I have integrated my alfresco 3.3g in ubuntu to use ldap,which is successfully starting without giving any errors but in the login page, im at loss what credentials to give?
This are my directory entires :-
This is my tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap-ad/ldap-ad1/changes.properties
Could somebody help me out please?
This are my directory entires :-
dn: dc=macif-lfn,dc=com
dc: macif-lfn
objectClass: dcObject
objectClass: organizationalUnit
ou: macif-lfn Incorporated
structuralObjectClass: organizationalUnit
entryUUID: 0b4cd92a-2cda-102f-9b1f-7917974b4103
creatorsName: cn=admin,dc=macif-lfn,dc=com
createTimestamp: 20100726081758Z
entryCSN: 20100726081758.447889Z#000000#000#000000
modifiersName: cn=admin,dc=macif-lfn,dc=com
modifyTimestamp: 20100726081758Z
dn: ou=people,dc=macif-lfn,dc=com
ou: people
objectClass: organizationalUnit
structuralObjectClass: organizationalUnit
entryUUID: 0b4d17d2-2cda-102f-9b20-7917974b4103
creatorsName: cn=admin,dc=macif-lfn,dc=com
createTimestamp: 20100726081758Z
entryCSN: 20100726081758.449519Z#000000#000#000000
modifiersName: cn=admin,dc=macif-lfn,dc=com
modifyTimestamp: 20100726081758Z
dn: cn=Charlton Heston,ou=people,dc=macif-lfn,dc=com
cn: Charlton Heston
sn: Heston
mail: heston@macif-lfn.com
telephoneNumber: 508-555-1212
objectClass: inetOrgPerson
structuralObjectClass: inetOrgPerson
entryUUID: 0b4d2b14-2cda-102f-9b21-7917974b4103
creatorsName: cn=admin,dc=macif-lfn,dc=com
createTimestamp: 20100726081758Z
entryCSN: 20100726081758.450012Z#000000#000#000000
modifiersName: cn=admin,dc=macif-lfn,dc=com
modifyTimestamp: 20100726081758Z
dn: cn=Roddy McDowall,ou=people,dc=macif-lfn,dc=com
cn: Roddy McDowall
sn: McDowall
mail: mcdowall@macif-lfn.com
telephoneNumber: 508-555-1234
objectClass: inetOrgPerson
structuralObjectClass: inetOrgPerson
entryUUID: 0b4d37e4-2cda-102f-9b22-7917974b4103
creatorsName: cn=admin,dc=macif-lfn,dc=com
createTimestamp: 20100726081758Z
entryCSN: 20100726081758.450340Z#000000#000#000000
modifiersName: cn=admin,dc=macif-lfn,dc=com
modifyTimestamp: 20100726081758Z
dn: uid=admin,ou=people,dc=macif-lfn,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: admin
sn: admin
givenName: admin
cn: administrator
displayName: administrator
uidNumber: 1000
gidNumber: 10000
userPassword:: YWRtaW4=
gecos: administrator
loginShell: /bin/bash
homeDirectory: /home/admin
shadowExpire: -1
shadowFlag: 0
shadowWarning: 7
shadowMin: 8
shadowMax: 999999
shadowLastChange: 10877
mail: admin@macif-lfn.com
postalCode: 31000
l: Toulouse
o: macif-lfn
title: System Administrator
postalAddress:
initials: LP
structuralObjectClass: inetOrgPerson
entryUUID: a877a662-2cda-102f-9905-a7bac762f49e
creatorsName: cn=admin,dc=macif-lfn,dc=com
createTimestamp: 20100726082222Z
entryCSN: 20100726082222.130700Z#000000#000#000000
modifiersName: cn=admin,dc=macif-lfn,dc=com
modifyTimestamp: 20100726082222Z
This is my tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap-ad/ldap-ad1/changes.properties
#
# LDAP Sync
#
# This flag enables use of this LDAP subsystem for authentication. It may be
# that this subsytem should only be used for synchronization, in which case
# this flag should be set to false.
ldap.authentication.active=false
ldap.authentication.java.naming.security.authentication=simple
# This flag enables use of this LDAP subsystem for user and group
# synchronization. It may be that this subsystem should only be used for
# authentication, in which case this flag should be set to false.
ldap.synchronization.active=true
ldap.authentication.userNameFormat=%s,ou=Users,dc=macif-lfn,dc=com
ldap.authentication.allowGuestLogin=true
# (macif-lfn specific property)
ldap.authentication.java.naming.provider.url=ldap://localhost:389
# The default principal to bind with (only used for LDAP sync). This should be a UPN or DN
# (macif-lfn specific property)
ldap.synchronization.java.naming.security.principal=cn=admin,dc=macif-lfn,dc=com
# The password for the default principal (only used for LDAP sync)
# (macif-lfn specific property)
ldap.synchronization.java.naming.security.credentials=secret
# If positive, this property indicates that RFC 2696 paged results should be
# used to split query results into batches of the specified size. This
# overcomes any size limits imposed by the LDAP server.
ldap.synchronization.queryBatchSize=1000
# The query to select all objects that represent the groups to import.
# (macif-lfn specific property)
ldap.synchronization.groupQuery=(&(objectclass\=group)(memberOf\=cn\=Alfresco Groups,ou\=user,dc\=macif-lfn,dc\=com))
# The query to select objects that represent the groups to import that have changed since a certain time.
# (macif-lfn specific property)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(memberOf\=cn\=Alfresco Groups,ou\=user,dc\=macif-lfn,dc\=com)(!(modifyTimestamp<\={0})))
# The query to select all objects that represent the users to import.
# (macif-lfn specific property)
ldap.synchronization.personQuery=(&(objectclass\=user)(|(memberOf\=CN\=Developers,OU\=user,DC\=macif-lfn,DC\=com)(memberOf\=CN\=Sales,OU\=user,DC\=macif-lfn,DC\=com))(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
# The query to select objects that represent the users to import that have changed since a certain time.
# (macif-lfn specific property)
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(|(memberOf\=CN\=Developers,OU\=user,DC\=macif-lfn,DC\=com)(memberOf\=CN\=Sales,OU\=user,DC\=macif-lfn,DC\=com))(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(modifyTimestamp<\={0})))
# The group search base restricts the LDAP group query to a sub section of tree on the LDAP server.
# (macif-lfn specific property)
ldap.synchronization.groupSearchBase=dc\=macif-lfn,dc\=com
# The user search base restricts the LDAP user query to a sub section of tree on the LDAP server.
# (macif-lfn specific property)
ldap.synchronization.userSearchBase=dc\=macif-lfn,dc\=com
# The name of the operational attribute recording the last update time for a group or user.
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
# The timestamp format. Unfortunately, this varies between directory servers.
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
# The attribute name on people objects found in LDAP to use as the uid in Alfresco
ldap.synchronization.userIdAttributeName=sAMAccountName
# The attribute on person objects in LDAP to map to the first name property in Alfresco
ldap.synchronization.userFirstNameAttributeName=givenName
# The attribute on person objects in LDAP to map to the last name property in Alfresco
ldap.synchronization.userLastNameAttributeName=sn
# The attribute on person objects in LDAP to map to the email property in Alfresco
ldap.synchronization.userEmailAttributeName=mail
# The attribute on person objects in LDAP to map to the organizational id property in Alfresco
ldap.synchronization.userOrganizationalIdAttributeName=company
# The default home folder provider to use for people created via LDAP import
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
# The attribute on LDAP group objects to map to the gid property in Alfrecso
ldap.synchronization.groupIdAttributeName=cn
# The group type in LDAP
ldap.synchronization.groupType=group
# The person type in LDAP
ldap.synchronization.personType=user
# The attribute in LDAP on group objects that defines the DN for its members
ldap.synchronization.groupMemberAttributeName=member
synchronization.synchronizeChangesOnly=true
Could somebody help me out please?
Hi Jeff…
thanks for noticing the error in my file.
But even after i corrected it to ou=people in my changes.properties and restarted the server, i was not able to login
Is there any configuration issue?
Users are getting recognised by the Alfresco system allright as proved by the logs:-
Still when I attempt to login using credentials admin,admin or admin,YWRtaW4= (as shown in slapcat output) , Im getting login error !!!
thanks for noticing the error in my file.
But even after i corrected it to ou=people in my changes.properties and restarted the server, i was not able to login
Is there any configuration issue?
Users are getting recognised by the Alfresco system allright as proved by the logs:-
08:31:35,809 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Retrieving all groups from user registry 'ldap-ad1'
08:31:35,860 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] ldap-ad1 Group Analysis: Commencing batch of 0 entries
08:31:35,861 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] ldap-ad1 Group Analysis: Completed batch of 0 entries
08:31:35,863 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Retrieving all users from user registry 'ldap-ad1'
08:31:35,883 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] ldap-ad1 User Creation and Association: Commencing batch of 3 entries
08:31:35,895 WARN [org.alfresco.repo.security.sync.ldap.LDAPUserRegistry] User returned by user search does not have mandatory user id attribute {mail=mail: heston@macif-lfn.com, modifytimestamp=modifyTimestamp: 20100726081758Z, sn=sn: Heston}
08:31:35,895 WARN [org.alfresco.repo.security.sync.ldap.LDAPUserRegistry] User returned by user search does not have mandatory user id attribute {mail=mail: mcdowall@macif-lfn.com, modifytimestamp=modifyTimestamp: 20100726081758Z, sn=sn: McDowall}
08:31:35,896 WARN [org.alfresco.repo.security.sync.ldap.LDAPUserRegistry] User returned by user search does not have mandatory user id attribute {mail=mail: admin@macif-lfn.com, modifytimestamp=modifyTimestamp: 20100726082222Z, givenname=givenName: admin, sn=sn: admin}
08:31:35,896 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] ldap-ad1 User Creation and Association: Completed batch of 3 entries
08:31:35,896 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Finished synchronizing users and groups with user registry 'ldap-ad1'
08:31:35,896 INFO [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] 3 user(s) and 0 group(s) processed
08:31:35,903 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'Synchronization' subsystem, ID: [Synchronization, default] complete
08:31:36,011 INFO [org.alfresco.service.descriptor.DescriptorService] Alfresco JVM - v1.6.0_15-b03; maximum heap size 506.313MB
08:31:36,011 INFO [org.alfresco.service.descriptor.DescriptorService] Alfresco started (Community): Current version 3.3.0 (g 2860) schema 4100 - Originally installed version 3.2.0 (r2 2440) schema 3300
Still when I attempt to login using credentials admin,admin or admin,YWRtaW4= (as shown in slapcat output) , Im getting login error !!!
