Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Deployed Records Management -> Blew away my authentication

bloodyiron
Champ in-the-making
Champ in-the-making

‎11-26-2013 05:39 PM

So I'm running 4.2d Community Edition.

I was using LDAP-AD for sync and PASSTHRU for authentication.

Today I tried to deploy the Records Management module for testing. I ran the amp deploy script after moving the amps into amps/ and amps_share/, I ran the script while Alfresco was running.

After the script reported it was complete, Alfresco was using a lot of CPU and Tomcat stopped serving Alfresco. I then figured I would wait as it may be processing something.

After 20 minutes I nicely restarted Alfresco, and it came back up. Only to discover my Authentication chain had been blown away.

I had declared my auth chain in repository.properties, and had moved my modified auth subsystems into the relevant shared folders.

I had at first thought that my subsystems had been blown away too, but I was looking in the wrong folder. I had misread a part of the auth subsystems manual page, and was trying to re-create them in "$TOMCAT_HOME/shared/classes/alfresco/extension/subsystems/Authentication" when I should have checked "$TOMCAT_HOME/shared/classes/alfresco/subsystems/Authentication" instead, and would have discovered my subsystems intact.

However, now that I have discovered this, I have tried to re-use the subsystems. I tried to instead add the auth chain configuration to alfresco-globa.properties , only to discover Alfresco seems to now be ignoring my custom subsystems altogether.

I tried re-adding the chain to the repository.properties file, and again, ignoring them.

Why do I think it's ignoring them? Well first off, it's complaining about default settings, like defaultcompany kind of thing. Also cannot create passthru domain bean.

I'm at a loss as to what I've done here and what I can do. Help please?


 2013-11-26 15:39:48,620  ERROR [authentication.ldap.LDAPInitialDirContextFactoryImpl] [localhost-startStop-1] Unable to connect to LDAP Server; check LDAP configuration
 javax.naming.CommunicationException: domaincontroller.company.com:389 [Root exception is java.net.ConnectException: Connection timed out]
Labels:
0 Kudos
2 REPLIES 2

bloodyiron
Champ in-the-making
Champ in-the-making

‎11-27-2013 12:27 PM

So in attempting to resolve this issue I've found a discrepancy in the documentation

When copying the subsystem to the shared folder (outlined below), the documentation suggests a peculiar way to rename it, which doesn't work, and doesn't match what it describes.

So, I copy the relevant subsystem, in this example ldap to this folder:

$TOMCAT_HOME/shared/classes/alfresco/subsystems/Authentication/ldap


Now since I'm modifying that subsystem it's a good idea to rename the folder so that it doesn't overlap with the default ldap subsystem. But here's the problem. The documentation recommends the folder location changes too. The documentation recommends moving it and renaming it to the following:

$TOMCAT_HOME/shared/classes/alfresco/subsystems/Authentication/ldap/myldap


And then in that "myldap" folder is your ldap configs. Then the Documentation recommends the chain entry be myldap:myldap . The second one being the type, the first one being the name. This doesn't work. What I had to do was this:

$TOMCAT_HOME/shared/classes/alfresco/subsystems/Authentication/myldap


And now using myldap:myldap works!

Other parts of the documentation are a bit confusing. Initially I was doing myldap:ldap, and having it under the subfolder as suggested above, which didn't work, it just ended up loading the default subsystem, not the one I had configured under shared.

So now my Auth subsystems work. I did not lose users at all, oddly enough, or permissions. So that's good.
0 Kudos

mrogers
Star Contributor
Star Contributor

‎11-27-2013 12:52 PM

Which page of documentation is wrong?

Your configuration settings, including your auth chain settings should be in  $TOMCAT_HOME/shared/classes/alfresco-global.properties.  

For a simple configuration (only one ldap server) there's no need to touch the subsystem configuration at all.

Your configuration should be under $TOMCAT_HOME/shared/classes/alfresco/extension/subsystems/Authentication/ldap/myldap

your chain should contain myldap:ldap  

0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC