cancel
Showing results for 
Search instead for 
Did you mean: 

LDAP login stop working

domgad
Champ in-the-making
Champ in-the-making
Hi, I'm having a weird behaviour. We have setup Alfresco with Active Directory synchronisation and it was working all fine until for whatever reason we can't seem to find it stopped. We can no longer log in or browse the shares with cifs. It just keeps asking for the user and password. We haven't changed any configuration files since it worked.

We can log in with the default built-in admin user and I can even search for the users and see them in the IP/alfresco/ interface. This tells me that it can browse the AD fine.

Anyone got an idea ? I tried searching in the forum couldn't find anything if somebody saw something point at the correct thread.

Thanks,
Dom
3 REPLIES 3

mrogers
Star Contributor
Star Contributor
If you havn't changed anything within alfresco then the problem is elsewhere.   

Have details of your LDAP server changed?
Have your network details changed?

The alfresco log may give you a clue as to what is going wrong.

domgad
Champ in-the-making
Champ in-the-making
No not that I know of. I'll ask the other administrator. But like I said is it normal behaviour that when logged in the web part of alfresco that it can actually find users so the connection does work. As I can search for newly created users and all ? But not log in with them ?

domgad
Champ in-the-making
Champ in-the-making
Hey, a little follow up I still have the same problem here is what I have in debug mode for the logs

15:55:45,071 DEBUG [org.alfresco.repo.search.impl.lucene.LuceneQueryParser] Query @usr\:username:"domgad"                             is
   @{http://www.alfresco.org/model/user/1.0}username:domgad
15:55:45,071 DEBUG [org.alfresco.repo.search.impl.lucene.ADMLuceneSearcherImpl] Query is @{http://www.alfresco.org/model/user/1.0}username:domgad
15:55:45,075 DEBUG [org.alfresco.repo.security.authentication.AuthenticationComponentImpl] Failed to authenticate user "domgad"
org.alfresco.repo.security.authentication.AuthenticationException: 06140007 net.sf.acegisecurity.BadCredentialsException: Bad credentials presented
net.sf.acegisecurity.BadCredentialsException: Bad credentials presented

15:55:45,081 DEBUG [org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl] Authenticating user "domgad"
15:55:45,081 DEBUG [org.alfresco.passthru.auth] Authenticate user=domgad via local credentials
15:55:45,081 DEBUG [org.alfresco.passthru.auth] Authenticate org.alfresco.repo.security.authentication.ntlm.NTLMLocalToken@1bd0a86a: Username: domgad; Password: [PROTECTED]; Authenticated: false; Details: null; Not granted any authorities via token
15:55:50,084 DEBUG [org.alfresco.passthru.auth] Failed to open passthru session, or no valid passthru server available for org.alfresco.repo.security.authentication.ntlm.NTLMLocalToken@1bd0a86a: Username: domgad; Password: [PROTECTED]; Authenticated: false; Details: null; Not granted any authorities
15:55:50,090 DEBUG [org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl] Failed to authenticate user "domgad"
org.alfresco.repo.security.authentication.AuthenticationException: 06140008 Failed to open session to passthru server

Dont know if this can help. Here is my config also. All of this is in alfresco-global.properties

authentication.chain=alfrescoNtlm1:alfrescoNtlm,passthru1:passthru,ldap1:ldap
ntlm.authentication.sso.enabled=false
ntlm.authentication.authenticateCIFS=false
alfresco.authentication.authenticateCIFS=false
alfresco.authentication.allowGuestLogin=false
passthru.authentication.sso.enabled=false
passthru.authentication.authenticateCIFS=true
ldap.authentication.active=false
ldap.synchronization.active=true
passthru.authentication.useLocalServer=false
passthru.authentication.domain=
passthru.authentication.servers=ourdomain\\server
ntlm.authentication.sso.enables=false
ntlm.authentication.mapUnknownUserToGuest=false
passthru.authentication.authenticateFTP=false
passthru.authentication.guestAccess=false
passthru.authentication.defaultAdministratorUserNames=adminuser
passthru.authentication.connectTimeout=5000
passthru.authentication.offlineCheckInterval=300
passthru.authentication.protocolOrder=TCPIP,NETBIOS
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.userNameFormat=%s
ldap.authentication.allowGuestLogin=false
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://server:389
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.synchronization.java.naming.security.principal=ourdomain\\adminuser
ldap.synchronization.java.naming.security.credentials=******
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.groupDifferentialQuery=(&(objectclass=nogroup)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(&(objectclass=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
ldap.synchronization.personDifferentialQuery=(& (objectclass=user)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupQuery=(objectclass\=group)
ldap.synchronization.groupSearchBase=cn\=users,dc=ourdomain,dc=ca
ldap.synchronization.userSearchBase=cn\=users,dc=ourdomain,dc=ca
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=msExchALObjectVersion
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupType=Nogroup
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=member
synchronization.synchronizeChangesOnly=true

cifs.disableNativeCode=false
cifs.enabled=true
cifs.serverName=vekta
cifs.domain=brouillette.ca
cifs.hostannounce=true
cifs.sessionTimeout=500
cifs.ipv6.enabled=false
cifs.tcpipSMB.port=1445
cifs.netBIOSSMB.namePort=1137
cifs.netBIOSSMB.datagramPort=1138
cifs.netBIOSSMB.sessionPort=1139
cifs.WINS.autoDetectEnabled=true