Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

LDAP on 3.2?

jriker1
Champ in-the-making
Champ in-the-making

‎05-11-2009 09:47 AM

I am trying out Alfresco 3.2 preview 2 and noticed somethings have moved around but regardless can't get LDAP working.  Does anyone know if it's working in 3.2 yet or if this is futile?  If so, does anyone have any examples how they configured it?  I know this is not production as the sample chaining files reference the old properties file paths.  Also is there a beta forum for this version? Since the forum search won't allow you to search on things like 3.2 even if you put them in quotes, makes it hard to find people taking about the prerelease version specifically.

Thanks.

JR
Labels:
0 Kudos
31 REPLIES 31

mikeh
Star Contributor
Star Contributor

‎05-29-2009 01:00 PM

Thanks for that thorough response. I'm just out of a seminar and my head's too full of ideas to think about how that'd work in my environment. That said it seems rather tedious to setup. I was looking forward to presenting alfresco running in house with some of our data migrated but i absolutely don't want to be tinkering with the code at such an early stage. If I have to do that now, there's no telling how much more awaits.
It's only configuration you're editing, not code.

A clean administrative console with all settings/options really would make this product showcase-able. However unless that is possible I probably will not even bother and look elsewhere.
http://wiki.alfresco.com/wiki/JMX
Although not every configuration value is exposed through this yet.

Mike
0 Kudos

blackened
Champ in-the-making
Champ in-the-making

‎05-29-2009 05:58 PM

I have tried getting this working through editing the two ldap*.properties files.  I can now login properly with the local admin account in both explorer and share.  However, a known working user (I can login with the same user to both Zimbra and SugarCRM) does not login (unknown username/password).  The alfresco.log spits this error:

15:49:27,768 ERROR [org.alfresco.web.scripts.AbstractRuntime] Exception from executeScript - redirecting to status template error: 04290004 Login failed
org.alfresco.web.scripts.WebScriptException: 04290004 Login failed
<java error stack>
15:49:34,527 ERROR [org.alfresco.web.scripts.AbstractRuntime] Exception from executeScript - redirecting to status template error: 04290008 Login failed
org.alfresco.web.scripts.WebScriptException: 04290008 Login failed
<java error stack>

Does this provide any clues to what the problem is to anyone?  This is a Zimbra installation of OpenLDAP that resides on another server.
0 Kudos

blackened
Champ in-the-making
Champ in-the-making

‎06-01-2009 05:54 PM

It appears the problem was my ldap UserNameFormat.  In other posts, it shows that the config should be
"ldap.authentication.userNameFormat=CN=%s,OU=People,DC=example,DC=com"

However, I have found that it really needs to be:

"ldap.authentication.userNameFormat=uid=%s,ou=People,dc=example,dc=com"

I am now able to create a user in Zimbra, and have them automatically setup in both Alfresco and SugarCRM!  Now to tie them all into one portal website…
0 Kudos

jriker1
Champ in-the-making
Champ in-the-making

‎06-10-2009 01:27 PM

Dear jriker

First you need to set up your authentication chain by declaring it in custom-repository.properties. E.g.

authentication.chain=myldap:ldap

Now take a copy of

root\projects\repository\config\alfresco\subsystems\Authentication\ldap\ldap-authentication.properties

and place it in your extension classpath under

alfresco/extension/subsystems/Authentication/ldap/myldap/ldap-synchronisation.properties

(note that your instance name is the last directory in the path)

.. and edit so that the parameters match your environment.

We certainly had this working in one of our test environments so let me know (via the forums) if you have any further problems.


OK, I have a Authentication/ldap/ldap-authentication.properties file.  Couple questions on the above.

Not sure which extensions branch we are talking about.  I have:

/srv/tomcat6/webapps/alfresco/WEB-INF/classes/alfresco/extension

and

/srv/tomcat/shared/classes/alfresco/extension.

Neither of them have a LDAP subsystem in them.  Do I have to manually create these folders?

