Hello all,I try to set up the synchronisation from a LDAP server on Alfresco 100% OpenSource 1.2.1This what i have in my configuration files :authentication-services-context.xml
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<!– =================================================================== –>
<!– This file contains the bean definitions that support authentication –>
<!– =================================================================== –>
<!– –>
<!– Acegi is used for authentication and protecting method calls on public –>
<!– services. To do this requires our authentication mechanism to work –>
<!– within the acegi framework. –>
<!– –>
<!– It is important to decide if user names are case sensitive or not. –>
<!– This is configured in repository.properties. –>
<!– –>
<!– –>
<!– TODO: –>
<!– –>
<!– The transactional wrappers should be removed from the beans in this –>
<!– file. This should be done in the public services definitions. –>
<!– This requires some tests to be fixed up. –>
<!– –>
<beans>
<!– –>
<!– The Acegi authentication manager. –>
<!– –>
<!– Provders are asked to authenticate in order. –>
<!– First, is a provider that checks if an acegi authentication object –>
<!– is already bound to the executing thread. If it is, and it is set –>
<!– as authenticated then no further authentication is required. If –>
<!– this is absent, Acegi validates the password for every method –>
<!– invocation, which is too CPU expensive. If we set an –>
<!– authentication based on a ticket etc …. or we want to set the –>
<!– the system user as the current user … we do not have the –>
<!– password. So if we have set an authentication and set it as –>
<!– authenticated that is sufficient to validate the user. –>
<!– –>
<!– If the authentication bound to the current thread is not set as –>
<!– authenticated the standard Acegi DAO Authentication provider –>
<!– is used to authenticate. –>
<!– –>
<bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<ref bean="authenticatedAuthenticationPassthroughProvider" />
<ref bean="daoAuthenticationProvider" />
</list>
</property>
</bean>
<!– We provide a DAO to plug into the Acegi DaoAuthenticationProvider –>
<bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider">
<property name="authenticationDao">
<ref bean="alfDaoImpl" />
</property>
<property name="saltSource">
<ref bean="saltSource" />
</property>
<property name="passwordEncoder">
<ref bean="passwordEncoder" />
</property>
</bean>
<!– An authentication Provider that just believes authentications –>
<!– bound to the local thread are valid if they are set as –>
<!– authenticated. –>
<bean id="authenticatedAuthenticationPassthroughProvider" class="org.alfresco.repo.security.authentication.AuthenticatedAuthenticationPassthroughProvider" />
<!– The authroity DAO implements an interface extended from the Acegi –>
<!– DAO that supports CRUD. –>
<bean id="alfDaoImpl" class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean">
<property name="proxyInterfaces">
<value>org.alfresco.repo.security.authentication.MutableAuthenticationDao</value>
</property>
<property name="transactionManager">
<ref bean="transactionManager" />
</property>
<property name="target">
<ref bean="authenticationDao"/>
</property>
<property name="transactionAttributes">
<props>
<prop key="*">${server.transaction.mode.default}</prop>
</props>
</property>
</bean>
<bean id="authenticationDao" class="org.alfresco.repo.security.authentication.RepositoryAuthenticationDao">
<property name="nodeService">
<ref bean="nodeService" />
</property>
<property name="dictionaryService">
<ref bean="dictionaryService" />
</property>
<property name="namespaceService">
<ref bean="namespaceService" />
</property>
<property name="searchService">
<ref bean="searchService" />
</property>
<property name="userNamesAreCaseSensitive">
<value>${user.name.caseSensitive}</value>
</property>
<property name="passwordEncoder">
<ref bean="passwordEncoder" />
</property>
</bean>
<!–**************************************************************************–>
<!– EBI ADD ******************–>
<!– Authentification par LDAP ******************–>
<!–**************************************************************************–>
<bean id="ldapInitialDirContextFactory" class="org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl">
<property name="initialDirContextEnvironment">
<map>
<entry key="java.naming.factory.initial">
<value>com.sun.jndi.ldap.LdapCtxFactory</value>
</entry>
<entry key="java.naming.provider.url">
<value>ldap://192.168.10.220:389</value>
</entry>
<entry key="java.naming.security.authentication">
<value>simple</value>
</entry>
<entry key="java.naming.security.principal">
<value>reader</value>
</entry>
<entry key="java.naming.security.credentials">
<value>secret</value>
</entry>
</map>
</property>
</bean>
<!– The DAO also acts as a salt provider. –>
<alias alias="saltSource" name="alfDaoImpl"/>
<!– Passwords are encoded using MD4 –>
<!– This is not ideal and only done to be compatible with NTLM –>
<!– authentication against the default authentication mechanism. –>
<bean id="passwordEncoder" class="org.alfresco.repo.security.authentication.MD4PasswordEncoderImpl"></bean>
<!–
<bean id="userType" class="org.alfresco.repo.security.authentication.UserType" init-method="init">
<property name="policyComponent">
<ref bean="policyComponent" />
</property>
<property name="nodeService">
<ref bean="nodeService" />
</property>
<property name="passwordEncoder">
<ref bean="passwordEncoder" />
</property>
</bean>
–>
<!– A transactional wrapper around the implementation. –>
<!– TODO: This should be removed. –>
<bean id="authenticationService" class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean">
<property name="proxyInterfaces">
<value>org.alfresco.service.cmr.security.AuthenticationService</value>
</property>
<property name="transactionManager">
<ref bean="transactionManager" />
</property>
<property name="target">
<ref bean="authenticationServiceImpl" />
</property>
<property name="transactionAttributes">
<props>
<prop key="*">${server.transaction.mode.default}</prop>
</props>
</property>
</bean>
<!– The Authentication Service implementation. –>
<!– –>
<!– This delegates its work to two services: –>
<!– an AuthenticationComponent and a MutableAuthenticationDAO. –>
<!– –>
<!– The permissions service is required so that permissions can be –>
<!– cleaned up when a user is deleted. –>
<bean id="authenticationServiceImpl" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">
<property name="authenticationDao">
<ref bean="alfDaoImpl" />
</property>
<property name="ticketComponent">
<ref bean="ticketComponent" />
</property>
<property name="authenticationComponent">
<ref bean="authenticationComponentImpl" />
</property>
</bean>
<!– A transactional wrapper that should be removed. –>
<bean id="authenticationComponent" class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean">
<property name="proxyInterfaces">
<value>org.alfresco.repo.security.authentication.AuthenticationComponent</value>
</property>
<property name="transactionManager">
<ref bean="transactionManager" />
</property>
<property name="target">
<ref bean="authenticationComponentImpl" />
</property>
<property name="transactionAttributes">
<props>
<prop key="*">${server.transaction.mode.default}</prop>
</props>
</property>
</bean>
<!– The authentication component. –>
<!–<bean id="authenticationComponentImpl" class="org.alfresco.repo.security.authentication.AuthenticationComponentImpl">
<property name="authenticationDao">
<ref bean="alfDaoImpl" />
</property>
<property name="authenticationManager">
<ref bean="authenticationManager" />
</property>
<property name="allowGuestLogin">
<value>true</value>
</property>
</bean>–>
<!– Simple Authentication component that rejects all authentication requests –>
<!– Use this defintion for Novell IChain integration. –>
<!– It should never go to the login screen so this is not required –>
<!– (Enterprise version only) –>
<!–
<bean id="authenticationComponentImpl" class="org.alfresco.repo.security.authentication.SimpleAcceptOrRejectAllAuthenticationComponentImpl">
</bean>
–>
<!–**************************************************************************–>
<!– EBI ADD ******************–>
<!– Authentification par LDAP ******************–>
<!–**************************************************************************–>
<bean id="authenticationComponentImpl" class="org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl">
<property name="LDAPInitialDirContextFactory">
<ref bean="ldapInitialDirContextFactory" />
</property>
<property name="userNameFormat">
<value>uid=%s,ou=People,dc=excilys,dc=com</value>
</property>
</bean>
<!– The person service. –>
<bean id="personService" class="org.alfresco.repo.security.person.PersonServiceImpl">
<property name="nodeService">
<ref bean="nodeService" />
</property>
<property name="searchService">
<ref bean="searchService" />
</property>
<property name="permissionServiceSPI">
<ref bean="permissionServiceImpl" />
</property>
<property name="authorityService">
<ref bean="authorityService" />
</property>
<property name="namespacePrefixResolver">
<ref bean="namespaceService" />
</property>
<!– Configurable properties. –>
<!– –>
<!– TODO: –>
<!– Add support for creating real home spaces adn setting –>
<!– permissions on the hame space and people created. –>
<!– –>
<!– The store in which people are persisted. –>
<property name="storeUrl">
<value>${spaces.store}</value>
</property>
<!– The path to the company home space, used to set the –>
<!– default home space for users that are created if –>
<!– missing. –>
<property name="companyHomePath">
<value>/${spaces.company_home.childname}</value>
</property>
<!– Some authentication mechanisms may need to create people –>
<!– in the repository on demand. This enables that feature. –>
<!– If dsiabled an error will be generated for missing –>
<!– people. If enabled then a person will be created and –>
<!– persisted. –>
<!– –>
<!– This value should be false or only true if the –>
<!– repository is mutable; set from the property –>
<!– ${server.transaction.allow-writes} –>
<property name="createMissingPeople">
<value>${server.transaction.allow-writes}</value>
</property>
<!– Set is user names are case sensitive - taken from the –>
<!– repository wide setting - you are advised not to change –>
<!– this setting. –>
<!– This value should be ${user.name.caseSensitive} –>
<property name="userNamesAreCaseSensitive">
<value>${user.name.caseSensitive}</value>
</property>
</bean>
<!– The ticket component. –>
<!– Used for reauthentication –>
<bean id="ticketComponent" class="org.alfresco.repo.security.authentication.InMemoryTicketComponentImpl">
<!– The period for which tickets are valid in XML duration format. –>
<!– The default is P1H for one hour. –>
<property name="validDuration">
<value>P1H</value>
</property>
<!– Do tickets expire or live for ever? –>
<property name="ticketsExpire">
<value>false</value>
</property>
<!– Are tickets only valid for a single use? –>
<property name="oneOff">
<value>false</value>
</property>
</bean>
<bean id="ldapPeopleExportSource" class="org.alfresco.repo.security.authentication.ldap.LDAPPersonExportSource">
<property name="personQuery">
<value>(objectclass=inetOrgPerson)</value>
</property>
<property name="searchBase">
<value>ou=People,dc=excilys,dc=com</value>
</property>
<property name="userIdAttributeName">
<value>uid</value>
</property>
<property name="LDAPInitialDirContextFactory">
<ref bean="ldapInitialDirContextFactory" />
</property>
<property name="personService">
<ref bean="personService"></ref>
</property>
<property name="namespaceService">
<ref bean="namespaceService" />
</property>
<property name="defaultHomeFolder">
<value>/app:company_home</value>
</property>
<property name="attributeMapping">
<map>
<entry key="cm:userName">
<value>cn</value>
</entry>
<entry key="cm:firstName">
<value>givenName</value>
</entry>
<entry key="cm:lastName">
<value>sn</value>
</entry>
<entry key="cm:email">
<value>mail</value>
</entry>
<entry key="cm:organizationId">
<value>o</value>
</entry>
</map>
</property>
</bean>
<bean id="ldapPeopleImport" class="org.alfresco.repo.importer.ExportSourceImporter">
<property name="importerService">
<ref bean="importerComponent" />
</property>
<property name="transactionService">
<ref bean="transactionComponent"/>
</property>
<property name="authenticationComponent">
<ref bean="authenticationComponent" />
</property>
<property name="exportSource">
<ref bean="ldapPeopleExportSource" />
</property>
<property name="storeRef">
<value>${spaces.store}</value>
</property>
<property name="path">
<value>/${system.system_container.childname}/${system.people_container.childname}</value>
</property>
<property name="clearAllChildren">
<value>false</value>
</property>
<property name="nodeService">
<ref bean="nodeService" />
</property>
<property name="searchService">
<ref bean="searchService" />
</property>
<property name="namespacePrefixResolver">
<ref bean="namespaceService" />
</property>
</bean>
</beans>
scheduled-jobs-context.xml<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<beans>
<!– –>
<!– Scheduled jobs –>
<!– –>
<bean id="ftsIndexerTrigger" class="org.springframework.scheduling.quartz.SimpleTriggerBean">
<property name="jobDetail">
<bean id="ftsIndexerJobDetail" class="org.springframework.scheduling.quartz.JobDetailBean">
<property name="jobClass">
<value>org.alfresco.repo.search.impl.lucene.fts.FTSIndexerJob</value>
</property>
<property name="jobDataAsMap">
<map>
<entry key="bean">
<ref bean="LuceneFullTextSearchIndexer" />
</entry>
</map>
</property>
</bean>
</property>
<property name="startDelay">
<value>60000</value>
</property>
<property name="repeatInterval">
<value>60000</value>
</property>
</bean>
<bean id="tempFileCleanerTrigger" class="org.springframework.scheduling.quartz.SimpleTriggerBean">
<property name="jobDetail">
<bean id="tempFileCleanerJobDetail" class="org.springframework.scheduling.quartz.JobDetailBean">
<property name="jobClass">
<value>org.alfresco.util.TempFileProvider$TempFileCleanerJob</value>
</property>
<property name="jobDataAsMap">
<map>
<entry key="protectHours">
<value>1</value>
</entry>
</map>
</property>
</bean>
</property>
<property name="startDelay">
<value>1800000</value><!– start after half an hour –>
</property>
<property name="repeatInterval">
<value>3600000</value><!– repeat every hour –>
</property>
</bean>
<bean id="contentStoreCleanerTrigger" class="org.alfresco.util.TriggerBean">
<property name="jobDetail">
<bean id="fileContentStoreCleanerJobDetail" class="org.springframework.scheduling.quartz.JobDetailBean">
<property name="jobClass">
<value>org.alfresco.repo.content.cleanup.ContentStoreCleanupJob</value>
</property>
<property name="jobDataAsMap">
<map>
<entry key="contentStoreCleaner">
<ref bean="contentStoreCleaner" />
</entry>
</map>
</property>
</bean>
</property>
<!– trigger at 4am –>
<property name="hour">
<value>04</value>
</property>
<property name="minute">
<value>00</value>
</property>
<property name="repeatInterval">
<value>86400000</value> <!– repeat daily –>
</property>
</bean>
<bean id="indexRecoveryTrigger" class="org.springframework.scheduling.quartz.SimpleTriggerBean">
<property name="jobDetail">
<bean id="IndexRecoveryJobDetail" class="org.springframework.scheduling.quartz.JobDetailBean">
<property name="jobClass">
<value>org.alfresco.repo.node.index.IndexRecoveryJob</value>
</property>
<property name="jobDataAsMap">
<map>
<entry key="indexRecoveryComponent">
<ref bean="indexRecoveryComponent" />
</entry>
</map>
</property>
</bean>
</property>
<property name="startDelay">
<value>60000</value> <!– start after 1 minute –>
</property>
<property name="repeatCount">
<value>0</value> <!– DO NOT REPEAT !!!!! –>
</property>
</bean>
<bean id="indexBackupTrigger" class="org.alfresco.util.TriggerBean">
<property name="jobDetail">
<bean id="IndexBackupJobDetail" class="org.springframework.scheduling.quartz.JobDetailBean">
<property name="jobClass">
<value>org.alfresco.repo.search.impl.lucene.LuceneIndexerAndSearcherFactory$LuceneIndexBackupJob</value>
</property>
<property name="jobDataAsMap">
<map>
<entry key="luceneIndexBackupComponent">
<ref bean="luceneIndexBackupComponent" />
</entry>
</map>
</property>
</bean>
</property>
<!– trigger at 3am –>
<property name="hour">
<value>03</value>
</property>
<property name="minute">
<value>00</value>
</property>
<property name="repeatInterval">
<value>86400000</value> <!– repeat daily –>
</property>
</bean>
