Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

LDAP authentication not working but the sync is working

vkpatel
Champ in-the-making
Champ in-the-making

‎08-14-2014 02:29 AM

I have installed Alfresco5.0.a community edition.After configuring the ldap (slapd on linux) the synchronisation is working fine. Users and Groups are getting synchronised but the user authentication/login is not working. Please guide me.



###### begin : ldap-authentication.properties ####################


ldap.authentication.active=true

ldap.authentication.userNameFormat=uid=%s

ldap.authentication.java.naming.provider.url=ldap://idrms.ipr.res.in:389

ldap.authentication.java.naming.security.authentication=simple

###### end ##############################


I found that in Alfresco 5.0.a edition the ldap folder ( $TOMCAT_HOME/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/ldap) is missing. I am not able to find the context files (common-ldap-context.xml,ldap-authentication-context.xml) are missing.

Please guide me and provide sample context files if they are mandatory.

Thanks,



Labels:
0 Kudos
2 REPLIES 2

rudischmitz
Champ in-the-making
Champ in-the-making

‎08-15-2014 09:26 AM

You should check your tomcat logs to see the ldap errors for more info.

My ldap opendj requires authentication no anonymous allowed. So i noticed that in order for ldap authentication to work I had to have this field (ldap.synchronization.java.naming.security.principal) in my alfresco-global.properties file. I dont have sync turned on. Otherwise it can't authenticate?

ldap.synchronization.active=false
ldap.synchronization.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.principal=cn\=connect,ou=\People,dc\=derpderp,dc\=com
ldap.synchronization.java.naming.security.credentials=password1234
ldap.synchronization.queryBatchSize=0
ldap.synchronization.attributeBatchSize=0
ldap.synchronization.groupQuery=(objectclass\=groupOfNames)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=groupOfNames)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(objectclass\=inetOrgPerson)
ldap.synchronization.personDifferentialQuery=(&(objectclass\=inetOrgPerson)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupSearchBase=ou\=Groups,dc\=derpderp,dc\=com
ldap.synchronization.userSearchBase=ou\=People,dc\=derpderp,dc\=com
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'
ldap.synchronization.userIdAttributeName=cn
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=o
ldap.synchronization.defaultHomeFolderProvider=largeHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupDisplayNameAttributeName=description
ldap.synchronization.groupType=groupOfNames
ldap.synchronization.personType=inetOrgPerson
ldap.synchronization.groupMemberAttributeName=member
ldap.synchronization.enableProgressEstimation=true
ldap.authentication.java.naming.read.timeout=0

0 Kudos

mc128k
Champ in-the-making
Champ in-the-making

‎08-19-2014 04:46 AM

Please, also check (most importantly) the access.log file on the ldap server! This tells you in real time if the login was successful.
IMHO your ldap configuration is incomplete and the users maybe require the full dn in the openldap implementation.
I wrote some notes (after hours of troubleshooting) here https://wiki.mc128k.info/index.php/Alfresco#Integration

MODERATORS: If it's a problem to post the link, please tell me.
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC