Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Hyland Connect
- Content Management
- Alfresco
- Alfresco Archive
- LDAP Group Sync on OpenLDAP and FDS
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
LDAP Group Sync on OpenLDAP and FDS
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-14-2009 10:44 AM
Hi,
Im using Alfresco Community 3.2 Dev Current version 3.2.0 (_dev 1979) schema 2015 - Installed version 3.2.0 (_dev 1979) schema 2015
Group Sync fails with different errors when using OpenLDAP and Fedora(Netscape) Directory Server. Both LDAP groups use 'objectClass: posixGroup'
Differences are
===========
# OpenLDAP #
* Usernames(uid) are letters only (eg., uid=userone)
* Groupnames(cn) are letters only containing attribute 'memberUid: userone'
# FDS #
* Usernames(uid) are numbers only (eg, uid=345678)
* Groupnames(cn) are letters only containing attribute 'memberUid: 345678' and not 'memberUid: uid=346578,ou=finance,ou=people,dc=company,dc=com'
The full DN is not specified in the memberUid for both servers.
ldap-authentication.properties
======================
ldap.synchronization.queryBatchSize=0 (this is for FDS which does not support paged results and it works fine for OpenLDAP too)
# OpenLDAP Snippet #
15:20:47,315 INFO [security.sync.ChainingUserRegistrySynchronizer] Creating user 'userten'
15:20:47,824 INFO [security.sync.ChainingUserRegistrySynchronizer] Creating user 'usereleven'
15:20:48,312 INFO [security.sync.ChainingUserRegistrySynchronizer] Creating user 'usertwelve'
15:20:48,803 INFO [security.sync.ChainingUserRegistrySynchronizer] Creating user 'userthirteen'
15:20:49,318 INFO [security.sync.ChainingUserRegistrySynchronizer] Retrieving all groups from user registry 'AUTH.EXT.openldap'
15:20:50,959 ERROR [[localhost].[/alfresco].[Faces Servlet]] Servlet.service() for servlet Faces Servlet threw exception
javax.naming.InvalidNameException: Invalid name: userone
at javax.naming.ldap.Rfc2253Parser.doParse(Rfc2253Parser.java:86)
at javax.naming.ldap.Rfc2253Parser.parseDn(Rfc2253Parser.java:45)
at javax.naming.ldap.LdapName.parse(LdapName.java:772)
at javax.naming.ldap.LdapName.<init>(LdapName.java:108)
at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getGroups(LDAPUserRegistry.java:528)
at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncGroupsWithPlugin(ChainingUserRegistrySynchronizer.java:337)
at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:188)
at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent$SetCurrentUserCallback$1.doWork(AbstractAuthenticationCo
mponent.java:460)
at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent$SetCurrentUserCallback$1.doWork(AbstractAuthenticationCo
mponent.java:449)
at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:489)
at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent$SetCurrentUserCallback.execute(AbstractAuthenticationCom
ponent.java:447)
at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent$SetCurrentUserCallback.execute(AbstractAuthenticationCom
ponent.java:432)
at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:326)
at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent.setCurrentUser(AbstractAuthenticationComponent.java:213)
at org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl.authenticateImpl(LDAPAuthenticationComponentImpl.ja
va:102)
at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent.authenticate(AbstractAuthenticationComponent.java:164)
at org.alfresco.repo.security.authentication.AuthenticationServiceImpl.authenticate(AuthenticationServiceImpl.java:129)
at org.alfresco.repo.security.authentication.AbstractChainingAuthenticationService.authenticate(AbstractChainingAuthenticationService
.java:166)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
# End of OpenLDAP snippet #
# FDS Snippet #
17:56:53,154 INFO [security.sync.ChainingUserRegistrySynchronizer] Creating user '345678'
17:56:53,812 INFO [security.sync.ChainingUserRegistrySynchronizer] Creating user '345679'
17:56:54,726 INFO [security.sync.ChainingUserRegistrySynchronizer] Retrieving all groups from user registry 'AUTH.EXT.fdsldap'
17:56:55,455 ERROR [[localhost].[/alfresco].[Faces Servlet]] Servlet.service() for servlet Faces Servlet threw exception
java.lang.ArrayIndexOutOfBoundsException: -1
at java.util.ArrayList.get(ArrayList.java:324)
at javax.naming.ldap.LdapName.getRdn(LdapName.java:220)
at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getGroups(LDAPUserRegistry.java:535)
at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncGroupsWithPlugin(ChainingUserRegistrySynchronizer.java:337)
at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:188)
at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent$SetCurrentUserCallback$1.doWork(AbstractAuthenticationCo
mponent.java:460)
at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent$SetCurrentUserCallback$1.doWork(AbstractAuthenticationCo
mponent.java:449)
at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:489)
at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent$SetCurrentUserCallback.execute(AbstractAuthenticationCom
ponent.java:447)
at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent$SetCurrentUserCallback.execute(AbstractAuthenticationCom
ponent.java:432)
at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:326)
at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent.setCurrentUser(AbstractAuthenticationComponent.java:213)
at org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl.authenticateImpl(LDAPAuthenticationComponentImpl.ja
va:102)
at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent.authenticate(AbstractAuthenticationComponent.java:164)
at org.alfresco.repo.security.authentication.AuthenticationServiceImpl.authenticate(AuthenticationServiceImpl.java:129)
at org.alfresco.repo.security.authentication.AbstractChainingAuthenticationService.authenticate(AbstractChainingAuthenticationService
