Hyland Connect

ajmillar · ‎05-15-2008

Dear all, I'm trying to get chaining working with Alfresco 2.9B and I'm struggling.

When I started out I was able to log in with admin/admin. I then set the LDAP config going and was able to login using my ldap username/password but not with the local admin/admin. I then tried to work with the chaining-authentication-context.xml.sample by renaming it and swapping from JAAS to LDAP values as below (located in tomcat/shared/classes/alfresco/extension)

<?xml version='1.0' encoding='UTF-8'?><!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'><beans>    <!– Chaining –>    <bean id="authenticationServiceImpl" class="org.alfresco.repo.security.authentication.ChainingAuthenticationServiceImpl">        <property name="authenticationServices">            <list>                <ref bean="authenticationServiceImplLDAP"/>            </list>        </property>        <property name="mutableAuthenticationService">            <ref bean="authenticationServiceImplAlfresco"/>        </property>    </bean>        <!– Alfresco Auth –>    <bean id="authenticationServiceImplAlfresco" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">        <property name="authenticationDao">            <ref bean="authenticationDaoAlfresco"/>        </property>        <property name="ticketComponent">            <ref bean="ticketComponent"/>        </property>        <property name="authenticationComponent">            <ref bean="authenticationComponentImplAlfresco"/>        </property>    </bean>    <bean id="authenticationDaoAlfresco" class="org.alfresco.repo.security.authentication.RepositoryAuthenticationDao">        <property name="nodeService">            <ref bean="nodeService"/>        </property>        <property name="dictionaryService">            <ref bean="dictionaryService"/>        </property>        <property name="namespaceService">            <ref bean="namespaceService"/>        </property>        <property name="searchService">            <ref bean="searchService"/>        </property>        <property name="userNamesAreCaseSensitive">            <value>${user.name.caseSensitive}</value>        </property>        <property name="passwordEncoder">            <ref bean="passwordEncoder"/>        </property>    </bean>    <bean id="authenticationComponentImplAlfresco" class="org.alfresco.repo.security.authentication.AuthenticationComponentImpl">        <property name="authenticationDao">            <ref bean="authenticationDaoAlfresco"/>        </property>        <property name="authenticationManager">            <ref bean="authenticationManager"/>        </property>        <property name="allowGuestLogin">            <value>false</value>        </property>    </bean>   <!– LDAP Auth –>    <bean id="authenticationServiceImplLDAP" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">        <property name="authenticationDao">            <ref bean="authenticationDaoLDAP" />        </property>        <property name="ticketComponent">            <ref bean="ticketComponent" />        </property>        <property name="authenticationComponent">            <ref bean="authenticationComponentImplLDAP" />        </property>    </bean>    <bean id="authenticationComponentImplLDAP" class="org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl">        <property name="LDAPInitialDirContextFactory">            <ref bean="ldapInitialDirContextFactory"/>        </property>        <property name="userNameFormat">            <value>cn=%s,ou=edir,ou=people,ou=lifesci,o=dundee</value>        </property>    </bean>    <bean id="authenticationDaoLDAP" class="org.alfresco.repo.security.authentication.ntlm.NullMutableAuthenticationDao"/></beans>‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

I've checked the alfresco.log file and this is all I have

11:53:56,830 ERROR [org.alfresco.repo.content.transform.magick.AbstractImageMagickContentTransformer] ImageMagickContentTransformer not available: Failed to perform ImageMagick transformation: Execution result:    os:         Linux   command:    convert /opt/alfresco/tomcat/temp/Alfresco/ImageMagickContentTransformer_init_source_13831.gif  /opt/alfresco/tomcat/temp/Alfresco/ImageMagickContentTransformer_init_target_13832.png   succeeded:  false   exit code:  1   out:           err:        Cannot run program "convert": java.io.IOException: error=2, No such file or directory11:54:00,256 WARN  [org.springframework.remoting.rmi.RmiRegistryFactoryBean] Could not detect RMI registry - creating new one11:54:06,368 INFO  [org.alfresco.repo.domain.schema.SchemaBootstrap] Schema managed by database dialect org.hibernate.dialect.Oracle9Dialect.11:54:35,882 INFO  [org.alfresco.repo.domain.schema.SchemaBootstrap] No changes were made to the schema.11:54:42,429 INFO  [org.alfresco.repo.admin.ConfigurationChecker] The Alfresco root data directory ('dir.root') is: /opt/alfresco-docs11:54:42,474 INFO  [org.alfresco.repo.admin.patch.PatchExecuter] Checking for patches to apply …11:54:42,869 INFO  [org.alfresco.repo.module.ModuleServiceImpl] Found 0 module(s).11:54:43,015 ERROR [org.alfresco.smb.protocol.auth] No valid CIFS authentication combination available11:54:43,015 ERROR [org.alfresco.smb.protocol.auth] Either enable Kerberos support or use an authentication component that supports MD4 hashed passwords11:54:43,016 ERROR [org.alfresco.smb.protocol] CIFS server configuration error, Invalid CIFS authenticator configurationorg.alfresco.error.AlfrescoRuntimeException: Invalid CIFS authenticator configuration   at org.alfresco.filesys.server.auth.EnterpriseCifsAuthenticator.initialize(EnterpriseCifsAuthenticator.java:378)   at org.alfresco.filesys.server.config.ServerConfiguration.setAuthenticator(ServerConfiguration.java:3503)   at org.alfresco.filesys.server.config.ServerConfiguration.processSecurityConfig(ServerConfiguration.java:2453)   at org.alfresco.filesys.server.config.ServerConfiguration.init(ServerConfiguration.java:689)   at org.alfresco.filesys.server.config.ServerConfiguration.onBootstrap(ServerConfiguration.java:4200)   at org.alfresco.util.AbstractLifecycleBean.onApplicationEvent(AbstractLifecycleBean.java:62)   at org.springframework.context.event.SimpleApplicationEventMulticaster$1.run(SimpleApplicationEventMulticaster.java:77)   at org.springframework.core.task.SyncTaskExecutor.execute(SyncTaskExecutor.java:49)   at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:75)   at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:241)   at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:349)   at org.springframework.web.context.support.AbstractRefreshableWebApplicationContext.refresh(AbstractRefreshableWebApplicationContext.java:156)   at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:246)   at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:184)   at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:49)   at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3764)   at org.apache.catalina.core.StandardContext.start(StandardContext.java:4216)   at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)   at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)   at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)   at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:825)   at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:714)   at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:490)   at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138)   at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)   at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)   at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)   at org.apache.catalina.core.StandardHost.start(StandardHost.java:736)   at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)   at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)   at org.apache.catalina.core.StandardService.start(StandardService.java:448)   at org.apache.catalina.core.StandardServer.start(StandardServer.java:700)   at org.apache.catalina.startup.Catalina.start(Catalina.java:552)   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)   at java.lang.reflect.Method.invoke(Method.java:597)   at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)   at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)11:54:43,211 WARN  [org.alfresco.util.OpenOfficeConnectionTester] A connection to OpenOffice could not be established.11:54:43,216 INFO  [org.alfresco.service.descriptor.DescriptorService] Alfresco JVM - v1.6.0_06-b02; maximum heap size 493.063MB11:54:43,216 WARN  [org.alfresco.service.descriptor.DescriptorService] Alfresco JVM - WARNING - maximum heap size 493.063MB is less than recommended 512MB11:54:43,217 INFO  [org.alfresco.service.descriptor.DescriptorService] Alfresco started (Community Network): Current version 2.9.0 (B 683) schema 116 - Installed version 2.9.0 (B 683) schema 116‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

I've tried changing the alfrescoServiceImpl to alfrescoService, but it just generates even more errors.

Any help would be very much appreciated.

andy · ‎07-28-2008

Hi

Do you still have this issue?

Andy

ajmillar · ‎07-28-2008

Hi Andy,

I had to revert back to the 2.1 edition and it worked almost straight away. The documentation is not the clearest for getting this kind of thing working. Discovered that I had to comment out the following bean in the ldap-authentication-context.xml file before it would work. Got this fix from someone else on the forums. Think I posted it in a seperate thread.

<!–
<bean name="authenticationDao" class="org.alfresco.repo.security.authentication.DefaultMutableAuthenticationDao" >
<property name="allowDeleteUser">
<value>true</value>
</property>
</bean> –>

It really would be a huge benefit if you could find someway to provide a GUI for configuring Alfresco rather than having to edit all these individual XML files. It really opens up a wide scope for errors being introduced into the config of the system that could otherwise be avoided.

Hoping that when 3.0 is released at the end of this week that we'll be able to upgrade our system. We are piloting it with a few groups, but would love to upgrade to the latest version before we roll it out to the whole company.

A

mykelalvis · ‎08-01-2008

I have a similar problem with chaining Alfresco Community 2.9B internal authentication and LDAP.

I have followed the rather sparse documentation and the extensive posts and come up with the following configs. Note that these are the only changes (except for ldap-authentication.properties changes) I've done to a base install of community 2.9B with tomcat.

chaining-authentication-context.xml

<?xml version='1.0' encoding='UTF-8'?><!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'><beans>    <!– Chaining of both the services and components –>    <bean id="authenticationService" class="org.alfresco.repo.security.authentication.ChainingAuthenticationServiceImpl">        <property name="authenticationServices">            <list>                <ref bean="authenticationServiceImplLDAP"/>            </list>        </property><!–        <property name="mutableAuthenticationService">            <ref bean="authenticationServiceImplAlfresco"/>        </property>–>    </bean>        <bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.ChainingAuthenticationComponentImpl">      <property name="authenticationComponents">            <list>      <!–                <ref bean="authenticationComponentImplJAAS"/>      –>                <ref bean="authenticationComponentImplLDAP"/>            </list>        </property>        <property name="mutableAuthenticationComponent">            <ref bean="authenticationComponentImplAlfresco"/>        </property>   </bean>        <!– Alfresco Auth –>        <bean id="authenticationServiceImplAlfresco" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">        <property name="authenticationDao">            <ref bean="authenticationDaoAlfresco"/>        </property>        <property name="ticketComponent">            <ref bean="ticketComponent"/>        </property>        <property name="authenticationComponent">            <ref bean="authenticationComponentImplAlfresco"/>        </property>    </bean>        <bean id="authenticationDaoAlfresco" class="org.alfresco.repo.security.authentication.RepositoryAuthenticationDao">        <property name="nodeService">            <ref bean="nodeService"/>        </property>        <property name="dictionaryService">            <ref bean="dictionaryService"/>        </property>        <property name="namespaceService">            <ref bean="namespaceService"/>        </property>        <property name="searchService">            <ref bean="admSearchService"/>        </property>        <property name="userNamesAreCaseSensitive">            <value>${user.name.caseSensitive}</value>        </property>        <property name="passwordEncoder">            <ref bean="passwordEncoder"/>        </property>    </bean>        <bean id="authenticationComponentImplAlfresco" class="org.alfresco.repo.security.authentication.AuthenticationComponentImpl">        <property name="authenticationDao">            <ref bean="authenticationDaoAlfresco"/>        </property>        <property name="authenticationManager">            <ref bean="authenticationManager"/>        </property>        <property name="allowGuestLogin">            <value>false</value>        </property>    </bean>        <!– LDAP –>        <bean id="authenticationServiceImplLDAP" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">        <property name="authenticationDao">            <ref bean="authenticationDaoLDAP"/>        </property>        <property name="ticketComponent">            <ref bean="ticketComponent"/>        </property>        <property name="authenticationComponent">            <ref bean="authenticationComponentImplLDAP"/>        </property>    </bean>   <bean id="authenticationDaoLDAP" class="org.alfresco.repo.security.authentication.ntlm.NullMutableAuthenticationDao"/></beans>‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

