Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Hyland Connect
- Enterprise Platforms
- Alfresco
- Alfresco Archive
- Another LDAP Sync problem
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Another LDAP Sync problem
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-01-2009 02:08 AM
Hi everyone,
Very new to the world of Electronic Document Management, I am trying to get Alfresco CE 3.3 (nightly build) to work in my company. Not being a Network/System admin, I am currently struggling on 2 different points of the configuration of the application. In this topic, I will focus on the authentication and the LDAP Sync.
Alfresco is installed on a Windows XP 64 workstation with plenty of RAM & HD. We have an Exchange server and Active Directory. I have been reading the wiki and the forum for the last 4 days and I can't figure out what's wrong due to lack of technical knowledge/hindsight.
My authentication chain in alfresco-global.properties is as follow and respects Example 1: Advanced AD Chain given in the Wiki:
I struggled for a while with the LDAP userSearchBase but I think it's all good now as I have the following trace in tomcat:
The problem I encounter is related to the imported users. After the first synchronization, information are missing (like job title), some users are disabled, the default Home Space path is not the same for each user (ie some have /Company Home/User Homes/userA and some have /Company Home/userA) and lastly when I try to update their profile (and enable their accounts) in Share, I have the following error:
However, when a user logs in for the first time in Share using his Windows credentials, then, the account becomes active and details can be updated.
I am completely puzzled and would greatly appreciate your insight on that matter. Let me know if you need more details on config/system/other.
Thanks,
Jonathan
Very new to the world of Electronic Document Management, I am trying to get Alfresco CE 3.3 (nightly build) to work in my company. Not being a Network/System admin, I am currently struggling on 2 different points of the configuration of the application. In this topic, I will focus on the authentication and the LDAP Sync.
Alfresco is installed on a Windows XP 64 workstation with plenty of RAM & HD. We have an Exchange server and Active Directory. I have been reading the wiki and the forum for the last 4 days and I can't figure out what's wrong due to lack of technical knowledge/hindsight.
My authentication chain in alfresco-global.properties is as follow and respects Example 1: Advanced AD Chain given in the Wiki:
# The default authentication chain
authentication.chain=alfrescoNtlm1:alfrescoNtlm,passthru1:passthru,ldap1:ldap-adI struggled for a while with the LDAP userSearchBase but I think it's all good now as I have the following trace in tomcat:
User:System INFO [alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties]
User:System INFO [management.subsystems.ChildApplicationContextFactory] Starting 'Authentication' subsystem, ID: [managed, alfrescoNtlm1]
User:System INFO [alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties]
User:System INFO [management.subsystems.ChildApplicationContextFactory] Startup of 'Authentication' subsystem, ID: [managed, alfrescoNtlm1] complete
User:System INFO [management.subsystems.ChildApplicationContextFactory] Starting 'Authentication' subsystem, ID: [managed, passthru1]
User:System INFO [alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties]
User:System INFO [management.subsystems.ChildApplicationContextFactory] Startup of 'Authentication' subsystem, ID: [managed, passthru1] complete
User:System INFO [management.subsystems.ChildApplicationContextFactory] Startup of 'fileServers' subsystem, ID: [default] complete
User:System INFO [management.subsystems.ChildApplicationContextFactory] Starting 'imap' subsystem, ID: [default]
User:System INFO [alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties]
User:System INFO [management.subsystems.ChildApplicationContextFactory] Startup of 'imap' subsystem, ID: [default] complete
User:System INFO [management.subsystems.ChildApplicationContextFactory] Starting 'Synchronization' subsystem, ID: [default]
User:System INFO [alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties]
User:System INFO [management.subsystems.ChildApplicationContextFactory] Starting 'Authentication' subsystem, ID: [managed, ldap1]
User:System INFO [alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties]
User:System INFO [management.subsystems.ChildApplicationContextFactory] Startup of 'Authentication' subsystem, ID: [managed, ldap1] complete
User:System INFO [security.sync.ChainingUserRegistrySynchronizer] Synchronizing users and groups with user registry 'ldap1'
User:System INFO [security.sync.ChainingUserRegistrySynchronizer] Retrieving users changed since 1/09/2009 14:58:28 from user registry 'ldap1'
User:System INFO [security.sync.ChainingUserRegistrySynchronizer] Retrieving all groups from user registry 'ldap1'
User:System INFO [security.sync.ChainingUserRegistrySynchronizer] Finished synchronizing users and groups with user registry 'ldap1'
User:System INFO [security.sync.ChainingUserRegistrySynchronizer] 0 user(s) and 0 group(s) processed
User:System INFO [management.subsystems.ChildApplicationContextFactory] Startup of 'Synchronization' subsystem, ID: [default] completeThe problem I encounter is related to the imported users. After the first synchronization, information are missing (like job title), some users are disabled, the default Home Space path is not the same for each user (ie some have /Company Home/User Homes/userA and some have /Company Home/userA) and lastly when I try to update their profile (and enable their accounts) in Share, I have the following error:
16:01:22,721 User:admin ERROR [web.scripts.AbstractRuntime] Exception from executeScript - redirecting to status template error: 08010034 Wrapped Exception (wit
emplate): 08010033 Failed to execute script '/org/alfresco/repository/person/person.put.json.js (in classpath store file:C:/Alfresco/tomcat/webapps/alfresco/WEB
es/alfresco/templates/webscripts)': 08010032 User not found: USERNAME
org.alfresco.web.scripts.WebScriptException: 08010034 Wrapped Exception (with status template): 08010033 Failed to execute script '/org/alfresco/repository/pers
put.json.js (in classpath store file:C:/Alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/templates/webscripts)': 08010032 User not found: USERNAME
at org.alfresco.web.scripts.AbstractWebScript.createStatusException(AbstractWebScript.java:613)
at org.alfresco.web.scripts.DeclarativeWebScript.execute(DeclarativeWebScript.java:165)
at org.alfresco.repo.web.scripts.RepositoryContainer$2.execute(RepositoryContainer.java:357)
at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:326)
at org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecute(RepositoryContainer.java:407)
at org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecuteAs(RepositoryContainer.java:424)
at org.alfresco.repo.web.scripts.RepositoryContainer.executeScript(RepositoryContainer.java:288)
at org.alfresco.web.scripts.AbstractRuntime.executeScript(AbstractRuntime.java:262)
at org.alfresco.web.scripts.AbstractRuntime.executeScript(AbstractRuntime.java:139)
at org.alfresco.web.scripts.servlet.WebScriptServlet.service(WebScriptServlet.java:122)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:619)
Caused by: org.alfresco.scripts.ScriptException: 08010033 Failed to execute script '/org/alfresco/repository/person/person.put.json.js (in classpath store file:
o/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/templates/webscripts)': 08010032 User not found: USERNAME
at org.alfresco.repo.jscript.RhinoScriptProcessor.execute(RhinoScriptProcessor.java:178)
at org.alfresco.repo.processor.ScriptServiceImpl.executeScript(ScriptServiceImpl.java:274)
at org.alfresco.repo.web.scripts.RepositoryScriptProcessor.executeScript(RepositoryScriptProcessor.java:108)
at org.alfresco.web.scripts.AbstractWebScript.executeScript(AbstractWebScript.java:819)
at org.alfresco.web.scripts.DeclarativeWebScript.execute(DeclarativeWebScript.java:90)
… 21 more
Caused by: org.alfresco.repo.security.authentication.AuthenticationException: 08010032 User not found: USERNAME
at org.alfresco.repo.security.authentication.RepositoryAuthenticationDao.setEnabled(RepositoryAuthenticationDao.java:563)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:95)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy91.setEnabled(Unknown Source)
at org.alfresco.repo.jscript.People.enableAccount(People.java:290)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:155)
at org.mozilla.javascript.NativeJavaMethod.call(NativeJavaMethod.java:243)
at org.mozilla.javascript.optimizer.OptRuntime.call1(OptRuntime.java:66)
at org.mozilla.javascript.gen.c7._c1(file:C:/Alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/templates/webscripts/org/alfresco/repository/pers
put.json.js:51)
at org.mozilla.javascript.gen.c7.call(file:C:/Alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/templates/webscripts/org/alfresco/repository/per
.put.json.js)
at org.mozilla.javascript.optimizer.OptRuntime.callName0(OptRuntime.java:108)
at org.mozilla.javascript.gen.c7._c0(file:C:/Alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/templates/webscripts/org/alfresco/repository/pers
put.json.js:96)
at org.mozilla.javascript.gen.c7.call(file:C:/Alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/templates/webscripts/org/alfresco/repository/per
.put.json.js)
at org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:393)
at org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:2834)
at org.mozilla.javascript.gen.c7.call(file:C:/Alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/templates/webscripts/org/alfresco/repository/per
.put.json.js)
at org.mozilla.javascript.gen.c7.exec(file:C:/Alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/templates/webscripts/org/alfresco/repository/per
.put.json.js)
at org.alfresco.repo.jscript.RhinoScriptProcessor.executeScriptImpl(RhinoScriptProcessor.java:457)
at org.alfresco.repo.jscript.RhinoScriptProcessor.execute(RhinoScriptProcessor.java:174)
… 25 moreHowever, when a user logs in for the first time in Share using his Windows credentials, then, the account becomes active and details can be updated.
I am completely puzzled and would greatly appreciate your insight on that matter. Let me know if you need more details on config/system/other.
Thanks,
Jonathan
Labels:
- Labels:
-
Archive
22 REPLIES 22
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-01-2009 02:48 AM
Hi,
look this post http://forums.alfresco.com/en/viewtopic.php?f=9&t=20864
i upload last version svn head and compiled, with your chain work normal (os xp 32). http://svn.alfresco.com/repos/alfresco-open-mirror/alfresco/HEAD/
give you passthru-authentication-context.properties and ldap-ad-authentication.properties
look this post http://forums.alfresco.com/en/viewtopic.php?f=9&t=20864
i upload last version svn head and compiled, with your chain work normal (os xp 32). http://svn.alfresco.com/repos/alfresco-open-mirror/alfresco/HEAD/
give you passthru-authentication-context.properties and ldap-ad-authentication.properties
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-02-2009 01:14 AM
Authentication is performed against AlfrescoNTLM and then Pagainst Active Directory (passthru).
LDAP-AD is used only for synchronization purpose.
My passthru-authentication-context.properties is:
And ldap-ad-authentication.properties is:
LDAP-AD is used only for synchronization purpose.
My passthru-authentication-context.properties is:
passthru.authentication.useLocalServer=false
passthru.authentication.domain=MY_DOMAIN
passthru.authentication.servers=
passthru.authentication.guestAccess=false
passthru.authentication.defaultAdministratorUserNames=sabahj
#Timeout value when opening a session to an authentication server, in milliseconds
passthru.authentication.connectTimeout=5000
#Offline server check interval in seconds
passthru.authentication.offlineCheckInterval=300
passthru.authentication.protocolOrder=NetBIOS,TCPIP
passthru.authentication.authenticateCIFS=true
passthru.authentication.authenticateFTP=trueAnd ldap-ad-authentication.properties is:
ldap.authentication.active=false
ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=%s@domain
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://my_domain:389
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=Administrator
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=sabahj@domain
ldap.synchronization.java.naming.security.credentials=my_password
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.groupQuery=(objectclass\=group)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupSearchBase=OU\=Users,OU=\ORGA,DC=DOMAIN,DC=local
ldap.synchronization.userSearchBase=OU\=Users,OU=\ORGA,DC=DOMAIN,DC=local
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=company
ldap.synchronization.defaultHomeFolderProvider=personalHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupType=group
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=memberOptions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-02-2009 01:46 AM
ldap.synchronization.groupSearchBase=OU\=Users,OU=\ORGA,DC=DOMAIN,DC=localmaybe
ldap.synchronization.userSearchBase=OU\=Users,OU=\ORGA,DC=DOMAIN,DC=local
ldap.synchronization.groupSearchBase=OU\=Users,OU\=ORGA,DC=DOMAIN,DC=local
ldap.synchronization.userSearchBase=OU\=Users,OU\=ORGA,DC=DOMAIN,DC=local
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-02-2009 01:49 AM
ldap.authentication.userNameFormat=%s@domain
you have there instead of domain your real AD-Domain, have you?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-02-2009 01:59 AM
you have there instead of domain your real AD-Domain, have you?Do I need to put the real AD domain ? I thought it was just a format naming convention.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-02-2009 02:10 AM
it is my work config for tests (full domain name my-domain.ru)
ldap.authentication.active=true
ldap.authentication.allowGuestLogin=true
ldap.authentication.userNameFormat=%s@my-domain.ru
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://pridc.my-domain.ru:3268
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=iam
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=iam@my-domain.ru
ldap.synchronization.java.naming.security.credentials=password
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.groupQuery=(objectclass\=group)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupSearchBase=ou\=XXXX XXXX XXXXXX,dc=my-domain,dc=ru
ldap.synchronization.userSearchBase=ou\=XXXX XXXX XXXXXX,dc=my-domain,dc=ru
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userOrganizationalIdAttributeName=company
ldap.synchronization.defaultHomeFolderProvider=personalHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupType=group
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=member
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-02-2009 02:58 AM
I changed
ldap.authentication.userNameFormat=%s@MY_DOMAINldap.synchronization.userSearchBase=OU\=Users,OU=\ORGA,DC=DOMAIN,DC=local
ldap.synchronization.userSearchBase=OU\=Users,OU\=ORGA,DC=DOMAIN,DC=local
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-02-2009 06:30 AM
On AD
ldap.authentication.userNameFormat
Should be a UPN. You can check what the correct format is using an LDAP browser. See
http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems#Configuration_2
ldap.authentication.userNameFormat
Should be a UPN. You can check what the correct format is using an LDAP browser. See
http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems#Configuration_2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-02-2009 07:06 PM
On ADOK, using Softerra LDAP Browser, I found that my UPN is "sabahj@MY.DOMAIN"
ldap.authentication.userNameFormat
Should be a UPN. You can check what the correct format is using an LDAP browser. See
http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems#Configuration_2
Now in order to have the synchronization working correctly (imported users are active by default with all their contact details) do I have to put:
ldap.authentication.userNameFormat=%s@MY.DOMAIN #— which would give the correct format
OR
ldap.authentication.userNameFormat=sabahj@MY.DOMAIN #— which is specific to my account
Related Content
- Connection problem with Alfresco in Alfresco Forum
- Problem with sending email from Alfresco version 6.2 - we use office365 in Alfresco Forum
- File Storage with Docker Installation in Alfresco Forum
- Solr search results only for admins in Alfresco Forum
- Solr, search API can't find any result without error in Alfresco Forum
Getting started
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.
