few users are unable to authenticate by ldap?why?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-02-2010 06:32 AM
Hi guys,
I am facing a strange issue.
I am using this ldap.authentication.userNameFormat as mentioned below
ldap.authentication.userNameFormat=CN=%s,ou=Alfresco_West,dc=dare,dc=local
in ldap authentication file
"/opt/alfresco/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap/ldap1/ldap-authentication.properties"
Its really strange, few users are able to authenticate while others or not. Any idea why? or how can I troubleshoot it?
Thanks in advance.
Soh
I am facing a strange issue.
I am using this ldap.authentication.userNameFormat as mentioned below
ldap.authentication.userNameFormat=CN=%s,ou=Alfresco_West,dc=dare,dc=local
in ldap authentication file
"/opt/alfresco/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap/ldap1/ldap-authentication.properties"
Its really strange, few users are able to authenticate while others or not. Any idea why? or how can I troubleshoot it?
Thanks in advance.
Soh
Labels:
- Labels:
-
Archive
17 REPLIES 17
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-02-2010 07:20 AM
Add this to log4j.properties
log4j.logger.org.alfresco.repo.security.authentication=debug
What do you see in alfresco.log when one of the users tries to log in?
log4j.logger.org.alfresco.repo.security.authentication=debug
What do you see in alfresco.log when one of the users tries to log in?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-02-2010 09:31 AM
Hi dward,
Thanks for replying here.
# find /opt/alfresco/ -name log4j.properties
/opt/alfresco/tomcat/webapps/share/WEB-INF/classes/log4j.properties
/opt/alfresco/tomcat/webapps/mobile/WEB-INF/classes/log4j.properties
/opt/alfresco/tomcat/webapps/alfresco/WEB-INF/classes/log4j.properties
I have added
log4j.logger.org.alfresco.repo.security.authentication=debug
in
/opt/alfresco/tomcat/webapps/alfresco/WEB-INF/classes/log4j.properties
I can't find the file alfresco.log?
# find /opt/alfresco/ -name alfresco.log
[root@alfOxf ~]#
Do I have to create it manually?
Thanks for replying here.
# find /opt/alfresco/ -name log4j.properties
/opt/alfresco/tomcat/webapps/share/WEB-INF/classes/log4j.properties
/opt/alfresco/tomcat/webapps/mobile/WEB-INF/classes/log4j.properties
/opt/alfresco/tomcat/webapps/alfresco/WEB-INF/classes/log4j.properties
I have added
log4j.logger.org.alfresco.repo.security.authentication=debug
in
/opt/alfresco/tomcat/webapps/alfresco/WEB-INF/classes/log4j.properties
I can't find the file alfresco.log?
# find /opt/alfresco/ -name alfresco.log
[root@alfOxf ~]#
Do I have to create it manually?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-02-2010 10:29 AM
Now when I start logging from Alfresco I get these logs in catalina.out
I get the same error with other users, so few users are being authenticated and few not. svc123 exists and other users are also exist which are being authenticated by ldap. Any help?
Soh
15:16:53,153 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] Authenticating user "test0011"15:16:53,164 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] Setting the current user to "test0011"15:16:53,164 User:test0011 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] User "test0011" authenticated successfully15:16:57,832 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] Setting the current user to "test0011"15:17:10,806 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] Authenticating user "SVC_ALF"15:17:10,810 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] Setting the current user to "SVC_ALF"15:17:10,810 User:SVC_ALF DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] User "SVC_ALF" authenticated successfully15:17:14,219 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] Setting the current user to "SVC_ALF"15:17:30,073 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] Authenticating user "svc123"15:17:30,075 DEBUG [authentication.ldap.LDAPAuthenticationComponentImpl] [b]Failed to authenticate user "svc123"[/b]org.alfresco.repo.security.authentication.AuthenticationException: 02020005 LDAP authentication failed. at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.buildInitialDirContext(LDAPInitialDirContextFact oryImpl.java:116) at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.getInitialDirContext(LDAPInitialDirContextFactor yImpl.java:199) at org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl.authenticateImpl(LDAPAuthenticationComponentImpl. java:128) at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent.authenticate(AbstractAuthenticationComponent.java:164) at org.alfresco.repo.security.authentication.AuthenticationServiceImpl.authenticate(AuthenticationServiceImpl.java:127) at org.alfresco.repo.security.authentication.AbstractChainingAuthenticationService.authenticate(AbstractChainingAuthenticationServi ce.java:165) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:304) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149) at net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:80) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171) at org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor.invoke(ExceptionTranslatorMethodInterceptor.jav a:49) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171) at org.alfresco.repo.audit.AuditMethodInterceptor.invoke(AuditMethodInterceptor.java:147) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171) at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:106) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204) at $Proxy27.authenticate(Unknown Source) at org.alfresco.web.bean.LoginBean.login(LoginBean.java:295) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.myfaces.el.MethodBindingImpl.invoke(MethodBindingImpl.java:132) at org.apache.myfaces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:61) at javax.faces.component.UICommand.broadcast(UICommand.java:109) at javax.faces.component.UIViewRoot._broadcastForPhase(UIViewRoot.java:97) at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:171) at org.apache.myfaces.lifecycle.InvokeApplicationExecutor.execute(InvokeApplicationExecutor.java:32) at org.apache.myfaces.lifecycle.LifecycleImpl.executePhase(LifecycleImpl.java:95) at org.apache.myfaces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:70) at javax.faces.webapp.FacesServlet.service(FacesServlet.java:139) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.alfresco.web.app.servlet.AuthenticationFilter.doFilter(AuthenticationFilter.java:124) at sun.reflect.GeneratedMethodAccessor397.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:122) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204) at $Proxy187.doFilter(Unknown Source) at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:88) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.alfresco.repo.web.filter.beans.NullFilter.doFilter(NullFilter.java:74) at sun.reflect.GeneratedMethodAccessor397.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:122) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204) at $Proxy187.doFilter(Unknown Source) at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:88) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) at java.lang.Thread.run(Thread.java:619)Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext er ror, data 525, vece]at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3041) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2789) at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2703) at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66) at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288) at javax.naming.InitialContext.init(InitialContext.java:223) at javax.naming.InitialContext.<init>(InitialContext.java:197) at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82) at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.buildInitialDirContext(LDAPInitialDirContextFactoryImpl.java:111) … 70 moreI get the same error with other users, so few users are being authenticated and few not. svc123 exists and other users are also exist which are being authenticated by ldap. Any help?
Soh
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-02-2010 03:15 PM
According to this page the "data 525" part of your error message means "User Not Found" in AD.
http://www-01.ibm.com/support/docview.wss?rs=688&uid=swg21290631
I see you are using a fixed user DN format
ldap.authentication.userNameFormat=CN=%s,ou=Alfresco_West,dc=dare,dc=local
Could it be that some user IDs cannot be resolved this way? E.g. some users are not in the Alfresco_West ou or something else?
If you are using a recent version of 3.2, you can set the format mask to be empty in tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap/ldap1/ldap-authentication.properties, in which case it will use userQuery to resolve the DN. This is more flexible and can cope with users spread around different ous.
ldap.authentication.userNameFormat=
But I note that you are using Active Directory. I am therefore wondering why you are using CN as the user ID attribute and not SAMAccountName. In fact, why aren't you using the ldap-ad subsystem?
Please see the notes here about setting userNameFormat to a UPN. This is the best (and default) solution for AD.
http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems#Configuration_2
http://www-01.ibm.com/support/docview.wss?rs=688&uid=swg21290631
I see you are using a fixed user DN format
ldap.authentication.userNameFormat=CN=%s,ou=Alfresco_West,dc=dare,dc=local
Could it be that some user IDs cannot be resolved this way? E.g. some users are not in the Alfresco_West ou or something else?
If you are using a recent version of 3.2, you can set the format mask to be empty in tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap/ldap1/ldap-authentication.properties, in which case it will use userQuery to resolve the DN. This is more flexible and can cope with users spread around different ous.
ldap.authentication.userNameFormat=
But I note that you are using Active Directory. I am therefore wondering why you are using CN as the user ID attribute and not SAMAccountName. In fact, why aren't you using the ldap-ad subsystem?
Please see the notes here about setting userNameFormat to a UPN. This is the best (and default) solution for AD.
http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems#Configuration_2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-03-2010 05:10 AM
dward when i write ldap.authentication.userNameFormat=%s@mydomain
i can see only the user from my pc.
when i leave it blank like this ldap.authentication.userNameFormat=
i see noone….
i can see only the user from my pc.
when i leave it blank like this ldap.authentication.userNameFormat=
i see noone….
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-03-2010 05:16 AM
What do you mean "I can see"? Do you mean "I can authenticate as"?
If it doesn't work when userNameFormat is blank then your personQuery is probably configured wrongly. Is LDAP sync working? I.e. have users and groups been created in Alfresco for all your LDAP users and groups?
If it doesn't work when userNameFormat is blank then your personQuery is probably configured wrongly. Is LDAP sync working? I.e. have users and groups been created in Alfresco for all your LDAP users and groups?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-03-2010 06:05 AM
well i play with it for a while and i understood that when i login for the first time with a valid username and password which exists on Active Directory then it creates ( like unlocking ) the user and can see him from user query. but in the query i can see only those users that has been "added" due to this action.
for sync i don't know if it is running correclty
i get those errors and warn hope they can help you
for sync i don't know if it is running correclty
i get those errors and warn hope they can help you
12:56:39,394 INFO [org.alfresco.config.JndiPropertiesFactoryBean] Loading properties file from class path resource [alfresco/repository.properties]12:56:39,394 INFO [org.alfresco.config.JndiPropertiesFactoryBean] Loading properties file from class path resource [alfresco/domain/transaction.properties]12:56:39,409 INFO [org.alfresco.config.JndiPropertiesFactoryBean] Loading properties file from URL [file:/C:/Alfresco/tomcat/shared/classes/alfresco-global.properties]12:56:39,612 INFO [org.alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties]12:56:55,675 INFO [org.alfresco.config.JndiPropertiesFactoryBean] Loading properties file from file [C:\Alfresco\tomcat\shared\classes\alfresco\extension\subsystems\Authentication\ldap-ad\ldap-ad1\ldap-ad-authentication.properties]12:57:25,566 INFO [org.alfresco.repo.domain.schema.SchemaBootstrap] Schema managed by database dialect org.hibernate.dialect.MySQLInnoDBDialect.12:57:28,753 INFO [org.alfresco.repo.domain.schema.SchemaBootstrap] No changes were made to the schema.12:57:30,597 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'sysAdmin' subsystem, ID: [sysAdmin, default]12:57:30,612 INFO [org.alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties]12:57:30,628 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'sysAdmin' subsystem, ID: [sysAdmin, default] complete12:57:35,237 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'thirdparty' subsystem, ID: [thirdparty, default]12:57:35,269 INFO [org.alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties]12:57:37,925 ERROR [org.alfresco.util.exec.RuntimeExecBootstrapBean] Bootstrap command failed: Execution result: os: Windows XP command: [soffice, -accept=socket,host=localhost,port=8100;urp;StarOffice.ServiceManager, -env:UserInstallation=file:///C:/Alfresco/alf_data/oouser, -nologo, -headless, -nofirststartwizard, -nocrashrep, -norestore] succeeded: false exit code: 2 out: err: Cannot run program "soffice": CreateProcess error=2, The system cannot find the file specified12:57:39,034 WARN [org.alfresco.util.OpenOfficeConnectionTester] An initial OpenOffice connection could not be established.12:57:39,816 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'thirdparty' subsystem, ID: [thirdparty, default] complete12:57:39,972 WARN [org.alfresco.repo.admin.ConfigurationChecker] The Alfresco 'dir.root' property is set to a relative path './alf_data'. 'dir.root' should be overridden to point to a specific folder.12:57:39,972 INFO [org.alfresco.repo.admin.ConfigurationChecker] The Alfresco root data directory ('dir.root') is: .\alf_data12:57:40,050 INFO [org.alfresco.repo.admin.patch.PatchExecuter] Checking for patches to apply …12:57:40,753 INFO [org.alfresco.repo.admin.patch.PatchExecuter] No patches were required.12:57:40,769 INFO [org.alfresco.repo.module.ModuleServiceImpl] Found 1 module(s).12:57:40,925 INFO [org.alfresco.repo.module.ModuleServiceImpl] Starting module 'org.alfresco.module.vti' version 1.2.12:57:41,112 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'fileServers' subsystem, ID: [fileServers, default]12:57:41,128 INFO [org.alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties]12:57:41,503 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'Authentication' subsystem, ID: [Authentication, managed, ldap-ad1]12:57:41,550 INFO [org.alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties]12:57:41,675 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'Authentication' subsystem, ID: [Authentication, managed, ldap-ad1] complete12:57:41,706 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'fileServers' subsystem, ID: [fileServers, default] complete12:57:41,706 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'imap' subsystem, ID: [imap, default]12:57:41,737 INFO [org.alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties]12:57:41,878 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'imap' subsystem, ID: [imap, default] complete12:57:41,878 INFO [org.alfresco.repo.usage.UserUsageTrackingComponent] Enabled - calculate missing user usages …12:57:41,925 INFO [org.alfresco.repo.usage.UserUsageTrackingComponent] Found 0 users to recalculate12:57:41,925 INFO [org.alfresco.repo.usage.UserUsageTrackingComponent] … calculated missing usages for 0 users12:57:41,925 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'Synchronization' subsystem, ID: [Synchronization, default]12:57:41,956 INFO [org.alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties]12:57:42,034 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Synchronizing users and groups with user registry 'ldap-ad1'12:57:42,050 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Retrieving all groups from user registry 'ldap-ad1'12:57:42,112 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] ldap-ad1 Group Analysis: Commencing batch of 0 entries12:57:42,128 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] ldap-ad1 Group Analysis: Completed batch of 0 entries12:57:42,128 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Retrieving all users from user registry 'ldap-ad1'12:57:42,144 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] ldap-ad1 User Creation and Association: Commencing batch of 0 entries12:57:42,144 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] ldap-ad1 User Creation and Association: Completed batch of 0 entries12:57:42,144 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Finished synchronizing users and groups with user registry 'ldap-ad1'12:57:42,144 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] 0 user(s) and 0 group(s) processed12:57:42,159 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'Synchronization' subsystem, ID: [Synchronization, default] complete12:57:42,519 INFO [org.alfresco.service.descriptor.DescriptorService] Alfresco JVM - v1.6.0_16-b01; maximum heap size 493,063MB12:57:42,519 WARN [org.alfresco.service.descriptor.DescriptorService] Alfresco JVM - WARNING - maximum heap size 493,063MB is less than recommended 512MB12:57:42,519 INFO [org.alfresco.service.descriptor.DescriptorService] Alfresco started (Community): Current version 3.2.0 (r2 2440) schema 3300 - Originally installed version 3.2.0 (r2 2440) schema 330012:57:43,394 INFO [org.alfresco.module.vti.VtiServer] Vti server started successfully on port: 707012:58:22,253 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'wcm_deployment_receiver' subsystem, ID: [wcm_deployment_receiver, default]12:58:22,300 INFO [org.alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties]12:58:22,534 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'wcm_deployment_receiver' subsystem, ID: [wcm_deployment_receiver, default] complete12:58:25,362 INFO [org.alfresco.config.JBossEnabledWebApplicationContext] Refreshing org.alfresco.config.JBossEnabledWebApplicationContext@f181e9: display name [Root WebApplicationContext]; startup date [Wed Mar 03 12:58:25 EET 2010]; root of context hierarchy12:58:25,878 INFO [org.alfresco.config.JBossEnabledWebApplicationContext] Bean factory for application context [org.alfresco.config.JBossEnabledWebApplicationContext@f181e9]: org.springframework.beans.factory.support.DefaultListableBeanFactory@1e9a8e312:58:27,862 INFO [org.alfresco.web.scripts.DeclarativeRegistry] Registered 22 Web Scripts (+0 failed), 24 URLs12:58:27,878 INFO [org.alfresco.web.scripts.AbstractRuntimeContainer] Initialised Presentation Web Script Container (in 347.1506ms)12:58:28,065 INFO [org.alfresco.web.scripts.DeclarativeRegistry] Registered 40 Web Scripts (+0 failed), 42 URLs12:58:28,097 INFO [org.alfresco.web.scripts.AbstractRuntimeContainer] Initialised WebFramework Web Script Container (in 200.02438ms)12:58:28,190 INFO [org.alfresco.web.site.FrameworkHelper] Successfully Initialized Web Framework12:58:32,518 INFO [org.alfresco.web.site.FrameworkHelper] Successfully Initialized Web FrameworkOptions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-03-2010 06:33 AM
no users and groups have been created
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-03-2010 07:16 AM
Your personQuery and groupQuery must be incorrect.
I think I know why, because it transpires you are using Active Directory.
If you are using Active Directory, use the ldap-ad subsystem! Why don't you read any of the documentation before trying to use the product?
So
1. change alfresco-global.properties
authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap-ad
2.
mkdir -p $TOMCAT_HOME/shared/classes/alfresco/extension/subsystems/Authentication/ldap-ad/ldap1
cp $TOMCAT_HOME/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/ldap-ad/*.properties $TOMCAT_HOME/shared/classes/alfresco/extension/subsystems/Authentication/ldap-ad/ldap1
3. Then edit $TOMCAT_HOME/shared/classes/alfresco/extension/subsystems/Authentication/ldap-ad/ldap1/ldap-ad-authentication.properties so that it matches your environment. There should be no need to change personQuery or groupQuery. Just userSearchBase, groupSearchBase, userNameFormat and username and password.
I think I know why, because it transpires you are using Active Directory.
If you are using Active Directory, use the ldap-ad subsystem! Why don't you read any of the documentation before trying to use the product?
So
1. change alfresco-global.properties
authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap-ad
2.
mkdir -p $TOMCAT_HOME/shared/classes/alfresco/extension/subsystems/Authentication/ldap-ad/ldap1
cp $TOMCAT_HOME/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/ldap-ad/*.properties $TOMCAT_HOME/shared/classes/alfresco/extension/subsystems/Authentication/ldap-ad/ldap1
3. Then edit $TOMCAT_HOME/shared/classes/alfresco/extension/subsystems/Authentication/ldap-ad/ldap1/ldap-ad-authentication.properties so that it matches your environment. There should be no need to change personQuery or groupQuery. Just userSearchBase, groupSearchBase, userNameFormat and username and password.
