Hyland Connect

cricalix · ‎07-19-2007

Greetings all,

I'm attempting to get the community edition of Alfresco to speak LDAP to our AD server so that I can provide unified logins across our internal services. Unfortunately, this isn't going too well.

1) The Alfresco code appears to hammer the supplied principal with a series of invalid passwords when it boots. This has locked out my test account quite a few times

2) Once I realised what was happening in 1), I tried to log in. I got

javax.faces.FacesException: Error calling action method of component with id loginForm:submit
caused by:
javax.faces.el.EvaluationException: Exception while invoking expression #{LoginBean.login}
caused by:
org.alfresco.error.AlfrescoRuntimeException: Not implemented‍‍‍‍‍

Am I right in interpreting this to mean that Alfresco Community edition doesn't do LDAP?

3) Sort of related - if I try to use NTLM, Alfresco won't even boot. I get the WAR file deploying message, and at that point it's 'Goodnight Irene'.

Help?

douglasheld · ‎07-23-2007

In case it's helpful, I have a working configuration of Alfresco integrated with Windows domain authentication here: http://forums.alfresco.com/viewtopic.php?t=7441

Doug

cricalix · ‎07-24-2007

Unfortunately, Alfresco doesn't seem to be picking up the changes I've made per that posting. It's still authenticating to the internal DB only, nary a peep across the network to our DCs (watching with wireshark).

I might just go start from scratch again - goodness knows what cruft I've possibly accumulated over the past week or so trying to get either LDAP or NTLM to work.

cricalix · ‎07-24-2007

Well, I'm back to the issue you had originally:


javax.faces.FacesException: Error calling action method of component with id loginForm:submit
caused by:
javax.faces.el.EvaluationException: Exception while invoking expression #{LoginBean.login}
caused by:
java.lang.SecurityException: Unable to locate a login configuration
caused by:
java.io.IOException: Unable to locate a login configuration
‍‍‍‍‍‍‍‍‍

That's on a clean install with the changes suggested in your thread (and krb5.ini in windows and winnt). Getting tempted to boot a Linux VM and see if it'll play nicer in there.

Edit: Doh, missed the Java security files. Put them back in place, and now it won't even authenticate my login. Doesn't even send a packet to the DC to enquire about the login.

cricalix · ‎07-24-2007

And another follow-up.

If I enable some more debugging, I can see:

10:54:49,156 DEBUG [org.alfresco.smb.protocol.auth] Passthru finding domain controller for DOMAIN …
10:54:49,172 DEBUG [org.alfresco.smb.protocol.auth]   Found 1 domain controller(s)
10:54:49,172 DEBUG [org.alfresco.smb.protocol.auth] Added passthru server [DOMAIN\DC01:10.150.20.1:Offline:0,0]
‍‍‍‍

(Names changed to protect the innocent.)

CIFS works. I can browse the Alfresco SMB server, and I see the data dictionary etc, and a folder named after my login. All well and good.

Alfresco HTTP interface still insists that I don't exist. So I must be missing one final bit to make Alfresco query the domain for credentials. Rather frustrating!

alcaldo · ‎07-27-2007

Did you check for your java.security and java.login.config files to be in the appropriate folder of the used JRE?
Check JAVA_HOME env. variable to see which is used..
Hope this helps,

L.

As you, I'm still struggling with chaining AD and Alfresco users…

cricalix · ‎07-27-2007

Yes - for the CIFS/SMB auth to work, the java security files have to be in place. It's just the standard web login that refuses to acknowledge the configuration - it never even tries.

Hyland Connect

Alfresco 2.1RC1 Community and LDAP authentication