Hyland Connect

lascaux · ‎11-30-2006

Hi,

I setup the LDAP (Active Directory) synchronization in Alfresco.
I enable the NTML authentication.
Also, as I have no access to the administrator account, I add one of the user from the AD as an administrator in the authority-services-context.xml

Then I started alfresco.

LDAP synchronization runs successfully, the user home space are created in the "company home".

I then try to access to alfresco.

With the account set as an administrator, I have no problem to access alfresco …

With another account, I am not able to access it and I always get the following error :


javax.faces.FacesException: Cannot get value for expression '#{NavigationBean.location}'
caused by:
org.apache.jasper.JasperException: Cannot get value for expression '#{NavigationBean.location}'
caused by:
javax.faces.el.EvaluationException: Cannot get value for expression '#{NavigationBean.location}'
caused by:
javax.faces.el.EvaluationException: org.alfresco.web.bean.NavigationBean
caused by:
javax.faces.el.EvaluationException: Bean: org.alfresco.web.bean.NavigationBean, property: location
caused by:
java.lang.reflect.InvocationTargetException
caused by:
org.alfresco.repo.security.permissions.AccessDeniedException: Access Denied. You do not have the appropriate permissions to perform this operation.
caused by:
net.sf.acegisecurity.AccessDeniedException: Access is denied.

Hide Details

javax.faces.FacesException: Cannot get value for expression '#{NavigationBean.location}' 
at org.apache.myfaces.context.servlet.ServletExternalContextImpl.dispatch(ServletExternalContextImpl.java:421) 
at org.apache.myfaces.application.jsp.JspViewHandlerImpl.renderView(JspViewHandlerImpl.java:234) 
at org.apache.myfaces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:352) 
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:106) 
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252) 
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) 
at org.alfresco.web.app.servlet.NTLMAuthenticationFilter.processType3(NTLMAuthenticationFilter.java:874) 
at org.alfresco.web.app.servlet.NTLMAuthenticationFilter.doFilter(NTLMAuthenticationFilter.java:392) 
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) 
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) 
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:81) 
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) 
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) 
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) 
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178) 
at org.jboss.web.tomcat.security.CustomPrincipalValve.invoke(CustomPrincipalValve.java:39) 
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:159) 
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:59) 
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126) 
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) 
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107) 
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148) 
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856) 
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744) 
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527) 
at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112) 
at java.lang.Thread.run(Thread.java:595) 
Caused by: org.apache.jasper.JasperException: Cannot get value for expression '#{NavigationBean.location}' 
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:370) 
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314) 
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264) 
at javax.servlet.http.HttpServlet.service(HttpServlet.java:810) 
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252) 
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) 
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:672) 
at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:463) 
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:398) 
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:301) 
at org.apache.myfaces.context.servlet.ServletExternalContextImpl.dispatch(ServletExternalContextImpl.java:415) 
… 26 more 
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

Does anybody faced this problem and resolved it successfully ?

Sylvain

lascaux · ‎03-23-2007

Hi,

I was not able to make it works like I wanted so I reset the full permission to the owner …

And then make some dev to change the owner of any document to a system user when my workflow was starting …

Sylvain

xiblack · ‎03-23-2007

There's one thing worth to notice here: in my AD, user login name (sAMAccountName) does has space and does has case sensitive(e.g: 'Xi Black')

I tried these scenarios:
Scenario A:
1. Setup a fresh Alfresco repository with LDAP authentication but without synchronizing with LDAP
2. Login into Alfresco repository using LDAP account
3. I can login without any issue

Scenario B:
1. Setup a fresh Alfresco repository with LDAP authentication and synchronizing users database with LDAP
2. Login into Alfresco repository using LDAP account
3. Alfresco return System error page

So I suspect the problem is related to MySQL and user.name.caseSensitive setting in reposistory.properties


    126 # Are user names case sensitive?
    127 # ==============================
    128 #
    129 # NOTE: If you are using mysql you must have case sensitive collation
    130 #
    131 # You can do this when creating the alfresco database at the start
    132 # CREATE DATABASE alfresco CHARACTER SET utf8 COLLATION utf8_bin;
    133 # If you want to do this later this is a dump and load fix as it is done when the database, tables and co        lumns are created.
    134 #
    135 # Must other databases are case sensitive by default.
    136 #
    137 user.name.caseSensitive=false
‍‍‍‍‍‍‍‍‍‍‍‍‍‍

I did try to setup database using this statement:


CREATE DATABASE `alfresco` DEFAULT CHARACTER SET utf8 COLLATE utf8_bin;‍‍

But the problem is still there

xiblack · ‎03-23-2007

Hi,

I was not able to make it works like I wanted so I reset the full permission to the owner …

And then make some dev to change the owner of any document to a system user when my workflow was starting …

Sylvain

Thanks for the advices.

However, in my installation, I do not disable this setting:

<globalPermission permission="FullControl" authority="ROLE_OWNER"/>‍

Unfortunately, I have the same problem above. Is it something to do with username case sensitive and MySQL?!?

I'm in doubt.

andy · ‎03-23-2007

Hi

The penny has dropped ….

If you are using LDAP you should wait until the import has gone through for the first time before logging in. You should disable the autocreation of people. Or people need to login with the case sensitive user name as in AD.

If you auto create people - they are created with the uid the user types in. If the LDAP import matches this it is possible it updates/changes the uid - to match the value in AD - then the permissions do not match.

Thre is a task to fix this.

Check the permission on the home folder is a case sensitive match for the users uid.

Cheers

Andy

xiblack · ‎03-23-2007

Oh, I got it.

Thank you very much for the explanations

Cheers,

Hyland Connect

LDAP synchro + NTML authentication -> login error