Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Ldap-ad Configuration

thk
Champ on-the-rise
Champ on-the-rise

‎03-10-2016 12:01 PM

We configured ldap-ad in alfresco-global.properties in the following way:

authentication.chain=alfinst:alfrescoNtlm,passthru1Smiley Tongueassthru,ldap-ad1:ldap-ad
alfresco.authentication.authenticateCIFS=true
ldap.authentication.active=false
ldap.synchronization.active=true
passthru.authentication.servers=10.1.1.10\\ota.de,ota.de
passthru.authentication.domain=# Leave blank
passthru.authentication.useLocalServer=false

ntlm.authentication.sso.enabled=false

ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=%s@OTA.DE
ldap.authentication.java.naming.provider.url=ldap://10.1.1.10.OTA.DE:389
ldap.authentication.defaultAdministratorUserNames=alfresco
ldap.synchronization.java.naming.security.principal=alfresco@OTA.DE
ldap.synchronization.java.naming.security.credentials=
ldap.synchronization.groupSearchBase=ou=Security Groups,ou=Alfresco\,dc=OTA,dc=DE
ldap.synchronization.userSearchBase=ou=User Accounts,ou=Alfresco,dc=OTA,dc=DE

In alfresco.log I got:


-1] Synchronizing users and groups with user registry 'ldap-ad1'
2016-03-10 14:09:35,834 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Retrieving all groups from user registry 'ldap-ad1'
2016-03-10 14:09:35,905 ERROR [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization aborted due to error
2016-03-10 14:09:35,978 WARN  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Failed initial synchronize with user registries
org.alfresco.repo.security.authentication.AuthenticationException: 02100001 Failed to communicate with ldap://10.1.1.10.OTA.DE:389. Reason javax.naming.CommunicationException, 10.1.1.10.otca.br:389, java.net.UnknownHostException, 10.1.1.10.OTA.DE


10.1.1.10 is the internal IP of our Domain Server , the domain is ota.de

I also tried
ldap.authentication.java.naming.provider.url=ldap://OTA.DE:389 and ldap.authentication.java.naming.provider.url=ldap://10.1.1.10.ota.de:389 instead of ldap.authentication.java.naming.provider.url=ldap://10.1.1.10.OTA.DE:389 but got:



2016-03-10 14:15:45,428 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Starting 'Synchronization' subsystem, ID: [Synchronization, default]
2016-03-10 14:15:45,609 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronizing users and groups with user registry 'ldap-ad1'
2016-03-10 14:15:45,662 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Retrieving all groups from user registry 'ldap-ad1'
2016-03-10 14:15:45,697 ERROR [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization aborted due to error
org.alfresco.error.AlfrescoRuntimeException: 02100001 Error during LDAP Search. Reason:[LDAP: error code 1 - 000004DC: LdapErr: DSID-0C09072B, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580^@]
Caused by: javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C09072B, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580^@]; remaining name 'ou=Security Groups,ou=Alfresco,dc=OTA,dc=DE'


So whats wrong? Thanks for helping!
Labels:
0 Kudos
2 REPLIES 2

mrogers
Star Contributor
Star Contributor

‎03-10-2016 12:33 PM

Your URL is not valid.

It should probably be this:

ldap.authentication.java.naming.provider.url=ldap://10.1.1.10:389
0 Kudos

thk
Champ on-the-rise
Champ on-the-rise
In response to mrogers

‎03-14-2016 12:12 PM

I tried
ldap.authentication.java.naming.provider.url=ldap://10.1.1.10:389
but got the same error messages (see attached the structure in our Domain Controller):
-1] Synchronization aborted due to error
org.alfresco.error.AlfrescoRuntimeException: 02100001 Error during LDAP Search. Reason:[LDAP: error code 1 - 000004DC: LdapErr: DSID-0C09072B, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580^@]

Caused by: javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C09072B, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580^@]; remaining name 'ou=Security Groups,ou=Alfresco,dc=OTA,dc=DE'
        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3175)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3081)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2888)
        at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1846)
        at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
        at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392)
        at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
        at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341)
        at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
        at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.processQuery(LDAPUserRegistry.java:1277)
        … 38 more
Preview file
39 KB
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC