Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Alfresco 1.2.1 Active Directory Authentication

hsantander
Champ in-the-making
Champ in-the-making

‎05-25-2006 12:15 PM

Hi
I'm trying to set up the LDAP authentication procces. I follow the documente at wiki but I didn't get any results. When I set the log level to debug this is one of the messages I got:

18:08:45,183 DEBUG [transaction.interceptor.RuleBasedTransactionAttribute] Applying rules to determine whether transaction should rollback on org.alfresco.repo.security.authentication.AuthenticationException: LDAP authentication failed.

The configuration I use is the same of the authentication document at wiki, except that I don't configure user replication. My LDAP repository is Active Directory.

Any help?

Thanks
Labels:
0 Kudos
10 REPLIES 10

hsantander
Champ in-the-making
Champ in-the-making

‎05-26-2006 05:41 AM

Hi again
Reading the post I reach this http://forums.alfresco.com/viewtopic.php?p=6416#6416. The user of this post seems to have the authentication working, so I create a new authentication-services-contex.xml same as the file in the post, with the modification of Active Directory parameters.
When I try to log in I got this error losg:

11:36:46,724 DEBUG [transaction.support.TransactionSynchronizationManager] Initializing transaction synchronization
11:36:46,724 DEBUG [context.support.XmlWebApplicationContext] Publishing event in context [Root WebApplicationContext]: n et.sf.acegisecurity.intercept.event.PublicInvocationEvent[source=invocation: method 'authenticate', arguments [hsantander , [C@10b841]; target is of class [org.alfresco.repo.security.authentication.AuthenticationServiceImpl]]
11:36:46,740 DEBUG [transaction.interceptor.RuleBasedTransactionAttribute] Applying rules to determine whether transactio n should rollback on org.alfresco.repo.security.authentication.AuthenticationException: LDAP authentication failed.
11:36:46,741 DEBUG [transaction.interceptor.RuleBasedTransactionAttribute] Winning rollback rule is: null
11:36:46,741 DEBUG [transaction.interceptor.RuleBasedTransactionAttribute] No relevant rollback rule found: applying supe rclass default
11:36:46,741 DEBUG [transaction.interceptor.TransactionInterceptor] Invoking rollback for transaction on org.alfresco.ser vice.cmr.security.AuthenticationService.authenticate due to throwable [org.alfresco.repo.security.authentication.Authenti cationException: LDAP authentication failed.]
11:36:46,741 DEBUG [orm.hibernate3.HibernateTransactionManager] Triggering beforeCompletion synchronization
11:36:46,741 DEBUG [orm.hibernate3.HibernateTransactionManager] Initiating transaction rollback
11:36:46,741 DEBUG [orm.hibernate3.HibernateTransactionManager] Rolling back Hibernate transaction on Session [org.hibern ate.impl.SessionImpl@4ef122]
11:36:46,742 DEBUG [orm.hibernate3.HibernateTransactionManager] Triggering afterCompletion synchronization
11:36:46,742 DEBUG [transaction.support.TransactionSynchronizationManager] Clearing transaction synchronization
11:36:46,742 DEBUG [transaction.support.TransactionSynchronizationManager] Removed value [org.springframework.orm.hiberna te3.SessionHolder@1c7378f] for key [org.hibernate.impl.SessionFactoryImpl@18e252] from thread [http-8081-Processor25]
11:36:46,742 DEBUG [transaction.support.TransactionSynchronizationManager] Removed value [org.springframework.jdbc.dataso urce.ConnectionHolder@b8f891] for key [org.apache.commons.dbcp.BasicDataSource@428527] from thread [http-8081-Processor25 ]
11:36:46,742 DEBUG [orm.hibernate3.HibernateTransactionManager] Closing Hibernate Session [org.hibernate.impl.SessionImpl @4ef122] after transaction
11:36:46,743 DEBUG [orm.hibernate3.SessionFactoryUtils] Closing Hibernate Session

Thanks
0 Kudos

andy
Champ on-the-rise
Champ on-the-rise

‎05-30-2006 06:54 AM

Hi

Can you confirm you can access the LDAP server using a well known client.
For example, the softerra LDAP browser.

What authentication mechanism are you using?
Are you sure your LDAP server supports the authentication mechanism?

Try kerberos authentication and confirm this works.

Regards

Andy
0 Kudos

hsantander
Champ in-the-making
Champ in-the-making

‎05-31-2006 05:05 AM

Hi
I use this Active Directory for squid authentication without any problem. I use ldapsearch to verify that the settings are correct. From the server where I have alfresco installed I make a bind and a search without problem.
Here is a fragment of authentication-services-context.xml where the ldap configuration it's defined:

    <bean id="ldapInitialDirContextFactory" class="org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl">
        <property name="initialDirContextEnvironment">
             <map>
                <entry key="java.naming.factory.initial">
                    <value>com.sun.jndi.ldap.LdapCtxFactory</value>
                </entry>
                <entry key="java.naming.provider.url">
                    <value>ldap://a.b.c.d:389</value>
                </entry>
                <entry key="java.naming.security.authentication">
                    <value>simple</value>
                </entry>
                <entry key="java.naming.security.principal">
                    <value>CN=user_for_reading,OU=…,OU=…,OU=…,OU=…,DC=…,DC=…,DC=es</value>
                </entry>
                <entry key="java.naming.security.credentials">
                    <value>xxxxxx</value>
                </entry>
             </map>
        </property>
    </bean>

Thanks
0 Kudos

rivetlogic
Champ on-the-rise
Champ on-the-rise

‎05-31-2006 01:03 PM

Hi,

What value did you use for the userNameFormat property in the authenticationComponentImpl bean?

–Aladdin
0 Kudos

hsantander
Champ in-the-making
Champ in-the-making

‎06-01-2006 02:51 AM

Here is the configuration:

   <bean id="authenticationComponentImpl" class="org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl">
        <property name="LDAPInitialDirContextFactory">
            <ref bean="ldapInitialDirContextFactory" />
        </property>
        <property name="userNameFormat">
            <value>sAMAccountName=%s</value>
        </property>
    </bean>

Thanks
0 Kudos

rivetlogic
Champ on-the-rise
Champ on-the-rise

‎06-01-2006 03:57 AM

Hi,

I use ldapsearch to verify that the settings are correct. From the server where I have alfresco installed I make a bind and a search without problem.

What is the Distinguished Name binddn (-D option) you use in the above mentioned ldapsearch command? Is it sAMAccountName=username?

Whatever it is must be the same string formatted in the userNameFormat property.

Cheers,

–Aladdin
0 Kudos

hsantander
Champ in-the-making
Champ in-the-making

‎06-05-2006 05:38 AM

Hi
I was out of the office and start again this morning.
You are right. I make a mistake thinking that userNameFormat refers to the attribute which stores the username. The problem now is tha my users are on different paths on the Active Directory (several OUs). I read about this in other post so I'm going to try now the JAAS authentication.

Thanks a lot.
0 Kudos

hsantander
Champ in-the-making
Champ in-the-making

‎06-06-2006 07:17 AM

Now the problem arise with JAAS. I use the same server with Active Directory and with this configuration in authentication-services-context.xml where aa.bb.cc.dd is the IP of the server with Active Directory:

    <!– The authentication component.                                      –>

    <!– Jass authentication - most of the config goes somewhere else       –>

    <bean id="authenticationComponentImpl"
                 class="org.alfresco.repo.security.authentication.jaas.JAASAuthenticationComponent">
        <property name="realm">
            <value>aa.bb.cc.dd</value>
        </property>
        <property name="jaasConfigEntryName">
            <value>Alfresco</value>
        </property>
    </bean>

    <bean id="alfDaoImpl" class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean">
        <property name="proxyInterfaces">
            <value>org.alfresco.repo.security.authentication.MutableAuthenticationDao</value>
        </property>
        <property name="transactionManager">
            <ref bean="transactionManager" />
        </property>
        <property name="target">
            <bean class="org.alfresco.repo.security.authentication.ntlm.NullMutableAuthenticationDao">
                <property name="nodeService">
                    <ref bean="nodeService" />
                </property>
            </bean>
        </property>
        <property name="transactionAttributes">
            <props>
                <prop key="*">${server.transaction.mode.default}</prop>
            </props>
        </property>
    </bean>

The error I got when started the login proccess is:

13:11:23,051 DEBUG [transaction.interceptor.TransactionInterceptor] Getting transaction for org.alfresco.service.cmr.security.AuthenticationService.authenticate
13:11:23,051 DEBUG [orm.hibernate3.HibernateTransactionManager] Using transaction object [org.springframework.orm.hibernate3.HibernateTransactionManager$HibernateTransactionObject@36d036]
13:11:23,051 DEBUG [orm.hibernate3.HibernateTransactionManager] Creating new transaction with name [org.alfresco.service.cmr.security.AuthenticationService.authenticate]
13:11:23,051 DEBUG [orm.hibernate3.HibernateTransactionManager] Opened new Session [org.hibernate.impl.SessionImpl@9fa2fb] for Hibernate transaction
13:11:23,051 DEBUG [orm.hibernate3.HibernateTransactionManager] Not preparing JDBC Connection of Hibernate Session [org.hibernate.impl.SessionImpl@9fa2fb]
13:11:23,052 DEBUG [orm.hibernate3.HibernateTransactionManager] Exposing Hibernate transaction as JDBC transaction [org.apache.commons.dbcp.PoolableConnection@1e03a61]
13:11:23,052 DEBUG [transaction.support.TransactionSynchronizationManager] Bound value [org.springframework.jdbc.datasource.ConnectionHolder@8523a0] for key [org.apache.commons.dbcp.BasicDataSource@2e6c66] to thread [http-8081-Processor24]
13:11:23,052 DEBUG [transaction.support.TransactionSynchronizationManager] Bound value [org.springframework.orm.hibernate3.SessionHolder@e5f01b] for key [org.hibernate.impl.SessionFactoryImpl@17e319a] to thread [http-8081-Processor24]
13:11:23,052 DEBUG [transaction.support.TransactionSynchronizationManager] Initializing transaction synchronization
13:11:23,053 DEBUG [context.support.XmlWebApplicationContext] Publishing event in context [Root WebApplicationContext]: net.sf.acegisecurity.intercept.event.PublicInvocationEvent[source=invocation: method 'authenticate', arguments [hsantander, [xxxxxxx]; target is of class [org.alfresco.repo.security.authentication.AuthenticationServiceImpl]]
13:11:23,305 DEBUG [transaction.interceptor.RuleBasedTransactionAttribute] Applying rules to determine whether transaction should rollback on org.alfresco.repo.security.authentication.AuthenticationException: Login Failed
13:11:23,305 DEBUG [transaction.interceptor.RuleBasedTransactionAttribute] Winning rollback rule is: null
13:11:23,305 DEBUG [transaction.interceptor.RuleBasedTransactionAttribute] No relevant rollback rule found: applying superclass default
13:11:23,306 DEBUG [transaction.interceptor.TransactionInterceptor] Invoking rollback for transaction on org.alfresco.service.cmr.security.AuthenticationService.authenticate due to throwable [org.alfresco.repo.security.authentication.AuthenticationException: Login Failed]

Thanks
0 Kudos

hsantander
Champ in-the-making
Champ in-the-making

‎06-07-2006 06:47 AM

I make a mistake with the realm parameter. Now the value of this parameter is the name of my domain in uppercase, but I get the same error.

Any help? Thanks
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC