Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

LDAP not using specified configuration

warlockvix
Champ in-the-making
Champ in-the-making

‎07-23-2010 10:13 AM

Having a bit of an issue with my new alfresco install. I installed Alfresco 3.3g on Windows 2k3 and I am trying to sync and authenticate with AD. For past installs, I've always gone into ldap-ad-authentication.properties or created a changes.properties file and specified what server to point at for LDAP. So I altered the ldap-ad-authentication.properties file but I seem to be having a configuration issue.

Is there another location that I need to modify as well as the files under Authentication\ldap-ad? I ask because my sync and authentication connection times out. In the log, Alfresco is trying to connect to my domain name instead of the server IP I have specified in my ldap-ad-authentication.properties file. So I figure there's another field I need to change or modify but I'm having a heck of a time finding it. Any ideas?


ldap-ad\ldap-ad-authentication.properties
ldap.authentication.java.naming.provider.url=ldap://10.10.3.51:389

LDAP sync fails error -
"Caused by: javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: THISISMYDOMAIN.COM:389 [Root exception is java.net.ConnectException: Connection timed out: connect]]"
Labels:
0 Kudos
9 REPLIES 9

dward
Champ on-the-rise
Champ on-the-rise

‎07-23-2010 11:01 AM

You should NEVER edit any of the configuration files under WEB-INF/classes.

Your own configuration lives under $TOMCAT_HOME/shared/classes/alfresco/extension

Your subsystem override configuration lives under $TOMCAT_HOME/shared/classes/alfresco/extension/subsystems/Authentication/ldap-ad/ldap1

(assuming that you have ldap1:ldap-ad in your authentication chain).

Read http://wiki.alfresco.com/wiki/Alfresco_Subsystems#Configuring_Subsystems
0 Kudos

warlockvix
Champ in-the-making
Champ in-the-making

‎07-26-2010 08:51 AM

Thanks for the reply, however it isn't my editing of ldap-ad-authentication.properties that is causing this issue. I edit the files under WEB-INF/classes when I notice something isn't being read by my own configuration files. Yes, configurations aren't always read and yes, editing the files under WEB-INF/classes will work as long as you don't screw them up. I know why you shouldn't do it but I also know (from testing and experience) that if you edit the files carefully under WEB-INF/classes that Alfresco will run without any problems. Now on to my issue.

To appease your post, I removed Alfresco and completely reinstalled using only my configuration files. So a new install and I'm configuring Alfresco to use "authentication.chain=passthru1Smiley Tongueassthru,ldap-ad1:ldap-ad" and CIFS. Which means I've created a changes.properties for files server, passthru and ldap-ad1. Again, same issue. The ldap-ad1 is still returning "Caused by: javax.naming.PartialResultException [Root exception is javax.naming.CommunicationException: THISISMYDOMAIN.COM:389 [Root exception is java.net.ConnectException: Connection timed out: connect]]" and not using the IP address I have in the changes.properties file.

I can ping the IP of the LDAP server from the Alfresco server.
I can ping DNS name of the LDAP server from the Alfresco server.
I have used the LDAP server DNS in my configuration.
I can telnet to the LDAP server from the Alfresco server.
The Alfresco server is part of the domain
Alfresco is in a VM  - but then, I've always run Alfresco in a VM but I figure I'd mention it.

So again I ask if anyone has any ideas?

Ldap-ad1 changes.properties snippet
ldap.authentication.java.naming.provider.url=ldap://10.10.3.51:389

Passthru changes.properties snippet
passthru.authentication.domain=THISISMYDOMAIN
passthru.authentication.servers=THISISMYDOMAIN\\10.10.3.51
0 Kudos

dward
Champ on-the-rise
Champ on-the-rise

‎07-26-2010 01:49 PM

Please read http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems#Domain_level_properties

You shouldn't set domain and servers at the same time. A more typical setting would be

passthru.authentication.domain=
passthru.authentication.servers=THISISMYDOMAIN\\10.10.3.51,10.10.3.51
0 Kudos

warlockvix
Champ in-the-making
Champ in-the-making

‎07-27-2010 09:33 AM

Yes, I'm familiar with article because it was written for 3.2. And this is the same configuration I used with 3.0 and 3.2r. And while not typical, I have never received a LDAP timeout error because of the passthru configuration. However, I did make the change that you suggested and I am still receiving the same error.

But judging by your comments, I am assuming no new LDAP configuration files have been introduced into Alfresco. Which means that either my install is bugged or something is wrong with the server. I'll download the install package and try a new install again. If that doesn't work, I'll reinstall the OS.
0 Kudos

dward
Champ on-the-rise
Champ on-the-rise

‎07-27-2010 09:47 AM

The configuration changed in 3.2 and has not changed since. The article I pointed you to applied to release 3.2 onwards. Not 3.0.

Your error suggests that it is trying to use THISISMYDOMAIN.COM:389 as ldap.authentication.java.naming.provider.url. Check for duplicate settings of this property.

Or perhaps there is some kind of federation / load balancing going on between ldap://10.10.3.51:389 and THISISMYDOMAIN.COM:389 ? Make sure that THISISMYDOMAIN.COM actually resolves on the alfresco host, e.g. by adding an entry to C:\Windows\System32\drivers\etc\hosts.
0 Kudos

warlockvix
Champ in-the-making
Champ in-the-making

‎07-27-2010 10:24 AM

No duplication, no load balancing. Ok, "THISISMYDOMAIN.COM" is referring to the domain, not an actual host, server or PC. I used IP addresses in my configuration files when pointing to a differnet host, server or PC so I can try to figure out where "THISISMYDOMAIN.COM" is being pulled from. The Alfresco host is part of the domain and can authenticate with it. I've also removed the Alfresco host from the domain, deleted the account and rejoined the domain. 

It wants to use "THISISMYDOMAIN.COM" as ldap.authentication.java.naming.provider.url but nowhere in my config files is "THISISMYDOMAIN.COM" even mentioned. Nor is THISISMYDOMAIN.COM pointing towards anything in my hosts file that might be overriding the IP address.

The new install file has completed its download. I'll wipe the current install and reinstall using the new executable. If that doesn't resolve the issue, I'll reinstall Windows.
0 Kudos

warlockvix
Champ in-the-making
Champ in-the-making

‎07-30-2010 08:15 AM

Reinstall of WIndows resolved the issue. Hasn't error'd in 2 days.
0 Kudos

lblancher
Champ in-the-making
Champ in-the-making

‎08-30-2011 06:01 PM

Hello,

I experienced this problem with ldap synchronization, Alfresco was using the wrong url to connect to the ldap server.  I was using Java 1.6.0_22.  I updated to 1.6.0_27 and the problem was resolved.  Maybe its a bug in Java????

Lucas Blancher
BizXcel Inc.
0 Kudos

nileshyadav326
Champ in-the-making
Champ in-the-making
In response to lblancher

‎11-07-2017 01:39 PM

How u have  updated to 1.6.0_27 ?

0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC