Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Hyland Connect
- Enterprise Platforms
- Alfresco
- Alfresco Archive
- Creating User Spaces using NTLM/LDAP
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Creating User Spaces using NTLM/LDAP
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-31-2008 01:15 PM
I use Alfresco 2.1 CE, on Tomcat and Windows, with NTLM authentication (SSO) and LDAP user/group sync
I'm having trouble changing the location of the user home space that is created when new users log in.
It should be simple to do. I've done all my research, scanning through all these posts and wikiis:
http://forums.alfresco.com/viewtopic.php?t=4666&highlight=nonunique+path
http://forums.alfresco.com/viewtopic.php?t=7133&highlight=nonunique+path
http://wiki.alfresco.com/wiki/Security_and_Authentication#Creating_home_spaces_-_from_1.4_onwards
http://wiki.alfresco.com/wiki/Enterprise_Security_and_Authentication_Configuration#LDAP_People_synch...
My current state:
- NTLM works fine with the built-in homeFolderManager (in authentication-services-context.xml)
- LDAP people sync works fine (using the default homeFolderManager - personalHomeFolderProvider)
- LDAP group sync works fine
All of this results in userhome spaces being created in the company home space.
I just wanted to change the homespaces location for new users. I did the following:
1) authentication-services-context.xml, changed the defaultProvider so that NTLM uses the correct one
2) modified the path for userHomesHomeFolderProvider as follows:
That should have been enough for NTLM
3) For LDAP, modified ldapPeopleExport bean in ldap-authentication-context.xml
AFTER doing this, everything started to break.
A) ON first-time-login of users using NTLM, I get the following error:
B) The LDAP import of people fails with the following error
Looking at the ldap people import package (sample attached below, for 2 elements only), I see that some new users do not have a <sys:node-uuid> specified. The import package fails on the first occurence of this missing data. This does not happen for new users using personalHomeFolderProvider
Whew… that was a long one eh? Sorry that it took soo long to describe the problem, but I've looked very hard for some clues but to no avail.
It seems like changing the "path" on the *HomeFolderProvider is interfereing with something else that prevents a unique space from being generated. When that space is not generated, the user account is not created on demand (NTLM) and the user can not log-in.
Does anyone know what I should do? :cry:
I'm having trouble changing the location of the user home space that is created when new users log in.
It should be simple to do. I've done all my research, scanning through all these posts and wikiis:
http://forums.alfresco.com/viewtopic.php?t=4666&highlight=nonunique+path
http://forums.alfresco.com/viewtopic.php?t=7133&highlight=nonunique+path
http://wiki.alfresco.com/wiki/Security_and_Authentication#Creating_home_spaces_-_from_1.4_onwards
http://wiki.alfresco.com/wiki/Enterprise_Security_and_Authentication_Configuration#LDAP_People_synch...
My current state:
- NTLM works fine with the built-in homeFolderManager (in authentication-services-context.xml)
- LDAP people sync works fine (using the default homeFolderManager - personalHomeFolderProvider)
- LDAP group sync works fine
All of this results in userhome spaces being created in the company home space.
I just wanted to change the homespaces location for new users. I did the following:
1) authentication-services-context.xml, changed the defaultProvider so that NTLM uses the correct one
<bean name="homeFolderManager" class="org.alfresco.repo.security.person.HomeFolderManager">
<property name="nodeService">
<ref bean="nodeService" />
</property>
<property name="policyComponent">
<ref bean="policyComponent" />
</property>
<property name="defaultProvider">
<ref bean="userHomesHomeFolderProvider" /> <!– Was personalHomeFolderProvider–>
</property>
</bean>
2) modified the path for userHomesHomeFolderProvider as follows:
<bean name="userHomesHomeFolderProvider" class="org.alfresco.repo.security.person.UIDBasedHomeFolderProvider">
<property name="serviceRegistry">
<ref bean="ServiceRegistry" />
</property>
<property name="path">
<value>/${spaces.company_home.childname}/${spaces.user_homes.childname}</value>
</property>
<property name="storeUrl">
<value>${spaces.store}</value>
</property>
<property name="homeFolderManager">
<ref bean="homeFolderManager" />
</property>
<property name="inheritsPermissionsOnCreate">
<value>false</value>
</property>
<property name="ownerPemissionsToSetOnCreate">
<set>
<value>All</value>
</set>
</property>
<property name="userPemissions">
<set>
<value>All</value>
</set>
</property>
</bean>
That should have been enough for NTLM
3) For LDAP, modified ldapPeopleExport bean in ldap-authentication-context.xml
<property name="attributeDefaults">
<map>
<entry key="cm:homeFolderProvider">
<value>userHomesHomeFolderProvider</value>
</entry>
</map>
</property>
AFTER doing this, everything started to break.
A) ON first-time-login of users using NTLM, I get the following error:
net.sf.acegisecurity.AuthenticationServiceException: General error; nested exception is java.lang.IllegalStateException: Non-unique path: found : /app:company_home/app:user_homes 0
caused by:
java.lang.IllegalStateException: Non-unique path: found : /app:company_home/app:user_homes 0
B) The LDAP import of people fails with the following error
15:23:35,418 ERROR [org.quartz.core.JobRunShell] Job DEFAULT.ldapPeopleJobDetail threw an unhandled Exception:
org.alfresco.repo.importer.ExportSourceImporterException: Failed to import
at org.alfresco.repo.importer.ExportSourceImporter.doImport(ExportSourceImporter.java:214)
at org.alfresco.repo.importer.ImporterJob.execute(ImporterJob.java:44)
at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
Caused by: org.alfresco.service.cmr.view.ImporterException: Failed to import package at line 56; column 16 due to error: Non-unique path: found : /app:company_home/app:user_homes 0
at org.alfresco.repo.importer.view.ViewParser.parse(ViewParser.java:190)
at org.alfresco.repo.importer.ImporterComponent.parserImport(ImporterComponent.java:360)
at org.alfresco.repo.importer.ImporterComponent.importView(ImporterComponent.java:224)
at org.alfresco.repo.importer.ExportSourceImporter.doImport(ExportSourceImporter.java:182)
… 3 more
Caused by: java.lang.IllegalStateException: Non-unique path: found : /app:company_home/app:user_homes 0
at org.alfresco.repo.security.person.AbstractHomeFolderProvider.resolvePath(AbstractHomeFolderProvider.java:318)
at org.alfresco.repo.security.person.AbstractHomeFolderProvider.getPathNodeRef(AbstractHomeFolderProvider.java:300)
at org.alfresco.repo.security.person.UIDBasedHomeFolderProvider.getHomeFolder(UIDBasedHomeFolderProvider.java:74)
at org.alfresco.repo.security.person.AbstractHomeFolderProvider$OnCreateNode.doWork(AbstractHomeFolderProvider.java:360)
at org.alfresco.repo.security.person.AbstractHomeFolderProvider$OnCreateNode.doWork(AbstractHomeFolderProvider.java:345)
at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:260)
at org.alfresco.repo.security.person.AbstractHomeFolderProvider.onCreateNode(AbstractHomeFolderProvider.java:329)
at org.alfresco.repo.security.person.HomeFolderManager.onCreateNode(HomeFolderManager.java:128)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
……….. it goes on and on……. 6 more
Looking at the ldap people import package (sample attached below, for 2 elements only), I see that some new users do not have a <sys:node-uuid> specified. The import package fails on the first occurence of this missing data. This does not happen for new users using personalHomeFolderProvider
<cm:person view:childName="cm:person">
<cm:ownable></cm:ownable>
<cm:owner>LHE</cm:owner>
<cm:userName>LHE</cm:userName>
<cm:firstName>Liyan</cm:firstName>
<cm:lastName>He</cm:lastName>
<cm:email>LHe@company.com</cm:email>
<cm:organizationId></cm:organizationId>
<cm:homeFolderProvider>userHomesHomeFolderProvider</cm:homeFolderProvider>
<sys:node-uuid>85e91676-f1c8-11db-971b-9974654403be</sys:node-uuid>
</cm:person>
<cm:person view:childName="cm:person">
<cm:ownable></cm:ownable>
<cm:owner>liyantest</cm:owner>
<cm:userName>liyantest</cm:userName>
<cm:firstName>Liyan</cm:firstName>
<cm:lastName>He</cm:lastName>
<cm:email>liyantest@company.com</cm:email>
<cm:organizationId></cm:organizationId>
<cm:homeFolderProvider>userHomesHomeFolderProvider</cm:homeFolderProvider>
</cm:person>
Whew… that was a long one eh? Sorry that it took soo long to describe the problem, but I've looked very hard for some clues but to no avail.
It seems like changing the "path" on the *HomeFolderProvider is interfereing with something else that prevents a unique space from being generated. When that space is not generated, the user account is not created on demand (NTLM) and the user can not log-in.
Does anyone know what I should do? :cry:
Labels:
- Labels:
-
Archive
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-29-2010 08:28 AM
I have exactly the same problem.
Have you fixed this issue?
Thanks!
Martin
Have you fixed this issue?
Thanks!
Martin
Related Content
- Alfresco Set up in Alfresco Forum
- Unable to create "share.log" in Alfresco Forum
- RuntimeService APSv24.3 doesn't backward compatible in Alfresco Forum
- The node just created with the java service does not show up on the database in Alfresco Forum
- Elasticsearch Frequently Asked Question in Alfresco Blog
Getting started
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.