JR
0 Kudos

mrogers
Star Contributor
Star Contributor

‎06-10-2009 03:01 PM

You put all your Alfresco configuration into the extension classpath.   (Never into the WEB-INF)

If you have installed onto Tomcat 6 then you need to create the shared extensions folder and add it to the classpath.
http://wiki.alfresco.com/wiki/Install_Tomcat6
0 Kudos

jriker1
Champ in-the-making
Champ in-the-making

‎06-10-2009 03:27 PM

You put all your Alfresco configuration into the extension classpath.   (Never into the WEB-INF)

If you have installed onto Tomcat 6 then you need to create the shared extensions folder and add it to the classpath.
http://wiki.alfresco.com/wiki/Install_Tomcat6

Thanks for the reply.  Does items in the extension folder have to be at the root of that folder or does it search recursively under it?
0 Kudos

mrogers
Star Contributor
Star Contributor

‎06-11-2009 06:02 AM

From application-context.xml:

These are the locations for users' configuration files.  It is not recursive.
<import resource="classpath*:alfresco/extension/*-context.xml"/>
<import resource="classpath*:alfresco/extension/mt/*-context.xml"/>
<import resource="classpath*:alfresco/extension/bootstrap/*-context.xml" />
0 Kudos

jriker1
Champ in-the-making
Champ in-the-making

‎06-18-2009 11:42 AM

From application-context.xml:

These are the locations for users' configuration files.  It is not recursive.
<import resource="classpath*:alfresco/extension/*-context.xml"/>
<import resource="classpath*:alfresco/extension/mt/*-context.xml"/>
<import resource="classpath*:alfresco/extension/bootstrap/*-context.xml" />

Then what iantopanto suggests on the prior page wouldn't work because it wouldn't look that deep for the files.  As an Alfresco engineer, and having to get this working as a POC else my management will look elsewhere, can you walk thru exactly how to configure LDAP and or NTLM to work with preview2?  Even when i put a copy of the ldap properties and xml file in the extensions folder I get a bunch of errors, first being that it can't connect to my ldap server which is nuts because I know it's entered right.  Unless it's how the credentials are entered.  We are using ADAM here if that helps any.

By the way, here is the first part of what I get.  I know it finds the ldap server because when I put in a bogus name it shows the name physically in the log as not found.


10:44:52,740 INFO  [org.alfresco.config.JndiPropertiesFactoryBean] Loading properties file from class path resource [alfresco/extension/custom-hibernate-dialect.properties]
10:44:52,776 INFO  [org.alfresco.config.SystemPropertiesFactoryBean] Loading properties file from class path resource [alfresco/domain/hibernate-cfg.properties]
10:44:58,273 ERROR [org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl] Unable to connect to LDAP Server; check LDAP configuration
javax.naming.NoInitialContextException: Cannot instantiate class: ${ldap.authentication.java.naming.factory.initial} [Root exception is java.lang.ClassNotFoundException: ${ldap.authentication.java.naming.factory.initial}]
        at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:657)
        at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
        at javax.naming.InitialContext.init(InitialContext.java:223)
        at javax.naming.InitialContext.<init>(InitialContext.java:197)
        at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
        at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.afterPropertiesSet(LDAPInitialDirContextFactoryImpl.java:224)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1203)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1172)
        at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapable
JR
0 Kudos

jriker1
Champ in-the-making
Champ in-the-making

‎06-19-2009 10:02 AM

Got things working kind of.  I put in my custom-repository.properties file in the tomcat shared extensions folder:

authentication.chain=myldap:ldap

Alfresco then seemed to start reading in the default ldap-authentication.properties data in the webapp branch of Tomcat.  If I created a myldap folder under the ldap folder Alfresco didn't care.  If I created a myldap folder in the shared tomcat extensions folder it didn't read it.  If I stuck the properties and xml file in the root of the extensions folder still nothing.  If I created the alfresco/subsystem/Authentication/ldap structure under extensios still nothing.  Only place it seems to read in the config is from the original file location.

Is the beta just not working with these files in the extensions folder?  Also how do I get the Synchronization working?  Do I need to copy those files to the LDAP folder?

Thanks.

JR
0 Kudos

dward
Champ on-the-rise
Champ on-the-rise

‎06-19-2009 10:27 AM

The correct place is

alfresco/extension/subsystems/Authentication/ldap/myldap/*.properties

Look at the javadoc for ChildApplicationContextFactory.

I'm currently updating the Wiki on subsystem configuration and will move on to authentication configuration shortly.
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2026 Khoros, LLC