Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Hyland Connect
- Enterprise Platforms
- Alfresco
- Alfresco Archive
- Re: Cannot get LDAP Synch to work with AD
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Cannot get LDAP Synch to work with AD
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-28-2008 02:14 PM
Hi,
I'm in the process of setting up a 2.1 instance and want to synch our users from Active Directory, but just can't seem to get it to work. I've copied over the files:
ldap-authentication.properties
I have two different errors in my log that may be of some help….
This occurs at startup…
This one each time the synch starts..
I'm in the process of setting up a 2.1 instance and want to synch our users from Active Directory, but just can't seem to get it to work. I've copied over the files:
- ldap-synchronisation.properties
ldap-authentication.properties
ldap-synchronisation-context.xml
ldap-authentication.properties
ldap.authentication.userNameFormat=%s
# The LDAP context factory to use
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
# The URL to connect to the LDAP server
ldap.authentication.java.naming.provider.url=ldap://ldap-server.company.com:389
# The authentication mechanism to use
ldap.authentication.java.naming.security.authentication=DIGEST-MD5
#ldap.authentication.java.naming.security.authentication=SIMPLE
# The default principal to use (only used for LDAP sync)
ldap.authentication.java.naming.security.principal=CN=First Last,OU=System Group,OU=Sub Group,DC=corp,DC=company,DC=com
# The password for the default principal (only used for LDAP sync)
ldap.authentication.java.naming.security.credentials=password
# The query to find the people to import
ldap.synchronisation.personQuery=(objectclass=user)
# The search base of the query to find people to import
ldap.synchronisation.personSearchBase=OU=System Group,DC=corp,DC=company,DC=com
# The attribute name on people objects found in LDAP to use as the uid in Alfresco
ldap.synchronisation.userIdAttributeName=sAMAccountName
# The attribute on person objects in LDAP to map to the first name property in Alfresco
ldap.synchronisation.userFirstNameAttributeName=givenName
# The attribute on person objects in LDAP to map to the last name property in Alfresco
ldap.synchronisation.userLastNameAttributeName=sn
# The attribute on person objects in LDAP to map to the email property in Alfresco
ldap.synchronisation.userEmailAttributeName=mail
# The attribute on person objects in LDAP to map to the organizational id property in Alfresco
ldap.synchronisation.userOrganizationalIdAttributeName=o
# The default home folder provider to use for people created via LDAP import
ldap.synchronisation.defaultHomeFolderProvider=personalHomeFolderProvider
# The query to find group objects
ldap.synchronisation.groupQuery=(objectclass=groupOfNames)
# The search base to use to find group objects
ldap.synchronisation.groupSearchBase=OU=System Group,DC=corp,DC=company,DC=com
# The attribute on LDAP group objects to map to the gid property in Alfrecso
ldap.synchronisation.groupIdAttributeName=cn
# The group type in LDAP
ldap.synchronisation.groupType=groupOfNames
# The person type in LDAP
ldap.synchronisation.personType=user
# The attribute in LDAP on group objects that defines the DN for its members
ldap.synchronisation.groupMemberAttributeName=member
# The cron expression defining when people imports should take place
#ldap.synchronisation.import.person.cron=0 0 * * * ?
ldap.synchronisation.import.person.cron=0 0/10 * * * ?
# The cron expression defining when group imports should take place
ldap.synchronisation.import.group.cron=0 30 * * * ?
# Should all groups be cleared out at import time?
# - this is safe as groups are not used in Alfresco for other things (unlike person objects which you should never clear out during an import)
# - setting this to true means old group definitions will be tidied up.
ldap.synchronisation.import.group.clearAllChildren=true
I have two different errors in my log that may be of some help….
This occurs at startup…
18:56:47,917 INFO [org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl] LDAP server does not fall back to anonymous bind for a string uid and password at ldap://ldap-server.company.com:389
18:56:47,931 INFO [org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl] LDAP server does not fall back to anonymous bind for a simple dn and password at ldap://ldap-server.company.com:389
18:56:47,945 INFO [org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl] LDAP server does not fall back to anonymous bind for known principal and invalid credentials at ldap://ldap-server.company.com:389
This one each time the synch starts..
19:00:00,035 ERROR [org.quartz.core.JobRunShell] Job DEFAULT.ldapPeopleJobDetail threw an unhandled Exception:
org.alfresco.repo.importer.ExportSourceImporterException: Failed to import
at org.alfresco.repo.importer.ExportSourceImporter.doImport(ExportSourceImporter.java:214)
at org.alfresco.repo.importer.ImporterJob.execute(ImporterJob.java:44)
at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
Caused by: org.alfresco.repo.security.authentication.AuthenticationException: LDAP authentication failed.
at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.buildInitialDirContext(LDAPInitialDirContextFactoryImpl.java:90)
at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.getDefaultIntialDirContext(LDAPInitialDirContextFactoryImpl.java:79)
at org.alfresco.repo.security.authentication.ldap.LDAPPersonExportSource.generateExport(LDAPPersonExportSource.java:164)
at org.alfresco.repo.importer.ExportSourceImporter.doImport(ExportSourceImporter.java:174)
… 3 more
Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 8009030C: LdapErr: DSID-0C09043E, comment: AcceptSecurityContext error, data 0, vece ]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3005)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2951)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2753)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2667)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:287)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.InitialContext.<init>(InitialContext.java:197)
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.buildInitialDirContext(LDAPInitialDirContextFactoryImpl.java:86)
… 6 more
19:00:00,046 ERROR [org.quartz.core.ErrorLogger] Job (DEFAULT.ldapPeopleJobDetail threw an exception.
org.quartz.SchedulerException: Job threw an unhandled exception. [See nested exception: org.alfresco.repo.importer.ExportSourceImporterException: Failed to import]
at org.quartz.core.JobRunShell.run(JobRunShell.java:213)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
Caused by: org.alfresco.repo.importer.ExportSourceImporterException: Failed to import
at org.alfresco.repo.importer.ExportSourceImporter.doImport(ExportSourceImporter.java:214)
at org.alfresco.repo.importer.ImporterJob.execute(ImporterJob.java:44)
at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
… 1 more
Caused by: org.alfresco.repo.security.authentication.AuthenticationException: LDAP authentication failed.
at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.buildInitialDirContext(LDAPInitialDirContextFactoryImpl.java:90)
at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.getDefaultIntialDirContext(LDAPInitialDirContextFactoryImpl.java:79)
at org.alfresco.repo.security.authentication.ldap.LDAPPersonExportSource.generateExport(LDAPPersonExportSource.java:164)
at org.alfresco.repo.importer.ExportSourceImporter.doImport(ExportSourceImporter.java:174)
… 3 more
Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 8009030C: LdapErr: DSID-0C09043E, comment: AcceptSecurityContext error, data 0, vece ]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3005)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2951)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2753)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2667)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:287)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.InitialContext.<init>(InitialContext.java:197)
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.buildInitialDirContext(LDAPInitialDirContextFactoryImpl.java:86)
… 6 more
Labels:
- Labels:
-
Archive
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-28-2008 05:42 PM
Got it working…sort of.
I changed ldap.authentication.java.naming.security.authentication=SIMPLE
and it worked, i guess DIGEST-MD5 requires revers encryption which isn't set up on our AD, and I don't have control over that.
I changed ldap.authentication.java.naming.security.authentication=SIMPLE
and it worked, i guess DIGEST-MD5 requires revers encryption which isn't set up on our AD, and I don't have control over that.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-03-2008 06:16 AM
I already got it working using Digest-MD5 instead of Simple as authentication method.
you were almost right, but you can't use a DN as your username.
I used this in my ldap-authentication.properties file:
and it worked.
you were almost right, but you can't use a DN as your username.
I used this in my ldap-authentication.properties file:
ldap.authentication.userNameFormat=%s
…..
# The authentication mechanism to use
ldap.authentication.java.naming.security.authentication=DIGEST-MD5
# The default principal to use (only used for LDAP sync)
ldap.authentication.java.naming.security.principal=user name (only the name. e.g myuser)
and it worked.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-03-2008 09:39 AM
Hey, thanks for the reply. I actually decided to CAS for our sign on so users can open Alfresco directly from Liferay without having to re-authenticate.
Related Content
- Error in synching ldap ad in Alfresco Forum
- TTL #133 - Alfresco and Keycloak: Beyond Basic Authentication - Follow up questions in Alfresco Blog
- Solr error unknown_ca in Alfresco Forum
- How to implement Azure AD Integration with alfresco community edition 5.2(We are installed alfresco in cloud). in Alfresco Forum
- how to integrate Active directory with alfresco community 5.2(domain url : xxx.xxx.co.in) in Alfresco Forum
Getting started
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.
