Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

alfresco authenthication with openldap

bkarthick4u
Champ in-the-making
Champ in-the-making

‎09-05-2009 11:41 AM

HI everybody
I'm having problem with alfresco authentication with openldap in alfresco community 3.2

i'm not facing any problem in alfresco enterprise edition for authenthication .

can any1 tell me how to do authentication in alfresco community 3.2.
i tried a lot..eventhough its not authenticating…i tried all the wiki's.

my  alfresco is not generating any error report during authentication.

can any1 paste their ldap-authentication file…
thanks in advance
Labels:
0 Kudos
37 REPLIES 37

dinny_r
Champ in-the-making
Champ in-the-making

‎09-10-2009 11:07 AM

Hi,

Yes there are few more line but its just the repeating…

19:41:53,564 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Retrieving all users from user registry 'AUTH.EXT.ldap1'
19:43:23,094 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Synchronizing users and groups with user registry 'ldap1'
19:43:23,094 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Retrieving all users from user registry 'AUTH.EXT.ldap1'
19:44:23,656 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Synchronizing users and groups with user registry 'ldap1'
19:44:23,656 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Retrieving all users from user registry 'AUTH.EXT.ldap1'
19:45:05,952 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Synchronizing users and groups with user registry 'ldap1'
19:45:05,952 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Retrieving all users from user registry 'AUTH.EXT.ldap1'
20:16:28,944 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Synchronizing users and groups with user registry 'ldap1'
20:16:28,944 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Retrieving all users from user registry 'AUTH.EXT.ldap1'


I really doubt whether the properties that I set for   userSearchBase & groupSearchBase are correct.The below is my setting for the same…
ldap.synchronization.userSearchBase=<searchbase>
ldap.synchronization.groupSearchBase=<group search base>

I am very confused on what value I have to set for these properties

Thanks
Dinny
0 Kudos

dward
Champ on-the-rise
Champ on-the-rise

‎09-10-2009 11:29 AM

Are you joking? Why do you think the system is going to understand what <searchbase> means? Have you read any of the documentation I have pointed you to?

You need to tell the synchronizer where in the LDAP directory the users and groups are. Using an LDAP browser, browse to the OU or folder containing all the users and get its Distinguished Name (DN). This is userSearchBase. In our directory it is the following:

ou=User Accounts,ou=Alfresco,dc=domain,dc=com

If you want it to search the entire directory for users (not recommended) you could just find out the top-level domain components and use

ldap.synchronization.userSearchBase=dc=domain,dc=com
ldap.synchronization.groupSearchBase=dc=domain,dc=com
0 Kudos

dinny_r
Champ in-the-making
Champ in-the-making

‎09-10-2009 11:42 AM

hi,

Typo…this is what i have given in my properties…

ldap.synchronization.groupSearchBase=ou\=Security Groups,ou\=Alfresco,dc=domain
ldap.synchronization.userSearchBase=ou\=User Accounts,ou=\Alfresco,dc=domain

not the below one…..
ldap.synchronization.userSearchBase=<searchbase>
ldap.synchronization.groupSearchBase=<group search base>

Thanks
Dinny
0 Kudos

dward
Champ on-the-rise
Champ on-the-rise

‎09-10-2009 11:44 AM

Please re-read my previous post. It is very unlikely that you have an ou called Alfresco and that your domain component is called 'domain'. Go find out the correct DNs to use.
0 Kudos

dinny_r
Champ in-the-making
Champ in-the-making

‎09-10-2009 12:09 PM

Hi,

I understood what you were trying to say from your previous reply itself .I replied to that just to convey that it's a typing mistake Smiley Happy

Also in the wiki not much details are given for someone who is very new to alfresco to understand things in dept ….

This is what is given in the wiki for userSearchBase & groupSearchBase…
ldap.synchronization.groupSearchBase
    The DN below which to run the group queries.

ldap.synchronization.userSearchBase
    The DN below which to run the user queries. 

Your quick response have really helped me in understanding and in proceeding with my work

Thanks
Dinny
0 Kudos

dinny_r
Champ in-the-making
Champ in-the-making

‎09-11-2009 05:10 AM

Hi,

As per the instructions I changed the below settings and the synchronization worked for me

ldap.synchronization.userSearchBase=dc=corp,dc=ebay,dc=com
ldap.synchronization.groupSearchBase=dc=corp,dc=ebay,dc=com

But the synchronization is not happening every time i start the server or as per the cron setting that I have given.Please find below my settings

ldap.synchronization.import.person.cron=0 10 * * * ?
ldap.synchronization.import.group.cron=0 30 * * * ?

synchronization.synchronizeChangesOnly=true
synchronization.syncWhenMissingPeopleLogIn=true
synchronization.autoCreatePeopleOnLogin=true
synchronization.syncOnStartup=true
 
Are these settings proper for cron to run the synchronization.Also for setting the syncOnStartup which is the correct format

synchronization.syncOnStartup=true  or ldap.synchronization.syncOnStartup=true

Thanking you in advance
Dinny
0 Kudos

dward
Champ on-the-rise
Champ on-the-rise

‎09-11-2009 06:03 AM

Would you please read the documentation and stop making up your own settings? You seem to be using a mixture of v3.1 and v3.2 configuration.

You can see from the Wiki that the property names are

synchronization.import.cron

and

synchronization.syncOnStartup

http://wiki.alfresco.com/wiki/The_Synchronization_Subsystem

There are no longer separate person and group cron expressions.

synchronization.syncOnStartup=true is the default anyway.

If it isn't synchronizing on startup, it's because you are not using a recent build. Like I said 100 times, you need a recent nightly build for the sync on startup behaviour

And if you continue with this setting

synchronization.syncOnStartup=true

Then user deletions will never be picked up by the cron job.

If you want to know what properties a subsystem supports and their default values, just look inside WEB-INF/classes/alfresco/subsystems/*/*/*.properties (but do not edit them here - your changes should go in alfresco-global.properties).
0 Kudos

dinny_r
Champ in-the-making
Champ in-the-making

‎09-17-2009 09:10 AM

Hi,

Right now to restrict login to a subset of ldap users, I have set the user query so that it will only returns that subset. And in "alfresco-global.properties" I have set
synchronization.autoCreatePeopleOnLogin=false.

I would like to know whether it is possible to give some set of coma separated users so that only these users will be imported from LDAP to Alfresco

For example. In the below one to escape the guest login from LDAP we have set  (!(sAMAccountName=Guest))) .So if I give  ((sAMAccountName=disney))) will it only import the user "disney" from LDAP.

ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(sAMAccountName=Guest)))

Thanks
Dinny
0 Kudos

dward
Champ on-the-rise
Champ on-the-rise

‎09-17-2009 09:25 AM

We've come a long way!

Just use the 'OR' operator.

The following queries would accept only Mickey and Donald.

ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(|(sAMAccountName=Mickey)(sAMAccountName=Donald)))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(|(sAMAccountName=Mickey)(sAMAccountName=Donald))(!(modifyTimestamp<\={0})))
0 Kudos

dinny_r
Champ in-the-making
Champ in-the-making

‎09-17-2009 10:07 AM

Hi,

That's really good to hear .Thanks a lot.

I have one more question ,each time when the synchronization or user import happens will it remove the previously imported users from Alfresco and import the users with the latest settings.  In my case I want to remove the  previously imported users from Alfresco .For this I have set synchronization.synchronizeChangesOnly=false .Please correct me if I am wrong .

Thanking you in advance
Dinny
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC