Hyland Community
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Creating User Spaces using NTLM/LDAP

qasimh
Champ in-the-making
Champ in-the-making

‎01-31-2008 01:15 PM

I use Alfresco 2.1 CE, on Tomcat and Windows, with NTLM authentication (SSO) and LDAP user/group sync

I'm having trouble changing the location of the user home space that is created when new users log in.

It should be simple to do.  I've done all my research, scanning through all these posts and wikiis:
http://forums.alfresco.com/viewtopic.php?t=4666&highlight=nonunique+path
http://forums.alfresco.com/viewtopic.php?t=7133&highlight=nonunique+path
http://wiki.alfresco.com/wiki/Security_and_Authentication#Creating_home_spaces_-_from_1.4_onwards
http://wiki.alfresco.com/wiki/Enterprise_Security_and_Authentication_Configuration#LDAP_People_synch...

My current state:
- NTLM works fine with the built-in homeFolderManager (in authentication-services-context.xml)
- LDAP people sync works fine (using the default homeFolderManager - personalHomeFolderProvider)
- LDAP group sync works fine
All of this results in userhome spaces being created in the company home space.

I just wanted to change the homespaces location for new users.  I did the following:

1) authentication-services-context.xml, changed the defaultProvider so that NTLM uses the correct one
    <bean name="homeFolderManager" class="org.alfresco.repo.security.person.HomeFolderManager">        <property name="nodeService">            <ref bean="nodeService" />        </property>        <property name="policyComponent">            <ref bean="policyComponent" />        </property>        <property name="defaultProvider">            <ref bean="userHomesHomeFolderProvider" />  <!– Was personalHomeFolderProvider–>        </property>    </bean>‍‍‍‍‍‍‍‍‍‍‍‍‍

2) modified the path for userHomesHomeFolderProvider as follows:
    <bean name="userHomesHomeFolderProvider" class="org.alfresco.repo.security.person.UIDBasedHomeFolderProvider">        <property name="serviceRegistry">            <ref bean="ServiceRegistry" />        </property>        <property name="path">           <value>/${spaces.company_home.childname}/${spaces.user_homes.childname}</value>        </property>        <property name="storeUrl">           <value>${spaces.store}</value>        </property>        <property name="homeFolderManager">            <ref bean="homeFolderManager" />        </property>        <property name="inheritsPermissionsOnCreate">            <value>false</value>        </property>        <property name="ownerPemissionsToSetOnCreate">            <set>                <value>All</value>            </set>        </property>        <property name="userPemissions">            <set>                <value>All</value>            </set>        </property>    </bean>‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

That should have been enough for NTLM

3) For LDAP, modified ldapPeopleExport bean in ldap-authentication-context.xml 
        <property name="attributeDefaults">            <map>                <entry key="cm:homeFolderProvider">                    <value>userHomesHomeFolderProvider</value>                </entry>            </map>        </property>‍‍‍‍‍‍‍‍‍

AFTER doing this, everything started to break.

A) ON first-time-login of users using NTLM, I get the following error:
net.sf.acegisecurity.AuthenticationServiceException: General error; nested exception is java.lang.IllegalStateException: Non-unique path: found : /app:company_home/app:user_homes 0caused by:java.lang.IllegalStateException: Non-unique path: found : /app:company_home/app:user_homes 0‍‍‍‍‍

B)  The LDAP import of people fails with the following error
15:23:35,418 ERROR [org.quartz.core.JobRunShell] Job DEFAULT.ldapPeopleJobDetail threw an unhandled Exception: org.alfresco.repo.importer.ExportSourceImporterException: Failed to import   at org.alfresco.repo.importer.ExportSourceImporter.doImport(ExportSourceImporter.java:214)   at org.alfresco.repo.importer.ImporterJob.execute(ImporterJob.java:44)   at org.quartz.core.JobRunShell.run(JobRunShell.java:202)   at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)Caused by: org.alfresco.service.cmr.view.ImporterException: Failed to import package at line 56; column 16 due to error: Non-unique path: found : /app:company_home/app:user_homes 0   at org.alfresco.repo.importer.view.ViewParser.parse(ViewParser.java:190)   at org.alfresco.repo.importer.ImporterComponent.parserImport(ImporterComponent.java:360)   at org.alfresco.repo.importer.ImporterComponent.importView(ImporterComponent.java:224)   at org.alfresco.repo.importer.ExportSourceImporter.doImport(ExportSourceImporter.java:182)   … 3 moreCaused by: java.lang.IllegalStateException: Non-unique path: found : /app:company_home/app:user_homes 0   at org.alfresco.repo.security.person.AbstractHomeFolderProvider.resolvePath(AbstractHomeFolderProvider.java:318)   at org.alfresco.repo.security.person.AbstractHomeFolderProvider.getPathNodeRef(AbstractHomeFolderProvider.java:300)   at org.alfresco.repo.security.person.UIDBasedHomeFolderProvider.getHomeFolder(UIDBasedHomeFolderProvider.java:74)   at org.alfresco.repo.security.person.AbstractHomeFolderProvider$OnCreateNode.doWork(AbstractHomeFolderProvider.java:360)   at org.alfresco.repo.security.person.AbstractHomeFolderProvider$OnCreateNode.doWork(AbstractHomeFolderProvider.java:345)   at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:260)   at org.alfresco.repo.security.person.AbstractHomeFolderProvider.onCreateNode(AbstractHomeFolderProvider.java:329)   at org.alfresco.repo.security.person.HomeFolderManager.onCreateNode(HomeFolderManager.java:128)   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)……….. it goes on and on……. 6 more‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

Looking at the ldap people import package (sample attached below, for 2 elements only), I see that some new users do not have a <sys:node-uuid> specified.  The import package fails on the first occurence of this missing data.  This does not happen for new users using personalHomeFolderProvider
   <cm:person view:childName="cm:person">      <cm:ownable></cm:ownable>      <cm:owner>LHE</cm:owner>      <cm:userName>LHE</cm:userName>      <cm:firstName>Liyan</cm:firstName>      <cm:lastName>He</cm:lastName>      <cm:email>LHe@company.com</cm:email>      <cm:organizationId></cm:organizationId><cm:homeFolderProvider>userHomesHomeFolderProvider</cm:homeFolderProvider>      <sys:node-uuid>85e91676-f1c8-11db-971b-9974654403be</sys:node-uuid>   </cm:person>   <cm:person view:childName="cm:person">      <cm:ownable></cm:ownable>      <cm:owner>liyantest</cm:owner>      <cm:userName>liyantest</cm:userName>      <cm:firstName>Liyan</cm:firstName>      <cm:lastName>He</cm:lastName>      <cm:email>liyantest@company.com</cm:email>      <cm:organizationId></cm:organizationId><cm:homeFolderProvider>userHomesHomeFolderProvider</cm:homeFolderProvider>   </cm:person>‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

Whew… that was a long one eh?  Sorry that it took soo long to describe the problem, but I've looked very hard for some clues but to no avail.

It seems like changing the "path" on the *HomeFolderProvider is interfereing with something else that prevents a unique space from being generated.  When that space is not generated, the user account is not created on demand (NTLM) and the user can not log-in.

Does anyone know what I should do?  :cry:
Labels:
0 Kudos
1 REPLY 1

mko123
Champ in-the-making
Champ in-the-making

‎03-29-2010 08:28 AM

I have exactly the same problem.
Have you fixed this issue?

Thanks!
Martin
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC
Top