Hyland Community
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

LDAP config not working on Ubuntu server?

mattyc
Champ in-the-making
Champ in-the-making

‎12-22-2009 08:49 AM

I have successfully installed Alfresco 3.2 on my Ubuntu 9.04 box and I am trying to configure it to work with LDAP.  Below are changes that i've made to the alfresco-global.properties file located in  /var/lib/tomcat6/shared/classes/

I am receiving the same error as mentioned in a previous post but the fix for him was to "Please remove $TOMCAT_HOME/webapps/studio.war and $TOMCAT_HOME/webapps/studio" but I do not see a studio directory or studio.war file anywhere.  log4j.logger.org.alfresco.repo.security.authentication=debug was also added to log4j.properties.   Any information would be helpful. Thanks!

authentication.chain=ldap1:ldap-ad
ldap.authentication.userNameFormat=%s@mycompany.com
ldap.authentication.java.naming.provider.url=ldap://IPofLDAP:389
ldap.authentication.defaultAdministratorUserNames=adminUserName
ldap.synchronization.java.naming.security.principal=username@mycompany.com
ldap.synchronization.java.naming.security.credentials=password
ldap.synchronization.groupSearchBase=ou\=OUGroupName,ou\=OUName,dc=dcName,dc=dcName
ldap.synchronization.userSearchBase=ou\=OUUserNames,ou\=OUName,dc=dcName,dc=dcName

17:18:43,078 ERROR [org.alfresco.web.scripts.AbstractRuntime] Exception from executeScript - redirecting to status template error: 11160062 Login failedorg.alfresco.web.scripts.WebScriptException: 11160062 Login failed   at org.alfresco.repo.web.scripts.bean.AbstractLoginBean.login(AbstractLoginBean.java:81)   at org.alfresco.repo.web.scripts.bean.LoginPost.executeImpl(LoginPost.java:79)   at org.alfresco.web.scripts.DeclarativeWebScript.executeImpl(DeclarativeWebScript.java:223)   at org.alfresco.web.scripts.DeclarativeWebScript.execute(DeclarativeWebScript.java:70)   at org.alfresco.repo.web.scripts.RepositoryContainer$2.execute(RepositoryContainer.java:357)   at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:326)   at org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecute(RepositoryContainer.java:407)   at org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecuteAs(RepositoryContainer.java:424)   at org.alfresco.repo.web.scripts.RepositoryContainer.executeScript(RepositoryContainer.java:253)   at org.alfresco.web.scripts.AbstractRuntime.executeScript(AbstractRuntime.java:262)   at org.alfresco.web.scripts.AbstractRuntime.executeScript(AbstractRuntime.java:139)   at org.alfresco.web.scripts.servlet.WebScriptServlet.service(WebScriptServlet.java:122)   at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)   at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)   at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)   at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)   at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)   at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)   at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)   at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)   at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)   at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)   at java.lang.Thread.run(Thread.java:619)‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍
Labels:
0 Kudos
2 REPLIES 2

dward
Champ on-the-rise
Champ on-the-rise

‎01-12-2010 06:56 AM

I assume Ubuntu includes OpenLDAP. So you should use the ldap subsystem, not the ldap-ad subsystem, which is for Active Directory.

With the latest 3.2 release, you don't need to set userNameFormat - it will resolve the full user DN using userSearchBase.

And please ensure you use a valid DN for ldap.synchronization.java.naming.security.principal

So you need something like:

authentication.chain=ldap1:ldap
ldap.authentication.userNameFormat=# Left blank intentionally
ldap.synchronization.java.naming.security.principal=uid\=adminUserName,ou\=OUUserNames,ou\=OUName,dc=dcName,dc=dcName
ldap.authentication.defaultAdministratorUserNames=adminUserName
ldap.synchronization.java.naming.security.credentials=password
ldap.synchronization.groupSearchBase=ou\=OUGroupName,ou\=OUName,dc=dcName,dc=dcName
ldap.synchronization.userSearchBase=ou\=OUUserNames,ou\=OUName,dc=dcName,dc=dcName

If you are using Active Directory, then you have got most of it right. Just check that @mycompany.com is the correct UPN suffix (User Principal Name suffix) for your install.
0 Kudos

mattyc
Champ in-the-making
Champ in-the-making

‎01-12-2010 11:41 AM

Thanks for your help it's not up and running!
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC
Top