cancel
Showing results for 
Search instead for 
Did you mean: 

Alfresco 4.0.d and Active Directory synchronization

arodriguez
Champ in-the-making
Champ in-the-making
Hi,

I've followed a lot of tutorials and book and I cannot find a way to make synchronization work.

the errors that I have are :

2012-09-21 11:47:43,930  INFO  [web.site.EditionInterceptor] [http-bio-8080-exec-1] Successfully retrieved license information from Alfresco. 2012-09-21 11:48:35,261  INFO  [security.sync.ChainingUserRegistrySynchronizer] [http-bio-8080-exec-52] Synchronizing users and groups with user registry 'ldap-ad1' 2012-09-21 11:48:35,264  INFO  [security.sync.ChainingUserRegistrySynchronizer] [http-bio-8080-exec-52] Retrieving all groups from user registry 'ldap-ad1' 2012-09-21 11:48:35,266  ERROR [security.sync.ChainingUserRegistrySynchronizer] [http-bio-8080-exec-52] Synchronization aborted due to error org.alfresco.repo.security.authentication.AuthenticationException: 08210033 LDAP authentication failed.        at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.buildInitialDirContext(LDAPInitialDirContextFactoryImpl.java:119)        at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.getDefaultIntialDirContext(LDAPInitialDirContextFactoryImpl.java:94)        at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.getDefaultIntialDirContext(LDAPInitialDirContextFactoryImpl.java:87)        at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry$3.<init>(LDAPUserRegistry.java:670)        at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getGroups(LDAPUserRegistry.java:667)        at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncWithPlugin(ChainingUserRegistrySynchronizer.java:632)        at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:435)        at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.createMissingPerson(ChainingUserRegistrySynchronizer.java:545)        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)        at java.lang.reflect.Method.invoke(Method.java:601)        at org.alfresco.repo.management.subsystems.SubsystemProxyFactory$1.invoke(SubsystemProxyFactory.java:65)        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)        at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)        at $Proxy76.createMissingPerson(Unknown Source)        at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent$FixCurrentUserCallback$1.doWork(AbstractAuthenticationComponent.java:531)        at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent$FixCurrentUserCallback$1.doWork(AbstractAuthenticationComponent.java:521)        at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:519)        at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent$FixCurrentUserCallback.execute(AbstractAuthenticationComponent.java:520)        at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent$FixCurrentUserCallback.execute(AbstractAuthenticationComponent.java:509)        at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:388)        at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent.setCurrentUser(AbstractAuthenticationComponent.java:221)        at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent.setCurrentUser(AbstractAuthenticationComponent.java:190)        at org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl.authenticateImpl(LDAPAuthenticationComponentImpl.java:126)        at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent.authenticate(AbstractAuthenticationComponent.java:158)        at org.alfresco.repo.security.authentication.AuthenticationServiceImpl.authenticate(AuthenticationServiceImpl.java:65)        at org.alfresco.repo.security.authentication.AbstractChainingAuthenticationService.authenticate(AbstractChainingAuthenticationService.java:180)        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)        at java.lang.reflect.Method.invoke(Method.java:601)        at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:309)        at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)        at net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:80)        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)        at org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor.invoke(ExceptionTranslatorMethodInterceptor.java:46)        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)        at org.alfresco.repo.audit.AuditMethodInterceptor.invoke(AuditMethodInterceptor.java:147)        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)        at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:110)        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)        at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)        at $Proxy62.authenticate(Unknown Source)        at org.alfresco.repo.web.scripts.bean.AbstractLoginBean.login(AbstractLoginBean.java:66)        at org.alfresco.repo.web.scripts.bean.LoginPost.executeImpl(LoginPost.java:73)        at org.springframework.extensions.webscripts.DeclarativeWebScript.executeImpl(DeclarativeWebScript.java:235)        at org.springframework.extensions.webscripts.DeclarativeWebScript.execute(DeclarativeWebScript.java:64)        at org.alfresco.repo.web.scripts.RepositoryContainer$2.execute(RepositoryContainer.java:393)        at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:388)        at org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecute(RepositoryContainer.java:462)        at org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecuteAs(RepositoryContainer.java:500)        at org.alfresco.repo.web.scripts.RepositoryContainer.executeScript(RepositoryContainer.java:275)        at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:372)        at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:209)        at org.springframework.extensions.webscripts.servlet.WebScriptServlet.service(WebScriptServlet.java:118)        at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)        at org.alfresco.web.app.servlet.GlobalLocalizationFilter.doFilter(GlobalLocalizationFilter.java:58)        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)        at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)        at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1001)        at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)        at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)        at java.lang.Thread.run(Thread.java:722)Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1772]        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3087)        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033)        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2835)        at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2749)        at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:316)        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193)        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211)        at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)        at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)        at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)        at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307)        at javax.naming.InitialContext.init(InitialContext.java:242)        at javax.naming.InitialContext.<init>(InitialContext.java:216)        at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101)        at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.buildInitialDirContext(LDAPInitialDirContextFactoryImpl.java:114)        … 76 more2012-09-21 11:48:35,272  WARN  [security.sync.ChainingUserRegistrySynchronizer] [http-bio-8080-exec-52] User authenticated but failed to sync with user registry org.alfresco.repo.security.authentication.AuthenticationException: 08210033 LDAP authentication failed.        at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.buildInitialDirContext(LDAPInitialDirContextFactoryImpl.java:119)        at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.getDefaultIntialDirContext(LDAPInitialDirContextFactoryImpl.java:94)        at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.getDefaultIntialDirContext(LDAPInitialDirContextFactoryImpl.java:87)        at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry$3.<init>(LDAPUserRegistry.java:670)        at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getGroups(LDAPUserRegistry.java:667)        at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncWithPlugin(ChainingUserRegistrySynchronizer.java:632)        at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:435)        at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.createMissingPerson(ChainingUserRegistrySynchronizer.java:545)        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)        at java.lang.reflect.Method.invoke(Method.java:601)        at org.alfresco.repo.management.subsystems.SubsystemProxyFactory$1.invoke(SubsystemProxyFactory.java:65)        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)        at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)        at $Proxy76.createMissingPerson(Unknown Source)        at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent$FixCurrentUserCallback$1.doWork(AbstractAuthenticationComponent.java:531)        at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent$FixCurrentUserCallback$1.doWork(AbstractAuthenticationComponent.java:521)        at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:519)        at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent$FixCurrentUserCallback.execute(AbstractAuthenticationComponent.java:520)        at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent$FixCurrentUserCallback.execute(AbstractAuthenticationComponent.java:509)        at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:388)        at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent.setCurrentUser(AbstractAuthenticationComponent.java:221)        at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent.setCurrentUser(AbstractAuthenticationComponent.java:190)        at org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl.authenticateImpl(LDAPAuthenticationComponentImpl.java:126)        at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent.authenticate(AbstractAuthenticationComponent.java:158)        at org.alfresco.repo.security.authentication.AuthenticationServiceImpl.authenticate(AuthenticationServiceImpl.java:65)        at org.alfresco.repo.security.authentication.AbstractChainingAuthenticationService.authenticate(AbstractChainingAuthenticationService.java:180)        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)        at java.lang.reflect.Method.invoke(Method.java:601)        at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:309)        at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)        at net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:80)        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)        at org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor.invoke(ExceptionTranslatorMethodInterceptor.java:46)        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)        at org.alfresco.repo.audit.AuditMethodInterceptor.invoke(AuditMethodInterceptor.java:147)        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)        at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:110)        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)        at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)        at $Proxy62.authenticate(Unknown Source)        at org.alfresco.repo.web.scripts.bean.AbstractLoginBean.login(AbstractLoginBean.java:66)        at org.alfresco.repo.web.scripts.bean.LoginPost.executeImpl(LoginPost.java:73)        at org.springframework.extensions.webscripts.DeclarativeWebScript.executeImpl(DeclarativeWebScript.java:235)        at org.springframework.extensions.webscripts.DeclarativeWebScript.execute(DeclarativeWebScript.java:64)        at org.alfresco.repo.web.scripts.RepositoryContainer$2.execute(RepositoryContainer.java:393)        at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:388)        at org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecute(RepositoryContainer.java:462)        at org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecuteAs(RepositoryContainer.java:500)        at org.alfresco.repo.web.scripts.RepositoryContainer.executeScript(RepositoryContainer.java:275)        at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:372)        at org.springframework.extensions.webscripts.AbstractRuntime.executeScript(AbstractRuntime.java:209)        at org.springframework.extensions.webscripts.servlet.WebScriptServlet.service(WebScriptServlet.java:118)        at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)        at org.alfresco.web.app.servlet.GlobalLocalizationFilter.doFilter(GlobalLocalizationFilter.java:58)        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)        at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)        at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1001)        at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)        at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)        at java.lang.Thread.run(Thread.java:722)Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1772]        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3087)        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033)        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2835)        at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2749)        at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:316)        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193)        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211)        at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)        at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)        at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)        at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307)        at javax.naming.InitialContext.init(InitialContext.java:242)        at javax.naming.InitialContext.<init>(InitialContext.java:216)        at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101)        at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.buildInitialDirContext(LDAPInitialDirContextFactoryImpl.java:114)        … 76 more‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

And my ldap-ad1 file :

ldap.authentication.active=trueldap.authentication.allowGuestLogin=falseldap.authentication.userNameFormat=%s@mydomain.global.comldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactoryldap.authentication.java.naming.provider.url=ldap://ADSERVER:389ldap.authentication.java.naming.security.authentication=simpleldap.authentication.escapeCommasInBind=falseldap.authentication.escapeCommasInUid=falseldap.authentication.defaultAdministratorUserNames=adminuserldap.synchronization.active=trueldap.synchronization.java.naming.security.authentication=simpleldap.synchronization.java.naming.security.principal=CN=alfresco sync account,OU=OneGroup,OU=MasterGroup,DC=mydomain,DC=global,DC=comldap.synchronization.java.naming.security.credentials=Passwordldap.synchronization.queryBatchSize=1000ldap.synchronization.attributeBatchSize=1000ldap.synchronization.groupQuery=(objectclass\=group)ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(modifyTimestamp<\={0})))ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(modifyTimestamp<\={0})))ldap.synchronization.groupSearchBase=DC\=mydomain,DC\=global,DC\=comldap.synchronization.userSearchBase=DC\=mydomain,DC\=global,DC\=comldap.synchronization.modifyTimestampAttributeName=modifyTimestampldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'ldap.synchronization.userIdAttributeName=sAMAccountNameldap.synchronization.userFirstNameAttributeName=givenNameldap.synchronization.userLastNameAttributeName=snldap.synchronization.userEmailAttributeName=mailldap.synchronization.userOrganizationalIdAttributeName=companyldap.synchronization.defaultHomeFolderProvider=largeHomeFolderProviderldap.synchronization.groupIdAttributeName=cnldap.synchronization.groupDisplayNameAttributeName=displayNameldap.synchronization.groupType=groupldap.synchronization.personType=userldap.synchronization.groupMemberAttributeName=memberldap.synchronization.enableProgressEstimation=true‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

I don't understand what is wrong. Someone can help me ?

Best regards,
3 REPLIES 3

throwback
Champ in-the-making
Champ in-the-making
I had a lot more success once I put the config into alfresco-global.properties in ./tomcat/shared/classes (using ubuntu 10.04 lts)

Do you need to sync with more than one ldap server? if not then put it in alfresco-global.properties.

What type ldap is this? Active Directory or another? My experience is with AD. Took me about a month to get ldap sync and kerberos SSO working but worth it in the end…

throwback
Champ in-the-making
Champ in-the-making
"AuthenticationException: [LDAP: error code 49 - Invalid Credentials] Cause: The DN path or password which you have specified for the administrator is invalid."

I notice you have a space in the ldap username - no idea if this makes a difference but I always use service accounts with no spaces in, to avoid having to escape any characters (in case that is required - no idea)

Otherwise check the ad account isnt locked out, doesnt expire and that creds are correct. if necessary log in as that account on your domain somewhere. From your posted ldap-ad1 settings I would venture you are using AD.

throwback
Champ in-the-making
Champ in-the-making
Oh, I know its adobe's site, but LDAP advice available here:

http://helpx.adobe.com/legacy/kb/ldap-troubleshooting.html

I also recommend you grab a copy of Softerra Ldap browser, very useful for working out search bases etc.

You may also wish to enable audit failure logging on the AD server you are auth'ing against to see if/why auth is failing from the windows events log.

Good luck!