.java:166)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:304)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:80)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor.invoke(ExceptionTranslatorMethodInterceptor.java:
49)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.alfresco.repo.audit.AuditComponentImpl.audit(AuditComponentImpl.java:275)
at org.alfresco.repo.audit.AuditMethodInterceptor.invoke(AuditMethodInterceptor.java:69)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:106)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy25.authenticate(Unknown Source)
at org.alfresco.web.bean.LoginBean.login(LoginBean.java:282)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.myfaces.el.MethodBindingImpl.invoke(MethodBindingImpl.java:132)
at org.apache.myfaces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:61)
at javax.faces.component.UICommand.broadcast(UICommand.java:109)
at javax.faces.component.UIViewRoot._broadcastForPhase(UIViewRoot.java:97)
at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:171)
at org.apache.myfaces.lifecycle.InvokeApplicationExecutor.execute(InvokeApplicationExecutor.java:32)
at org.apache.myfaces.lifecycle.LifecycleImpl.executePhase(LifecycleImpl.java:95)
at org.apache.myfaces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:70)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:139)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at org.alfresco.web.app.servlet.AuthenticationFilter.doFilter(AuthenticationFilter.java:124)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:122)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy205.doFilter(Unknown Source)
at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:88)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at org.alfresco.repo.web.filter.beans.NullFilter.doFilter(NullFilter.java:74)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.myfaces.el.MethodBindingImpl.invoke(MethodBindingImpl.java:132)
at org.apache.myfaces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:61)
at javax.faces.component.UICommand.broadcast(UICommand.java:109)
at javax.faces.component.UIViewRoot._broadcastForPhase(UIViewRoot.java:97)
at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:171)
at org.apache.myfaces.lifecycle.InvokeApplicationExecutor.execute(InvokeApplicationExecutor.java:32)
at org.apache.myfaces.lifecycle.LifecycleImpl.executePhase(LifecycleImpl.java:95)
at org.apache.myfaces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:70)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:139)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at org.alfresco.web.app.servlet.AuthenticationFilter.doFilter(AuthenticationFilter.java:124)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:122)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy205.doFilter(Unknown Source)
at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:88)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at org.alfresco.repo.web.filter.beans.NullFilter.doFilter(NullFilter.java:74)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:122)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy205.doFilter(Unknown Source)
at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:88)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:200)
at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:283)
at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:773)
at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:703)
at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:895)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)
at java.lang.Thread.run(Thread.java:619)
# End of FDS snippet #
I also tried: Alfresco started (Community): Current version 3.2.0 (2039) schema 2019 - Installed version 3.2.0 (2039) schema 2019
If ldap.synchronization.active=true, user cannot login because
#snip#
19:38:32,601 INFO [security.sync.ChainingUserRegistrySynchronizer] Synchronizing users and groups with user registry 'fdsldap'
19:38:32,644 INFO [security.sync.ChainingUserRegistrySynchronizer] Retrieving all users from user registry 'AUTH.EXT.fdsldap'
#/snip#
No other errors show up and nothing else happens.
my ldap-authentication.properties
==========================
ldap.authentication.userNameFormat=uid\=%s,ou\=finance,ou\=people,dc\=company,dc\=com
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://localhost:389
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=345678
ldap.synchronization.active=true
ldap.authentication.java.naming.security.principal=uid\=346578,ou\=finance,ou\=people,dc\=company,dc\=com
ldap.authentication.java.naming.security.credentials=password
ldap.synchronization.queryBatchSize=0
ldap.synchronization.groupQuery=(objectclass\=posixGroup)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=posixGroup)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(objectclass\=inetOrgPerson)
ldap.synchronization.personDifferentialQuery=(&(objectclass\=inetOrgPerson)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupSearchBase=ou\=services,ou\=Groups,dc\=company,dc\=com
ldap.synchronization.userSearchBase=ou\=finance,ou\=People,dc\=company,dc\=com
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'
ldap.synchronization.userIdAttributeName=uid
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=businessCategory
ldap.synchronization.defaultHomeFolderProvider=personalHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupType=posixGroup
ldap.synchronization.personType=inetOrgPerson
ldap.synchronization.groupMemberAttributeName=memberUid
I have also copied /var/lib/tomcat5/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/common-ldap-context.xml -> /usr/share/tomcat5/shared/classes/alfresco/extension/subsystems/Authentication/ldap/fdsldap/ldap-authentication-context.xml
So right now, it doesnt even start a sync.
The user can login if ldap.synchronization.active=false though.
Has anyone else run into this issue?
