Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Hyland Connect
- Enterprise Platforms
- Alfresco
- Alfresco Archive
- LDAP on 3.2
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
LDAP on 3.2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-28-2009 12:57 PM
I have an Alfresco v3.2 Community Edition server running on Ubuntu and mysql (it's actually a Jumpbox). I am trying to configure Alfresco to use my OpenLDAP to do user authentication. No synchronization, nothing fancy…plain old authentication and that's it.
I have followed the instructions precisely in this thread http://forums.alfresco.com/en/viewtopic.php?f=9&t=18812#p62669 but continue to get errors, so there is obviously more going on here, or the people at Jumpbox have somehow foobared the installation.
My alfresco-global.properties has:
My /opt/alfresco/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap/ldap1/ldap-authentication.properties has:
Here's the error I get:
As you can see, my configuration does not contain "openldap.domain.com", so Alfresco is picking that up from somewhere else.
I'm going to keep working on this, but I wanted to throw this out there in case I'm doing something obviously wrong.
On a side note, I'd LOVE to see a wiki page that describes what steps to take in order to set this up. Yes, I've reviewed all of the information on the subject in the wiki; it does a great job of talking about how things work but seems devoid of step-by-step instructions. I apologize if I have looked something.
Thoughts?
Thanks,
Jeff
I have followed the instructions precisely in this thread http://forums.alfresco.com/en/viewtopic.php?f=9&t=18812#p62669 but continue to get errors, so there is obviously more going on here, or the people at Jumpbox have somehow foobared the installation.
My alfresco-global.properties has:
authentication.chain=ldap1:ldap,alfrescoNtlm1:alfrescoNtlmMy /opt/alfresco/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap/ldap1/ldap-authentication.properties has:
ldap.authentication.active=true
ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=uid\=%s,ou\=users,o\=Directory
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://192.168.168.28:389
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=
ldap.synchronization.active=falseHere's the error I get:
11:40:54,269 User:System INFO [management.subsystems.ChildApplicationContextFactory] Starting 'Authentication' subsystem, ID: [managed, ldap1]
11:40:54,309 User:System INFO [alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties]
11:40:54,680 User:System ERROR [authentication.ldap.LDAPInitialDirContextFactoryImpl] Unable to connect to LDAP Server; check LDAP configuration
javax.naming.CommunicationException: openldap.domain.com:389 [Root exception is java.net.UnknownHostException: openldap.domain.com]
at com.sun.jndi.ldap.Connection.<init>(Connection.java:204)
at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:118)
at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1578)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2596)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:283)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.InitialContext.<init>(InitialContext.java:197)
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.afterPropertiesSet(LDAPInitialDirContextFactoryImpl.java:298)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1203)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1172)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:427)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:249)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:155)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:246)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:160)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:267)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:110)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1100)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:862)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:423)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:249)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:155)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:246)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:160)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:291)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:352)
at org.alfresco.repo.management.subsystems.ChildApplicationContextFactory.start(ChildApplicationContextFactory.java:453)
at org.alfresco.repo.management.subsystems.ChildApplicationContextFactory.getApplicationContext(ChildApplicationContextFactory.java:507)
at org.alfresco.repo.management.subsystems.DefaultChildApplicationContextManager.getApplicationContext(DefaultChildApplicationContextManager.java:236)
at org.alfresco.repo.management.subsystems.ChainingSubsystemProxyFactory$1.invoke(ChainingSubsystemProxyFactory.java:102)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy178.isActive(Unknown Source)
at org.alfresco.filesys.config.ServerConfigurationBean.processCIFSServerConfig(ServerConfigurationBean.java:175)
at org.alfresco.filesys.AbstractServerConfigurationBean.init(AbstractServerConfigurationBean.java:486)
at org.alfresco.filesys.AbstractServerConfigurationBean.onApplicationEvent(AbstractServerConfigurationBean.java:840)
at org.springframework.context.event.SimpleApplicationEventMulticaster$1.run(SimpleApplicationEventMulticaster.java:77)
at org.springframework.core.task.SyncTaskExecutor.execute(SyncTaskExecutor.java:49)
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:75)
at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:246)
at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:617)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:355)
at org.alfresco.repo.management.subsystems.ChildApplicationContextFactory.start(ChildApplicationContextFactory.java:453)
at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.onApplicationEvent(AbstractPropertyBackedBean.java:276)
at org.springframework.context.event.SimpleApplicationEventMulticaster$1.run(SimpleApplicationEventMulticaster.java:77)
at org.springframework.core.task.SyncTaskExecutor.execute(SyncTaskExecutor.java:49)
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:75)
at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:246)
at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:617)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:355)
at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:246)
at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:189)
at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:49)
at org.alfresco.web.app.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:69)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3843)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4342)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525)
at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:627)
at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:553)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:488)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1149)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:719)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at org.apache.catalina.core.StandardService.start(StandardService.java:516)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:578)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
Caused by: java.net.UnknownHostException: openldap.domain.com
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:177)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
at java.net.Socket.connect(Socket.java:520)
at java.net.Socket.connect(Socket.java:470)
at java.net.Socket.<init>(Socket.java:367)
at java.net.Socket.<init>(Socket.java:180)
at com.sun.jndi.ldap.Connection.createSocket(Connection.java:346)
at com.sun.jndi.ldap.Connection.<init>(Connection.java:181)
… 84 moreAs you can see, my configuration does not contain "openldap.domain.com", so Alfresco is picking that up from somewhere else.
I'm going to keep working on this, but I wanted to throw this out there in case I'm doing something obviously wrong.
On a side note, I'd LOVE to see a wiki page that describes what steps to take in order to set this up. Yes, I've reviewed all of the information on the subject in the wiki; it does a great job of talking about how things work but seems devoid of step-by-step instructions. I apologize if I have looked something.
Thoughts?
Thanks,
Jeff
Labels:
- Labels:
-
Archive
8 REPLIES 8
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-28-2009 01:03 PM
(This BB needs the ability to RSS a topic! *sigh* )
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-28-2009 01:11 PM
(This BB needs the ability to RSS a topic! *sigh* )We've not found a decent enough PHPBB3 plug-in to do it yet. In the meantime, you can subscribe to the topic and/or forum:
[img]http://img.skitch.com/20090828-g9pjtywgqti91gmmhkysq7ab4.png[/img]
…or run the Forum RSS feed through YAHOO Pipes or similar and subscribe to that.
Cheers,
Mike
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-28-2009 01:13 PM
On a side note, I'd LOVE to see a wiki page that describes what steps to take in order to set this up. Yes, I've reviewed all of the information on the subject in the wiki; it does a great job of talking about how things work but seems devoid of step-by-step instructions. I apologize if I have looked something.Did you see this one? http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems
Cheers,
Mike
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-28-2009 01:49 PM
Did you see this one? http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems
I did, but it requires an understanding of http://wiki.alfresco.com/wiki/Alfresco_Subsystems#Configuring_Subsystems in order to work and it's not step-by-step. That's why I referred to dward's post at http://forums.alfresco.com/en/viewtopic.php?f=9&t=18812#p62669, which seems to be the most concise implementation of the wiki documentation (aside from the fact that he's altering custom-repository.properties but I believe the documented file is named alfresco-global.properties).
That being said, I have followed both wiki documentation and dward's post to the best of my ability and it doesn't work.
My current analysis is that:
1) The "authentication.chain=ldap1:ldap,alfrescoNtlm1:alfrescoNtlm" does attempt to implement LDAP because removing "ldap1:ldap" it makes the error go away.
2) The /opt/alfresco/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap/ldap1/ldap-authentication.properties is being ignored in favor of some other properties file.
I'm attempting to solve for #2: Why is my subsystems file being ignored, and where is it getting "openldap.domain.com" from?
Jeff
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-28-2009 02:29 PM
Two potential things I can suggest:
1 - That original post has the extension file renamed to ldap-synchronisation.properties. I don't know if that's a typo or not…
2 - Are you using Tomcat 6? If so, did you see the notes here? http://wiki.alfresco.com/wiki/Install_Tomcat6
Thanks,
Mike
1 - That original post has the extension file renamed to ldap-synchronisation.properties. I don't know if that's a typo or not…
2 - Are you using Tomcat 6? If so, did you see the notes here? http://wiki.alfresco.com/wiki/Install_Tomcat6
Thanks,
Mike
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-28-2009 02:52 PM
Two potential things I can suggest:
1 - That original post has the extension file renamed to ldap-synchronisation.properties. I don't know if that's a typo or not…
2 - Are you using Tomcat 6? If so, did you see the notes here? http://wiki.alfresco.com/wiki/Install_Tomcat6
Thanks,
Mike
1 - I have assumed the file name is irrelevant since the wiki documentation at http://wiki.alfresco.com/wiki/Alfresco_Subsystems#Extension_classpath indicates that a properties file might be named "mychanges.properties" so long as it exists in the correct shared folder.
2 - Yes, I'm using Tomcat 6. Because this is a jumpbox, I did not do the installation. However, I have reviewed that page and verified that the installers at Jumpbox did execute all of these instructions, and paying particular attention to the shared.loader setting, which is configured as "shared.loader=${catalina.base}/shared/classes,${catalina.base}/shared/lib/*.jar"
UPDATE:
I now have simple LDAP authentication working on my system. The instructions for creating a shared configuration to override the standard implementation (documented at http://wiki.alfresco.com/wiki/Alfresco_Subsystems#Extension_classpath) do not work for me. Even though I created my shared file as /opt/alfresco/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap/ldap1/ldap-authentication.properties, it does not properly override /opt/alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/Authentication/ldap/ldap-authentication.properties, which is where Alfresco was picking up the value "openldap.domain.com".
I created a backup of this file, copied my version of the file into its place and restarted Alfresco and PRESTO! everything worked.
If someone would like to help me troubleshoot why the settings described at http://wiki.alfresco.com/wiki/Alfresco_Subsystems#Extension_classpath do not work, I would be happy to try another avenue. If not, I will open a bug report for this issue.
Thank you for your feedback Mike, I appreciate your thoughts.
Jeff
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-30-2009 07:52 AM
See http://forums.alfresco.com/en/viewtopic.php?f=9&t=20316&p=68649&hilit=extension_classpath#p68649
You will need a more recent nightly build to get the subsystem extension classpath mechanism to work.
Remember you only need it if you are trying to control multiple authentication subsytem instances. Otherwise, everything can be controlled in alfresco-global.properties.
You will need a more recent nightly build to get the subsystem extension classpath mechanism to work.
Remember you only need it if you are trying to control multiple authentication subsytem instances. Otherwise, everything can be controlled in alfresco-global.properties.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-31-2009 08:18 AM
See http://forums.alfresco.com/en/viewtopic.php?f=9&t=20316&p=68649&hilit=extension_classpath#p68649
You will need a more recent nightly build to get the subsystem extension classpath mechanism to work.
Okay, got it. Thanks!
Related Content
- External Authentication using OIDC/SAML ? in Alfresco Forum
- ldapS configuration for samba-ad in Alfresco Forum
- ldap configuration in alfresco 7.2 in docker in Alfresco Forum
- Authentication and synchronisation of Alfresco 23 with Active Directory in Alfresco Forum
- Mapeamento dos campos do cadastro de usuário entre Keycloak e alfresco in Alfresco Archive
Getting started
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.
