Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Hyland Connect
- Enterprise Platforms
- Alfresco
- Alfresco Archive
- Re: alfresco authenthication with openldap
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
alfresco authenthication with openldap
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-05-2009 11:41 AM
HI everybody
I'm having problem with alfresco authentication with openldap in alfresco community 3.2
i'm not facing any problem in alfresco enterprise edition for authenthication .
can any1 tell me how to do authentication in alfresco community 3.2.
i tried a lot..eventhough its not authenticating…i tried all the wiki's.
my alfresco is not generating any error report during authentication.
can any1 paste their ldap-authentication file…
thanks in advance
I'm having problem with alfresco authentication with openldap in alfresco community 3.2
i'm not facing any problem in alfresco enterprise edition for authenthication .
can any1 tell me how to do authentication in alfresco community 3.2.
i tried a lot..eventhough its not authenticating…i tried all the wiki's.
my alfresco is not generating any error report during authentication.
can any1 paste their ldap-authentication file…
thanks in advance
Labels:
- Labels:
-
Archive
37 REPLIES 37
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-08-2009 09:33 AM
Go read the Wiki
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-08-2009 09:58 AM
Hi,
Thanking you for the quick response.Now I am able to authenticate to LDAP and login with the users in ldap.To make the alfresco admin login work and to synchronize I need to implement chaining and synchronization.Correct me if I am wrong.For this I made changes in alfresco-global.properties and now able to login as alfresco admin as well but synchronization is not happening .This is how my alfresco-global.properties looks like
authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap
ldap.authentication.active=true
ldap.authentication.allowGuestLogin=true
ldap.authentication.userNameFormat=<usernameformat>
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=<url>
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=Administrator
ldap.synchronization.active=true
#ldap.synchronization.java.naming.security.principal=
#ldap.synchronization.java.naming.security.credentials=
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.groupQuery=(objectclass\=Nogroup)
#ldap.synchronization.groupDifferentialQuery=(&(objectclass=group)(!(modifyTimestamp<\={0})))
#ldap.synchronization.personQuery=(&(objectclass=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
#ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(modifyTimestamp<\={0})))
#ldap.synchronization.groupSearchBase=ou\=Security Groups,ou\=Alfresco,dc=domain
#ldap.synchronization.userSearchBase=ou\=User Accounts,ou=\Alfresco,dc=domain
#ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
#ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=samaccountname
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
#ldap.synchronization.userEmailAttributeName=mail
#ldap.synchronization.userOrganizationalIdAttributeName=msExchALObjectVersion
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
# userHomesHomeFolderProvider personalHomeFolderProvider companyHomeFolderProvider guestHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupType=Nogroup
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=member
ldap.synchronization.synchronizeChangesOnly=true
ldap.synchronization.import.cron
ldap.synchronization.syncOnStartup=true
ldap.synchronization.syncWhenMissingPeopleLogIn=true
ldap.synchronization.autoCreatePeopleOnLogin=false
I referred the information given in the wiki but still not very clear about what value has to be given for personQuery,personDifferentialQuery etc…also not very sure whether the values and entries that I have given in the property files are correct.Also the folder "tomcat\shared\classes\alfresco\extension" contains a file "chaining-authentication-context.xml.sample".So do I need to configure this as well.
Thanking u in advance
Dinny
Thanking you for the quick response.Now I am able to authenticate to LDAP and login with the users in ldap.To make the alfresco admin login work and to synchronize I need to implement chaining and synchronization.Correct me if I am wrong.For this I made changes in alfresco-global.properties and now able to login as alfresco admin as well but synchronization is not happening .This is how my alfresco-global.properties looks like
authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap
ldap.authentication.active=true
ldap.authentication.allowGuestLogin=true
ldap.authentication.userNameFormat=<usernameformat>
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=<url>
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=Administrator
ldap.synchronization.active=true
#ldap.synchronization.java.naming.security.principal=
#ldap.synchronization.java.naming.security.credentials=
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.groupQuery=(objectclass\=Nogroup)
#ldap.synchronization.groupDifferentialQuery=(&(objectclass=group)(!(modifyTimestamp<\={0})))
#ldap.synchronization.personQuery=(&(objectclass=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
#ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(modifyTimestamp<\={0})))
#ldap.synchronization.groupSearchBase=ou\=Security Groups,ou\=Alfresco,dc=domain
#ldap.synchronization.userSearchBase=ou\=User Accounts,ou=\Alfresco,dc=domain
#ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
#ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=samaccountname
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
#ldap.synchronization.userEmailAttributeName=mail
#ldap.synchronization.userOrganizationalIdAttributeName=msExchALObjectVersion
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
# userHomesHomeFolderProvider personalHomeFolderProvider companyHomeFolderProvider guestHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupType=Nogroup
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=member
ldap.synchronization.synchronizeChangesOnly=true
ldap.synchronization.import.cron
ldap.synchronization.syncOnStartup=true
ldap.synchronization.syncWhenMissingPeopleLogIn=true
ldap.synchronization.autoCreatePeopleOnLogin=false
I referred the information given in the wiki but still not very clear about what value has to be given for personQuery,personDifferentialQuery etc…also not very sure whether the values and entries that I have given in the property files are correct.Also the folder "tomcat\shared\classes\alfresco\extension" contains a file "chaining-authentication-context.xml.sample".So do I need to configure this as well.
Thanking u in advance
Dinny
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-08-2009 10:16 AM
The chaining-authentication-context.xml.sample is out of date and unnecessary and has been removed from HEAD.
You shouldn't have to edit the ldap-ad queries. They have already been optimized for Active Directory.
You do need to set
ldap.synchronization.groupSearchBase and ldap.synchronization.userSearchBase
so that they are appropriate for your directory layout
If you want a mixture of Alfresco and LDAP authentication, all you need is
authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap
That will give priority to Alfresco over LDAP.
You shouldn't have to edit the ldap-ad queries. They have already been optimized for Active Directory.
You do need to set
ldap.synchronization.groupSearchBase and ldap.synchronization.userSearchBase
so that they are appropriate for your directory layout
If you want a mixture of Alfresco and LDAP authentication, all you need is
authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap
That will give priority to Alfresco over LDAP.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-09-2009 12:02 PM
Hi,
I made the changes in the property file and now able to login with alfresco user as well as ldap user.But now the ldap user details are available in alfresco only after the ldap users login for the 1st time but as per my requirement the ldap user details should be available in the alfresco even if the ldap users doesn't login.Also is it possible to configure in such a way that only certain set of ldap users should be allowed to login to alfresco.
Thanking you in advance
Dinny
I made the changes in the property file and now able to login with alfresco user as well as ldap user.But now the ldap user details are available in alfresco only after the ldap users login for the 1st time but as per my requirement the ldap user details should be available in the alfresco even if the ldap users doesn't login.Also is it possible to configure in such a way that only certain set of ldap users should be allowed to login to alfresco.
Thanking you in advance
Dinny
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-09-2009 12:55 PM
If you have configured synchronization correctly, the users should be available in advance of them logging in. A differential sync is triggered when a missing user logs in, but a full sync (by default) is scheduled every night at midnight.
And if you take a recent nighly build (recommended) a differential sync is also triggered every time the server starts up, using small transactions for maximum performance.
If you aren't seeing any users brought across by the sync, then there is still something wrong with the sync configuration.
And if you take a recent nighly build (recommended) a differential sync is also triggered every time the server starts up, using small transactions for maximum performance.
If you aren't seeing any users brought across by the sync, then there is still something wrong with the sync configuration.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-09-2009 12:58 PM
To answer the question about restricting login to a subset of ldap users, what you need to do is tighten your user query so that it only returns that subset.
Then in alfresco-global.properties, set
synchronization.autoCreatePeopleOnLogin=false
That will stop users being auto-created that aren't even brought over by the sync and ultimately they will be rejected by authentication.
See http://wiki.alfresco.com/wiki/The_Synchronization_Subsystem
Then in alfresco-global.properties, set
synchronization.autoCreatePeopleOnLogin=false
That will stop users being auto-created that aren't even brought over by the sync and ultimately they will be rejected by authentication.
See http://wiki.alfresco.com/wiki/The_Synchronization_Subsystem
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-10-2009 05:24 AM
Hi,
I am getting the below message while starting the server..
12:47:29,911 INFO [management.subsystems.ChildApplicationContextFactory] Start
ing 'Authentication' subsystem, ID: [managed, ldap1]
12:47:29,927 INFO [alfresco.config.JndiPropertyPlaceholderConfigurer] Loading
properties file from class path resource [alfresco/alfresco-shared.properties]
12:47:30,443 WARN [authentication.ldap.LDAPInitialDirContextFactoryImpl] LDAP
server supports anonymous bind ldap://sjc-adc-01.corp.ebay.com:389
12:47:30,896 INFO [authentication.ldap.LDAPInitialDirContextFactoryImpl] LDAP
server does not fall back to anonymous bind for a string uid and password at lda
p://sjc-adc-01.corp.ebay.com:389
12:47:31,333 INFO [authentication.ldap.LDAPInitialDirContextFactoryImpl] LDAP
server does not fall back to anonymous bind for a simple dn and password at ldap
://sjc-adc-01.corp.ebay.com:389
12:47:31,787 INFO [authentication.ldap.LDAPInitialDirContextFactoryImpl] LDAP
server does not fall back to anonymous bind for known principal and invalid cred
entials at ldap://sjc-adc-01.corp.ebay.com:389
12:47:31,802 INFO [management.subsystems.ChildApplicationContextFactory] Start
up of 'Authentication' subsystem, ID: [managed, ldap1] complete
My alfresco-global.properties settings looks like this …
authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap
ldap.authentication.active=true
ldap.authentication.allowGuestLogin=true
ldap.authentication.userNameFormat=<userformat>
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=<url>
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=Administrator
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=<username>
ldap.synchronization.java.naming.security.credentials=<password>
ldap.synchronization.import.cron=0 45 * * * ?
ldap.synchronisation.personQuery=objectClass=user
ldap.synchronisation.userIdAttributeName=sAMAccountName
ldap.synchronisation.userFirstNameAttributeName=givenName
ldap.synchronisation.userLastNameAttributeName=sn
ldap.synchronisation.userEmailAttributeName=mail
ldap.synchronisation.import.group.cron=0 45 * * * ?
ldap.synchronisation.import.group.clearAllChildren=false
ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(sAMAccountName=Guest)))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(sAMAccountName=Guest))(!(modifyTimestamp<\={0})))
synchronization.synchronizeChangesOnly=true
synchronization.syncWhenMissingPeopleLogIn=true
synchronization.autoCreatePeopleOnLogin=true
synchronization.syncOnStartup=true
I am really not able to figure out why synchronization is not happening .With the user details given for "principal & credentials" I am able to login to alfresco.Please correct me if there is something missing or wrongly configured in my alfresco-global.properties
Thanking you in advance
Dinny
I am getting the below message while starting the server..
12:47:29,911 INFO [management.subsystems.ChildApplicationContextFactory] Start
ing 'Authentication' subsystem, ID: [managed, ldap1]
12:47:29,927 INFO [alfresco.config.JndiPropertyPlaceholderConfigurer] Loading
properties file from class path resource [alfresco/alfresco-shared.properties]
12:47:30,443 WARN [authentication.ldap.LDAPInitialDirContextFactoryImpl] LDAP
server supports anonymous bind ldap://sjc-adc-01.corp.ebay.com:389
12:47:30,896 INFO [authentication.ldap.LDAPInitialDirContextFactoryImpl] LDAP
server does not fall back to anonymous bind for a string uid and password at lda
p://sjc-adc-01.corp.ebay.com:389
12:47:31,333 INFO [authentication.ldap.LDAPInitialDirContextFactoryImpl] LDAP
server does not fall back to anonymous bind for a simple dn and password at ldap
://sjc-adc-01.corp.ebay.com:389
12:47:31,787 INFO [authentication.ldap.LDAPInitialDirContextFactoryImpl] LDAP
server does not fall back to anonymous bind for known principal and invalid cred
entials at ldap://sjc-adc-01.corp.ebay.com:389
12:47:31,802 INFO [management.subsystems.ChildApplicationContextFactory] Start
up of 'Authentication' subsystem, ID: [managed, ldap1] complete
My alfresco-global.properties settings looks like this …
authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap
ldap.authentication.active=true
ldap.authentication.allowGuestLogin=true
ldap.authentication.userNameFormat=<userformat>
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=<url>
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=Administrator
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=<username>
ldap.synchronization.java.naming.security.credentials=<password>
ldap.synchronization.import.cron=0 45 * * * ?
ldap.synchronisation.personQuery=objectClass=user
ldap.synchronisation.userIdAttributeName=sAMAccountName
ldap.synchronisation.userFirstNameAttributeName=givenName
ldap.synchronisation.userLastNameAttributeName=sn
ldap.synchronisation.userEmailAttributeName=mail
ldap.synchronisation.import.group.cron=0 45 * * * ?
ldap.synchronisation.import.group.clearAllChildren=false
ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(sAMAccountName=Guest)))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(sAMAccountName=Guest))(!(modifyTimestamp<\={0})))
synchronization.synchronizeChangesOnly=true
synchronization.syncWhenMissingPeopleLogIn=true
synchronization.autoCreatePeopleOnLogin=true
synchronization.syncOnStartup=true
I am really not able to figure out why synchronization is not happening .With the user details given for "principal & credentials" I am able to login to alfresco.Please correct me if there is something missing or wrongly configured in my alfresco-global.properties
Thanking you in advance
Dinny
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-10-2009 06:33 AM
What does it say in the log file after "starting Synchronization subsystem"?
I note that you aree using a mixture of spellings for "synchronization". The v3.2 property names all use a z in the work synchronization. And some of the attribute names have changed. Please carefully check all your attribute names against
http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems#Configuration_2
I don't see why you have to include all those synchronization properties in alfresco-global.properties anyway. As the defaults all have sensible values.
The only properties that it is important for you to customize are
ldap.synchronization.groupSearchBase
and
ldap.synchronization.userSearchBase
I note that you aree using a mixture of spellings for "synchronization". The v3.2 property names all use a z in the work synchronization. And some of the attribute names have changed. Please carefully check all your attribute names against
http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems#Configuration_2
I don't see why you have to include all those synchronization properties in alfresco-global.properties anyway. As the defaults all have sensible values.
The only properties that it is important for you to customize are
ldap.synchronization.groupSearchBase
and
ldap.synchronization.userSearchBase
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-10-2009 10:33 AM
Hi ,
My log file is showing ….
sco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'Synchronization' subsystem, ID: [default]
19:35:04,491 INFO [org.alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties]
19:35:04,507 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'Synchronization' subsystem, ID: [default] complete
19:35:04,538 INFO [org.alfresco.service.descriptor.DescriptorService] Alfresco JVM - vpwi32devifx-20071213a (ifix 129397: SR4 + IY99287 + IY99356 + IY98136 + IZ09166 ); maximum heap size 512.000MB
19:35:04,538 INFO [org.alfresco.service.descriptor.DescriptorService] Alfresco started (Community): Current version 3.2.0 (2039) schema 2019 - Installed version 3.2.0 (2039) schema 2019
19:35:07,272 INFO [org.alfresco.module.vti.VtiServer] Vti server started successfully on port: 7070
19:35:20,194 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'wcm_deployment_receiver' subsystem, ID: [default]
19:35:20,225 INFO [org.alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties]
19:35:20,319 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'wcm_deployment_receiver' subsystem, ID: [default] complete
19:35:24,022 INFO [org.alfresco.web.site.FrameworkHelper] Successfully Initialized Web Framework
19:35:24,819 INFO [org.alfresco.config.JBossEnabledWebApplicationContext] Refreshing org.alfresco.config.JBossEnabledWebApplicationContext@44424442: display name [Root WebApplicationContext]; startup date [Thu Sep 10 19:35:24 IST 2009]; root of context hierarchy
19:35:47,912 INFO [org.alfresco.config.JBossEnabledWebApplicationContext] Bean factory for application context [org.alfresco.config.JBossEnabledWebApplicationContext@44424442]: org.springframework.beans.factory.support.DefaultListableBeanFactory@57725772
19:35:48,897 INFO [org.alfresco.web.scripts.DeclarativeRegistry] Registered 24 Web Scripts (+0 failed), 26 URLs
19:35:48,912 INFO [org.alfresco.web.scripts.AbstractRuntimeContainer] Initialised Presentation Web Script Container (in 210.2646ms)
19:35:49,037 INFO [org.alfresco.web.scripts.DeclarativeRegistry] Registered 42 Web Scripts (+0 failed), 44 URLs
19:35:49,053 INFO [org.alfresco.web.scripts.AbstractRuntimeContainer] Initialised WebFramework Web Script Container (in 134.30843ms)
19:35:49,100 INFO [org.alfresco.web.site.FrameworkHelper] Successfully Initialized Web Framework
19:38:52,832 INFO [org.alfresco.web.site.FrameworkHelper] Successfully Initialized Web Framework
19:38:52,926 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'Authentication' subsystem, ID: [managed, ldap1]
19:38:52,973 INFO [org.alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties]
19:38:53,457 WARN [org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl] LDAP server supports anonymous bind ldap://sjc-adc-01.corp.ebay.com:389
19:38:53,910 INFO [org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl] LDAP server does not fall back to anonymous bind for a string uid and password at ldap://sjc-adc-01.corp.ebay.com:389
19:38:54,379 INFO [org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl] LDAP server does not fall back to anonymous bind for a simple dn and password at ldap://sjc-adc-01.corp.ebay.com:389
19:38:54,832 INFO [org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl] LDAP server does not fall back to anonymous bind for known principal and invalid credentials at ldap://sjc-adc-01.corp.ebay.com:389
19:38:54,832 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'Authentication' subsystem, ID: [managed, ldap1] complete
19:41:53,564 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Synchronizing users and groups with user registry 'ldap1'
19:41:53,564 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Retrieving all users from user registry 'AUTH.EXT.ldap1'
These are the values that i have given for the following properties:
ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(sAMAccountName=Guest)))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(sAMAccountName=Guest))(!(modifyTimestamp<\={0})))
ldap.synchronization.groupType=group.no
ldap.synchronization.groupQuery=(objectclass\=group.no)
ldap.synchronization.userSearchBase=<searchbase>
ldap.synchronization.groupSearchBase=<group search base>
For the properties "principal & credentials" do I need to give the user details who can log into ldap or any user details which is stored in ldap..Also if the users are imported successfully will it be visible for admin under "Manage System Users "
Thanks
Dinny
My log file is showing ….
sco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'Synchronization' subsystem, ID: [default]
19:35:04,491 INFO [org.alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties]
19:35:04,507 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'Synchronization' subsystem, ID: [default] complete
19:35:04,538 INFO [org.alfresco.service.descriptor.DescriptorService] Alfresco JVM - vpwi32devifx-20071213a (ifix 129397: SR4 + IY99287 + IY99356 + IY98136 + IZ09166 ); maximum heap size 512.000MB
19:35:04,538 INFO [org.alfresco.service.descriptor.DescriptorService] Alfresco started (Community): Current version 3.2.0 (2039) schema 2019 - Installed version 3.2.0 (2039) schema 2019
19:35:07,272 INFO [org.alfresco.module.vti.VtiServer] Vti server started successfully on port: 7070
19:35:20,194 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'wcm_deployment_receiver' subsystem, ID: [default]
19:35:20,225 INFO [org.alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties]
19:35:20,319 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'wcm_deployment_receiver' subsystem, ID: [default] complete
19:35:24,022 INFO [org.alfresco.web.site.FrameworkHelper] Successfully Initialized Web Framework
19:35:24,819 INFO [org.alfresco.config.JBossEnabledWebApplicationContext] Refreshing org.alfresco.config.JBossEnabledWebApplicationContext@44424442: display name [Root WebApplicationContext]; startup date [Thu Sep 10 19:35:24 IST 2009]; root of context hierarchy
19:35:47,912 INFO [org.alfresco.config.JBossEnabledWebApplicationContext] Bean factory for application context [org.alfresco.config.JBossEnabledWebApplicationContext@44424442]: org.springframework.beans.factory.support.DefaultListableBeanFactory@57725772
19:35:48,897 INFO [org.alfresco.web.scripts.DeclarativeRegistry] Registered 24 Web Scripts (+0 failed), 26 URLs
19:35:48,912 INFO [org.alfresco.web.scripts.AbstractRuntimeContainer] Initialised Presentation Web Script Container (in 210.2646ms)
19:35:49,037 INFO [org.alfresco.web.scripts.DeclarativeRegistry] Registered 42 Web Scripts (+0 failed), 44 URLs
19:35:49,053 INFO [org.alfresco.web.scripts.AbstractRuntimeContainer] Initialised WebFramework Web Script Container (in 134.30843ms)
19:35:49,100 INFO [org.alfresco.web.site.FrameworkHelper] Successfully Initialized Web Framework
19:38:52,832 INFO [org.alfresco.web.site.FrameworkHelper] Successfully Initialized Web Framework
19:38:52,926 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'Authentication' subsystem, ID: [managed, ldap1]
19:38:52,973 INFO [org.alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties]
19:38:53,457 WARN [org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl] LDAP server supports anonymous bind ldap://sjc-adc-01.corp.ebay.com:389
19:38:53,910 INFO [org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl] LDAP server does not fall back to anonymous bind for a string uid and password at ldap://sjc-adc-01.corp.ebay.com:389
19:38:54,379 INFO [org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl] LDAP server does not fall back to anonymous bind for a simple dn and password at ldap://sjc-adc-01.corp.ebay.com:389
19:38:54,832 INFO [org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl] LDAP server does not fall back to anonymous bind for known principal and invalid credentials at ldap://sjc-adc-01.corp.ebay.com:389
19:38:54,832 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'Authentication' subsystem, ID: [managed, ldap1] complete
19:41:53,564 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Synchronizing users and groups with user registry 'ldap1'
19:41:53,564 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Retrieving all users from user registry 'AUTH.EXT.ldap1'
These are the values that i have given for the following properties:
ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(sAMAccountName=Guest)))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(sAMAccountName=Guest))(!(modifyTimestamp<\={0})))
ldap.synchronization.groupType=group.no
ldap.synchronization.groupQuery=(objectclass\=group.no)
ldap.synchronization.userSearchBase=<searchbase>
ldap.synchronization.groupSearchBase=<group search base>
For the properties "principal & credentials" do I need to give the user details who can log into ldap or any user details which is stored in ldap..Also if the users are imported successfully will it be visible for admin under "Manage System Users "
Thanks
Dinny
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-10-2009 10:43 AM
For principal and credentials you must give the user principal name and password of a user who has the ability to see all users and groups in the LDAP directory.
You can test out the right value by using an LDAP browser, such as the one from http://www.ldapbrowser.com
Now your log shows that the sync started but did not finish. Are there no more lines in the log after 19:41:53,564 ?
You can test out the right value by using an LDAP browser, such as the one from http://www.ldapbrowser.com
Now your log shows that the sync started but did not finish. Are there no more lines in the log after 19:41:53,564 ?
Related Content
- ACS 6.2 authentication using OpenLDAP in Alfresco Forum
- How to Switch from LDAP to Active DIrectory for Authentication in Alfresco Forum
- connection lost openldap alfresco community 7.2 in Alfresco Forum
- Login with Users of all Groups in LDAP in Alfresco Forum
- Alfresco 6.2 - Showing the basic auth dialog when accessing to /alfresco/api in Alfresco Forum
Getting started
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.
