Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Hyland Connect
- Enterprise Platforms
- Alfresco
- Alfresco Archive
- LDAP import
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
LDAP import
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-16-2007 02:00 AM
I have configured Alfresco to use ldap authentication.
When a user logs in for the first time, they are created as a user in Alfresco and a space is created for them. However their details [sn givenName mail] etc are not imported. How does one go about this? Do we need to use the ldap synch support for this? Or can it be done as part of the process that initially authenticates the user and sets them up in Alfresco?
When a user logs in for the first time, they are created as a user in Alfresco and a space is created for them. However their details [sn givenName mail] etc are not imported. How does one go about this? Do we need to use the ldap synch support for this? Or can it be done as part of the process that initially authenticates the user and sets them up in Alfresco?
Labels:
- Labels:
-
Archive
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-16-2007 06:41 AM
Hello
I have the same problem.
For me it seems that the trigger doesn't start :
I added the ldap debug in log4J
Then here is my ldap-authentication-context.xml.
I don't use the group import yet.
I don't see anything in my stack trace about ldap import.
Just an error about Netbios but it's because I'm working on a 64 Windows OS. That why I think my trigger never starts.
I'm working with alfresco 2.1, community
I have the same problem.
For me it seems that the trigger doesn't start :
I added the ldap debug in log4J
#ldap debug
log4j.logger.org.alfresco.repo.security.authentication.ldap=debug
Then here is my ldap-authentication-context.xml.
I don't use the group import yet.
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<beans>
<!– DAO that rejects changes - LDAP is read only at the moment. It does allow users to be deleted with out warnings from the UI. –>
<bean name="authenticationDao" class="org.alfresco.repo.security.authentication.DefaultMutableAuthenticationDao" >
<property name="allowDeleteUser">
<value>true</value>
</property>
</bean>
<!– LDAP authentication configuration –>
<bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl">
<property name="LDAPInitialDirContextFactory">
<ref bean="ldapInitialDirContextFactory"/>
</property>
<property name="userNameFormat">
<value>ESI\%s</value>
</property>
</bean>
<bean id="ldapInitialDirContextFactory" class="org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl">
<property name="initialDirContextEnvironment">
<map>
<!– The LDAP provider –>
<entry key="java.naming.factory.initial">
<value>com.sun.jndi.ldap.LdapCtxFactory</value>
</entry>
<!– The url to the LDAP server –>
<!– Note you can use space separated urls - they will be tried in turn until one works –>
<!– This could be used to authenticate against one or more ldap servers (you will not know which one ….) –>
<entry key="java.naming.provider.url">
<value>ldap://10.1.40.2:389</value>
</entry>
<!– The authentication mechanism to use –>
<!– Some sasl authentication mechanisms may require a realm to be set –>
<!– java.naming.security.sasl.realm –>
<!– The available options will depend on your LDAP provider –>
<entry key="java.naming.security.authentication">
<value>simple</value>
</entry>
<entry key="java.naming.security.principal">
<value>CN=Labo SUN,OU=Labs,OU=Users,OU=Global,OU=SUPINFO,DC=esi-supinfo,DC=com</value>
</entry>
<!– The password for the user defined above –>
<entry key="java.naming.security.credentials">
<value>mysecretpassword</value>
</entry>
</map>
</property>
</bean>
<bean id="ldapPeopleExportSource" class="org.alfresco.repo.security.authentication.ldap.LDAPPersonExportSource">
<property name="personQuery">
<value>(objectclass=user)</value>
</property>
<!– cn=Users,
The seach base restricts the LDAP query to a sub section of tree on the LDAP server.
–>
<!– *** THIS IS WHERE YOU NEED TO SETUP WHERE IN AD TO GET THE USERS *** –>
<property name="searchBase">
<value>OU=SUPINFO, DC=esi-supinfo,DC=com</value>
</property>
<!–
The unique identifier for the user.
THIS MUST MATCH WHAT THE USER TYPES IN AT THE LOGIN PROMPT
For simple LDAP authentication this is likely to be "cn" or, less friendly, "distinguishedName"
In OpenLDAP, using other authentication mechanisms "uid", but this depends on how you map
from the id in the LDAP authentication request to search for the inetOrgPerson against which
to authenticate.
In Active Directory this is most likely to be "sAMAccountName"
This property is mandatory and must appear on all users found by the query defined above.
–>
<property name="userIdAttributeName">
<value>sAMAccountName</value>
</property>
<property name="LDAPInitialDirContextFactory">
<ref bean="ldapInitialDirContextFactory" />
</property>
<property name="personService">
<ref bean="personService"></ref>
</property>
<property name="namespaceService">
<ref bean="namespaceService" />
</property>
<property name="attributeMapping">
<map>
<entry key="cm:userName">
<value>sAMAccountName</value>
</entry>
<entry key="cm:firstName">
<value>givenName</value>
</entry>
<entry key="cm:lastName">
<value>sn</value>
</entry>
<entry key="cm:email">
<value>mail</value>
</entry>
<entry key="cm:organizationId">
<value>sAMAccountName</value>
</entry>
<!– Always use the default –>
<entry key="cm:homeFolderProvider">
<null/>
</entry>
</map>
</property>
</bean>
<!– Job definitions to import LDAP people and groups –>
<!– The triggers register themselves with the scheduler –>
<!– You may comment in the default scheduler to enable these triggers –>
<!– If a cron base trigger is what you want seee scheduled-jobs-context.xml for examples. –>
<!– Trigger to load poeple –>
<!– Note you can have more than one initial (context, trigger, import job and export source) set –>
<!– This would allow you to load people from more than one ldap store –>
<bean id="ldapPeopleTrigger" class="org.alfresco.util.TriggerBean">
<property name="jobDetail">
<bean id="ldapPeopleJobDetail" class="org.springframework.scheduling.quartz.JobDetailBean">
<property name="jobClass">
<value>org.alfresco.repo.importer.ImporterJob</value>
</property>
<property name="jobDataAsMap">
<map>
<entry key="bean">
<ref bean="ldapPeopleImport"/>
</entry>
</map>
</property>
</bean>
</property>
<!– Start after 60 seconds of starting the repository –>
<property name="startDelay">
<value>60000</value>
</property>
<!– Repeat every hour –>
<property name="repeatInterval">
<value>3600000</value>
</property>
<!– Commented out to disable –>
<property name="scheduler">
<ref bean="schedulerFactory" />
</property>
</bean>
<!– The bean that imports xml describing people –>
<bean id="ldapPeopleImport" class="org.alfresco.repo.importer.ExportSourceImporter">
<property name="importerService">
<ref bean="importerComponentWithBehaviour"/>
</property>
<property name="transactionService">
<ref bean="transactionComponent"/>
</property>
<property name="authenticationComponent">
<ref bean="authenticationComponent"/>
</property>
<property name="exportSource">
<ref bean="ldapPeopleExportSource"/>
</property>
<!– The store that contains people - this should not be changed –>
<property name="storeRef">
<value>${spaces.store}</value>
</property>
<!– The location of people nodes within the store defined above - this should not be changed –>
<property name="path">
<value>/${system.system_container.childname}/${system.people_container.childname}</value>
</property>
<!– If true, clear all existing people before import, if false update/add people from the xml –>
<property name="clearAllChildren">
<value>false</value>
</property>
<property name="nodeService">
<ref bean="nodeService"/>
</property>
<property name="searchService">
<ref bean="searchService"/>
</property>
<property name="namespacePrefixResolver">
<ref bean="namespaceService"/>
</property>
</bean>
<!– ##################### group ################### –>
<!– <bean id="ldapGroupExportSource" class="org.alfresco.repo.security.authentication.ldap.LDAPGroupExportSource">
<property name="groupQuery">
<value>(objectclass=groupOfNames)</value>
</property>
<property name="searchBase">
<value>dc=esi-supinfo,dc=com</value>
</property>
<property name="userIdAttributeName">
<value>uid</value>
</property>
<property name="groupIdAttributeName">
<value>cn</value>
</property>
<property name="groupType">
<value>groupOfNames</value>
</property>
<property name="personType">
<value>inetOrgPerson</value>
</property>
<property name="LDAPInitialDirContextFactory">
<ref bean="ldapInitialDirContextFactory" />
</property>
<property name="namespaceService">
<ref bean="namespaceService" />
</property>
<property name="memberAttribute">
<value>member</value>
</property>
</bean>–>
</beans>I don't see anything in my stack trace about ldap import.
Just an error about Netbios but it's because I'm working on a 64 Windows OS. That why I think my trigger never starts.
CompilerOracle: exclude org/apache/lucene/index/IndexReader$1 doBody
CompilerOracle: exclude org/alfresco/repo/search/impl/lucene/index/IndexInfo$Merger mergeIndexes
CompilerOracle: exclude org/alfresco/repo/search/impl/lucene/index/IndexInfo$Merger mergeDeletions
16 oct. 2007 12:02:27 org.apache.coyote.http11.Http11BaseProtocol init
INFO: Initialisation de Coyote HTTP/1.1 sur http-8080
16 oct. 2007 12:02:27 org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 2219 ms
16 oct. 2007 12:02:27 org.apache.catalina.core.StandardService start
INFO: DTmarrage du service Catalina
16 oct. 2007 12:02:27 org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/5.5.23
16 oct. 2007 12:02:28 org.apache.catalina.core.StandardHost start
INFO: XML validation disabled
16 oct. 2007 12:02:29 org.apache.catalina.startup.HostConfig deployWAR
INFO: DTploiement de l'archive alfresco.war de l'application web
12:03:07,718 WARN [remoting.rmi.RmiRegistryFactoryBean] Could not detect RMI registry - creating new one
12:03:11,453 INFO [alfresco.repo.workflow] Registered Workflow Component 'jbpm' (class org.alfresco.repo.workflow.jbpm.JBPMEngine)
12:03:11,453 INFO [alfresco.repo.workflow] Registered Task Component 'jbpm' (class org.alfresco.repo.workflow.jbpm.JBPMEngine)
12:03:15,937 INFO [domain.schema.SchemaBootstrap] Schema managed by database dialect org.hibernate.dialect.HSQLDialect.
12:03:15,953 INFO [domain.schema.SchemaBootstrap] Alfresco is using the HSQL default database. Please only use this while evaluating Alfresco, it is NOT recommended for production or deployment!
12:03:17,500 INFO [domain.schema.SchemaBootstrap] Aucune modification na TtT apportTe au schTma.
12:03:19,734 WARN [repo.admin.ConfigurationChecker] The Alfresco 'dir.root' property is set to a relative path './alf_data'. 'dir.root' should be overridden to point to a specific folder.
12:03:19,734 INFO [repo.admin.ConfigurationChecker] The Alfresco root data directory ('dir.root') is: .\alf_data
12:03:21,156 INFO [admin.patch.PatchExecuter] VTrification des correctifs a appliquer …
12:03:21,296 INFO [repo.module.ModuleServiceImpl] 0 module(s) trouvT(s).
12:03:21,968 DEBUG [alfresco.smb.protocol] Added desktop action CheckInOut
12:03:21,984 DEBUG [alfresco.smb.protocol] Added desktop action JavaScriptURL
12:03:22,031 DEBUG [alfresco.smb.protocol] Local domain name is MSHOME (via JNI)
12:03:22,156 DEBUG [smb.protocol.auth] Added passthru server [cesar.esi-supinfo.com:10.1.40.2:Offline:0,0]
12:03:22,156 INFO [alfresco.smb.protocol] CIFS server started
12:03:22,156 INFO [alfresco.smb.protocol] FTP server started
12:03:22,156 INFO [alfresco.smb.protocol] NFS server NOT started
12:03:22,187 INFO [service.descriptor.DescriptorService] Alfresco JVM - v1.6.0-b105; maximum heap size 506,313MB
12:03:22,187 INFO [alfresco.smb.protocol] SMB Server FIFPO_A starting
12:03:22,218 DEBUG [smb.protocol.auth] New auth session from fifpo_1 to \\10.1.40.2\IPC$\
12:03:22,234 INFO [alfresco.smb.protocol] GUID 4dfe36dc-bdc0-31df-8912-0e69e53e46ea
12:03:22,234 INFO [alfresco.smb.protocol] Using authenticator org.alfresco.filesys.server.auth.passthru.PassthruAuthenticator
12:03:22,234 INFO [alfresco.smb.protocol] Server timezone Europe/Paris, offset from UTC = -1hrs
12:03:22,218 INFO [service.descriptor.DescriptorService] Alfresco started (Community Network): Current version 2.1.0 (482) schema 64 - Installed version 2.1.0 (482) schema 64
12:03:22,250 INFO [alfresco.smb.protocol] Shares:
12:03:22,296 DEBUG [smb.protocol.auth] Trying address 10.1.40.2
12:03:22,312 INFO [alfresco.smb.protocol] [Alfresco,DISK,,[Alfresco,workspace://SpacesStore/b413ceab-71ad-11dc-9ebf-add9c994d380]] [Alfresco,workspace://SpacesStore/b413ceab-71ad-11dc-9ebf-add9c994d380]
12:03:22,312 INFO [alfresco.smb.protocol] [AVM,DISK,,[AVM,VirtualView]] [AVM,VirtualView]
12:03:22,312 INFO [alfresco.smb.protocol] Add Share [IPC$,IPC$,,Admin,Hidden] : true
12:03:22,328 DEBUG [smb.protocol.auth] Connected to address 10.1.40.2
12:03:22,328 DEBUG [smb.protocol.auth] Connected session, protocol : TCP/IP NetBIOS
12:03:22,375 DEBUG [smb.protocol.auth] SessionFactory: Negotiated SMB dialect NT LM 0.12
12:03:22,375 DEBUG [smb.protocol.auth] Passthru server online, [cesar.esi-supinfo.com:10.1.40.2:Online:0,0]
12:03:22,625 DEBUG [alfresco.smb.protocol] Win32 NetBIOS Available LANAs: 5 0
12:03:23,234 DEBUG [alfresco.smb.protocol] Win32 NetBIOS server FIFPO_A (using Winsock)
12:03:23,312 DEBUG [alfresco.smb.protocol] Win32 NetBIOS failed to create session handler for LANA 5
12:03:23,312 DEBUG [alfresco.smb.protocol] 10044:CreateSocket - Socket type not supported
12:03:23,312 DEBUG [alfresco.smb.protocol] Win32 NetBIOS created session handler on LANA 5
12:03:23,312 DEBUG [alfresco.smb.protocol] Win32 NetBIOS host announcer enabled on LANA 5
12:03:23,312 DEBUG [alfresco.smb.protocol] Win32 NetBIOS server FIFPO_A (using Winsock)
12:03:23,328 ERROR [smb.protocol.mailslot] HostAnnouncer initialization error
org.alfresco.filesys.netbios.win32.WinsockNetBIOSException: 10047:CreateDatagramSocket - Address family not supported by protocol family
at org.alfresco.filesys.netbios.win32.Win32NetBIOS.CreateDatagramSocket(Native Method)
at org.alfresco.filesys.netbios.win32.NetBIOSSocket.createDatagramSocket(NetBIOSSocket.java:162)
at org.alfresco.filesys.smb.mailslot.WinsockNetBIOSHostAnnouncer.initialize(WinsockNetBIOSHostAnnouncer.java:103)
at org.alfresco.filesys.smb.mailslot.HostAnnouncer.run(HostAnnouncer.java:270)
12:03:23,359 DEBUG [alfresco.smb.protocol] Win32 NetBIOS failed to create session handler for LANA 0
12:03:23,359 DEBUG [alfresco.smb.protocol] 10044:CreateSocket - Socket type not supported
12:03:23,359 DEBUG [alfresco.smb.protocol] Win32 NetBIOS created session handler on LANA 0
12:03:23,390 DEBUG [alfresco.smb.protocol] Win32 NetBIOS host announcer enabled on LANA 0
12:03:23,406 ERROR [smb.protocol.mailslot] HostAnnouncer initialization error
org.alfresco.filesys.netbios.win32.WinsockNetBIOSException: 10047:CreateDatagramSocket - Address family not supported by protocol family
at org.alfresco.filesys.netbios.win32.Win32NetBIOS.CreateDatagramSocket(Native Method)
at org.alfresco.filesys.netbios.win32.NetBIOSSocket.createDatagramSocket(NetBIOSSocket.java:162)
at org.alfresco.filesys.smb.mailslot.WinsockNetBIOSHostAnnouncer.initialize(WinsockNetBIOSHostAnnouncer.java:103)
at org.alfresco.filesys.smb.mailslot.HostAnnouncer.run(HostAnnouncer.java:270)
12:03:23,421 DEBUG [alfresco.smb.protocol] Win32 NetBIOS register listener for LANA 5
12:03:23,421 DEBUG [alfresco.smb.protocol] Win32 NetBIOS register listener for LANA 0
12:03:23,796 INFO [alfresco.repo.workflow] Workflow deployer: Deployed process definition 'Document assignment and validation' (version 11) from 'alfresco/extension/taskassignment_processdefinition.xml' with 2 problems
12:03:28,375 DEBUG [alfresco.smb.protocol] Win32 NetBIOS Failed To ReInitialize LANA
12:03:28,375 DEBUG [alfresco.smb.protocol] 10044:CreateSocket - Socket type not supported
12:03:28,390 DEBUG [alfresco.smb.protocol] Win32 NetBIOS Failed To ReInitialize LANA
12:03:28,406 DEBUG [alfresco.smb.protocol] 10044:CreateSocket - Socket type not supported
16 oct. 2007 12:03:28 org.apache.coyote.http11.Http11BaseProtocol start
INFO: DTmarrage de Coyote HTTP/1.1 sur http-8080
16 oct. 2007 12:03:28 org.apache.catalina.storeconfig.StoreLoader load
INFO: Find registry server-registry.xml at classpath resource
16 oct. 2007 12:03:29 org.apache.catalina.startup.Catalina start
INFO: Server startup in 61532 ms
I'm working with alfresco 2.1, community
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-17-2007 03:10 AM
Ok I resolved my problem and the import is almost ok.
I started with a new and clean alfresco (I don't know why it didn't start my trigger), change a bit the logger (also in the previous post) .
And from here I could see the error about the import and specially about the trigger. Then I'll have to change the search level in the ldap config file and it should be ok.
Fogo, what is your stack trace ???
Have you set the log level to debug in the log4J.properties to see the log about ldap ? Is the trigger started ?
I started with a new and clean alfresco (I don't know why it didn't start my trigger), change a bit the logger (also in the previous post) .
And from here I could see the error about the import and specially about the trigger. Then I'll have to change the search level in the ldap config file and it should be ok.
Fogo, what is your stack trace ???
Have you set the log level to debug in the log4J.properties to see the log about ldap ? Is the trigger started ?
Related Content
- Specific groups login in Alfresco Forum
- Dataimport to a new alfrescohost in Alfresco Forum
- When generating the document, I can't mark it as versionable so that the versioning actually version in Alfresco Forum
- How to deal with user System in latest Alfresco versions in Alfresco Blog
- Using Bulk Import with Alfresco 23.x in Alfresco Forum
Getting started
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.
