Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Long Song Sync Ldap

paulweb
Champ in-the-making
Champ in-the-making

‎08-05-2009 02:02 AM

os: win xp pro
alfresco version 3.2

for ldap Authentication I set

alfresco-global.properties

authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap

alfresco-authentication.properties

alfresco.authentication.allowGuestLogin=true
alfresco.authentication.authenticateCIFS=true

ldap-authentication.properties

ldap.authentication.active=true
ldap.authentication.allowGuestLogin=true
ldap.authentication.userNameFormat=%s@my-domain.ru
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://pridc.my-domain.ru:389/DC=my-domain,DC=ru
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=iam
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=iam@my-domain.ru
ldap.synchronization.java.naming.security.credentials=password
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.groupQuery=(objectclass\=organizationalUnit)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=organizationalUnit)(!(modifyTimestamp<\={0})))
dap.synchronization.personQuery=(&(objectclass\=organizationalPerson)(userAccountControl:1.2.840.113556.1.4.803\:\=512))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=organizationalPerson)(userAccountControl:1.2.840.113556.1.4.803\:\=512)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupSearchBase=ou\=XXXX XXXX XXXXXX,dc=my-domain,dc=ru
ldap.synchronization.userSearchBase=ou\=XXXX XXXX XXXXXX,dc=my-domain,dc=ru
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userOrganizationalIdAttributeName=company
ldap.synchronization.defaultHomeFolderProvider=personalHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupType=department
ldap.synchronization.personType=description
ldap.synchronization.groupMemberAttributeName=title
synchronization.synchronizeChangesOnly=false
synchronization.syncWhenMissingPeopleLogIn=true
synchronization.autoCreatePeopleOnLogin=true
ldap.synchronisation.import.group.clearAllChildren=true

then i have started alfresco and tomcat hhas given in log following about ldap
log

10:23:58,701 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Starting 'Authentication' subsystem, ID: [managed, ldap1]
10:23:58,889 INFO  [org.alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties]
10:23:59,154 WARN  [org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl] LDAP server supports anonymous bind ldap://ridc.my-domain.ru:389/DC=my-domain,DC=ru??base?
10:23:59,154 INFO  [org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl] LDAP server does not fall back to anonymous bind for a string uid and password at ldap://ridc.my-domain.ru:389/DC=my-domain,DC=ru??base?
10:23:59,170 INFO  [org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl] LDAP server does not fall back to anonymous bind for a simple dn and password at ldap://ridc.my-domain.ru:389/DC=my-domain,DC=ru??base?
10:23:59,170 INFO  [org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl] LDAP server does not fall back to anonymous bind for known principal and invalid credentials at ldap://ridc.my-domain.ru:389/DC=my-domain,DC=ru??base? 
10:23:59,186 INFO  [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] Startup of 'Authentication' subsystem, ID: [managed, ldap1] complete

then i have opened alfreso and trying to  authorize using my AD login and pass alfreso has given following error

javax.faces.FacesException: Error calling action method of component with id loginForm:submit
caused by:
javax.faces.el.EvaluationException: Exception while invoking expression #{LoginBean.login}
caused by:
org.alfresco.error.AlfrescoRuntimeException: 07050007 Failed to import people.
caused by:
javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of:
'DC=my-domain,DC=ru'
]; remaining name 'ou=Êðåäèò Áàíê,dc=my-domain,dc=ru'
[/code]
in log 
[code]
16:10:46,901 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Synchronizing users and groups with user registry 'ldap1'
16:10:46,901 INFO  [org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer] Retrieving all users from user registry 'AUTH.EXT.ldap1'

when i off synchronization, Authentication  is work in alfresco creating user

how config synchronization? (I have found in many themes this forum but answer have not found)
and else question
Can i (admin) delete user who  authentication over ldap?
Labels:
0 Kudos
10 REPLIES 10

dward
Champ on-the-rise
Champ on-the-rise

‎08-07-2009 05:45 AM

If you actually understood my earlier reply, you will see I told you that your properties would need to be unicode escaped. And I showed an example of using the native2ascii tool that comes with the JDK. There is no need to download a custom tool.
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC