Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Hyland Connect
- Enterprise Platforms
- Alfresco
- Alfresco Archive
- LDAP Synchronization User Problems
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
LDAP Synchronization User Problems
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-19-2012 04:58 PM
Hi all,
i have 3.2 R2 Alfresco (SVN 17458).
I have activated the LDAP-AD User Synchronization.
The users created are only in
Primary Path: /{http://www.alfresco.org/model/system/1.0}system/{http://www.alfresco.org/model/system/1.0}people
under workspace://SpacesStore.
They are not created in
Primary Path: /{http://www.alfresco.org/model/system/1.0}system/{http://www.alfresco.org/model/system/1.0}people
under user://alfrescoUserStore .
This causes problems to update the password because the method updateUser RepositoryAuthenticationDao fails the lucene search
https://issues.alfresco.com/jira/browse/ETHREEOH-3801?page=com.atlassian.jira.plugin.system.issuetab...
https://issues.alfresco.com/jira/browse/ALFCOM-3278?page=com.atlassian.jira.plugin.system.issuetabpa...
Someone can help me?
Best,
i have 3.2 R2 Alfresco (SVN 17458).
I have activated the LDAP-AD User Synchronization.
The users created are only in
Primary Path: /{http://www.alfresco.org/model/system/1.0}system/{http://www.alfresco.org/model/system/1.0}people
under workspace://SpacesStore.
They are not created in
Primary Path: /{http://www.alfresco.org/model/system/1.0}system/{http://www.alfresco.org/model/system/1.0}people
under user://alfrescoUserStore .
This causes problems to update the password because the method updateUser RepositoryAuthenticationDao fails the lucene search
public void updateUser(String userName, char[] rawPassword) throws AuthenticationException
{
NodeRef userRef = getUserOrNull(userName);
if (userRef == null)
{
throw new AuthenticationException("User name does not exist: " + userName);
}
Map<QName, Serializable> properties = nodeService.getProperties(userRef);
String salt = null; // GUID.generate();
properties.remove(ContentModel.PROP_SALT);
properties.put(ContentModel.PROP_SALT, salt);
properties.remove(ContentModel.PROP_PASSWORD);
properties.put(ContentModel.PROP_PASSWORD, passwordEncoder.encodePassword(new String(rawPassword), salt));
nodeService.setProperties(userRef, properties);
}
public NodeRef getUserOrNull(String searchUserName)
{
if (searchUserName == null || searchUserName.length() == 0)
{
return null;
}
SearchParameters sp = new SearchParameters();
sp.setLanguage(SearchService.LANGUAGE_LUCENE);
sp.setQuery("@usr\\:username:\"" + StringUtils.delete(searchUserName, "\"") + "\"");
try
{
sp.addStore(tenantService.getName(searchUserName, STOREREF_USERS));
}
catch (AlfrescoRuntimeException e)
{
return null; // no such tenant or tenant not enabled
}
sp.excludeDataInTheCurrentTransaction(false);
ResultSet rs = null;
try
{
rs = searchService.query(sp);
NodeRef returnRef = null;
for (ResultSetRow row : rs)
{
final NodeRef nodeRef = row.getNodeRef();
if (nodeService.exists(nodeRef))
{
String realUserName = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(nodeRef, ContentModel.PROP_USER_USERNAME));
if(userNameMatcher.matches(realUserName, searchUserName))
{
if (returnRef == null)
{
returnRef = nodeRef;
}
else
{
try
{
this.retryingTransactionHelper.doInTransaction(new RetryingTransactionHelper.RetryingTransactionCallback<Object>()
{
public Object execute() throws Throwable
{
// Delete the extra user node references
RepositoryAuthenticationDao.this.nodeService.deleteNode(nodeRef);
return null;
}
}, false, true);
}
catch (InvalidNodeRefException exception)
{
// Ignore this exception as the node has already been deleted
}
}
}
}
}
return returnRef;
}
finally
{
if (rs != null)
{
rs.close();
}
}
}
https://issues.alfresco.com/jira/browse/ETHREEOH-3801?page=com.atlassian.jira.plugin.system.issuetab...
https://issues.alfresco.com/jira/browse/ALFCOM-3278?page=com.atlassian.jira.plugin.system.issuetabpa...
Someone can help me?
Best,
Labels:
- Labels:
-
Archive
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-20-2012 04:03 AM
Hi all,
i have seen in this class org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer the method process of PersonWorker inner class makes only this :
ChainingUserRegistrySynchronizer.this.personService.createPerson(personProperties, zoneSet);
not
ChainingUserRegistrySynchronizer.this.authorityService.addAuthority(…….) or authenticationService.createAuthentication(……)
Can be this the problem?
Best
i have seen in this class org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer the method process of PersonWorker inner class makes only this :
ChainingUserRegistrySynchronizer.this.personService.createPerson(personProperties, zoneSet);
not
ChainingUserRegistrySynchronizer.this.authorityService.addAuthority(…….) or authenticationService.createAuthentication(……)
Can be this the problem?
public void process(NodeDescription person) throws Throwable
{
PropertyMap personProperties = person.getProperties();
String personName = (String) personProperties.get(ContentModel.PROP_USERNAME);
Set<String> zones = ChainingUserRegistrySynchronizer.this.authorityService
.getAuthorityZones(personName);
if (zones == null)
{
// The person did not exist at all
if (ChainingUserRegistrySynchronizer.logger.isDebugEnabled())
{
ChainingUserRegistrySynchronizer.logger.debug("Creating user '" + personName + "'");
}
ChainingUserRegistrySynchronizer.this.personService.createPerson(personProperties, zoneSet);
}
else if (zones.contains(zoneId))
{
// The person already existed in this zone: update the person
if (ChainingUserRegistrySynchronizer.logger.isDebugEnabled())
{
ChainingUserRegistrySynchronizer.logger.debug("Updating user '" + personName + "'");
}
ChainingUserRegistrySynchronizer.this.personService.setPersonProperties(personName,
personProperties, false);
}
else
{
// Check whether the user is in any of the authentication chain zones
Set<String> intersection = new TreeSet<String>(zones);
intersection.retainAll(allZoneIds);
if (intersection.size() == 0)
{
// The person exists, but not in a zone that's in the authentication chain. May be due
// to upgrade or zone changes. Let's re-zone them
if (ChainingUserRegistrySynchronizer.logger.isWarnEnabled())
{
ChainingUserRegistrySynchronizer.logger.warn("Updating user '" + personName
+ "'. This user will in future be assumed to originate from user registry '" + zone
+ "'.");
}
ChainingUserRegistrySynchronizer.this.authorityService.removeAuthorityFromZones(personName,
zones);
ChainingUserRegistrySynchronizer.this.authorityService.addAuthorityToZones(personName, zoneSet);
ChainingUserRegistrySynchronizer.this.personService.setPersonProperties(personName,
personProperties);
}
else
{
// Check whether the user is in any of the higher priority authentication chain zones
intersection.retainAll(visitedZoneIds);
if (intersection.size() > 0)
{
// A person that exists in a different zone with higher precedence - ignore
return;
}
// The person existed, but in a zone with lower precedence
if (ChainingUserRegistrySynchronizer.logger.isWarnEnabled())
{
ChainingUserRegistrySynchronizer.logger
.warn("Recreating occluded user '"
+ personName
+ "'. This user was previously created through synchronization with a lower priority user registry.");
}
ChainingUserRegistrySynchronizer.this.personService.deletePerson(personName);
ChainingUserRegistrySynchronizer.this.personService.createPerson(personProperties, zoneSet);
}
}
// Maintain associations
Set<String> parents = groupAssocsToCreate.get(personName);
if (parents != null && !parents.isEmpty())
{
if (ChainingUserRegistrySynchronizer.logger.isDebugEnabled())
{
for (String groupName : parents)
{
ChainingUserRegistrySynchronizer.logger.debug("Adding '"
+ ChainingUserRegistrySynchronizer.this.authorityService.getShortName(personName)
+ "' to group '"
+ ChainingUserRegistrySynchronizer.this.authorityService.getShortName(groupName)
+ "'");
}
}
ChainingUserRegistrySynchronizer.this.authorityService.addAuthority(parents, personName);
}
Set<String> parentsToDelete = groupAssocsToDelete.get(personName);
if (parentsToDelete != null && !parentsToDelete.isEmpty())
{
for (String parent : parentsToDelete)
{
if (ChainingUserRegistrySynchronizer.logger.isDebugEnabled())
{
ChainingUserRegistrySynchronizer.logger
.debug("Removing '"
+ ChainingUserRegistrySynchronizer.this.authorityService
.getShortName(personName)
+ "' from group '"
+ ChainingUserRegistrySynchronizer.this.authorityService
.getShortName(parent) + "'");
}
ChainingUserRegistrySynchronizer.this.authorityService.removeAuthority(parent, personName);
}
}
synchronized (this)
{
// Maintain the last modified date
Date personLastModified = person.getLastModified();
if (personLastModified != null)
{
this.latestTime = Math.max(this.latestTime, personLastModified.getTime());
}
}
}
}Best
Related Content
- ldapS configuration for samba-ad in Alfresco Forum
- Authentication and synchronisation of Alfresco 23 with Active Directory in Alfresco Forum
- WebDav and working with Alfresco as network drive in Alfresco Forum
- Problems trying to deploy Alfresco Community on GCP in Alfresco Forum
- Migrating from Search Services to Search Enterprise in Alfresco Blog
Getting started
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.
