Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

LDAP authentication and sync

multijob03
Champ in-the-making
Champ in-the-making

‎02-24-2014 03:03 PM

Hi,
I configured the ldap authentication following this guide (http://www.ochounos.com/#blog/6). It imported in Alfresco all users from ldap, but I can't login in Alfresco with user/password stored in Ldap. There is no error in alfresco.log or catalina.out so I don't have any idea of why it doesn't work.
Also, I deleted in Alfresco one user imported from ldap and this user is not synchronized anymore (alfresco doesn't import it).
Do you have any idea of what could be the problem?


thanks
Labels:
0 Kudos
13 REPLIES 13

muhamedhe
Champ in-the-making
Champ in-the-making

‎03-12-2014 11:26 AM

Hi everyone,
I'm having troubles with my LDAP-AD. The users can login, but your personal information not being loaded like email, name, last name… etc.
How can i fix this?

THIS IS MY ALFRESCO-GLOBAL:

ldap.authentication.java.naming.security.authentification=simple
ldap.authentication.java.naming.provider.url=ldap://fserver.mydomain.com.br:389
ldap.authentication.userNameFormat=%s@mydomain.com.br

authentication.chain=alfinst:alfrescoNtlm,ldap1:ldap-ad

ntlm.authentication.sso.enabled=false

alfresco.authentication.authenticateCIFS=true
alfresco.authentication.allowGuestLogin=false

ldap.authentication.defaultAdministratorUserNames=Administrator
ldap.authentication.active=true
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=Administrator@mydomain.com.br
ldap.synchronization.java.naming.security.credentials=**********
ldap.synchronization.groupQuery=(&(objectclass\=group)(memberOf\=CN\=Diretoria,DC\=mydomain,DC\=com,DC\=br))
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(\(memberOf\=CN\=Diretoria,DC\=mydomain,DC\=com,DC\=br))(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(&(objectclass\=user)(\(memberOf\=CN=Diretoria,DC\=mydomain,DC\=com,DC\=br)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(\(memberOf\=CN=Diretoria,DC\=mydomain,DC\=com,DC\=br))(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(modifyTimestamp<\={0})))

ldap.synchronization.groupSearchBase=dc\=mydomain,dc\=com,dc\=br
ldap.synchronization.userSearchBase=dc\=mydomain,dc\=com,dc\=br

ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=company
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupType=group
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=member
synchronization.synchronizeChangesOnly=false


AND MY ALFRESCO.LOG FILE:

INFO  [org.alfresco.repo.admin] Using database URL 'jdbcSmiley Tongueostgresql://localhost:5432/alfresco' with user 'alfresco'.
INFO  [org.alfresco.repo.admin] Connected to database PostgreSQL version 9.2.4
INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'sysAdmin' subsystem, ID: [sysAdmin, default]
INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'sysAdmin' subsystem, ID: [sysAdmin, default] complete
INFO  [org.springframework.extensions.webscripts.TemplateProcessorRegistry] Registered template processor Repository Template Processor for extension ftl
INFO  [org.springframework.extensions.webscripts.ScriptProcessorRegistry] Registered script processor Repository Script Processor for extension js
INFO  [org.alfresco.repo.domain.schema.SchemaBootstrap] Connecting to database: jdbcSmiley Tongueostgresql://localhost:5432/alfresco, UserName=alfresco, PostgreSQL Native Driver
INFO  [org.alfresco.repo.domain.schema.SchemaBootstrap] Schema managed by database dialect org.hibernate.dialect.PostgreSQLDialect.
INFO  [org.alfresco.repo.domain.schema.SchemaBootstrap] No changes were made to the schema.
INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'Authentication' subsystem, ID: [Authentication, managed, alfinst]
INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'Authentication' subsystem, ID: [Authentication, managed, alfinst] complete
INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'Authentication' subsystem, ID: [Authentication, managed, ldap1]
INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'Authentication' subsystem, ID: [Authentication, managed, ldap1] complete
INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'Search' subsystem, ID: [Search, managed, solr]
INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'Search' subsystem, ID: [Search, managed, solr] complete
INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'thirdparty' subsystem, ID: [thirdparty, default]
INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'thirdparty' subsystem, ID: [thirdparty, default] complete
INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'OOoDirect' subsystem, ID: [OOoDirect, default]
WARN  [org.alfresco.util.OpenOfficeConnectionTester] An initial OpenOffice connection could not be established.
INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'OOoDirect' subsystem, ID: [OOoDirect, default] complete
INFO  [org.alfresco.repo.admin.ConfigurationChecker] The Alfresco root data directory ('dir.root') is: C:\Alfresco\alf_data
INFO  [org.alfresco.repo.admin.patch.PatchExecuter] Checking for patches to apply …
INFO  [org.alfresco.repo.admin.patch.PatchExecuter] No patches were required.
INFO  [org.alfresco.repo.module.ModuleServiceImpl] Found 2 module(s).
INFO  [org.alfresco.repo.module.ModuleServiceImpl] Starting module 'org.alfresco.module.vti' version 1.3.
[org.alfresco.repo.module.ModuleServiceImpl] Starting module 'org.alfresco.integrations.google.docs' version 2.0.4.
INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'fileServers' subsystem, ID: [fileServers, default]
INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'fileServers' subsystem, ID: [fileServers, default] complete
INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'imap' subsystem, ID: [imap, default]
INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'imap' subsystem, ID: [imap, default] complete
INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'email' subsystem, ID: [email, outbound]
INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'email' subsystem, ID: [email, outbound] complete
INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'email' subsystem, ID: [email, inbound]
INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'email' subsystem, ID: [email, inbound] complete
INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'Subscriptions' subsystem, ID: [Subscriptions, default]
INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'Subscriptions' subsystem, ID: [Subscriptions, default] complete
INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'Synchronization' subsystem, ID: [Synchronization, default]
INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Synchronizing users and groups with user registry 'ldap1'
INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Retrieving all groups from user registry 'ldap1'
INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Commencing batch of 0 entries
INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Completed batch of 0 entries
INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Retrieving all users from user registry 'ldap1'
INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Commencing batch of 0 entries
INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Completed batch of 0 entries
INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Finished synchronizing users and groups with user registry 'ldap1'
INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] 0 usuário(s) e 0 grupo(s) processado(s)
INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'Synchronization' subsystem, ID: [Synchronization, default] complete
INFO  [org.alfresco.service.descriptor.DescriptorService] Alfresco JVM - v1.7.0_25-b16; maximum heap size 682,688MB
INFO  [org.alfresco.service.descriptor.DescriptorService] Alfresco started (Community). Current version: 4.2.0 (r56674-b4848) schema 6.033. Originally installed version: 4.2.0 (r56674-b4848) schema 6.033.


Thanks.
0 Kudos

eswbitto
Confirmed Champ
Confirmed Champ

‎03-12-2014 06:08 PM

Have you removed "On-Demand Users"?

There is a possibility that you aren't actually authenticating with your AD containers. If you haven't removed it before setting up LDAP then Alfresco will create users.

Go to /alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/authentication-services-context.xml

Locate 

<property name="createMissingPeople">
change the value to <value>false</value>



Also…

Change this

ldap.authentication.userNameFormat=%s@mydomain.com.br


to this

ldap.authentication.userNameFormat=domainname\\%s
0 Kudos

xiaoqunhua
Champ in-the-making
Champ in-the-making

‎04-24-2014 08:18 PM

It is Just what I need.Thank you!
0 Kudos

elliotness
Champ in-the-making
Champ in-the-making
In response to xiaoqunhua

‎09-21-2015 10:55 AM

In Alfresco 5.X

add in ~/tomcat/shared/classes/alfresco-global.properties

create.missing.people=false

Regards
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC