Hyland Connect

haas71 · ‎09-27-2012

Hello,

I was able to get AD LDAP auth enabled in Alfresco 4.0E and log on. However, I have been seaching Google and this site for an answer to why my Profiles are not populating with the users information in Alfresco from AD. Is there an XML file I need to edit as well? I am able to logon to Alfresco fine. However, when I go to edit my profile, just my AD user ID shows up in "First Name" under about. No other feilds are populated. I have downloaded an LDAP browser on my PC. I have the seach group starting at the domain level. I'm assuming Alfresco will search the entire subtree. Well, I probably couldn't logon if it didn't. I am attaching the code for your viewing. I also looked at the "Alfresco.log" file and there were no errors pertaining to LDAP auth.

authentication.chain=alfrescoNtlm1:alfrescoNtlm,passthru1:passthru,ldap1:ldap
ntlm.authentication.sso.enabled=false
ntlm.authentication.authenticateCIFS=false
alfresco.authentication.authenticateCIFS=false
alfresco.authentication.allowGuestLogin=false
passthru.authentication.sso.enabled=false
passthru.authentication.authenticateCIFS=true
ldap.authentication.active=false
ldap.synchronization.active=true
passthru.authentication.useLocalServer=false
passthru.authentication.domain=ACME
passthru.authentication.servers=ACME\\10.16.X.X
ntlm.authentication.sso.enables=false
ntlm.authentication.mapUnknownUserToGuest=false
passthru.authentication.guestAccess=false
passthru.authentication.defaultAdministratorUserNames=BUGS
passthru.authentication.connectTimeout=5000
passthru.authentication.offlineCheckInterval=300
passthru.authentication.protocolOrder=TCPIP,NETBIOS
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.userNameFormat=%s@ACME.DOMAIN.org
ldap.authentication.allowGuestLogin=false
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://DC1.ACME.DOMAIN.org:389
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.synchronization.java.naming.security.principal=admin@acme.domain.org
ldap.synchronization.java.naming.security.credentials=secret
ldap.synchronization.queryBatchSize=2000
ldap.synchronization.groupSearchBase=DC=ACME,DC=DOMAIN,DC=ORG
ldap.synchronization.userSearchBase=DC=ACME,DC=DOMAIN,DC=ORG
ldap.synchronisation.personQuery=(&(!(userAccountControl:1.2.840.113556.1.4.803:=2))(givenName=*)(sn=*)(mail=*)(company=*))
ldap.synchronisation.userIdAttributeName=sAMAccountName
ldap.synchronisation.userFirstNameAttributeName=givenName
ldap.synchronisation.userLastNameAttributeName=sn
ldap.synchronisation.userOrganizationalIdAttributeName=company
ldap.synchronisation.groupQuery=(&(objectclass=group)(grouptype=-2147483646))
ldap.synchronisation.groupIdAttributeName=cn
ldap.synchronisation.personType=user
ldap.synchronisation.groupMemberAttributeName=member
synchronization.synchronizeChangesOnly=true‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

haas71 · ‎09-28-2012

I figured it out based on this blog: http://onalfresco.blogspot.com/2011/01/alfresco-authentication-and-integration.html

Two things I did wrong:
1. I needed to change my auth string to, "authentication.chain=ldap-ad1:ldap-ad,alfrescoNtlm1:alfrescoNtlm"
2. I needed to add the XML file shown at the bottom of the blog.

"Straight out of the blog"
In community version, you need to add this XMl tag in common-ldap-context.xml file in subsystems\Authentication folder.
Under the following tag -
<bean id="ldapInitialDirContextFactory">
<property name="initialDirContextEnvironment">
<map>

Add this entry -
<entry key="java.naming.referral">
<value>follow</value>
</entry>

sharifu · ‎10-09-2012

I have similar issue with mines. Is my properties correct


### AD SSO
#authentication.chain=passthru1:passthru,ldap1:ldap-ad
authentication.chain=alfrescoNtlm1:alfrescoNtlm,passthru1:passthru,ldap1:ldap-ad
ntlm.authentication.sso.enabled=false
alfresco.authentication.authenticateCIFS=false
ntlm.authentication.sso.enabled=false
passthru.authentication.authenticateCIFS=true
ldap.authentication.active=false
ldap.synchronization.active=true

ntlm.authentication.mapUnknownUserToGuest=false
alfresco.authentication.allowGuestLogin=false

passthru.authentication.domain=DOMAIN
passthru.authentication.servers=DOMAIN\\echo.uk.domain.com,DOMAIN\\fezziwig.uk.domain.com
passthru.authentication.defaultAdministratorUserNames=johnl,markw,administrator,alfresco,sharifu


ldap.authentication.userNameFormat=%s
ldap.authentication.allowGuestLogin=false
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://echo.uk.domain.com:389
ldap.synchronization.java.naming.security.authenticaton=simple
ldap.synchronization.java.naming.security.principal=administrator@domain.com
ldap.synchronization.java.naming.security.credentials=xxx
ldap.synchronization.userSearchBase=ou\=Sites,dc\=domain,dc\=com
synchronization.synchronizeChangesOnly=false
### synchronization.import.cron=0 0 0 * * ?
synchronization.syncWhenMissingPeopleLogIn=true
synchronization.autoCreatePeopleOnLogin=true

ldap.synchronization.queryBatchSize=1000
#ldap.synchronization.groupDifferentialQuery=(&(objectclass=nogroup)(!(modifyTimestamp<\={0})))
#ldap.synchronization.personQuery=(&(objectclass=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
#ldap.synchronization.personDifferentialQuery=(& (objectclass=user)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupQuery=(objectclass\=group)

ldap.synchronization.groupSearchBase=cn\=users,dc\=domain,dc\=com

‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

Hyland Connect

LDAP filtering issue in Alfresco 4.0E Community