Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

AD Passthru Authentication - 3.4

wtrippler
Champ in-the-making
Champ in-the-making

‎10-27-2010 02:24 PM

I have installed version 3.4 and cannot get the AD authentication/passthru to work properly.

I continually receive the following error when launching Alfresco Explorer

net.sf.acegisecurity.AuthenticationServiceException: Failed to open passthru auth session
at org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl.authenticatePassthru(NTLMAuthenticationComponentImpl.java:783)
at org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl.authenticate(NTLMAuthenticationComponentImpl.java:554)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:107)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
at $Proxy227.authenticate(Unknown Source)
at org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter.processType1(BaseNTLMAuthenticationFilter.java:372)
at org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter.authenticateRequest(BaseNTLMAuthenticationFilter.java:278)
at org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter.doFilter(BaseSSOAuthenticationFilter.java:132)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:103)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
at $Proxy240.doFilter(Unknown Source)
at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:82)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:859)
at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:579)
at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1555)
at java.lang.Thread.run(Thread.java:619)
Labels:
0 Kudos
23 REPLIES 23

angra
Champ in-the-making
Champ in-the-making

‎11-19-2010 01:24 PM 

ldap.authentication.active=false
ldap.synchronization.active=true
ldap.authentication.java.naming.provider.url=ldap://REC-SAD02:389
ldap.synchronization.java.naming.security.principal=administrador,dc\=ebba
ldap.synchronization.java.naming.security.credentials=xxxx
ldap.synchronization.groupSearchBase=OU\=MyBusiness,DC\=ebba,DC\=local
ldap.synchronization.userSearchBase=OU\=Users,DC\=ebba,DC\=local


This is the code Im having problems with.

Im still getting that freaking error. Almost a week with that and im without clues.
0 Kudos

angra
Champ in-the-making
Champ in-the-making

‎11-19-2010 01:48 PM

Ok, i got it working now.

ldap.synchronization.java.naming.security.principal=administrador@EBBA

this line was the problem. Notice the @EBBA (EBBA = my Domain).

Now i have my Groups and users sync working. I hope this help others users who are trying to get it working too.
0 Kudos

buster
Champ in-the-making
Champ in-the-making

‎11-23-2010 12:00 PM

First of all, many thanks to imad77, aman, baltun, and AnGrA for your posts. This is the only thread that has gotten me close to successfully implementing the synchronization for ldap-ad. My passthru works fine; however the AD sync is showing the same error in Alfresco log as you guys got. Help would be much appreciated!

My domain is stonecompanies.com however when we login to the domain from XP machines, the login prompt shows "Logging into the STONE domain as user…" STONE works for passthru like a charm but I am having problems with AD syncing: "AuthenticationException: 10230000 LDAP authentication failed."

This is a windows server 2003 machine with Alfresco 3.4b.

Here is the relevant portion of my alfresco global properties file:

authentication.chain=passthru1Smiley Tongueassthru,alfrescoNtlm1:alfrescoNtlm,ldap1:ldap-ad
.
.
passthru.authentication.domain=STONE
passthru.authentication.servers=STONE\\10.1.1.2
passthru.authentication.defaultAdministratorUserNames=administrator, mylogin
.
.
synchronization.authCreatePeopleOnLogin=false
ldap.authentication.active=false
ldap.synchronization.active=true
ldap.authentication.java.naming.provider.url=ldap://stone2.stonecompanies.com:389
ldap.synchronization.java.naming.security.principle=administrator@stonecompanies
ldap.synchronization.java.naming.security.credentials=******
ldap.synchronization.groupSearchBase=OU\=Groups,DC\=stonecompanies,DC\=com
ldap.synchronization.userSearchBase=OU\=Users,DC\=stonecompanies,DC\=com

Any ideas?

BTW 10.1.1.2 and stone2.stonecompanies.com are the same machine.
0 Kudos

buster
Champ in-the-making
Champ in-the-making

‎11-30-2010 03:50 PM

Abishur,

Did your configuration work? Can you see your AD users in Alfresco using the People search?
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC