Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Admin user? after ldap config

cgherardi
Champ in-the-making
Champ in-the-making

‎09-17-2009 02:40 AM

Hi all,

I'm very new to Alfresco and trying to get it up and running for evaluation purposes, primarily for document management.

This should be really simple - what should I see when i'm logged in as an administrator?

1) admin/admin no longer works after configuring ldap, not to concerned provided I can enable admin privs on my own account
2) 

authentication.chain=alfrescoNtlm1:alfrescoNtlm,passthru1:passthru,ldap1:ldap-ad
passthru.authentication.defaultAdministratorUserNames=administrator,carl gherardi

A lot of the configuration appears to be done at the back end, so exactly what would I see as a site admin if things were working?

Thanks

Carl G
Labels:
0 Kudos
10 REPLIES 10

dward
Champ on-the-rise
Champ on-the-rise

‎09-17-2009 05:15 AM

If you are logged in as an administrator, you'll see the "Admin Console" icon above the title bar near the right hand side, and from there you'll be able to manage system users and groups.

Once you are in as an administrator, you can make other users administrators by adding them to the ALFRESCO_ADMINISTRATORS group.
0 Kudos

cgherardi
Champ in-the-making
Champ in-the-making

‎09-18-2009 12:25 AM

Ok, I dont appear to be an administrator, or at least the default admin names dont appear to have worked.

Any mysql magic hints to add me as an admin? I cant see a users or groups table in the database, but i'm sure i'm missing something.

Carl G
0 Kudos

dward
Champ on-the-rise
Champ on-the-rise

‎09-18-2009 05:06 AM

Believe me it works for everyone else.

Is "carl gherardi" really the name you log in as? Make sure it matches exactly in the configuration
0 Kudos

cgherardi
Champ in-the-making
Champ in-the-making

‎09-21-2009 12:54 AM

Believe me it works for everyone else.

Is "carl gherardi" really the name you log in as? Make sure it matches exactly in the configuration

Yes - positive.

So far i've tried:

passthru.authentication.defaultAdministratorUserNames=administrator,carl gherardi
passthru.authentication.defaultAdministratorUserNames=administrator,carl gherardi@domain
passthru.authentication.defaultAdministratorUserNames=administrator,carl\ gherardi
passthru.authentication.defaultAdministratorUserNames=administrator,carl\ gherardi@domain

Then thought it might be that i'm being authenticated by some other part of the auth chain, so I removed the default ntlm chain leaving me with:
authentication.chain=passthru1Smiley Tongueassthru,ldap1:ldap-ad

And went through the same sequence above:

ldap.authentication.defaultAdministratorUserNames=carl gherardi
ldap.authentication.defaultAdministratorUserNames=carl gherardi@domain
ldap.authentication.defaultAdministratorUserNames=carl\ gherardi
ldap.authentication.defaultAdministratorUserNames=carl\ gherardi

All with no luck so far.

I'm now thinking that perhaps we aren't re-writing cookies when I log in.
0 Kudos

dward
Champ on-the-rise
Champ on-the-rise

‎09-21-2009 04:42 AM

You have to use the exact ID that you type into the login box. Or if you're using NTLM, it would be the Windows account ID.
0 Kudos

cgherardi
Champ in-the-making
Champ in-the-making

‎09-22-2009 03:55 AM

You have to use the exact ID that you type into the login box. Or if you're using NTLM, it would be the Windows account ID.

I'm def using the exact login id, though the browser appears to be caching details. (Note: server and client are same machine - Ubuntu 904)

I'm attempting to login against a 2k3 domain

Auth chain currently looks like:
authentication.chain=passthru1Smiley Tongueassthru,ldap1:ldap-ad

I nuked the install and started again, and watched the ldap sync happen successfully so I'm pretty sure the auth details are all correct.

I have both:
passthru.authentication.defaultAdministratorUserNames=carl gherardi
ldap.authentication.defaultAdministratorUserNames=carl gherardi

In alfresco-global.properties (where i've been configuring everything)

I had no errors on initial login as myself, but after restarting tomcat and visiting the default page (no login prompt appeared) I received:

ERROR [org.alfresco.web.app.servlet.NTLMAuthenticationFilter] Failed to validate user Carl Gherardi
org.alfresco.repo.security.authentication.AuthenticationException: 08220004 Unable to validate ticket
        at org.alfresco.repo.security.authentication.AbstractChainingAuthenticationService.validate(AbstractChainingAuthenticationService.java:309)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

Any help appreciated - can provide any info you need to help.

Thanks

Carl G
0 Kudos

dward
Champ on-the-rise
Champ on-the-rise

‎09-23-2009 03:48 AM

The sync side working does not guarantee that the authentication side is configured correctly.

So you're using NTLM? In that case the admin user name will be your NT user ID and I hope LDAP sync has been configured with the sAMAccountName as the user ID attribute (this is the default for ldap-ad).
Looks like you have some old, invalid session cookies.

Please clear all your cookies, close all your browser instances and restart your browser (this is only sometimes necessary after reconfiguration of authentication).
0 Kudos

dward
Champ on-the-rise
Champ on-the-rise

‎09-23-2009 03:49 AM

I note also that your user ID is "Carl Gherardi".

So please set

passthru.authentication.defaultAdministratorUserNames=Carl Gherardi
0 Kudos

cgherardi
Champ in-the-making
Champ in-the-making

‎09-23-2009 11:33 PM

I note also that your user ID is "Carl Gherardi".

So please set

passthru.authentication.defaultAdministratorUserNames=Carl Gherardi

Gah! case sensitive.

FWIW, I was typing the password in as lower case, but the user object in AD is 'correctly' capitalised.

Does this qualify as a minor bug I should log?
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC