it. In the guide it uses the AD group called Alfresco Groups so I did a find and replace and replaced the entries with “All IT Department” so the queries should run on this user group. I also changed the last flag to state to false to get all data.
With these changes in place when the Alfresco services restart I am prompted for a username and password before the alfresco and share pages load with the login screens and or randomly gets an apache error. This appears like it is using cookie based authentication as per the another stranger me guide.
So I swapped the chaining order and tried again.
This time the /alfresco webapp worked fine but couldn’t login to /share.
Anyone have a definitive easy how to get the LDAP sync working. Seems to be a tricky config for lots of people.
I have tried all sorts but am getting very confused with it all.
A few of the error files revealed:
The catalina out has a massive error log so will sift through it and post any relevant errors. When i get this working i'm going to write a simple how to do it guide and post it onto this forum as this is very tricky.
Any advice would be really appreciated.
All the best, Ben
Been trawling through various blogs, forum entries and the Alfresco wiki for the past few days and think I understand how the Alfresco LDAP sync works. I have the system working fine logging users on through AD rather than using the local ntml accounts. So this will stop using AD as a ondemand per user logon request and use a LDAP usergroup sync / export using an LDAP query and registry export.
The working config to get Alfresco working with LDAP i used the following changes in global config file.
### Authentication###
authentication.chain=ldap1:ldap,alfrescoNtlm1:alfrescoNtlm
ldap.authentication.active=true
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.userNameFormat=%s@mydomain.uk
ldap.authentication.allowGuestLogin=false
ldap.authentication.java.naming.provider.url=ldap://myadserver:389
###ldap.authentication.defaultAdministratorUserNames=sewellb
ldap.synchronization.active=false
With this setup I can login with the local admin account or with any user in our AD server. They have no rights until the Alfresco administrator grants the relevant rights.
Now I want to switch to AD groups and import users who are based in the "All IT Department" so after looking at a few articles including:
http://wiki.alfresco.com/wiki/The_Synchronization_Subsystem
http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems
http://forums.alfresco.com/en/viewtopic.php?f=6&t=20360
http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems#Sample_Data
http://wiki.alfresco.com/wiki/The_Synchronization_Subsystem#Triggering_a_full_ldap_sync
http://forums.alfresco.com/en/viewtopic.php?t=14737
http://forums.alfresco.com/en/viewtopic.php?f=9&t=38188
http://forums.alfresco.com/en/viewtopic.php?f=9&t=27340
So i need to switch the way that Alfresco logs in to using LDAP sync rather than lookup on demand so this can be done by changing the following:
dap.authentication.active=false
ldap.synchronization.active=true
So can this be changed on the global config file or in the relevant ldap authentication / ldap sync subsystem folder config files.
I’m a bit confused as there is conflicting information to how to do this with variations of versions and OS.
In one article (Alfresco 3 Enterprise Content Management Implementation Book) it says to copy the ldap-synchronisation-context.xml.sample and rename to ldap-synchronisation-context.xml but I cant find this file anywhere on my centos box. Lots of ldap files like common-ldap-context.xml and ldap-ad-authenication.properties kind of files but can’t find this specific file so this option is a no go.
The next option is from the another strange me article (http://www.anotherstrangerme.com/alfresco-3-3g-integration-with-active-directory-and-google-docs/) which is aimed at a Windows installation and involves changing the global properties file to swap the chaining line order to passthru, ldap, alfrescoNtlm which was done. Then creating a passthru file with the following data in:
passthru.authentication.useLocalServer=false
passthru.authentication.domain=domaina.a.com
# (domain specific property): NetBIOS name of your domain and
# domain controller’s IP address, add more separated by commas
passthru.authentication.servers=domaina@a.com\\192.168.0.1,192.168.0.1
ntlm.authentication.sso.enabled=true
alfresco.authentication.allowGuestLogin=false
ntlm.authentication.mapUnknownUserToGuest=false
passthru.authentication.authenticateCIFS=true
passthru.authentication.authenticateFTP=false
passthru.authentication.guestAccess=false
# (domain specific property): list of usernames from AD
# that are to be Alfresco administrators
passthru.authentication.defaultAdministratorUserNames=sewellb@domaina.com,sewellb
I think this guidance might be wrong and the following required.
passthru.authentication.domain=domaina.a.com
passthru.authentication.servers=192.168.0.1,192.168.0.1
Next the guide reccomends editing the web.xml file which I have found in the
/opt/alfresco-3.4.d/tomcat/webapps/share/webinf directory and then put the following into the file:
<filter>
<filter-name>Authentication Filter</filter-name>
<filter-class>org.alfresco.web.site.servlet.NTLMAuthenticationFilter</filter-class>
<init-param>
<param-name>endpoint</param-name>
<param-value>alfresco</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>Authentication Filter</filter-name>
<url-pattern>/s/*</url-pattern>
</filter-mapping>
Then copy and rename the share-config-custom.xml.sample file to share-config-custom.xml and save this in the /opt/alfresco-3.4.d/tomcat/shared/classes/alfresco/web-extension and add the following into the file.
<!–
NTLM authentication config for Share
NOTE: you will also need to enable the NTLM authentication filter in Share web.xml
change localhost:8080 below to appropriate alfresco server location if required
–>
<config evaluator="string-compare" condition="Remote">
<remote>
<connector>
<id>alfrescoCookie</id>
<name>Alfresco Connector</name>
<description>Connects to an Alfresco instance using cookie-based authentication</description>
<class>org.springframework.extensions.webscripts.connector.AlfrescoConnector</class>
</connector>
<endpoint>
<id>alfresco</id>
<name>Alfresco – user access</name>
<description>Access to Alfresco Repository WebScripts that require user authentication</description>
<connector-id>alfrescoCookie</connector-id>
<endpoint-url>http://localhost:8080/alfresco/wcs</endpoint-url>
<identity>user</identity>
<external-auth>true</external-auth>
</endpoint>
</remote>
</config>
This was already in the file so wasn’t required to edit.
Next to edit a file in the subsystems folder ldap-ad\ldap-ad1\changes.properties.
I didn’t have this file so created one and added it to the (/opt/alfresco-3.4.d/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/ldap-ad) the following into it. In the guide it uses the AD group called Alfresco Groups so I did a find and replace and replaced the entries with “All IT Department” so the queries should run on this user group. I also changed the last flag to state to false to get all data.
Synchronization.synchronizechangesOnly=false
#
# LDAP Sync
#
# This flag enables use of this LDAP subsystem for authentication. It may be
# that this subsytem should only be used for synchronization, in which case
# this flag should be set to false.
ldap.authentication.active=false
ldap.authentication.java.naming.security.authentication=simple
# This flag enables use of this LDAP subsystem for user and group
# synchronization. It may be that this subsystem should only be used for
# authentication, in which case this flag should be set to false.
ldap.synchronization.active=true
[b] ldap.authentication.userNameFormat=%s@mydomain.com[/b]
ldap.authentication.allowGuestLogin=true
# (domain specific property)
ldap.authentication.java.naming.provider.url=ldap:// ad1.mydomain.com:389
# The default principal to bind with (only used for LDAP sync). This should be a UPN or DN
# (domain specific property)
[b] ldap.synchronization.java.naming.security.principal=sewellb@mydomain.com
[/b]
# The password for the default principal (only used for LDAP sync)
# (domain specific property)
[b] ldap.synchronization.java.naming.security.credentials=******[/b]
# If positive, this property indicates that RFC 2696 paged results should be
# used to split query results into batches of the specified size. This
# overcomes any size limits imposed by the LDAP server.
ldap.synchronization.queryBatchSize=1000
# The query to select all objects that represent the groups to import.
# (domain specific property)
ldap.synchronization.groupQuery=(&(objectclass\=group)(memberOf\=cn\=[b]All IT Department[/b],ou\=user,dc\=domain,dc\=local))
# The query to select objects that represent the groups to import that have changed since a certain time.
# (domain specific property)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(memberOf\=cn\=[b]All IT Department[/b],ou\=user,dc\=domain,dc\=local)(!(modifyTimestamp<\={0})))
# The query to select all objects that represent the users to import.
# (domain specific property)
ldap.synchronization.personQuery=(&(objectclass\=user)(|(memberOf\=CN\=Developers,OU\=user,DC\=domain,DC\=local)(memberOf\=CN\=Sales,OU\=user,DC\=domain,DC\=local))(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
# The query to select objects that represent the users to import that have changed since a certain time.
# (domain specific property)
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(|(memberOf\=CN\=Developers,OU\=user,DC\=domain,DC\=local)(memberOf\=CN\=Sales,OU\=user,DC\=domain,DC\=local))(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(modifyTimestamp<\={0})))
# The group search base restricts the LDAP group query to a sub section of tree on the LDAP server.
# (domain specific property)
ldap.synchronization.groupSearchBase=dc\=domain,dc\=local
# The user search base restricts the LDAP user query to a sub section of tree on the LDAP server.
# (domain specific property)
ldap.synchronization.userSearchBase=dc\=domain,dc\=local
# The name of the operational attribute recording the last update time for a group or user.
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
# The timestamp format. Unfortunately, this varies between directory servers.
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
# The attribute name on people objects found in LDAP to use as the uid in Alfresco
ldap.synchronization.userIdAttributeName=sAMAccountName
# The attribute on person objects in LDAP to map to the first name property in Alfresco
ldap.synchronization.userFirstNameAttributeName=givenName
# The attribute on person objects in LDAP to map to the last name property in Alfresco
ldap.synchronization.userLastNameAttributeName=sn
# The attribute on person objects in LDAP to map to the email property in Alfresco
ldap.synchronization.userEmailAttributeName=mail
# The attribute on person objects in LDAP to map to the organizational id property in Alfresco
ldap.synchronization.userOrganizationalIdAttributeName=company
# The default home folder provider to use for people created via LDAP import
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
# The attribute on LDAP group objects to map to the gid property in Alfrecso
ldap.synchronization.groupIdAttributeName=cn
# The group type in LDAP
ldap.synchronization.groupType=group
# The person type in LDAP
ldap.synchronization.personType=user
# The attribute in LDAP on group objects that defines the DN for its members
ldap.synchronization.groupMemberAttributeName=member
synchronization.synchronizeChangesOnly=true
With these changes in place when the Alfresco services restart I am prompted for a username and password before the alfresco and share pages load with the login screens and or randomly gets an apache error. This appears like it is using cookie based authentication as per the another stranger me guide.
So I swapped the chaining order and tried again.
This time the /alfresco webapp worked fine but couldn’t login to /share.
Anyone have a definitive easy how to get the LDAP sync working. Seems to be a tricky config for lots of people.
I have tried all sorts but am getting very confused with it all.
A few of the error files revealed:
[quote]
May 6, 2011 4:56:02 PM org.apache.catalina.loader.WebappClassLoader clearThreadLocalMap
SEVERE: A web application created a ThreadLocal with key of type [java.lang.ThreadLocal] (value [java.lang.ThreadLocal@19dcef1a]) and a value of type [null] (value [org.alfresco.repo.web.scripts.RepositoryImageResolver$1@3e629192]) but failed to remove it when the web application was stopped. To prevent a memory leak, the ThreadLocal has been forcibly removed.
May 6, 2011 4:56:02 PM org.apache.catalina.loader.WebappClassLoader clearThreadLocalMap
SEVERE: A web application created a ThreadLocal with key of type [java.lang.ThreadLocal] (value [java.lang.ThreadLocal@77d5a139]) and a value of type [null] (value [org.alfresco.repo.web.scripts.RepositoryImageResolver$1@3e629192]) but failed to remove it when the web application was stopped. To prevent a memory leak, the ThreadLocal has been forcibly removed.
May 6, 2011 4:56:02 PM org.apache.catalina.loader.WebappClassLoader clearThreadLocalMap
SEVERE: A web application created a ThreadLocal with key of type [java.lang.ThreadLocal] (value [java.lang.ThreadLocal@6a4be2a5]) and a value of type [null] (value [org.alfresco.repo.web.scripts.RepositoryImageResolver$1@3e629192]) but failed to remove it when the web application was stopped. To prevent a memory leak, the ThreadLocal has been forcibly removed.
May 6, 2011 4:56:02 PM org.apache.catalina.loader.WebappClassLoader clearThreadLocalMap
SEVERE: A web application created a ThreadLocal with key of type [java.lang.ThreadLocal] (value [java.lang.ThreadLocal@1c0cf528]) and a value of type [null] (value [org.alfresco.repo.web.scripts.RepositoryImageResolver$1@3e629192]) but failed to remove it when the web application was stopped. To prevent a memory leak, the ThreadLocal has been forcibly removed.
May 6, 2011 4:56:02 PM org.apache.catalina.loader.WebappClassLoader clearThreadLocalMap
SEVERE: A web application created a ThreadLocal with key of type [java.lang.ThreadLocal] (value [java.lang.ThreadLocal@16b3237b]) and a value of type [null] (value [org.alfresco.repo.web.scripts.RepositoryImageResolver$1@3e629192]) but failed to remove it when the web application was stopped. To prevent a memory leak, the ThreadLocal has been forcibly removed.
May 6, 2011 4:56:02 PM org.apache.catalina.loader.WebappClassLoader clearThreadLocalMap
SEVERE: A web application created a ThreadLocal with key of type [java.lang.ThreadLocal] (value [java.lang.ThreadLocal@4ade6be1]) and a value of type [null] (value [org.alfresco.repo.web.scripts.RepositoryImageResolver$1@3e629192]) but failed to remove it when the web application was stopped. To prevent a memory leak, the ThreadLocal has been forcibly removed.
May 6, 2011 4:56:02 PM org.apache.catalina.loader.WebappClassLoader clearThreadLocalMap
SEVERE: A web application created a ThreadLocal with key of type [java.lang.ThreadLocal] (value [java.lang.ThreadLocal@507ca72d]) and a value of type [null] (value [org.alfresco.repo.web.scripts.RepositoryImageResolver$1@3e629192]) but failed to remove it when the web application was stopped. To prevent a memory leak, the ThreadLocal has been forcibly removed.
May 6, 2011 4:56:02 PM org.apache.catalina.loader.WebappClassLoader clearThreadLocalMap
SEVERE: A web application created a ThreadLocal with key of type [java.lang.ThreadLocal] (value [java.lang.ThreadLocal@411f712f]) and a value of type [com.ibatis.sqlmap.engine.mapping.result.ResultObjectFactoryUtil.FactorySettings] (value [com.ibatis.sqlmap.engine.mapping.result.ResultObjectFactoryUtil$FactorySettings@27c3a4a3]) but failed to remove it when the web application was stopped. To prevent a memory leak, the ThreadLocal has been forcibly removed.
May 6, 2011 4:56:02 PM org.apache.catalina.loader.WebappClassLoader clearThreadLocalMap
SEVERE: A web application created a ThreadLocal with key of type [java.lang.ThreadLocal] (value [java.lang.ThreadLocal@4a2ead0a]) and a value of type [null] (value [org.alfresco.repo.web.scripts.RepositoryImageResolver$1@3e629192]) but failed to remove it when the web application was stopped. To prevent a memory leak, the ThreadLocal has been forcibly removed.
May 6, 2011 4:56:02 PM org.apache.catalina.loader.WebappClassLoader clearThreadLocalMap
SEVERE: A web application created a ThreadLocal with key of type [java.lang.ThreadLocal] (value [java.lang.ThreadLocal@6806da29]) and a value of type [null] (value [org.alfresco.repo.web.scripts.RepositoryImageResolver$1@3e629192]) but failed to remove it when the web application was stopped. To prevent a memory leak, the ThreadLocal has been forcibly removed.
May 6, 2011 4:56:02 PM org.apache.catalina.loader.WebappClassLoader clearThreadLocalMap
SEVERE: A web application created a ThreadLocal with key of type [java.lang.ThreadLocal] (value [java.lang.ThreadLocal@1d6dddba]) and a value of type [org.mozilla.javascript.NativeObject] (value [[object Object]]) but failed to remove it when the web application was stopped. To prevent a memory leak, the ThreadLocal has been forcibly removed.
May 6, 2011 4:56:02 PM org.apache.catalina.loader.WebappClassLoader clearThreadLocalMap
SEVERE: A web application created a ThreadLocal with key of type [org.alfresco.repo.security.authentication.AuthenticationUtil.ThreadLocalStack] (value [org.alfresco.repo.security.authentication.AuthenticationUtil$ThreadLocalStack@2436fe1]) and a value of type [java.util.Stack] (value [[]]) but failed to remove it when the web application was stopped. To prevent a memory leak, the ThreadLocal has been forcibly removed.
May 6, 2011 4:56:02 PM org.apache.catalina.loader.WebappClassLoader clearThreadLocalMap
SEVERE: A web application created a ThreadLocal with key of type [java.lang.ThreadLocal] (value [java.lang.ThreadLocal@19dcef1a]) and a value of type [null] (value [org.alfresco.repo.web.scripts.RepositoryImageResolver$1@3e629192]) but failed to remove it when the web application was stopped. To prevent a memory leak, the ThreadLocal has been forcibly removed.
May 6, 2011 4:56:02 PM org.apache.catalina.loader.WebappClassLoader clearThreadLocalMap
SEVERE: A web application created a ThreadLocal with key of type [java.lang.ThreadLocal] (value [java.lang.ThreadLocal@77d5a139]) and a value of type [null] (value [org.alfresco.repo.web.scripts.RepositoryImageResolver$1@3e629192]) but failed to remove it when the web application was stopped. To prevent a memory leak, the ThreadLocal has been forcibly removed.
May 6, 2011 4:56:02 PM org.apache.catalina.loader.WebappClassLoader clearThreadLocalMap
SEVERE: A web application created a ThreadLocal with key of type [java.lang.ThreadLocal] (value [java.lang.ThreadLocal@6a4be2a5]) and a value of type [null] (value [org.alfresco.repo.web.scripts.RepositoryImageResolver$1@3e629192]) but failed to remove it when the web application was stopped. To prevent a memory leak, the ThreadLocal has been forcibly removed.
May 6, 2011 4:56:02 PM org.apache.catalina.loader.WebappClassLoader clearThreadLocalMap
SEVERE: A web application created a ThreadLocal with key of type [java.lang.ThreadLocal] (value [java.lang.ThreadLocal@1c0cf528]) and a value of type [null] (value [org.alfresco.repo.web.scripts.RepositoryImageResolver$1@3e629192]) but failed to remove it when the web application was stopped. To prevent a memory leak, the ThreadLocal has been forcibly removed.
May 6, 2011 4:56:02 PM org.apache.catalina.loader.WebappClassLoader clearThreadLocalMap
SEVERE: A web application created a ThreadLocal with key of type [java.lang.ThreadLocal] (value [java.lang.ThreadLocal@1604dd0d]) and a value of type [null] (value [org.alfresco.repo.web.scripts.RepositoryImageResolver$1@3e629192]) but failed to remove it when the web application was stopped. To prevent a memory leak, the ThreadLocal has been forcibly removed.
May 6, 2011 4:56:02 PM org.apache.catalina.loader.WebappClassLoader clearThreadLocalMap
SEVERE: A web application created a ThreadLocal with key of type [org.alfresco.repo.security.authentication.AuthenticationUtil.ThreadLocalStack] (value [org.alfresco.repo.security.authentication.AuthenticationUtil$ThreadLocalStack@34552d9b]) and a value of type [java.util.Stack] (value [[]]) but failed to remove it when the web application was stopped. To prevent a memory leak, the ThreadLocal has been forcibly removed.
May 6, 2011 4:56:02 PM org.apache.catalina.loader.WebappClassLoader clearThreadLocalMap
SEVERE: A web application created a ThreadLocal with key of type [java.lang.ThreadLocal] (value [java.lang.ThreadLocal@4ade6be1]) and a value of type [null] (value [org.alfresco.repo.web.scripts.RepositoryImageResolver$1@3e629192]) but failed to remove it when the web application was stopped. To prevent a memory leak, the ThreadLocal has been forcibly removed.
May 6, 2011 4:56:02 PM org.apache.catalina.loader.WebappClassLoader clearThreadLocalMap
SEVERE: A web application created a ThreadLocal with key of type [java.lang.ThreadLocal] (value [java.lang.ThreadLocal@507ca72d]) and a value of type [null] (value [org.alfresco.repo.web.scripts.RepositoryImageResolver$1@3e629192]) but failed to remove it when the web application was stopped. To prevent a memory leak, the ThreadLocal has been forcibly removed.
May 6, 2011 4:56:23 PM org.apache.catalina.core.AprLifecycleListener init
INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /opt/alfresco-3.4.d/java/jre/lib/amd64/server:/opt/alfresco-3.4.d/java/jre/lib/amd64:/opt/alfresco-3.4.d/java/jre/../lib/amd64:/opt/alfresco-3.4.d/mysql/lib:/opt/alfresco-3.4.d/common/lib::/usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib
May 6, 2011 4:56:23 PM org.apache.coyote.http11.Http11Protocol init
INFO: Initializing Coyote HTTP/1.1 on http-8080
May 6, 2011 4:56:23 PM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 388 ms
May 6, 2011 4:56:23 PM org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
May 6, 2011 4:56:23 PM org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/6.0.26
May 6, 2011 4:56:23 PM org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Deploying configuration descriptor manager.xml
May 6, 2011 4:56:23 PM org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Deploying configuration descriptor host-manager.xml
May 6, 2011 4:56:23 PM org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Deploying configuration descriptor alfresco.xml
May 6, 2011 4:56:24 PM org.apache.catalina.core.StandardContext addApplicationListener
INFO: The listener "org.apache.myfaces.webapp.StartupServletContextListener" is already configured for this context. The duplicate definition has been ignored.
May 6, 2011 4:57:06 PM org.apache.catalina.startup.HostConfig deployWAR
INFO: Deploying web application archive share.war
May 6, 2011 4:57:11 PM org.apache.catalina.core.StandardContext start
SEVERE: Error filterStart
May 6, 2011 4:57:11 PM org.apache.catalina.core.StandardContext start
SEVERE: Context [/share] startup failed due to previous errors
May 6, 2011 4:57:11 PM org.apache.catalina.loader.WebappClassLoader clearThreadLocalMap
SEVERE: A web application created a ThreadLocal with key of type [null] (value [org.springframework.extensions.webscripts.processor.FTLTemplateProcessor$NonBlockingObjectWrapper$1@3ee82600]) and a value of type [freemarker.template.DefaultObjectWrapper] (value [freemarker.template.DefaultObjectWrapper@7b16ea43]) but failed to remove it when the web application was stopped. To prevent a memory leak, the ThreadLocal has been forcibly removed.
May 6, 2011 4:57:11 PM org.apache.catalina.loader.WebappClassLoader clearThreadLocalMap
SEVERE: A web application created a ThreadLocal with key of type [null] (value [org.springframework.extensions.webscripts.processor.FTLTemplateProcessor$NonBlockingObjectWrapper$1@1d6e13d7]) and a value of type [freemarker.template.DefaultObjectWrapper] (value [freemarker.template.DefaultObjectWrapper@25d89759]) but failed to remove it when the web application was stopped. To prevent a memory leak, the ThreadLocal has been forcibly removed.
May 6, 2011 4:57:11 PM org.apache.catalina.loader.WebappClassLoader clearThreadLocalMap
SEVERE: A web application created a ThreadLocal with key of type [null] (value [org.springframework.extensions.webscripts.processor.FTLTemplateProcessor$NonBlockingObjectWrapper$1@2eb86778]) and a value of type [freemarker.template.DefaultObjectWrapper] (value [freemarker.template.DefaultObjectWrapper@4c910f3e]) but failed to remove it when the web application was stopped. To prevent a memory leak, the ThreadLocal has been forcibly removed.
May 6, 2011 4:57:11 PM org.apache.catalina.startup.HostConfig deployWAR
INFO: Deploying web application archive awe.war
May 6, 2011 4:57:13 PM org.apache.catalina.startup.HostConfig deployWAR
INFO: Deploying web application archive wcmqs.war
May 6, 2011 4:57:16 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory ROOT
May 6, 2011 4:57:16 PM org.apache.coyote.http11.Http11Protocol start
INFO: Starting Coyote HTTP/1.1 on http-8080
May 6, 2011 4:57:16 PM org.apache.jk.common.ChannelSocket init
INFO: JK: ajp13 listening on /0.0.0.0:8009
May 6, 2011 4:57:16 PM org.apache.jk.server.JkMain start
INFO: Jk running ID=0 time=0/14 config=null
May 6, 2011 4:57:16 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 52313[/quote]
[quote]May 6, 2011 4:57:11 PM org.apache.catalina.core.ApplicationContext log
INFO: org.tuckey.web.filters.urlrewrite.UrlRewriteFilter INFO: loaded (conf ok)
May 6, 2011 4:57:11 PM org.apache.catalina.core.ApplicationContext log
INFO: org.tuckey.web.filters.urlrewrite.UrlRewriteFilter INFO: destroy called
May 6, 2011 4:57:11 PM org.apache.catalina.core.ApplicationContext log
INFO: Closing Spring root WebApplicationContext
May 6, 2011 4:57:11 PM org.apache.catalina.core.ApplicationContext log
INFO: org.tuckey.web.filters.urlrewrite.UrlRewriteFilter INFO: loaded (conf ok)
May 6, 2011 4:57:11 PM org.apache.catalina.core.ApplicationContext log
INFO: Initializing Spring FrameworkServlet 'Spring Surf Dispatcher Servlet'
May 6, 2011 4:57:13 PM org.apache.catalina.core.ApplicationContext log
INFO: org.tuckey.web.filters.urlrewrite.UrlRewriteFilter INFO: loaded (conf ok)
May 6, 2011 4:57:14 PM org.apache.catalina.core.ApplicationContext log
INFO: Initializing Spring FrameworkServlet 'Spring MVC Dispatcher Servlet'[/quote]The catalina out has a massive error log so will sift through it and post any relevant errors. When i get this working i'm going to write a simple how to do it guide and post it onto this forum as this is very tricky.
Any advice would be really appreciated.
All the best, Ben
My default-synchronization-context.xml file is:
I'm trying my best to crack this by the end of today
I'm trying my best to crack this by the end of today
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<beans>
<!–
Job definition to import people and groups from one or more external user registries in the authentication chain
(e.g. LDAP directory)
–>
<bean id="syncTrigger" class="org.alfresco.util.CronTriggerBean">
<property name="jobDetail">
<bean id="ldapPeopleJobDetail" class="org.springframework.scheduling.quartz.JobDetailBean">
<property name="jobClass">
<value>org.alfresco.repo.security.sync.UserRegistrySynchronizerJob</value>
</property>
<property name="jobDataAsMap">
<map>
<entry key="userRegistrySynchronizer">
<ref bean="userRegistrySynchronizer" />
</entry>
<entry key="synchronizeChangesOnly">
<value>${synchronization.synchronizeChangesOnly}</value>
</entry>
</map>
</property>
</bean>
</property>
<property name="cronExpression">
<value>${synchronization.import.cron}</value>
</property>
<property name="scheduler">
<ref bean="schedulerFactory" />
</property>
</bean>
<!– The chaining user registry synchronizer –>
<bean id="userRegistrySynchronizer" class="org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer">
<property name="syncWhenMissingPeopleLogIn">
<value>${synchronization.syncWhenMissingPeopleLogIn}</value>
</property>
<property name="syncOnStartup">
<value>${synchronization.syncOnStartup}</value>
</property>
<property name="autoCreatePeopleOnLogin">
<value>${synchronization.autoCreatePeopleOnLogin}</value>
</property>
<property name="authorityService">
<ref bean="authorityService" />
</property>
<property name="personService">
<ref bean="personService" />
</property>
<property name="attributeService">
<ref bean="attributeService" />
</property>
<property name="applicationContextManager">
<ref bean="Authentication" />
</property>
<property name="transactionService">
<ref bean="transactionService" />
</property>
<property name="ruleService">
<ref bean="ruleService" />
</property>
<property name="jobLockService">
<ref bean="jobLockService" />
</property>
<property name="sourceBeanName">
<value>userRegistry</value>
</property>
<property name="loggingInterval">
<value>${synchronization.loggingInterval}</value>
</property>
<property name="workerThreads">
<value>${synchronization.workerThreads}</value>
</property>
</bean>
</beans>
