Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

LDAP on 3.2?

jriker1
Champ in-the-making
Champ in-the-making

‎05-11-2009 09:47 AM

I am trying out Alfresco 3.2 preview 2 and noticed somethings have moved around but regardless can't get LDAP working.  Does anyone know if it's working in 3.2 yet or if this is futile?  If so, does anyone have any examples how they configured it?  I know this is not production as the sample chaining files reference the old properties file paths.  Also is there a beta forum for this version? Since the forum search won't allow you to search on things like 3.2 even if you put them in quotes, makes it hard to find people taking about the prerelease version specifically.

Thanks.

JR
Labels:
0 Kudos
31 REPLIES 31

jriker1
Champ in-the-making
Champ in-the-making

‎06-19-2009 12:44 PM

The correct place is

alfresco/extension/subsystems/Authentication/ldap/myldap/*.properties

Look at the javadoc for ChildApplicationContextFactory.

I'm currently updating the Wiki on subsystem configuration and will move on to authentication configuration shortly.

So based on my config you are saying (subsystems down doesnt' exist so created it):

/srv/tomcat6/shared/classes/alfresco/extension/subsystems/Authentication/ldap/myldap/

I tried it there but the system is still reading the config sitting in

/srv/tomcat6/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/ldap

I know this because I see that it can not connect to openldap.com or whatever which is in the default config and not reading in the extended one.  If I delete the files from the webapp one it just doesn't do anything.

Odd also that I have the myldap chain setup and it isn't automatically looking for a myldap folder.

JR
0 Kudos

mrogers
Star Contributor
Star Contributor

‎06-19-2009 12:58 PM

There's a small change required to the catalina class path on Tomcat 6.

When you created the "shared" directory did you by any chance miss that step?
0 Kudos

jriker1
Champ in-the-making
Champ in-the-making

‎06-19-2009 01:50 PM

There's a small change required to the catalina class path on Tomcat 6.

When you created the "shared" directory did you by any chance miss that step?

Are you referring to the shared.loader line?  I have this:

shared.loader=/srv/tomcat6/shared/classes,/srv/tomcat6/shared/lib/*.jar

Thanks.

JR
0 Kudos

jriker1
Champ in-the-making
Champ in-the-making

‎06-24-2009 09:58 AM

From application-context.xml:

These are the locations for users' configuration files.  It is not recursive.
<import resource="classpath*:alfresco/extension/*-context.xml"/>
<import resource="classpath*:alfresco/extension/mt/*-context.xml"/>
<import resource="classpath*:alfresco/extension/bootstrap/*-context.xml" />

OK, what you wrote finally sunk in on how it searches for files.  So looks like I need to place the ldap-authentication-context.xml file in the shared/alfresco/extensions folder.  Assuming I also need to place the custom-repository.properties file in there to.

But to enable ldap I need to put something like:

authentication.chain=myldap:ldap

That said, where should I really have those files?  do I need to create a myldap folder under extensions?

Thanks.

JR
0 Kudos

mrogers
Star Contributor
Star Contributor

‎06-24-2009 10:43 AM

There's now documentation on the wiki for how to configure 3.2.   

Looks like there are a lot of changes.
0 Kudos

dward
Champ on-the-rise
Champ on-the-rise

‎07-16-2009 01:46 PM

FYI there is now experimental support for posixGroup in the next community nightly build. See http://forums.alfresco.com/en/viewtopic.php?f=9&t=20408&p=66718#p66718 .
0 Kudos

danci1973
Champ in-the-making
Champ in-the-making

‎08-07-2009 10:57 AM

The correct place is

alfresco/extension/subsystems/Authentication/ldap/myldap/*.properties
Hi,

I'm trying to configure LDAP on Alfresco CE 3.2, but it seems to ignore the above mentioned structure. I installed Alfresco from 'Alfresco-Community-3.2-Linux-x86-Install' file into /opt/Alfresco/Alfresco-CE-3.2 folder. I changed the 'alfresco-global.properties' to include 'myldap:ldap':


authentication.chain=alfrescoNtlm1:alfrescoNtlm,myldap:ldap

I created '/opt/Alfresco/Alfresco-CE-3.2/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap/myldap/ldap-synchronisation.properties':


ldap.authentication.userNameFormat=uid\=%s,ou\=people,dc\=mydc,dc\=com
ldap.authentication.java.naming.provider.url=ldap://myldap.mydc.com:389
ldap.authentication.java.naming.security.principal=cn\=manager,dc\=mydc,dc\=com
ldap.authentication.java.naming.security.credentials=mypassword

But whatever I do, I get this error indicating that my changes have no effect:

16:46:44,396 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'Authentication' subsystem, ID: [managed, myldap]
16:46:44,500 INFO  [org.alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties]
16:46:44,780 ERROR [org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl] Unable to connect to LDAP Server; check LDAP configuration
javax.naming.CommunicationException: openldap.domain.com:389 [Root exception is java.net.UnknownHostException: openldap.domain.com]

There is no sign of Alfresco trying to read 'extension/subsystem/…' folders…

Any ideas?

Thanks, Danilo
0 Kudos

dward
Champ on-the-rise
Champ on-the-rise

‎08-07-2009 11:33 AM

See

http://forums.alfresco.com/en/viewtopic.php?f=8&t=20069&p=66374&hilit=ethreeoh+2478#p66374

Unfortunately, this bug was found in the Labs release that meant that the extension classpath mechanism for overriding properties was not working

https://issues.alfresco.com/jira/browse/ETHREEOH-2478

If you are only controlling one subsystem, just put its properties in alfresco-global.properties. Otherwise you will need the nightly build from 14th July.

Thanks

Dave
0 Kudos

mautidavis
Champ in-the-making
Champ in-the-making

‎08-08-2009 08:31 AM

Dear all,

I have configured LDAP on 3.0.0 (stable) but unfortnately I can not login as neither  an AD user nor an Alfresco user , what might be the problem? Please help.

My catalina.out log file is as shown below

Regards,
Davis M Onsakia

A portion of my catalina.out log file

15:00:00,021  ERROR [quartz.core.JobRunShell] Job DEFAULT.ldapPeopleJobDetail threw an unhandled Exception:
org.alfresco.repo.importer.ExportSourceImporterException: Failed to import
        at org.alfresco.repo.importer.ExportSourceImporter.doImport(ExportSourceImporter.java:211)
        at org.alfresco.repo.importer.ImporterJob.execute(ImporterJob.java:44)
        at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
        at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
Caused by: org.alfresco.repo.security.authentication.AuthenticationException: LDAP authentication failed.
        at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.buildInitialDirContext(LDAPInitialDirContextFactoryImpl.java:90)
        at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.getDefaultIntialDirContext(LDAPInitialDirContextFactoryImpl.java:79)
        at org.alfresco.repo.security.authentication.ldap.LDAPPersonExportSource.generateExport(LDAPPersonExportSource.java:160)
        at org.alfresco.repo.importer.ExportSourceImporter.doImport(ExportSourceImporter.java:178)
        … 3 more
Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 8009030C: LdapErr: DSID-0C09043E, comment: AcceptSecurityContext error, data 0, vece]
        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3005)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2951)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2753)
        at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2667)
        at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:287)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
        at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
        at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
        at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
        at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
        at javax.naming.InitialContext.init(InitialContext.java:223)
        at javax.naming.InitialContext.<init>(InitialContext.java:197)
        at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
        at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.buildInitialDirContext(LDAPInitialDirContextFactoryImpl.java:86)
        … 6 more
15:00:00,023  ERROR [quartz.core.ErrorLogger] Job (DEFAULT.ldapPeopleJobDetail threw an exception.
org.quartz.SchedulerException: Job threw an unhandled exception. [See nested exception: org.alfresco.repo.importer.ExportSourceImporterException: Failed to import]
        at org.quartz.core.JobRunShell.run(JobRunShell.java:213)
        at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
Caused by: org.alfresco.repo.importer.ExportSourceImporterException: Failed to import
        at org.alfresco.repo.importer.ExportSourceImporter.doImport(ExportSourceImporter.java:211)
        at org.alfresco.repo.importer.ImporterJob.execute(ImporterJob.java:44)
        at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
        … 1 more
Caused by: org.alfresco.repo.security.authentication.AuthenticationException: LDAP authentication failed.
        at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.buildInitialDirContext(LDAPInitialDirContextFactoryImpl.java:90)
        at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.getDefaultIntialDirContext(LDAPInitialDirContextFactoryImpl.java:79)
        at org.alfresco.repo.security.authentication.ldap.LDAPPersonExportSource.generateExport(LDAPPersonExportSource.java:160)
        at org.alfresco.repo.importer.ExportSourceImporter.doImport(ExportSourceImporter.java:178)
        … 3 more
Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 8009030C: LdapErr: DSID-0C09043E, comment: AcceptSecurityContext error, data 0, vece]
        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3005)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2951)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2753)
        at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2667)
        at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:287)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
        at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
        at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
        at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
        at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
        at javax.naming.InitialContext.init(InitialContext.java:223)
        at javax.naming.InitialContext.<init>(InitialContext.java:197)
        at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
        at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.buildInitialDirContext(LDAPInitialDirContextFactoryImpl.java:86)
        … 6 more
0 Kudos

dward
Champ on-the-rise
Champ on-the-rise

‎08-10-2009 09:50 AM

For help with LDAP on v3.0 see http://forums.alfresco.com/en/viewtopic.php?f=9&t=17029#p68681 or upgrade to v3.2
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2026 Khoros, LLC