<!– enable DEBUG for 'org.alfresco.repo.cache.EhCacheTracerJob' to activate –>
<bean id="ehCacheTracerJob" class="org.springframework.scheduling.quartz.SimpleTriggerBean">
<property name="jobDetail">
<bean id="ehCacheTracerJobDetail" class="org.springframework.scheduling.quartz.JobDetailBean">
<property name="jobClass">
<value>org.alfresco.repo.cache.EhCacheTracerJob</value>
</property>
</bean>
</property>
<property name="startDelay">
<value>3600000</value><!– start after an hour –>
</property>
<property name="repeatInterval">
<value>3600000</value><!– repeat every hour –>
</property>
</bean>
<bean id="ldapPeopleTrigger" class="org.springframework.scheduling.quartz.SimpleTriggerBean">
<property name="jobDetail">
<bean id="ldapPeopleJobDetail" class="org.springframework.scheduling.quartz.JobDetailBean">
<property name="jobClass">
<value>org.alfresco.repo.importer.ImporterJob</value>
</property>
<property name="jobDataAsMap">
<map>
<entry key="bean">
<ref bean="ldapPeopleImport" />
</entry>
</map>
</property>
</bean>
</property>
<property name="startDelay">
<value>30000</value>
</property>
<property name="repeatInterval">
<value>3600000</value>
</property>
</bean>
<!– Scheduled tasks –>
<bean id="schedulerFactory" class="org.springframework.scheduling.quartz.SchedulerFactoryBean">
<property name="triggers">
<list>
<ref bean="tempFileCleanerTrigger" />
<ref bean="contentStoreCleanerTrigger"/>
<ref bean="ftsIndexerTrigger" />
<ref bean="indexRecoveryTrigger" />
<ref bean="indexBackupTrigger" />
<!–
<ref bean="ldapGroupTrigger" />
–>
<ref bean="ldapPeopleTrigger" />
<!–
<ref bean="ehCacheTracerJob" />
–>
</list>
</property>
<property name="waitForJobsToCompleteOnShutdown">
<value>true</value>
</property>
<property name="configLocation">
<value>classpath:alfresco/domain/quartz.properties</value>
</property>
</bean>
</beans>
And now, this is the error :
May 3, 2006 11:29:57 AM org.apache.coyote.http11.Http11BaseProtocol start
INFO: Starting Coyote HTTP/1.1 on http-8080
May 3, 2006 11:29:57 AM org.apache.jk.common.ChannelSocket init
INFO: JK: ajp13 listening on /0.0.0.0:8009
May 3, 2006 11:29:57 AM org.apache.jk.server.JkMain start
INFO: Jk running ID=0 time=0/31 config=null
May 3, 2006 11:29:57 AM org.apache.catalina.storeconfig.StoreLoader load
INFO: Find registry server-registry.xml at classpath resource
May 3, 2006 11:29:57 AM org.apache.catalina.startup.Catalina start
INFO: Server startup in 13103 ms
11:30:24,413 ERROR [quartz.core.JobRunShell] Job DEFAULT.ldapPeopleJobDetail threw an unhandled Exception:
org.alfresco.repo.importer.ExportSourceImporterException: Failed to import
at org.alfresco.repo.importer.ExportSourceImporter.doImport(ExportSourceImporter.java:165)
at org.alfresco.repo.importer.ImporterJob.execute(ImporterJob.java:36)
at org.quartz.core.JobRunShell.run(JobRunShell.java:191)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:516)
Caused by: org.alfresco.repo.security.authentication.AuthenticationException: Unable to connect to LDAP Server; check LDAP configuration
at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.buildInitialDirContext(LDAPInitialDirContextFactoryImpl.java:80)
at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.getDefaultIntialDirContext(LDAPInitialDirContextFactoryImpl.java:65)
at org.alfresco.repo.security.authentication.ldap.LDAPPersonExportSource.generateExport(LDAPPersonExportSource.java:145)
at org.alfresco.repo.importer.ExportSourceImporter.doImport(ExportSourceImporter.java:149)
… 3 more
Caused by: javax.naming.InvalidNameException: [LDAP: error code 34 - invalid DN]
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2926)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2732)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2646)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:283)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.InitialContext.<init>(InitialContext.java:197)
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.buildInitialDirContext(LDAPInitialDirContextFactoryImpl.java:72)
… 6 more
)
rganizationId ? a number ? a string ? is the id must exist in Alfresco ? if yes how i do this please ?
