Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

LDAP + Alfresco user authent...

davidbarbion
Champ in-the-making
Champ in-the-making

‎09-19-2006 10:49 AM

Is there anyone who can give me the configuration file to chain ldap+alfresco user authentication ?

The example given in "chaining" doesn't cover this topic, and I couldn't manage to do it…

Thanks in advance.
Labels:
0 Kudos
50 REPLIES 50

wangld88
Champ in-the-making
Champ in-the-making

‎07-12-2007 02:56 PM

Hi Jim,

Sorry I was off the forum since I completed the evaluation of Alfresco and was looking at others.

There is no much changes on the config files.  No change on ldap-authentication-context.xml, for chaining-authentication-context.xml  you need to change bean id="authenticationServiceImpl" to id="authenticationService".

The real problem is that you need to copy the remote-services-content.xml file to YOUR_TOMCAT\…\WEB-INF\classes\alfresco, since it does not come with the install package(don't know why they did in this way, give people lots of pains to figure it out - reading through the code, and we are not picking it for now).

Then restart the application, your LDAP and internal user will both work.

Cheers,
Jerry
0 Kudos

tinaagrawal
Champ in-the-making
Champ in-the-making

‎11-27-2007 06:50 AM

Hi

There is a simple way to integrate Alfresco with  LDAP server. Use LDAP-authencation-context.xml only. Rename chaining-authentication-context.xml to chaining-authentication.xml.

Hi Jonas,

I tried making the changes suggested by you.
The logs says that the users are getting added but authentication is not going through. I tried many servers along with docs.cignex.com but I always get this error:

10:38:46,368 WARN  [org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl] LDAP server supports anonymous bind ldap://docs.cignex.com:10389
10:38:46,975 INFO  [org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl] LDAP server does not support simple string user ids and invalid credentials at ldap://docs.cignex.com:10389
10:38:47,583 INFO  [org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl] LDAP server does not fall back to anonymous bind for a simple dn and password at ldap://docs.cignex.com:10389
10:38:48,190 INFO  [org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl] LDAP server does not fall back to anonymous bind for known principal and invalid credentials at ldap://docs.cignex.com:10389
When trying to connect to docs.cignex.com I get this error along with the above error:

0:39:28,127 ERROR [[localhost].[/alfresco].[Faces Servlet]] Servlet.service() for servlet Faces Servlet threw exception
rg.alfresco.error.AlfrescoRuntimeException: Not implemented
       at org.alfresco.repo.security.authentication.DefaultMutableAuthenticationDao.loadUserByUsername(DefaultMutableAuthenticationDao.java:410)
       at net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider.getUserFromBackend(DaoAuthenticationProvider.java:390)
       at net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider.authenticate(DaoAuthenticationProvider.java:225)
       at net.sf.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:159)
       at net.sf.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:49)
       at org.alfresco.repo.security.authentication.AuthenticationComponentImpl.authenticate(AuthenticationComponentImpl.java:74)
       at org.alfresco.repo.security.authentication.AuthenticationServiceImpl.authenticate(AuthenticationServiceImpl.java:112)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:585)
       at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:281)
       at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:187)
       at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:154)
       at net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:80)
       at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)
       at org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor.invoke(ExceptionTranslatorMethodInterceptor.java:49)
       at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)
       at org.alfresco.repo.audit.AuditComponentImpl.auditImpl(AuditComponentImpl.java:256)
       at org.alfresco.repo.audit.AuditComponentImpl.audit(AuditComponentImpl.java:191)
       at org.alfresco.repo.audit.AuditMethodInterceptor.invoke(AuditMethodInterceptor.java:69)
       at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)
       at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:107)
       at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:176)
       at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:210)
       at $Proxy21.authenticate(Unknown Source)
       at org.alfresco.web.bean.LoginBean.login(LoginBean.java:243)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:585)
       at org.apache.myfaces.el.MethodBindingImpl.invoke(MethodBindingImpl.java:132)
       at org.apache.myfaces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:61)
       at javax.faces.component.UICommand.broadcast(UICommand.java:109)
       at javax.faces.component.UIViewRoot._broadcastForPhase(UIViewRoot.java:97)
       at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:171)
       at org.apache.myfaces.lifecycle.InvokeApplicationExecutor.execute(InvokeApplicationExecutor.java:32)
       at org.apache.myfaces.lifecycle.LifecycleImpl.executePhase(LifecycleImpl.java:95)
       at org.apache.myfaces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:70)
       at javax.faces.webapp.FacesServlet.service(FacesServlet.java:139)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
       at org.alfresco.web.app.servlet.AuthenticationFilter.doFilter(AuthenticationFilter.java:94)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)
       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870)
       at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
       at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
       at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
       at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)
       at java.lang.Thread.run(Thread.java:595)
0:39:35,657 ERROR [smb.protocol.mailslot] Host announce error, 10055:SendSocketDatagram - No buffer space available, (LANA 6)
0:39:49,176 DEBUG [authentication.ldap.LDAPPersonExportSource] Adding user for garry
0:39:49,176 DEBUG [authentication.ldap.LDAPGroupExportSource] Found 0
0:39:49,188 DEBUG [authentication.ldap.LDAPGroupExportSource] Top 0
0:39:49,193 DEBUG [authentication.ldap.LDAPGroupExportSource] Secondary 0
0:39:49,204 WARN  [authentication.ldap.LDAPPersonExportSource] User returned by user search does not have mandatory user id attribute {mail=mail: janesmith@life
0:39:49,497 DEBUG [authentication.ldap.LDAPPersonExportSource] Adding user for joebloggs
0:39:49,511 DEBUG [authentication.ldap.LDAPPersonExportSource] Adding user for admin
0:39:49,517 DEBUG [authentication.ldap.LDAPPersonExportSource] Adding user for munwar
0:39:49,531 DEBUG [authentication.ldap.LDAPPersonExportSource] Adding user for jane
0:39:49,545 DEBUG [authentication.ldap.LDAPPersonExportSource] Adding user for chandan
0:39:49,559 DEBUG [authentication.ldap.LDAPPersonExportSource] Adding user for testUser
0:39:49,573 DEBUG [authentication.ldap.LDAPPersonExportSource] Adding user for kavitha
0:39:49,589 DEBUG [authentication.ldap.LDAPPersonExportSource] Adding user for andrew
0:39:49,623 DEBUG [authentication.ldap.LDAPPersonExportSource] Adding user for chris
0:39:49,635 DEBUG [authentication.ldap.LDAPPersonExportSource] Adding user for rick
0:39:49,645 DEBUG [authentication.ldap.LDAPPersonExportSource] Adding user for venkat
0:39:49,655 DEBUG [authentication.ldap.LDAPPersonExportSource] Adding user for jonas
0:40:15,660 ERROR [smb.protocol.mailslot] Host announce error, 10055:SendSocketDatagram - No buffer space available, (LANA 6)
0:41:35,661 ERROR [smb.protocol.mailslot] Host announce error, 10055:SendSocketDatagram - No buffer space available, (LANA 6)
0:41:35,662 ERROR [smb.protocol.mailslot] Marked LANA as unavailable due to send errors, (LANA 6)

Any ideas where is it going wrong.I am not able to login exception is thrown when I try to login.

javax.faces.FacesException: Error calling action method of component with id loginForm:submit
caused by:
javax.faces.el.EvaluationException: Exception while invoking expression #{LoginBean.login}
caused by:
org.alfresco.error.AlfrescoRuntimeException: Not implemented

Tina Agrawal
http://www.cignex.com
0 Kudos

fthamura
Champ in-the-making
Champ in-the-making

‎02-28-2008 06:45 PM

why dont we move several success case to wiki?
0 Kudos

olivanja
Champ in-the-making
Champ in-the-making

‎03-18-2008 05:30 AM

Hi, sorry for my english.

I've successfully tried the configuration of wangld88 with the changes that he said.

I've a Tomcat 5.5, DB2 database, Alfresco 2.1 CE and Domino Server such as LDAP server.

Now, when I search all users in the users' administration view, I can see LDAP users and internal users, and I can login with LDAP users and internal users.

Now my only problem is the Personal Space for LDAP users, how can I configure that??

Thanks
0 Kudos

roman
Champ in-the-making
Champ in-the-making

‎04-01-2008 09:09 AM

hey folks,
i've also tried the changes described by rivetlogic…
added ldap-authentication-context.xml (and chaining-authentication-context.xml)
what i need is ldap support but i can't get it runnin…

alfresco ignores the files and only authenticates to internal users…
i've set breakpoints to LDAPComponentAuthenticationComponentImpl to see if alfresco tries to authenticate against ldap
but nothing happens. i also don't see any action on ldap (debug mode). no queries from alfresco.

what do i have to configure in alfresco?

it's very urgent for me…
please give me a hint  Smiley Sad

here my conf files
ldap-auth…

<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>

<beans>
   <bean id="authenticationComponentImpl" class="org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl">
      <property name="LDAPInitialDirContextFactory">
         <ref bean="ldapInitialDirContextFactory" />
      </property>
      <property name="userNameFormat">
         <value>uid=%s,ou=swipe.de,ou=users,o=swipe,dc=swipe,dc=de</value>
      </property>
   </bean>

   <bean id="ldapInitialDirContextFactory" class="org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl">
      <property name="initialDirContextEnvironment">
         <map>
            <!– The LDAP provider –>
            <entry key="java.naming.factory.initial">
               <value>com.sun.jndi.ldap.LdapCtxFactory</value>
            </entry>

            <!– The url to the LDAP server –>
            <entry key="java.naming.provider.url">
               <value>ldap://10.20.2.16:389</value>
            </entry>

            <!– The authentication mechanism to use      –>
            <!– Some sasl authentication mechanisms may require a realm to be set –>
            <!–                java.naming.security.sasl.realm –>
            <!– The available options will depend on your LDAP provider –>
            <entry key="java.naming.security.authentication">
               <value>simple</value>
            </entry>

            <!– The id of a user who can read group and user information –>
            <!– This does not go through the pattern substitution defined above and is used "as is" –>
            <entry key="java.naming.security.principal">
               <value></value>
            </entry>

            <!– The password for the user defined above –>
            <entry key="java.naming.security.credentials">
               <value></value>
            </entry>
         </map>
      </property>
   </bean>

</beans>

chaining-auth….
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>

<beans>

   <!– Chaining –>
   <bean id="authenticationServiceImpl" class="org.alfresco.repo.security.authentication.ChainingAuthenticationServiceImpl">
      <property name="authenticationServices">
         <list>
            <ref bean="authenticationServiceImplLDAP"/>
         </list>
      </property>
      <property name="mutableAuthenticationService">
         <ref bean="authenticationServiceImplAlfresco"/>
      </property>
   </bean>

   <!– Alfresco Auth –>
   <bean id="authenticationServiceImplAlfresco" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">
      <property name="authenticationDao">
         <ref bean="authenticationDaoAlfresco"/>
      </property>
      <property name="ticketComponent">
         <ref bean="ticketComponent"/>
      </property>
      <property name="authenticationComponent">
         <ref bean="authenticationComponentImplAlfresco"/>
      </property>
   </bean>

   <bean id="authenticationDaoAlfresco" class="org.alfresco.repo.security.authentication.RepositoryAuthenticationDao">
      <property name="nodeService">
         <ref bean="nodeService"/>
      </property>
      <property name="dictionaryService">
         <ref bean="dictionaryService"/>
      </property>
      <property name="namespaceService">
         <ref bean="namespaceService"/>
      </property>
      <property name="searchService">
         <ref bean="searchService"/>
      </property>
      <property name="userNamesAreCaseSensitive">
         <value>${user.name.caseSensitive}</value>
      </property>
      <property name="passwordEncoder">
         <ref bean="passwordEncoder"/>
      </property>
   </bean>

   <bean id="authenticationComponentImplAlfresco" class="org.alfresco.repo.security.authentication.AuthenticationComponentImpl">
      <property name="authenticationDao">
         <ref bean="authenticationDaoAlfresco"/>
      </property>
      <property name="authenticationManager">
         <ref bean="authenticationManager"/>
      </property>
      <property name="allowGuestLogin">
         <value>true</value>
      </property>
   </bean>

   <!– LDAP Auth –>
   <bean id="authenticationServiceImplLDAP" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">
      <property name="authenticationDao">
         <ref bean="authenticationDaoLDAP" />
      </property>
      <property name="ticketComponent">
         <ref bean="ticketComponent" />
      </property>
      <property name="authenticationComponent">
         <ref bean="authenticationComponentImplLDAP" />
      </property>
   </bean>

   <bean id="authenticationComponentImplLDAP" class="org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl">
      <property name="LDAPInitialDirContextFactory">
         <ref bean="ldapInitialDirContextFactory"/>
      </property>
      <property name="userNameFormat">
         <value>uid=%s,ou=swipe.de,ou=users,o=swipe,dc=swipe,dc=de</value>
      </property>
   </bean>

   <bean id="authenticationDaoLDAP" class="org.alfresco.repo.security.authentication.ntlm.NullMutableAuthenticationDao" />

</beans>
0 Kudos

rivetlogic
Champ on-the-rise
Champ on-the-rise

‎04-01-2008 09:57 AM

Hi,

You have to fill out the following sections:


<!– The id of a user who can read group and user information –>
<!– This does not go through the pattern substitution defined above and is used "as is" –>
<entry key="java.naming.security.principal">
    <value></value>
</entry>

<!– The password for the user defined above –>
<entry key="java.naming.security.credentials">
    <value></value>
</entry>

You need to specify a user that can read user and group information. Alfresco uses that account to login to your LDAP server and authenticate the user credentials you provide on login.

Hope this helps,

–Alaaeldin
0 Kudos

roman
Champ in-the-making
Champ in-the-making

‎04-01-2008 10:00 AM

thx for reply,
i'll try it… tomorrow. now i'm at home.
but shouldn't alfresco at least try to log in?
without this data?

alfresco completely ignores the ldap…
best regards
0 Kudos

rivetlogic
Champ on-the-rise
Champ on-the-rise

‎04-01-2008 04:01 PM

Not sure what you mean by "ignores the LDAP", but what's happening here is that you have two authenticators chained in a row. When you try to login (i.e. type in a username and password in the login form and hit submit), Alfresco will attempt to authenticate those credentials against the first authentication component (LDAP), if successful then you're in, if not Alfresco will attempt the next authentication component in the chain (Alfresco) and so on. If all authentication components fail to authenticate the login will fail.

Cheers,

–Alaaeldin
0 Kudos

roman
Champ in-the-making
Champ in-the-making

‎04-01-2008 04:45 PM

i mean, alfresco even doesn't attempt to authenticate against ldap.
i suppose if there are no credentials the authentication should fail…
but the behaviour is as there were no ldap-authentication-context.xml and no chaining-authentication-context.xml

you know i mean?
0 Kudos

rivetlogic
Champ on-the-rise
Champ on-the-rise

‎04-01-2008 10:31 PM

Hi,

Where are you putting those files and which servlet container are you using?

–Alaaeldin
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC