Hyland Connect

proxyprodigy · ‎04-30-2008

Sorry guys. I've gone thru pretty much all of the threads on this forum with no luck. I've also gone thru the Wiki which doesn't make much sense to me. I have Alfresco running on JBoss on a Linux server. I need a simple site with step-by-step instructions for integrating Active Directory authentication. Please let me know if you have any sites that can help me with this. Any advice would be greatly appreciated.

Thanks in advance…

curious_george · ‎04-30-2008

The wiki isn't perfect, but we've got a workable setup with precisely the kind of environment you have.

What specific errors have you been running into? Let us know.

See this page: http://wiki.alfresco.com/wiki/Configuring_NTLM

I did not change the web.xml (we didn't want NTLM) but I did use the NTLM Passthru Authentication instructions to authentication our Active Directory instead of the Alfresco user database. I hope this helps.

proxyprodigy · ‎04-30-2008

Cool. That looks like it will be what I need. Thanks again.

proxyprodigy · ‎04-30-2008

As for my errors, the only error I've seen so far is "Authentication Credentials Not Found: A valid SecureContext was not provided in the RequestContext."

curious_george · ‎04-30-2008

You can get that error if using NTLM to automatically authenticate against the LDAP, and KeepAlive is turned off. Turn KeepAlive on in Apache httpd. Otherwise you will get that message in IE - It might work in Firefox.

proxyprodigy · ‎05-01-2008

First off, thanks for all you guys' help.

I got my Alfresco authenticating with Active Directory. However, I can only get it to authenticate by typing in the CN value like this:
CN=The Proxy Prodigy,DC=server,DC=com

I have to enter "The Proxy Prodigy" into the login form with the space between the words. I need it to authenticate with the sAMAccountName so that I only have to type in the username such as "ProxyProdigy". I've changed the personQuery to use (objectclass=user), userIdAttributeName to use sAMAccountName, and so on… But, I still have to enter my CN instead of the actual sAMAccountName. Any ideas? Thanks again for your help.

curious_george · ‎05-01-2008

Hmm, did you map the cm:userName atteribute to the sAMAccountName? Also, is your searchBase set correctly? We are also using (objectclass=user) and sAMAccountName for those elements, and we can authenticate with sAMAccountName.

proxyprodigy · ‎05-02-2008

Yep. My searchBase is correct & my cm:userName = sAMAccountName. I'm using Simple instead of DIGEST-MD5. Do you think that could have anything to do with it? I think I read somewhere on this forum that you have to use DIGEST-MD5 for getting the sAMAccountName. But, when I use DIGEST-MD5, I can't authenticate anything. At least with Simple I can authenticate the DN.

curious_george · ‎05-05-2008

Can you post your ldap-authentication-context.xml file? Don't forget to scrub out the sensitive information.

janeerdekens · ‎10-23-2008

I'm working in an AD domain example.com and I'm able to log in with the sAMAccountName if I specify the following userNameFormat '%s@example.com' in my chaining-authentication-context.xml.

Hyland Connect

How do I integrate Alfresco on JBoss with Active Directory?