Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

md5-digest authetication and openldap

graylion
Champ in-the-making
Champ in-the-making

‎06-01-2011 03:12 PM

Hi

I have followed the wiki to setup authentication via ldap.

the relevant section in my tomcat/shared/classes/alfresco-global.properties reads:


#
# The default authentication chain
# To configure external authentication subsystems see:
# http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems
#————-
#authentication.chain=alfrescoNtlm1:alfrescoNtlm
authentication.chain=ldap1:ldap,alfrescoNtlm1:alfrescoNtlm

ntlm.authentication.sso.enabled=false
ntlm.authentication.authenticateCIFS=true

# LDAP
ldap.authentication.active=true
ldap.synchronization.active=false
ldap.authentication.java.naming.security.authentication=DIGEST-MD5
ldap.authentication.userNameFormat=%s

ldap.authentication.java.naming.provider.url=ldap://127.0.0.1:389
#ldap.authentication.java.naming.provider.url=ldaps://127.0.0.1:636

authentication fails with "Unable to login - unknown username/password."

alfresco.log show no entry, when followed with tail -f

tcpdump shows the following conversation:

0….`………
DIGEST-MD50…..a..
……SASL(0): successful result: …nonce="9FNZhZzKL/bK4gp0p0w8zDm4d+5wPSON+gvRj4VA/0Q=",realm="<obscured-FQDN-of-server>",qop="auth,auth-int,auth-conf",cipher="rc4-40,rc4-56,rc4,des,3des",maxbuf=65536,charset=utf-8,algorithm=md5-sess0..,…`..%……….
DIGEST-MD5….charset=utf-8,username="graylion",realm="<obscured-FQDN-of-server>",nonce="9FNZhZzKL/bK4gp0p0w8zDm4d+5wPSON+gvRj4VA/0Q=",nc=00000001,cnonce="OS6PHN4gmvJLXurtScwftI5ybn7tX2KqTt++fi+F",digest-uri="ldap/127.0.0.1",maxbuf=65536,response=e45bf289ac2786cd10f173714ed2c63d,qop=auth0<…a7
.1…0SASL(-13): user not found: no secret in database

my sasl and ldap setup is fully functional and successfully authenticates users for cyrus, apache and postfix.

any ideas?

Thanks in advance.
Labels:
0 Kudos
1 REPLY 1

scouil
Star Contributor
Star Contributor

‎07-05-2011 02:32 AM

If not already done, try to configure your AD server to get reversible encryption for password.

If it still doesn't work, comments here might be insightful:
https://issues.alfresco.com/jira/browse/ETHREEOH-2556

For example try to
configure ldap.authentication.userNameFormat using the UPN format
and maybe try
Using FQDN in the ldap.authentication.java.naming.provider.url variable

Sincerely,
Scouil

EDIT: You should definitely try to change ldap.authentication.userNameFormat. As stated here http://forums.alfresco.com/en/viewtopic.php?t=3156
The value you enter here has to be listed in the serverPrincipalName attribute of your domain controller. Things like localhost will most likely not work
It's an old post and might have changed since but…well… try it!
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC