Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Hyland Connect
- Content Management
- Alfresco
- Alfresco Archive
- Re: Bonjour à tous.J'éssaye de mettre en place la ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Bonjour à tous.J'éssaye de mettre en place la synchronisation...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-03-2006 06:14 AM
Bonjour à tous.
J'éssaye de mettre en place la synchronisation à partir d'un annuaire LDAP.
J'utilise la version Alfresco OpenSource 100% 1.2.1 mais cela ne doit pas être différent de la version Enterprise
Voici ce que j'ai dans mes fichiers de configuration
authentication-services-context.xml
Jérôme.
J'éssaye de mettre en place la synchronisation à partir d'un annuaire LDAP.
J'utilise la version Alfresco OpenSource 100% 1.2.1 mais cela ne doit pas être différent de la version Enterprise
Voici ce que j'ai dans mes fichiers de configuration
authentication-services-context.xml
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<!– =================================================================== –>
<!– This file contains the bean definitions that support authentication –>
<!– =================================================================== –>
<!– –>
<!– Acegi is used for authentication and protecting method calls on public –>
<!– services. To do this requires our authentication mechanism to work –>
<!– within the acegi framework. –>
<!– –>
<!– It is important to decide if user names are case sensitive or not. –>
<!– This is configured in repository.properties. –>
<!– –>
<!– –>
<!– TODO: –>
<!– –>
<!– The transactional wrappers should be removed from the beans in this –>
<!– file. This should be done in the public services definitions. –>
<!– This requires some tests to be fixed up. –>
<!– –>
<beans>
<!– –>
<!– The Acegi authentication manager. –>
<!– –>
<!– Provders are asked to authenticate in order. –>
<!– First, is a provider that checks if an acegi authentication object –>
<!– is already bound to the executing thread. If it is, and it is set –>
<!– as authenticated then no further authentication is required. If –>
<!– this is absent, Acegi validates the password for every method –>
<!– invocation, which is too CPU expensive. If we set an –>
<!– authentication based on a ticket etc …. or we want to set the –>
<!– the system user as the current user … we do not have the –>
<!– password. So if we have set an authentication and set it as –>
<!– authenticated that is sufficient to validate the user. –>
<!– –>
<!– If the authentication bound to the current thread is not set as –>
<!– authenticated the standard Acegi DAO Authentication provider –>
<!– is used to authenticate. –>
<!– –>
<bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<ref bean="authenticatedAuthenticationPassthroughProvider" />
<ref bean="daoAuthenticationProvider" />
</list>
</property>
</bean>
<!– We provide a DAO to plug into the Acegi DaoAuthenticationProvider –>
<bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider">
<property name="authenticationDao">
<ref bean="alfDaoImpl" />
</property>
<property name="saltSource">
<ref bean="saltSource" />
</property>
<property name="passwordEncoder">
<ref bean="passwordEncoder" />
</property>
</bean>
<!– An authentication Provider that just believes authentications –>
<!– bound to the local thread are valid if they are set as –>
<!– authenticated. –>
<bean id="authenticatedAuthenticationPassthroughProvider" class="org.alfresco.repo.security.authentication.AuthenticatedAuthenticationPassthroughProvider" />
<!– The authroity DAO implements an interface extended from the Acegi –>
<!– DAO that supports CRUD. –>
<bean id="alfDaoImpl" class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean">
<property name="proxyInterfaces">
<value>org.alfresco.repo.security.authentication.MutableAuthenticationDao</value>
</property>
<property name="transactionManager">
<ref bean="transactionManager" />
</property>
<property name="target">
<ref bean="authenticationDao"/>
</property>
<property name="transactionAttributes">
<props>
<prop key="*">${server.transaction.mode.default}</prop>
</props>
</property>
</bean>
<bean id="authenticationDao" class="org.alfresco.repo.security.authentication.RepositoryAuthenticationDao">
<property name="nodeService">
<ref bean="nodeService" />
</property>
<property name="dictionaryService">
<ref bean="dictionaryService" />
</property>
<property name="namespaceService">
<ref bean="namespaceService" />
</property>
<property name="searchService">
<ref bean="searchService" />
</property>
<property name="userNamesAreCaseSensitive">
<value>${user.name.caseSensitive}</value>
</property>
<property name="passwordEncoder">
<ref bean="passwordEncoder" />
</property>
</bean>
<!–**************************************************************************–>
<!– EBI ADD ******************–>
<!– Authentification par LDAP ******************–>
<!–**************************************************************************–>
<bean id="ldapInitialDirContextFactory" class="org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl">
<property name="initialDirContextEnvironment">
<map>
<entry key="java.naming.factory.initial">
<value>com.sun.jndi.ldap.LdapCtxFactory</value>
</entry>
<entry key="java.naming.provider.url">
<value>ldap://192.168.10.220:389</value>
</entry>
<entry key="java.naming.security.authentication">
<value>simple</value>
</entry>
<entry key="java.naming.security.principal">
<value>reader</value>
</entry>
<entry key="java.naming.security.credentials">
<value>secret</value>
</entry>
</map>
</property>
</bean>
<!– The DAO also acts as a salt provider. –>
<alias alias="saltSource" name="alfDaoImpl"/>
<!– Passwords are encoded using MD4 –>
<!– This is not ideal and only done to be compatible with NTLM –>
<!– authentication against the default authentication mechanism. –>
<bean id="passwordEncoder" class="org.alfresco.repo.security.authentication.MD4PasswordEncoderImpl"></bean>
<!–
<bean id="userType" class="org.alfresco.repo.security.authentication.UserType" init-method="init">
<property name="policyComponent">
<ref bean="policyComponent" />
</property>
<property name="nodeService">
<ref bean="nodeService" />
</property>
<property name="passwordEncoder">
<ref bean="passwordEncoder" />
</property>
</bean>
–>
<!– A transactional wrapper around the implementation. –>
<!– TODO: This should be removed. –>
<bean id="authenticationService" class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean">
<property name="proxyInterfaces">
<value>org.alfresco.service.cmr.security.AuthenticationService</value>
</property>
<property name="transactionManager">
<ref bean="transactionManager" />
</property>
<property name="target">
<ref bean="authenticationServiceImpl" />
</property>
<property name="transactionAttributes">
<props>
<prop key="*">${server.transaction.mode.default}</prop>
</props>
</property>
</bean>
<!– The Authentication Service implementation. –>
<!– –>
<!– This delegates its work to two services: –>
<!– an AuthenticationComponent and a MutableAuthenticationDAO. –>
<!– –>
<!– The permissions service is required so that permissions can be –>
<!– cleaned up when a user is deleted. –>
<bean id="authenticationServiceImpl" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">
<property name="authenticationDao">
<ref bean="alfDaoImpl" />
</property>
<property name="ticketComponent">
<ref bean="ticketComponent" />
</property>
<property name="authenticationComponent">
<ref bean="authenticationComponentImpl" />
</property>
</bean>
<!– A transactional wrapper that should be removed. –>
<bean id="authenticationComponent" class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean">
<property name="proxyInterfaces">
<value>org.alfresco.repo.security.authentication.AuthenticationComponent</value>
</property>
<property name="transactionManager">
<ref bean="transactionManager" />
</property>
<property name="target">
<ref bean="authenticationComponentImpl" />
</property>
<property name="transactionAttributes">
<props>
<prop key="*">${server.transaction.mode.default}</prop>
</props>
</property>
</bean>
<!– The authentication component. –>
<!–<bean id="authenticationComponentImpl" class="org.alfresco.repo.security.authentication.AuthenticationComponentImpl">
<property name="authenticationDao">
<ref bean="alfDaoImpl" />
</property>
<property name="authenticationManager">
<ref bean="authenticationManager" />
</property>
<property name="allowGuestLogin">
<value>true</value>
</property>
</bean>–>
<!– Simple Authentication component that rejects all authentication requests –>
<!– Use this defintion for Novell IChain integration. –>
<!– It should never go to the login screen so this is not required –>
<!– (Enterprise version only) –>
<!–
<bean id="authenticationComponentImpl" class="org.alfresco.repo.security.authentication.SimpleAcceptOrRejectAllAuthenticationComponentImpl">
</bean>
–>
<!–**************************************************************************–>
<!– EBI ADD ******************–>
<!– Authentification par LDAP ******************–>
<!–**************************************************************************–>
<bean id="authenticationComponentImpl" class="org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl">
<property name="LDAPInitialDirContextFactory">
<ref bean="ldapInitialDirContextFactory" />
</property>
<property name="userNameFormat">
<value>uid=%s,ou=People,dc=excilys,dc=com</value>
</property>
</bean>
<!– The person service. –>
<bean id="personService" class="org.alfresco.repo.security.person.PersonServiceImpl">
<property name="nodeService">
<ref bean="nodeService" />
</property>
<property name="searchService">
<ref bean="searchService" />
</property>
<property name="permissionServiceSPI">
<ref bean="permissionServiceImpl" />
</property>
<property name="authorityService">
<ref bean="authorityService" />
</property>
<property name="namespacePrefixResolver">
<ref bean="namespaceService" />
</property>
<!– Configurable properties. –>
<!– –>
<!– TODO: –>
<!– Add support for creating real home spaces adn setting –>
<!– permissions on the hame space and people created. –>
<!– –>
<!– The store in which people are persisted. –>
<property name="storeUrl">
<value>${spaces.store}</value>
</property>
<!– The path to the company home space, used to set the –>
<!– default home space for users that are created if –>
<!– missing. –>
<property name="companyHomePath">
<value>/${spaces.company_home.childname}</value>
</property>
<!– Some authentication mechanisms may need to create people –>
<!– in the repository on demand. This enables that feature. –>
<!– If dsiabled an error will be generated for missing –>
<!– people. If enabled then a person will be created and –>
<!– persisted. –>
<!– –>
<!– This value should be false or only true if the –>
<!– repository is mutable; set from the property –>
<!– ${server.transaction.allow-writes} –>
<property name="createMissingPeople">
<value>${server.transaction.allow-writes}</value>
</property>
<!– Set is user names are case sensitive - taken from the –>
<!– repository wide setting - you are advised not to change –>
<!– this setting. –>
<!– This value should be ${user.name.caseSensitive} –>
<property name="userNamesAreCaseSensitive">
<value>${user.name.caseSensitive}</value>
</property>
</bean>
<!– The ticket component. –>
<!– Used for reauthentication –>
<bean id="ticketComponent" class="org.alfresco.repo.security.authentication.InMemoryTicketComponentImpl">
<!– The period for which tickets are valid in XML duration format. –>
<!– The default is P1H for one hour. –>
<property name="validDuration">
<value>P1H</value>
</property>
<!– Do tickets expire or live for ever? –>
<property name="ticketsExpire">
<value>false</value>
</property>
<!– Are tickets only valid for a single use? –>
<property name="oneOff">
<value>false</value>
</property>
</bean>
<bean id="ldapPeopleExportSource" class="org.alfresco.repo.security.authentication.ldap.LDAPPersonExportSource">
<property name="personQuery">
<value>(objectclass=inetOrgPerson)</value>
</property>
<property name="searchBase">
<value>ou=People,dc=excilys,dc=com</value>
</property>
<property name="userIdAttributeName">
<value>uid</value>
</property>
<property name="LDAPInitialDirContextFactory">
<ref bean="ldapInitialDirContextFactory" />
</property>
<property name="personService">
<ref bean="personService"></ref>
</property>
<property name="namespaceService">
<ref bean="namespaceService" />
</property>
<property name="defaultHomeFolder">
<value>/app:company_home</value>
</property>
<property name="attributeMapping">
<map>
<entry key="cm:userName">
<value>cn</value>
</entry>
<entry key="cm:firstName">
<value>givenName</value>
</entry>
<entry key="cm:lastName">
<value>sn</value>
</entry>
<entry key="cm:email">
<value>mail</value>
</entry>
<entry key="cm:organizationId">
<value>o</value>
</entry>
</map>
</property>
</bean>
<bean id="ldapPeopleImport" class="org.alfresco.repo.importer.ExportSourceImporter">
<property name="importerService">
<ref bean="importerComponent" />
</property>
<property name="transactionService">
<ref bean="transactionComponent"/>
</property>
<property name="authenticationComponent">
<ref bean="authenticationComponent" />
</property>
<property name="exportSource">
<ref bean="ldapPeopleExportSource" />
</property>
<property name="storeRef">
<value>${spaces.store}</value>
</property>
<property name="path">
<value>/${system.system_container.childname}/${system.people_container.childname}</value>
</property>
<property name="clearAllChildren">
<value>false</value>
</property>
<property name="nodeService">
<ref bean="nodeService" />
</property>
<property name="searchService">
<ref bean="searchService" />
</property>
<property name="namespacePrefixResolver">
<ref bean="namespaceService" />
</property>
</bean>
</beans><?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<beans>
<!– –>
<!– Scheduled jobs –>
<!– –>
<bean id="ftsIndexerTrigger" class="org.springframework.scheduling.quartz.SimpleTriggerBean">
<property name="jobDetail">
<bean id="ftsIndexerJobDetail" class="org.springframework.scheduling.quartz.JobDetailBean">
<property name="jobClass">
<value>org.alfresco.repo.search.impl.lucene.fts.FTSIndexerJob</value>
</property>
<property name="jobDataAsMap">
<map>
<entry key="bean">
<ref bean="LuceneFullTextSearchIndexer" />
</entry>
</map>
</property>
</bean>
</property>
<property name="startDelay">
<value>60000</value>
</property>
<property name="repeatInterval">
<value>60000</value>
</property>
</bean>
<bean id="tempFileCleanerTrigger" class="org.springframework.scheduling.quartz.SimpleTriggerBean">
<property name="jobDetail">
<bean id="tempFileCleanerJobDetail" class="org.springframework.scheduling.quartz.JobDetailBean">
<property name="jobClass">
<value>org.alfresco.util.TempFileProvider$TempFileCleanerJob</value>
</property>
<property name="jobDataAsMap">
<map>
<entry key="protectHours">
<value>1</value>
</entry>
</map>
</property>
</bean>
</property>
<property name="startDelay">
<value>1800000</value><!– start after half an hour –>
</property>
<property name="repeatInterval">
<value>3600000</value><!– repeat every hour –>
</property>
</bean>
<bean id="contentStoreCleanerTrigger" class="org.alfresco.util.TriggerBean">
<property name="jobDetail">
<bean id="fileContentStoreCleanerJobDetail" class="org.springframework.scheduling.quartz.JobDetailBean">
<property name="jobClass">
<value>org.alfresco.repo.content.cleanup.ContentStoreCleanupJob</value>
</property>
<property name="jobDataAsMap">
<map>
<entry key="contentStoreCleaner">
<ref bean="contentStoreCleaner" />
</entry>
</map>
</property>
</bean>
</property>
<!– trigger at 4am –>
<property name="hour">
<value>04</value>
</property>
<property name="minute">
<value>00</value>
</property>
<property name="repeatInterval">
<value>86400000</value> <!– repeat daily –>
</property>
</bean>
<bean id="indexRecoveryTrigger" class="org.springframework.scheduling.quartz.SimpleTriggerBean">
<property name="jobDetail">
<bean id="IndexRecoveryJobDetail" class="org.springframework.scheduling.quartz.JobDetailBean">
<property name="jobClass">
<value>org.alfresco.repo.node.index.IndexRecoveryJob</value>
</property>
<property name="jobDataAsMap">
<map>
<entry key="indexRecoveryComponent">
<ref bean="indexRecoveryComponent" />
</entry>
</map>
</property>
</bean>
</property>
<property name="startDelay">
<value>60000</value> <!– start after 1 minute –>
</property>
<property name="repeatCount">
<value>0</value> <!– DO NOT REPEAT !!!!! –>
</property>
</bean>
<bean id="indexBackupTrigger" class="org.alfresco.util.TriggerBean">
<property name="jobDetail">
<bean id="IndexBackupJobDetail" class="org.springframework.scheduling.quartz.JobDetailBean">
<property name="jobClass">
<value>org.alfresco.repo.search.impl.lucene.LuceneIndexerAndSearcherFactory$LuceneIndexBackupJob</value>
</property>
<property name="jobDataAsMap">
<map>
<entry key="luceneIndexBackupComponent">
<ref bean="luceneIndexBackupComponent" />
</entry>
</map>
</property>
</bean>
</property>
<!– trigger at 3am –>
<property name="hour">
<value>03</value>
</property>
<property name="minute">
<value>00</value>
</property>
<property name="repeatInterval">
<value>86400000</value> <!– repeat daily –>
</property>
</bean>
<!– enable DEBUG for 'org.alfresco.repo.cache.EhCacheTracerJob' to activate –>
<bean id="ehCacheTracerJob" class="org.springframework.scheduling.quartz.SimpleTriggerBean">
<property name="jobDetail">
<bean id="ehCacheTracerJobDetail" class="org.springframework.scheduling.quartz.JobDetailBean">
<property name="jobClass">
<value>org.alfresco.repo.cache.EhCacheTracerJob</value>
</property>
</bean>
</property>
<property name="startDelay">
<value>3600000</value><!– start after an hour –>
</property>
<property name="repeatInterval">
<value>3600000</value><!– repeat every hour –>
</property>
</bean>
<bean id="ldapPeopleTrigger" class="org.springframework.scheduling.quartz.SimpleTriggerBean">
<property name="jobDetail">
<bean id="ldapPeopleJobDetail" class="org.springframework.scheduling.quartz.JobDetailBean">
<property name="jobClass">
<value>org.alfresco.repo.importer.ImporterJob</value>
</property>
<property name="jobDataAsMap">
<map>
<entry key="bean">
<ref bean="ldapPeopleImport" />
</entry>
</map>
</property>
</bean>
</property>
<property name="startDelay">
<value>30000</value>
</property>
<property name="repeatInterval">
<value>3600000</value>
</property>
</bean>
<!– Scheduled tasks –>
<bean id="schedulerFactory" class="org.springframework.scheduling.quartz.SchedulerFactoryBean">
<property name="triggers">
<list>
<ref bean="tempFileCleanerTrigger" />
<ref bean="contentStoreCleanerTrigger"/>
<ref bean="ftsIndexerTrigger" />
<ref bean="indexRecoveryTrigger" />
<ref bean="indexBackupTrigger" />
<!–
<ref bean="ldapGroupTrigger" />
–>
<ref bean="ldapPeopleTrigger" />
<!–
<ref bean="ehCacheTracerJob" />
–>
</list>
</property>
<property name="waitForJobsToCompleteOnShutdown">
<value>true</value>
</property>
<property name="configLocation">
<value>classpath:alfresco/domain/quartz.properties</value>
</property>
</bean>
</beans>May 3, 2006 11:29:57 AM org.apache.coyote.http11.Http11BaseProtocol start
INFO: Starting Coyote HTTP/1.1 on http-8080
May 3, 2006 11:29:57 AM org.apache.jk.common.ChannelSocket init
INFO: JK: ajp13 listening on /0.0.0.0:8009
May 3, 2006 11:29:57 AM org.apache.jk.server.JkMain start
INFO: Jk running ID=0 time=0/31 config=null
May 3, 2006 11:29:57 AM org.apache.catalina.storeconfig.StoreLoader load
INFO: Find registry server-registry.xml at classpath resource
May 3, 2006 11:29:57 AM org.apache.catalina.startup.Catalina start
INFO: Server startup in 13103 ms
11:30:24,413 ERROR [quartz.core.JobRunShell] Job DEFAULT.ldapPeopleJobDetail threw an unhandled Exception:
org.alfresco.repo.importer.ExportSourceImporterException: Failed to import
at org.alfresco.repo.importer.ExportSourceImporter.doImport(ExportSourceImporter.java:165)
at org.alfresco.repo.importer.ImporterJob.execute(ImporterJob.java:36)
at org.quartz.core.JobRunShell.run(JobRunShell.java:191)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:516)
Caused by: org.alfresco.repo.security.authentication.AuthenticationException: Unable to connect to LDAP Server; check LDAP configuration
at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.buildInitialDirContext(LDAPInitialDirContextFactoryImpl.java:80)
at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.getDefaultIntialDirContext(LDAPInitialDirContextFactoryImpl.java:65)
at org.alfresco.repo.security.authentication.ldap.LDAPPersonExportSource.generateExport(LDAPPersonExportSource.java:145)
at org.alfresco.repo.importer.ExportSourceImporter.doImport(ExportSourceImporter.java:149)
… 3 more
Caused by: javax.naming.InvalidNameException: [LDAP: error code 34 - invalid DN]
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2926)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2732)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2646)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:283)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.InitialContext.<init>(InitialContext.java:197)
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.buildInitialDirContext(LDAPInitialDirContextFactoryImpl.java:72)
… 6 moreJérôme.
Labels:
- Labels:
-
Archive
21 REPLIES 21
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-21-2006 09:08 AM
Désolé en fait j'ai toujours un problème.
Depuis que LDAP tourne, mon serveur CIFS ne fonctionne plus :
Voici le log en question
Depuis que LDAP tourne, mon serveur CIFS ne fonctionne plus :
Voici le log en question
14:51:48,582 ERROR [alfresco.smb.protocol] File server configuration error, Wrong authentication setup for alfresco authenticatorOptions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-21-2006 09:49 AM
Une recherche sur le forum avec les mots "ldap" et "cifs" nous amène ici :
http://forum.alfresco-fr.org/viewtopic.php?pid=746#p746
C'est une bonne piste
http://forum.alfresco-fr.org/viewtopic.php?pid=746#p746
C'est une bonne piste
Getting started
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.
