Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

LDAP server not supported

doiheartwentyon
Champ in-the-making
Champ in-the-making

‎02-26-2009 12:36 PM

I'm trying to get Alfresco Labs 3 to work with our LDAP server. I've successfully configured authentication and chaining with a test LDAP server, but on the company network (eDirectory, as it happens) I get the following error:

>16:15:00,015 WARN  [org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl] LDAP server supports anonymous bind ldap://___:389/
>16:15:00,031 INFO  [org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl] LDAP server does not support simple string user ids and invalid credentials at ldap://___:389/
>16:15:03,046 INFO  [org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl] LDAP server does not fall back to anonymous bind for a simple dn and password at ldap://___:389/
>16:15:03,125 ERROR [org.springframework.web.context.ContextLoader] Context initialization failed org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ldapInitialDirContextFactory' defined in file [C:\Local Files\alfresco\tomcat\shared\classes\alfresco\extension\ldap-synchronisation-context.xml]: Invocation of init method failed; nested exception is org.alfresco.repo.security.authentication.AuthenticationException: The ldap server at ldap://___:389/ falls back to use anonymous bind for a known principal if  invalid security credentials are presented. This is not supported.

And the alfresco war fails to deploy.

Looking at other posts on this forum, the converse message ("…does not fall back to use anonymous bind…") is an indicator of success, so I guess the problem is that Alfresco just doesn't tolerate this configuration. My network administrator is not willing to change it for my sake.

Is there any plan to support this, or—if it's a deliberate security decision—must I junk Alfresco, or is there a workaround?
Labels:
0 Kudos
3 REPLIES 3

derek
Star Contributor
Star Contributor

‎02-27-2009 11:08 AM

Or, you could write your own version of LDAPInitialDirContextFactoryImpl and override the ldapInitialDirContextFactory with it.  The same goes with LDAPPersonExportSource and so on.  These are generic classes to support different configurations, but you could target your implementation to your LDAP server.
0 Kudos

doiheartwentyon
Champ in-the-making
Champ in-the-making

‎03-02-2009 06:20 AM

OK, that's useful to know

In fact I found a way to avoid the issue.
In ldap-authentication.properties, I had left ldap.authentication.java.naming.security.principal and ldap.authentication.java.naming.security.credentials empty, because our LDAP server allows anonymous queries. I tried replacing this with my own principal and password, and this stopped the error. I now get the "does not fall back to use anonymous bind" message, even though I haven't changed the server configuration; I guess I just don't understand the error message.

thanks
0 Kudos

dward
Champ on-the-rise
Champ on-the-rise

‎07-19-2010 12:22 PM

See http://forums.alfresco.com/en/viewtopic.php?f=9&t=24869#p80971
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC