Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Hyland Connect
- Enterprise Platforms
- Alfresco
- Alfresco Archive
- Re: LDAP sync doesn't work in 3.4d
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
LDAP sync doesn't work in 3.4d
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-11-2011 11:06 PM
I've been using the same LDAP config since 3.1 and it has always worked. All of a sudden in 3.4d it errors out at startup and gives the following error:
I have an Alfresco 3.3 install in the same domain working fine with the LDAP config file I'm using. My authentication chain is very simple: alfrescoNtlm1:alfrescoNtlm, ldap-ad1:ldap-ad
The only major difference is I used the .bin install method for 3.4d instead of the Tomcat package as I have used before.
Any ideas? This one has me stumped. I've tried everything I know to do.
22:59:34,168 User:System INFO [security.sync.ChainingUserRegistrySynchronizer] Synchronizing users and groups with user registry 'ldap-ad1'
22:59:34,173 User:System INFO [security.sync.ChainingUserRegistrySynchronizer] Retrieving all groups from user registry 'ldap-ad1'
22:59:34,198 User:System ERROR [security.sync.ChainingUserRegistrySynchronizer] Synchronization aborted due to error
org.alfresco.repo.security.authentication.AuthenticationException: 02110000 Unable to connect to LDAP Server; check LDAP configuration
at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.buildInitialDirContext(LDAPInitialDirContextFactoryImpl.java:118)
at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.getDefaultIntialDirContext(LDAPInitialDirContextFactoryImpl.java:89)
at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.getDefaultIntialDirContext(LDAPInitialDirContextFactoryImpl.java:82)
at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry$3.<init>(LDAPUserRegistry.java:670)
at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getGroups(LDAPUserRegistry.java:667)
at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncWithPlugin(ChainingUserRegistrySynchronizer.java:618)
at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:434)
at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$6.doWork(ChainingUserRegistrySynchronizer.java:1529)
at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:508)
at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.onBootstrap(ChainingUserRegistrySynchronizer.java:1523)
at org.springframework.extensions.surf.util.AbstractLifecycleBean.onApplicationEvent(AbstractLifecycleBean.java:56)
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:97)
at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:294)
at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:858)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:419)
at org.alfresco.repo.management.subsystems.ChildApplicationContextFactory$ApplicationContextState.start(ChildApplicationContextFactory.java:624)
at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.start(AbstractPropertyBackedBean.java:458)
at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.onApplicationEvent(AbstractPropertyBackedBean.java:386)
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:97)
at org.alfresco.repo.management.SafeApplicationEventMulticaster.multicastEvent(SafeApplicationEventMulticaster.java:78)
at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:294)
at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:858)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:419)
at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:261)
at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:192)
at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:47)
at org.alfresco.web.app.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:63)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3972)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4467)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:546)
at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:637)
at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:563)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:498)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1277)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:785)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at org.apache.catalina.core.StandardService.start(StandardService.java:519)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:581)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Caused by: javax.naming.AuthenticationNotSupportedException: ${ldap.synchronization.java.naming.security.authentication}
at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(LdapSasl.java:100)
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2694)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.InitialContext.<init>(InitialContext.java:197)
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.buildInitialDirContext(LDAPInitialDirContextFactoryImpl.java:109)
… 50 more
22:59:34,248 User:System WARN [security.sync.ChainingUserRegistrySynchronizer] Failed initial synchronize with user registries
org.alfresco.repo.security.authentication.AuthenticationException: 02110000 Unable to connect to LDAP Server; check LDAP configuration
at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.buildInitialDirContext(LDAPInitialDirContextFactoryImpl.java:118)
at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.getDefaultIntialDirContext(LDAPInitialDirContextFactoryImpl.java:89)
at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.getDefaultIntialDirContext(LDAPInitialDirContextFactoryImpl.java:82)
at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry$3.<init>(LDAPUserRegistry.java:670)
at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getGroups(LDAPUserRegistry.java:667)
at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncWithPlugin(ChainingUserRegistrySynchronizer.java:618)
at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:434)
at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$6.doWork(ChainingUserRegistrySynchronizer.java:1529)
at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:508)
at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.onBootstrap(ChainingUserRegistrySynchronizer.java:1523)
at org.springframework.extensions.surf.util.AbstractLifecycleBean.onApplicationEvent(AbstractLifecycleBean.java:56)
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:97)
at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:294)
at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:858)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:419)
at org.alfresco.repo.management.subsystems.ChildApplicationContextFactory$ApplicationContextState.start(ChildApplicationContextFactory.java:624)
at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.start(AbstractPropertyBackedBean.java:458)
at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.onApplicationEvent(AbstractPropertyBackedBean.java:386)
at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:97)
at org.alfresco.repo.management.SafeApplicationEventMulticaster.multicastEvent(SafeApplicationEventMulticaster.java:78)
at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:294)
at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:858)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:419)
at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:261)
at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:192)
at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:47)
at org.alfresco.web.app.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:63)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3972)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4467)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:546)
at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:637)
at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:563)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:498)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1277)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:785)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at org.apache.catalina.core.StandardService.start(StandardService.java:519)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:581)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Caused by: javax.naming.AuthenticationNotSupportedException: ${ldap.synchronization.java.naming.security.authentication}
at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(LdapSasl.java:100)
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2694)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.InitialContext.<init>(InitialContext.java:197)
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.buildInitialDirContext(LDAPInitialDirContextFactoryImpl.java:109)
… 50 more
I have an Alfresco 3.3 install in the same domain working fine with the LDAP config file I'm using. My authentication chain is very simple: alfrescoNtlm1:alfrescoNtlm, ldap-ad1:ldap-ad
The only major difference is I used the .bin install method for 3.4d instead of the Tomcat package as I have used before.
Any ideas? This one has me stumped. I've tried everything I know to do.
Labels:
- Labels:
-
Archive
17 REPLIES 17
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-12-2011 04:28 PM
Don't use AD, so not sure I can help, but this seems to be the culprit, no?
But then again, I could be quite wrong
EDIT: should add that we are syncing against OpenLDAP with 3.4.c no problem, but have not tried it in 3.4.d yet. Will have to now that you've thrown up the caution flag.
Caused by: javax.naming.AuthenticationNotSupportedException: ${ldap.synchronization.java.naming.security.authentication}That suggests to me that your Alfresco was unable to get (negotiate?) an authentication (or encryption) scheme with your AD server, thus not able to authenticate, thus could not sync accounts….
at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(LdapSasl.java:100)
But then again, I could be quite wrong
EDIT: should add that we are syncing against OpenLDAP with 3.4.c no problem, but have not tried it in 3.4.d yet. Will have to now that you've thrown up the caution flag.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-12-2011 05:01 PM
Thanks for the reply.
Yeah, I saw that in the log and figured it was the issue. My question is: what changed in 3.4 that would cause that error?
Yeah, I saw that in the log and figured it was the issue. My question is: what changed in 3.4 that would cause that error?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-14-2011 08:35 AM
Not sure - maybe for a sanity check, try ldapsearch against your AD with SASL encryption on, make sure all is well there? For me, in ldap-authentication.properties:
http://download.oracle.com/javase/jndi/tutorial/ldap/security/ldap.html and http://download.oracle.com/javase/jndi/tutorial/ldap/security/auth.html seem to indicate that you could try another auth scheme besides simple (e.g. password in the clear). Also see http://download.oracle.com/javase/jndi/tutorial/ldap/security/sasl.html
At http://forums.alfresco.com/en/viewtopic.php?t=11312 they used Digest-MD5.
Good luck, post what you find out.
# The authentication mechanism to use for password validation
ldap.authentication.java.naming.security.authentication=simple
http://download.oracle.com/javase/jndi/tutorial/ldap/security/ldap.html and http://download.oracle.com/javase/jndi/tutorial/ldap/security/auth.html seem to indicate that you could try another auth scheme besides simple (e.g. password in the clear). Also see http://download.oracle.com/javase/jndi/tutorial/ldap/security/sasl.html
At http://forums.alfresco.com/en/viewtopic.php?t=11312 they used Digest-MD5.
Good luck, post what you find out.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-14-2011 10:08 AM
I just moved to 3.4d recently and I think I am having the same issue. Which log file are you looking at for those errors? My alfresco.log has almost nothing in it. It's really odd. All my users disappeared suddenly, so I am trying to figure out the cause.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-14-2011 10:37 AM
I always use the Tomcat log.
alfresco_dir/tomcat/logs/catalina.out assuming you used a standard install with Tomcat included.
alfresco_dir/tomcat/logs/catalina.out assuming you used a standard install with Tomcat included.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-14-2011 01:31 PM
FWIW, just tested, the ldap sync seems to work fine in 3.4.d against OpenLDAP.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-14-2011 01:34 PM
Interesting. Hoping one of the Alfresco engineers can look into it for me. My 3.3g install is still working fine.
Thanks for the suggestions.
Thanks for the suggestions.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-15-2011 11:41 PM
Well it's looking like I'm going to have to go down in version until I can find a version that works. I can't believe this isn't a bigger issue than it is. I can't find anything wrong with my configuration. I'm stumped.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-16-2011 08:41 PM
Sorry, no help here with AD. I assume you tried this http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems#How_do_I_find_out_what_Simple_Authe...? (although I dont' know if this is specific to openldap or not.
Another dumb question - which 3.4.d are you using? They have a newer "3.4.d" in the nightly-builds, from Mar 1. http://dev.alfresco.com/downloads/nightly/dist/ And did you look through JIRA for any tickets?
Another dumb question - which 3.4.d are you using? They have a newer "3.4.d" in the nightly-builds, from Mar 1. http://dev.alfresco.com/downloads/nightly/dist/ And did you look through JIRA for any tickets?
Related Content
- Alfresco Dockerfiles Bakery: Streamlining Container Builds for Alfresco Products in Alfresco Blog
- Mail task Activiti 6.0 in Alfresco Forum
- Issues installing ACS Community edition with Helm in Alfresco Forum
- Alfresco Community Edition 23.2 Release Notes in Alfresco Blog
- Preview of document doesnt work with large files Alfresco 7.2 in Alfresco Forum
Getting started
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.