and

ldap-authentication-context.xml

<?xml version='1.0' encoding='UTF-8'?><!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'><beans>       <!– The main configuration has moved into a properties file –>        <bean name="ldapAuthenticationPlaceholderConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">        <property name="ignoreUnresolvablePlaceholders">            <value>true</value>        </property>          <property name="locations">            <value>classpath:alfresco/extension/ldap-authentication.properties</value>        </property>    </bean>        <!– DAO that rejects changes - LDAP is read only at the moment. It does allow users to be deleted with out warnings from the UI. –>    <!–    <bean name="authenticationDao" class="org.alfresco.repo.security.authentication.DefaultMutableAuthenticationDao" >        <property name="allowDeleteUser">            <value>true</value>        </property>    </bean>    –>       <!– LDAP authentication configuration –>        <!–         You can also use JAAS authentication for Kerberos against Active Directory or NTLM if you also require single sign on from the    web browser. You do not have to use LDAP authentication to synchronise groups and users from an LDAP store if it supports other    authentication routes, like Active Directory.        –>        <!–    <bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl">    –>    <bean id="authenticationComponentImplLDAP" class="org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl">        <property name="LDAPInitialDirContextFactory">            <ref bean="ldapInitialDirContextFactory"/>        </property>        <property name="userNameFormat">            <!–                        This maps between what the user types in and what is passed through to the underlying LDAP authentication.                        "%s" - the user id is passed through without modification.            Used for LDAP authentication such as DIGEST-MD5, anything that is not "simple".                        "cn=%s,ou=London,dc=company,dc=com" - If the user types in "Joe Bloggs" the authenticate as "cn=Joe Bloggs,ou=London,dc=company,dc=com"             Usually for simple authentication. Simple authentication always uses the DN for the user.                        –>            <value>${ldap.authentication.userNameFormat}</value>        </property>    </bean>        <!–        This bean is used to support general LDAP authentication. It is also used to provide read only access to users and groups    to pull them out of the LDAP reopsitory        –>        <bean id="ldapInitialDirContextFactory" class="org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl">        <property name="initialDirContextEnvironment">            <map>                <!– The LDAP provider –>                <entry key="java.naming.factory.initial">                    <value>${ldap.authentication.java.naming.factory.initial}</value>                </entry>                                <!– The url to the LDAP server –>                <!– Note you can use space separated urls - they will be tried in turn until one works –>                <!– This could be used to authenticate against one or more ldap servers (you will not know which one ….) –>                <entry key="java.naming.provider.url">                    <value>${ldap.authentication.java.naming.provider.url}</value>                </entry>                                <!– The authentication mechanism to use      –>                <!– Some sasl authentication mechanisms may require a realm to be set –>                <!–                java.naming.security.sasl.realm –>                <!– The available options will depend on your LDAP provider –>                <entry key="java.naming.security.authentication">                    <value>${ldap.authentication.java.naming.security.authentication}</value>                </entry>                                <!– The id of a user who can read group and user information –>                <!– This does not go through the pattern substitution defined above and is used "as is" –>                <entry key="java.naming.security.principal">                    <value>${ldap.authentication.java.naming.security.principal}</value>                </entry>                                <!– The password for the user defined above –>                <entry key="java.naming.security.credentials">                    <value>${ldap.authentication.java.naming.security.credentials}</value>                </entry>            </map>        </property>    </bean>    </beans>‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

With an appropriate ldap-authentication.properties, I can log in using my LDAP (ActiveDirectory) credentials.

However, note that the mutableAuthenticationService is commented out at the top of the chaining file. If this service is not commented out, several issues appear:

Attempting to login as admin/admin gives:

javax.faces.FacesException: Error calling action method of component with id loginForm:submitcaused by:javax.faces.el.EvaluationException: Exception while invoking expression #{LoginBean.login}caused by:java.lang.NullPointerExceptionShow Detailsjavax.faces.FacesException: Error calling action method of component with id loginForm:submitat org.apache.myfaces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:72)at javax.faces.component.UICommand.broadcast(UICommand.java:109)at javax.faces.component.UIViewRoot._broadcastForPhase(UIViewRoot.java:97)at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:171)at org.apache.myfaces.lifecycle.InvokeApplicationExecutor.execute(InvokeApplicationExecutor.java:32)at org.apache.myfaces.lifecycle.LifecycleImpl.executePhase(LifecycleImpl.java:95)at org.apache.myfaces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:70)at javax.faces.webapp.FacesServlet.service(FacesServlet.java:139)at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)at org.alfresco.web.app.servlet.AuthenticationFilter.doFilter(AuthenticationFilter.java:94)at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870)at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)at java.lang.Thread.run(Thread.java:595)Caused by: javax.faces.el.EvaluationException: Exception while invoking expression #{LoginBean.login}at org.apache.myfaces.el.MethodBindingImpl.invoke(MethodBindingImpl.java:156)at org.apache.myfaces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:61)… 24 moreCaused by: java.lang.NullPointerExceptionat org.alfresco.repo.security.authentication.RepositoryAuthenticationDao.getUserOrNull(RepositoryAuthenticationDao.java:158)at org.alfresco.repo.security.authentication.RepositoryAuthenticationDao.loadUserByUsername(RepositoryAuthenticationDao.java:119)at org.alfresco.repo.security.authentication.AuthenticationComponentImpl.getUserDetails(AuthenticationComponentImpl.java:98)at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent.setCurrentUser(AbstractAuthenticationComponent.java:121)at org.alfresco.repo.security.authentication.AuthenticationComponentImpl.authenticateImpl(AuthenticationComponentImpl.java:75)at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent.authenticate(AbstractAuthenticationComponent.java:74)at org.alfresco.repo.security.authentication.AuthenticationServiceImpl.authenticate(AuthenticationServiceImpl.java:114)at org.alfresco.repo.security.authentication.ChainingAuthenticationServiceImpl.authenticate(ChainingAuthenticationServiceImpl.java:164)at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)at java.lang.reflect.Method.invoke(Method.java:585)at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:281)at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:187)at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:154)at net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:80)at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)at org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor.invoke(ExceptionTranslatorMethodInterceptor.java:49)at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)at org.alfresco.repo.audit.AuditComponentImpl.audit(AuditComponentImpl.java:241)at org.alfresco.repo.audit.AuditMethodInterceptor.invoke(AuditMethodInterceptor.java:69)at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:107)at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:210)at $Proxy20.authenticate(Unknown Source)at org.alfresco.web.bean.LoginBean.login(LoginBean.java:247)at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)at java.lang.reflect.Method.invoke(Method.java:585)at org.apache.myfaces.el.MethodBindingImpl.invoke(MethodBindingImpl.java:132)… 25 moreReturn to applicationLogout‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

Hit the "Back" button to get back to the login page and try an LDAP user.

java.lang.NullPointerExceptionShow Detailsjava.lang.NullPointerExceptionat org.alfresco.repo.security.authentication.RepositoryAuthenticationDao.getUserOrNull(RepositoryAuthenticationDao.java:158)at org.alfresco.repo.security.authentication.RepositoryAuthenticationDao.loadUserByUsername(RepositoryAuthenticationDao.java:119)at org.alfresco.repo.security.authentication.AuthenticationComponentImpl.getUserDetails(AuthenticationComponentImpl.java:98)at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent.setCurrentUser(AbstractAuthenticationComponent.java:121)at org.alfresco.repo.security.authentication.AuthenticationServiceImpl.validate(AuthenticationServiceImpl.java:150)at org.alfresco.repo.security.authentication.ChainingAuthenticationServiceImpl.validate(ChainingAuthenticationServiceImpl.java:277)at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)at java.lang.reflect.Method.invoke(Method.java:585)at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:281)at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:187)at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:154)at net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:80)at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)at org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor.invoke(ExceptionTranslatorMethodInterceptor.java:49)at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)at org.alfresco.repo.audit.AuditComponentImpl.audit(AuditComponentImpl.java:241)at org.alfresco.repo.audit.AuditMethodInterceptor.invoke(AuditMethodInterceptor.java:69)at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:107)at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:210)at $Proxy20.validate(Unknown Source)at org.alfresco.web.app.servlet.AuthenticationHelper.authenticate(AuthenticationHelper.java:229)at org.alfresco.web.app.servlet.AuthenticationHelper.authenticate(AuthenticationHelper.java:109)at org.alfresco.web.app.servlet.AuthenticationFilter.doFilter(AuthenticationFilter.java:75)at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870)at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)at java.lang.Thread.run(Thread.java:595)Return to applicationLogout‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

Close the browser and log in as an LDAP user. This succeeds but a logout produces precisely the same effect as the previous example (i.e. it fails as consistently as I would expect)

Here's where it gets weird:

java.lang.NullPointerExceptionHide Detailsjava.lang.NullPointerExceptionat org.alfresco.repo.security.authentication.RepositoryAuthenticationDao.getUserOrNull(RepositoryAuthenticationDao.java:158)at org.alfresco.repo.security.authentication.RepositoryAuthenticationDao.loadUserByUsername(RepositoryAuthenticationDao.java:11{blahblahblah}‍‍‍‍‍‍‍‍‍‍

The interesting thing here is that the new tab has a perfectly valid login session. I can re-login with any LDAP user I choose. As long as I log out by right-clicking on the logout link and opening a new tab, I can switch users successfully (well, sort of successfully).

However, under no circumstances do I seem to be able to log in as Admin, because the Alfresco internal auth component seems broken and/or misconfigured for chaining.

Hyland Connect

Chaining Alfresco and LDAP