Im using Alfresco Community 3.2 Dev Current version 3.2.0 (_dev 1979) schema 2015 - Installed version 3.2.0 (_dev 1979) schema 2015
Group Sync fails with different errors when using OpenLDAP and Fedora(Netscape) Directory Server. Both LDAP groups use 'objectClass: posixGroup'
Differences are
===========
# OpenLDAP #
* Usernames(uid) are letters only (eg., uid=userone)
* Groupnames(cn) are letters only containing attribute 'memberUid: userone'
# FDS #
* Usernames(uid) are numbers only (eg, uid=345678)
* Groupnames(cn) are letters only containing attribute 'memberUid: 345678' and not 'memberUid: uid=346578,ou=finance,ou=people,dc=company,dc=com'
The full DN is not specified in the memberUid for both servers.
ldap-authentication.properties
======================
ldap.synchronization.queryBatchSize=0 (this is for FDS which does not support paged results and it works fine for OpenLDAP too)
# OpenLDAP Snippet #
15:20:47,315 INFO [security.sync.ChainingUserRegistrySynchronizer] Creating user 'userten'
15:20:47,824 INFO [security.sync.ChainingUserRegistrySynchronizer] Creating user 'usereleven'
15:20:48,312 INFO [security.sync.ChainingUserRegistrySynchronizer] Creating user 'usertwelve'
15:20:48,803 INFO [security.sync.ChainingUserRegistrySynchronizer] Creating user 'userthirteen'
15:20:49,318 INFO [security.sync.ChainingUserRegistrySynchronizer] Retrieving all groups from user registry 'AUTH.EXT.openldap'
15:20:50,959 ERROR [[localhost].[/alfresco].[Faces Servlet]] Servlet.service() for servlet Faces Servlet threw exception
javax.naming.InvalidNameException: Invalid name: userone
at javax.naming.ldap.Rfc2253Parser.doParse(Rfc2253Parser.java:86)
at javax.naming.ldap.Rfc2253Parser.parseDn(Rfc2253Parser.java:45)
at javax.naming.ldap.LdapName.parse(LdapName.java:772)
at javax.naming.ldap.LdapName.<init>(LdapName.java:108)
at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getGroups(LDAPUserRegistry.java:528)
at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncGroupsWithPlugin(ChainingUserRegistrySynchronizer.java:337)
at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:188)
at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent$SetCurrentUserCallback$1.doWork(AbstractAuthenticationCo
mponent.java:460)
at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent$SetCurrentUserCallback$1.doWork(AbstractAuthenticationCo
mponent.java:449)
at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:489)
at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent$SetCurrentUserCallback.execute(AbstractAuthenticationCom
ponent.java:447)
at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent$SetCurrentUserCallback.execute(AbstractAuthenticationCom
ponent.java:432)
at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:326)
at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent.setCurrentUser(AbstractAuthenticationComponent.java:213)
at org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl.authenticateImpl(LDAPAuthenticationComponentImpl.ja
va:102)
at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent.authenticate(AbstractAuthenticationComponent.java:164)
at org.alfresco.repo.security.authentication.AuthenticationServiceImpl.authenticate(AuthenticationServiceImpl.java:129)
at org.alfresco.repo.security.authentication.AbstractChainingAuthenticationService.authenticate(AbstractChainingAuthenticationService
.java:166)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
# End of OpenLDAP snippet #
# FDS Snippet #
17:56:53,154 INFO [security.sync.ChainingUserRegistrySynchronizer] Creating user '345678'
17:56:53,812 INFO [security.sync.ChainingUserRegistrySynchronizer] Creating user '345679'
17:56:54,726 INFO [security.sync.ChainingUserRegistrySynchronizer] Retrieving all groups from user registry 'AUTH.EXT.fdsldap'
17:56:55,455 ERROR [[localhost].[/alfresco].[Faces Servlet]] Servlet.service() for servlet Faces Servlet threw exception
java.lang.ArrayIndexOutOfBoundsException: -1
at java.util.ArrayList.get(ArrayList.java:324)
at javax.naming.ldap.LdapName.getRdn(LdapName.java:220)
at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getGroups(LDAPUserRegistry.java:535)
at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncGroupsWithPlugin(ChainingUserRegistrySynchronizer.java:337)
at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:188)
at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent$SetCurrentUserCallback$1.doWork(AbstractAuthenticationCo
mponent.java:460)
at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent$SetCurrentUserCallback$1.doWork(AbstractAuthenticationCo
mponent.java:449)
at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:489)
at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent$SetCurrentUserCallback.execute(AbstractAuthenticationCom
ponent.java:447)
at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent$SetCurrentUserCallback.execute(AbstractAuthenticationCom
ponent.java:432)
at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:326)
at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent.setCurrentUser(AbstractAuthenticationComponent.java:213)
at org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl.authenticateImpl(LDAPAuthenticationComponentImpl.ja
va:102)
at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent.authenticate(AbstractAuthenticationComponent.java:164)
at org.alfresco.repo.security.authentication.AuthenticationServiceImpl.authenticate(AuthenticationServiceImpl.java:129)
at org.alfresco.repo.security.authentication.AbstractChainingAuthenticationService.authenticate(AbstractChainingAuthenticationService
.java:166)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:304)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:80)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor.invoke(ExceptionTranslatorMethodInterceptor.java:
49)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.alfresco.repo.audit.AuditComponentImpl.audit(AuditComponentImpl.java:275)
at org.alfresco.repo.audit.AuditMethodInterceptor.invoke(AuditMethodInterceptor.java:69)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:106)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy25.authenticate(Unknown Source)
at org.alfresco.web.bean.LoginBean.login(LoginBean.java:282)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.myfaces.el.MethodBindingImpl.invoke(MethodBindingImpl.java:132)
at org.apache.myfaces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:61)
at javax.faces.component.UICommand.broadcast(UICommand.java:109)
at javax.faces.component.UIViewRoot._broadcastForPhase(UIViewRoot.java:97)
at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:171)
at org.apache.myfaces.lifecycle.InvokeApplicationExecutor.execute(InvokeApplicationExecutor.java:32)
at org.apache.myfaces.lifecycle.LifecycleImpl.executePhase(LifecycleImpl.java:95)
at org.apache.myfaces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:70)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:139)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at org.alfresco.web.app.servlet.AuthenticationFilter.doFilter(AuthenticationFilter.java:124)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:122)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy205.doFilter(Unknown Source)
at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:88)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at org.alfresco.repo.web.filter.beans.NullFilter.doFilter(NullFilter.java:74)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.myfaces.el.MethodBindingImpl.invoke(MethodBindingImpl.java:132)
at org.apache.myfaces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:61)
at javax.faces.component.UICommand.broadcast(UICommand.java:109)
at javax.faces.component.UIViewRoot._broadcastForPhase(UIViewRoot.java:97)
at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:171)
at org.apache.myfaces.lifecycle.InvokeApplicationExecutor.execute(InvokeApplicationExecutor.java:32)
at org.apache.myfaces.lifecycle.LifecycleImpl.executePhase(LifecycleImpl.java:95)
at org.apache.myfaces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:70)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:139)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at org.alfresco.web.app.servlet.AuthenticationFilter.doFilter(AuthenticationFilter.java:124)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:122)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy205.doFilter(Unknown Source)
at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:88)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at org.alfresco.repo.web.filter.beans.NullFilter.doFilter(NullFilter.java:74)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:122)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy205.doFilter(Unknown Source)
at org.alfresco.repo.web.filter.beans.BeanProxyFilter.doFilter(BeanProxyFilter.java:88)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:200)
at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:283)
at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:773)
at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:703)
at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:895)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)
at java.lang.Thread.run(Thread.java:619)
# End of FDS snippet #
I also tried: Alfresco started (Community): Current version 3.2.0 (2039) schema 2019 - Installed version 3.2.0 (2039) schema 2019
If ldap.synchronization.active=true, user cannot login because
#snip#
19:38:32,601 INFO [security.sync.ChainingUserRegistrySynchronizer] Synchronizing users and groups with user registry 'fdsldap'
19:38:32,644 INFO [security.sync.ChainingUserRegistrySynchronizer] Retrieving all users from user registry 'AUTH.EXT.fdsldap'
#/snip#
No other errors show up and nothing else happens.
my ldap-authentication.properties
==========================
ldap.authentication.userNameFormat=uid\=%s,ou\=finance,ou\=people,dc\=company,dc\=com
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://localhost:389
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=345678
ldap.synchronization.active=true
ldap.authentication.java.naming.security.principal=uid\=346578,ou\=finance,ou\=people,dc\=company,dc\=com
ldap.authentication.java.naming.security.credentials=password
ldap.synchronization.queryBatchSize=0
ldap.synchronization.groupQuery=(objectclass\=posixGroup)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=posixGroup)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(objectclass\=inetOrgPerson)
ldap.synchronization.personDifferentialQuery=(&(objectclass\=inetOrgPerson)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupSearchBase=ou\=services,ou\=Groups,dc\=company,dc\=com
ldap.synchronization.userSearchBase=ou\=finance,ou\=People,dc\=company,dc\=com
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'
ldap.synchronization.userIdAttributeName=uid
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=businessCategory
ldap.synchronization.defaultHomeFolderProvider=personalHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupType=posixGroup
ldap.synchronization.personType=inetOrgPerson
ldap.synchronization.groupMemberAttributeName=memberUid
I have also copied /var/lib/tomcat5/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/common-ldap-context.xml -> /usr/share/tomcat5/shared/classes/alfresco/extension/subsystems/Authentication/ldap/fdsldap/ldap-authentication-context.xml
So right now, it doesnt even start a sync.
The user can login if ldap.synchronization.active=false though.
Has anyone else run into this issue?
Labels:
- Labels:
-
Archive
10 REPLIES 10
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-14-2009 11:10 AM
There is currently a minor issue, where if the synchronization user's credentials are wrong and a sync is fired on login, it is handled as a login failure.
I notice you are using the 'old' propery names. Sorry for renaming them, but I realised that the user principal properties were specific to synchronization, not authentication
ldap.synchronization.java.naming.security.principal
ldap.synchronization.java.naming.security.credentials
So try setting these properties (prefixed ldap.synchronization).
And please stop editing ldap-synchronization.properties directly. Your own settings should go in alfresco-global.properties. There was no need to copy the Spring context file either.
I notice you are using the 'old' propery names. Sorry for renaming them, but I realised that the user principal properties were specific to synchronization, not authentication
ldap.synchronization.java.naming.security.principal
ldap.synchronization.java.naming.security.credentials
So try setting these properties (prefixed ldap.synchronization).
And please stop editing ldap-synchronization.properties directly. Your own settings should go in alfresco-global.properties. There was no need to copy the Spring context file either.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-14-2009 11:40 AM
Thank you. That got it to start syncing again, but:
21:09:02,369 INFO [security.sync.ChainingUserRegistrySynchronizer] Creating user '345679'
21:09:03,112 INFO [security.sync.ChainingUserRegistrySynchronizer] Retrieving all groups from user registry 'AUTH.EXT.fdsldap'
21:09:03,753 ERROR [[localhost].[/alfresco].[Faces Servlet]] Servlet.service() for servlet Faces Servlet threw exception
java.lang.ArrayIndexOutOfBoundsException: -1
at java.util.ArrayList.get(ArrayList.java:324)
at javax.naming.ldap.LdapName.getRdn(LdapName.java:220)
at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getGroups(LDAPUserRegistry.java:556)
at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncGroupsWithPlugin(ChainingUserRegistrySynchronizer.java:399)
at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:219)
at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.createMissingPerson(ChainingUserRegistrySynchronizer.java:245)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.alfresco.repo.management.subsystems.SubsystemProxyFactory$1.invoke(SubsystemProxyFactory.java:71)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy53.createMissingPerson(Unknown Source)
at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent$SetCurrentUserCallback$1.doWork(AbstractAuthenticationCo
mponent.java:431)
at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent$SetCurrentUserCallback$1.doWork(AbstractAuthenticationCo
mponent.java:429)
at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:489)
at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent$SetCurrentUserCallback.execute(AbstractAuthenticationCom
ponent.java:427)
at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent$SetCurrentUserCallback.execute(AbstractAuthenticationCom
ponent.java:412)
21:09:02,369 INFO [security.sync.ChainingUserRegistrySynchronizer] Creating user '345679'
21:09:03,112 INFO [security.sync.ChainingUserRegistrySynchronizer] Retrieving all groups from user registry 'AUTH.EXT.fdsldap'
21:09:03,753 ERROR [[localhost].[/alfresco].[Faces Servlet]] Servlet.service() for servlet Faces Servlet threw exception
java.lang.ArrayIndexOutOfBoundsException: -1
at java.util.ArrayList.get(ArrayList.java:324)
at javax.naming.ldap.LdapName.getRdn(LdapName.java:220)
at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getGroups(LDAPUserRegistry.java:556)
at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncGroupsWithPlugin(ChainingUserRegistrySynchronizer.java:399)
at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:219)
at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.createMissingPerson(ChainingUserRegistrySynchronizer.java:245)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.alfresco.repo.management.subsystems.SubsystemProxyFactory$1.invoke(SubsystemProxyFactory.java:71)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy53.createMissingPerson(Unknown Source)
at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent$SetCurrentUserCallback$1.doWork(AbstractAuthenticationCo
mponent.java:431)
at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent$SetCurrentUserCallback$1.doWork(AbstractAuthenticationCo
mponent.java:429)
at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:489)
at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent$SetCurrentUserCallback.execute(AbstractAuthenticationCom
ponent.java:427)
at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent$SetCurrentUserCallback.execute(AbstractAuthenticationCom
ponent.java:412)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-16-2009 01:44 PM
Alfresco has never previously supported the posixGroup class for modelling groups, since they contain UIDS rather than DNS.
However, I've checked in a fix that now assumes that a group member is a UID if it doesn't parse as a DN. I've also added a check for the member attribute being empty (which it appears to be in the -1 stack trace you have given us). The fix should show up in the next community nightly build.
Tracked on your JIRA issue
https://issues.alfresco.com/jira/browse/ETHREEOH-2508
However, I've checked in a fix that now assumes that a group member is a UID if it doesn't parse as a DN. I've also added a check for the member attribute being empty (which it appears to be in the -1 stack trace you have given us). The fix should show up in the next community nightly build.
Tracked on your JIRA issue
https://issues.alfresco.com/jira/browse/ETHREEOH-2508
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-17-2009 12:10 PM
Great! Thanks. 
I guess I have to wait for a build later than 3.2.0 (2056) Schema 3000 [14th Jun, 2009]. It didnt work in this one either.
On another note, when you said everything should go into alfresco-global.properties, I added my ldap configuration into alfresco-global.properties, and removed custom-hibernate-dialect.properties, custom-repository-context.xml, custom-repository.properties and renamed the 'subsytems' directory to 'subsystems.old' and I get:
but my alfresco-global.properties contains
So I ended up putting back:
Am I missing something here?
I guess I have to wait for a build later than 3.2.0 (2056) Schema 3000 [14th Jun, 2009]. It didnt work in this one either.On another note, when you said everything should go into alfresco-global.properties, I added my ldap configuration into alfresco-global.properties, and removed custom-hibernate-dialect.properties, custom-repository-context.xml, custom-repository.properties and renamed the 'subsytems' directory to 'subsystems.old' and I get:
0:59:59,631 INFO [alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-s
hared.properties]
21:00:06,734 ERROR [web.context.ContextLoader] Context initialization failed
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'indexerComponent' defined in class path resource [alf
resco/core-services-context.xml]: Cannot resolve reference to bean '&indexerAndSearcherFactory' while setting bean property 'storeRedirectorP
roxyFactory'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'indexerAndSearcherF
actory' defined in class path resource [alfresco/core-services-context.xml]: Cannot resolve reference to bean 'admLuceneIndexerAndSearcherFac
tory' while setting bean property 'defaultBinding'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creati
ng bean with name 'admLuceneIndexerAndSearcherFactory' defined in class path resource [alfresco/core-services-context.xml]: Cannot resolve re
ference to bean 'mlAwareNodeService' while setting bean property 'nodeService'; nested exception is org.springframework.beans.factory.BeanCre
ationException: Error creating bean with name 'mlAwareNodeService' defined in class path resource [alfresco/node-services-context.xml]: Canno
t resolve reference to bean 'mtAwareNodeService' while setting bean property 'defaultBinding'; nested exception is org.springframework.beans.
factory.BeanCreationException: Error creating bean with name 'mtAwareNodeService': FactoryBean threw exception on object creation; nested exc
eption is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'dbNodeService' defined in class path resour
ce [alfresco/node-services-context.xml]: Cannot resolve reference to bean 'dbNodeServiceImpl' while setting bean property 'target'; nested ex
ception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'dbNodeServiceImpl' defined in class path r
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'fileContentStore' defined in class path re
source [alfresco/content-services-context.xml]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiation
Exception: Could not instantiate bean class [org.alfresco.repo.content.filestore.FileContentStore]: Constructor threw exception; nested excep
tion is org.alfresco.service.cmr.repository.ContentIOException: 06170000 Failed to create store root: ./alf_data/contentstore
Caused by: org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [org.alfresco.repo.content.filestore.FileCo
ntentStore]: Constructor threw exception; nested exception is org.alfresco.service.cmr.repository.ContentIOException: 06170000 Failed to crea
te store root: ./alf_data/contentstore
Caused by: org.alfresco.service.cmr.repository.ContentIOException: 06170000 Failed to create store root: ./alf_data/contentstore
but my alfresco-global.properties contains
dir.root=/data/AlfrescoData
dir.indexes=/data/AlfrescoData/lucene-indexes
So I ended up putting back:
[*]custom-hibernate-dialect.properties
[*]custom-repository-context.xml
[*]custom-repository.properties (which is nothing but a symlink to alfresco-global.properties)Am I missing something here?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-18-2009 04:14 PM
so, if I am reading this right, I would need a newer version than 3.2 LABS, to be able to use this config:
Is that correct?
Also, the line ldap.synchronization.defaultHomeFolderProvider=homeDirectory doesn't seem to be doing anything, as the home dirs are generated by alfresco and utterly different to what has been saved in LDAP.
One more thing, with the above setup, is it possible to:
a. delete users "synchronised" from LDAP?
b. trigger synchronization (without deleting the entire database or creating a new LDAP user, unknown to Alfresco)?
When I try to delete an (LDAP-originating) user, I get:
#
# LDAP
#————-
# authentication
ldap.authentication.active=true
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.userNameFormat=uid=%s,dc=people,dc=example,dc=com
ldap.authentication.allowGuestLogin=false
ldap.authentication.java.naming.provider.url=ldap://localhost:389/
ldap.authentication.defaultAdministratorUserNames=user1,user2,admin
# synchronization
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=cn=lookup,dc=example,dc=com
ldap.synchronization.java.naming.security.credentials=SomePassword
ldap.synchronization.groupSearchBase=dc=groups,dc=example,dc=com
ldap.synchronization.userSearchBase=dc=people,dc=example,dc=com
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'
ldap.synchronization.userIdAttributeName=uid
ldap.synchronization.personType=inetOrgPerson
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=uidNumber
ldap.synchronization.defaultHomeFolderProvider=homeDirectory
ldap.synchronization.groupType=posixGroup
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupMemberAttributeName=memberUid
synchronization.synchronizeChangesOnly=false
synchronization.syncOnStartup=true
synchronization.syncWhenMissingPeopleLogIn=true
synchronization.autoCreatePeopleOnLogin=false
Is that correct?
Also, the line ldap.synchronization.defaultHomeFolderProvider=homeDirectory doesn't seem to be doing anything, as the home dirs are generated by alfresco and utterly different to what has been saved in LDAP.
One more thing, with the above setup, is it possible to:
a. delete users "synchronised" from LDAP?
b. trigger synchronization (without deleting the entire database or creating a new LDAP user, unknown to Alfresco)?
When I try to delete an (LDAP-originating) user, I get:
22:09:34,096 ERROR [org.alfresco.web.scripts.AbstractRuntime] Exception from executeScript - redirecting to status template error: 06185145 Wrapped Exception (with status template): 06185144 Failed to execute script '/org/alfresco/repository/person/person.delete.js (in classpath store file:/opt/Alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/templates/webscripts)': 06185143 User name does not exist: tester
org.alfresco.web.scripts.WebScriptException: 06185145 Wrapped Exception (with status template): 06185144 Failed to execute script '/org/alfresco/repository/person/person.delete.js (in classpath store file:/opt/Alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/templates/webscripts)': 06185143 User name does not exist: testerOptions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-20-2009 09:06 AM
Yes. You will need a Community build later than 14th July, and unfortunately there isn't one yet, due to our build servers being temporarily out of action.
Watch this space
http://dev.alfresco.com/downloads/nightly/dist/?C=M;O=A
Or just check out HEAD and build it yourself. It's dead easy. Read this Wiki and use the "ant build-tomcat" command.
http://wiki.alfresco.com/wiki/Alfresco_SVN_Development_Environment
On the subject of the home folder provider setting, it does appear that the default setting is wrong and causes user homes to get created directly under Company Home. I think it should be set to userHomesHomeFolderProvider. I've logged a JIRA issue.
https://issues.alfresco.com/jira/browse/ETHREEOH-2535
On the question of deleting users, yes this is done by the scheduled sync job when it is running in 'full' sync mode. See
http://wiki.alfresco.com/wiki/The_Synchronization_Subsystem
The only way to trigger a sync in the Community release is to log in as a user who exists in LDAP but not in Alfresco, or to edit
synchronization.import.cron
so that it runs more frequently. Future versions will also trigger a differential sync on startup, so that it is less likely that the first login has a large synchronization overhead.
Watch this space
http://dev.alfresco.com/downloads/nightly/dist/?C=M;O=A
Or just check out HEAD and build it yourself. It's dead easy. Read this Wiki and use the "ant build-tomcat" command.
http://wiki.alfresco.com/wiki/Alfresco_SVN_Development_Environment
On the subject of the home folder provider setting, it does appear that the default setting is wrong and causes user homes to get created directly under Company Home. I think it should be set to userHomesHomeFolderProvider. I've logged a JIRA issue.
https://issues.alfresco.com/jira/browse/ETHREEOH-2535
On the question of deleting users, yes this is done by the scheduled sync job when it is running in 'full' sync mode. See
http://wiki.alfresco.com/wiki/The_Synchronization_Subsystem
The only way to trigger a sync in the Community release is to log in as a user who exists in LDAP but not in Alfresco, or to edit
synchronization.import.cron
so that it runs more frequently. Future versions will also trigger a differential sync on startup, so that it is less likely that the first login has a large synchronization overhead.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-22-2009 09:48 AM
Ok, got tired of waiting. Bit the bullet and built it myself from svn HEAD. Thanks for the instructions and like you said it was pretty simple. 😄
So, on a spanking new clean install, the sync happened and at the end of the sync it said:
Im also getting these warnings while groups are synced, but I dont know if it contributes to the previous error:
The user does not exist in the particular user 'ou' which Im searching in. I think we really need this https://issues.alfresco.com/jira/browse/ETHREEOH-1806 quickly, but for the moment, I can do without it and move users from other OUs to the one that Im searching under as a workaround to get them to login. Although, it would be nice to just have
The records-management amp still has a problem when starting[since the 3.2.0 (_dev 1979) build if I remember correctly]
So, on a spanking new clean install, the sync happened and at the end of the sync it said:
16:47:11,439 INFO [security.sync.ChainingUserRegistrySynchronizer] 186 user(s) and 88 group(s) processed
Jul 22, 2009 4:47:15 PM org.apache.jk.core.MsgContext action
WARNING: Error sending end packet
java.net.SocketException: Broken pipe
at java.net.SocketOutputStream.socketWrite0(Native Method)
at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:92)
at java.net.SocketOutputStream.write(SocketOutputStream.java:136)
at org.apache.jk.common.ChannelSocket.send(ChannelSocket.java:537)
at org.apache.jk.common.JkInputStream.endMessage(JkInputStream.java:127)
at org.apache.jk.core.MsgContext.action(MsgContext.java:302)
at org.apache.coyote.Response.action(Response.java:183)
at org.apache.coyote.Response.finish(Response.java:305)
at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:205)
at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:283)
at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:773)
at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:703)
at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:895)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)
at java.lang.Thread.run(Thread.java:619)
Jul 22, 2009 4:47:15 PM org.apache.jk.common.ChannelSocket processConnection
WARNING: processCallbacks status 2Im also getting these warnings while groups are synced, but I dont know if it contributes to the previous error:
16:47:11,367 INFO [security.sync.ChainingUserRegistrySynchronizer] Adding '993213' to group 'group1'
16:47:11,376 WARN [security.sync.ChainingUserRegistrySynchronizer] Failed to add '993213' to group 'group1'
org.alfresco.repo.security.authority.AuthorityException: 06222639 The person 993213 does not exist and can not be added to a group
at org.alfresco.repo.security.authority.AuthorityServiceImpl.addAuthority(AuthorityServiceImpl.java:263)
at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncGroupsWithPlugin(ChainingUserRegistrySynchronizer.java:522)
at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:218)
at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.createMissingPerson(ChainingUserRegistrySynchronizer.java:246)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.alfresco.repo.management.subsystems.SubsystemProxyFactory$1.invoke(SubsystemProxyFactory.java:71)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy52.createMissingPerson(Unknown Source)
at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent$SetCurrentUserCallback$1.doWork(AbstractAuthenticationCo
mponent.java:431)
at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent$SetCurrentUserCallback$1.doWork(AbstractAuthenticationCo
mponent.java:428)
at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:489)
at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent$SetCurrentUserCallback.execute(AbstractAuthenticationCom
ponent.java:427)
at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent$SetCurrentUserCallback.execute(AbstractAuthenticationCom
ponent.java:412)
at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:326)
at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent.setCurrentUser(AbstractAuthenticationComponent.java:193)
at org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl.authenticateImpl(LDAPAuthenticationComponentImpl.ja
va:102)
at org.alfresco.repo.security.authentication.AbstractAuthenticationComponent.authenticate(AbstractAuthenticationComponent.java:144)
at org.alfresco.repo.security.authentication.AuthenticationServiceImpl.authenticate(AuthenticationServiceImpl.java:129)
at org.alfresco.repo.security.authentication.AbstractChainingAuthenticationService.authenticate(AbstractChainingAuthenticationService
.java:166)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:304)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)The user does not exist in the particular user 'ou' which Im searching in. I think we really need this https://issues.alfresco.com/jira/browse/ETHREEOH-1806 quickly, but for the moment, I can do without it and move users from other OUs to the one that Im searching under as a workaround to get them to login. Although, it would be nice to just have
ldap.authentication.userNameFormat=uid\=%sThe records-management amp still has a problem when starting[since the 3.2.0 (_dev 1979) build if I remember correctly]
16:38:01,059 User:System INFO [repo.module.ModuleServiceImpl] Installing module 'org.alfresco.module.RecordsManagement' version 1.3.
16:38:04,839 User:System ERROR [web.context.ContextLoader] Context initialization failed
org.alfresco.error.AlfrescoRuntimeException: 06220004 Failed to start modules
at org.alfresco.repo.module.ModuleComponentHelper$1.doWork(ModuleComponentHelper.java:308)
at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:489)
at org.alfresco.repo.module.ModuleComponentHelper.startModules(ModuleComponentHelper.java:202)
at org.alfresco.repo.module.ModuleServiceImpl.startModules(ModuleServiceImpl.java:143)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:304)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:106)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy69.startModules(Unknown Source)
at org.alfresco.repo.module.ModuleStarter$1.execute(ModuleStarter.java:70)
at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:326)
at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:252)
at org.alfresco.repo.module.ModuleStarter.onBootstrap(ModuleStarter.java:74)
at org.alfresco.util.AbstractLifecycleBean.onApplicationEvent(AbstractLifecycleBean.java:62)
at org.springframework.context.event.SimpleApplicationEventMulticaster$1.run(SimpleApplicationEventMulticaster.java:77)
at org.springframework.core.task.SyncTaskExecutor.execute(SyncTaskExecutor.java:49)
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:75)
at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:246)
at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:617)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:355)
at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:246)
at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:189)
at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:49)
at org.alfresco.web.app.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:69)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3764)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4216)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:626)
at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:553)Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-22-2009 10:24 AM
My guess is that the "broken pipe" error is perhaps due to apache mod_jk timing out your login request (probably because the request ran for so long during the first sync). Check your apache configuration.
As I mentioned, in future versions, an initial differential sync will be done when the server boots up, to avoid such long-running transactions in login requests.
As I mentioned, in future versions, an initial differential sync will be done when the server boots up, to avoid such long-running transactions in login requests.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-22-2009 10:48 AM
Oh, I think you're right. I tried another clean install again and it didn't go down fatally this time.
It didn't sync this from the group though:
It didn't sync this from the group though:
ldap.synchronization.userOrganizationalIdAttributeName=businessCategory
Related Content
- Alfresco Dockerfiles Bakery: Streamlining Container Builds for Alfresco Products in Alfresco Blog
- Alfresco Customer Newsletter — June 2024 in Alfresco Blog
- Alfresco Community Edition 23.2 Release Notes in Alfresco Blog
- Alfresco 7.1 problem synchronize with LDAP in Alfresco Forum
- Alfresco syncs LDAP groups, but doesn't populate them in Alfresco Forum
Getting started
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.
