Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

MOVED - LDAP Configuration

mrojas73
Champ in-the-making
Champ in-the-making

‎10-10-2008 11:05 PM

Hi,

I am a new user of Alfresco and for days struggling to connect it to either my OpenLDAP or Active Directory systems.

It would be much easier if a user authentication page could be included under the Administration Console to configure this feature.


Thank you.
Labels:
0 Kudos
30 REPLIES 30

mautidavis
Champ in-the-making
Champ in-the-making

‎08-10-2009 08:03 AM

Dear all,

I am using Afresco 3.0.0 (stable version). I have changed the following files:
  • ldap-authentication-context.xml
  • ldap-authentication.properties
  • ldap-synchronisation.properties
  • file-servers-custom.xml
  • ldap-synchronisation-context.xml


    • Any help?

    Regards,
    Davis M Onsakia
    0 Kudos

    dward
    Champ on-the-rise
    Champ on-the-rise

    ‎08-10-2009 09:45 AM

    OK, I've checked that line number on the 3.0 code and it suggests that you haven't set the tenantService property of one of your authentication components.

    Note that your authentication component should look like the following and it's very important that it extends authenticationComponentBase:

        <bean id="authenticationComponent"
              class="org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl" 
              parent="authenticationComponentBase">
            <property name="LDAPInitialDirContextFactory">
                <ref bean="ldapInitialDirContextFactory"/>
            </property>
            <property name="userNameFormat">
                <!–
                
                This maps between what the user types in and what is passed through to the underlying LDAP authentication.
                
                "%s" - the user id is passed through without modification.
                Used for LDAP authentication such as DIGEST-MD5, anything that is not "simple".
                
                "cn=%s,ou=London,dc=company,dc=com" - If the user types in "Joe Bloggs" the authenticate as "cn=Joe Bloggs,ou=London,dc=company,dc=com" 
                Usually for simple authentication. Simple authentication always uses the DN for the user.
                
                –>
                <value>${ldap.authentication.userNameFormat}</value>
            </property>
            <property name="nodeService">
                <ref bean="nodeService" />
            </property>
            <property name="personService">
                <ref bean="personService" />
            </property>
            <property name="transactionService">
                <ref bean="transactionService" />
            </property>   
            <property name="escapeCommasInBind">
                <value>${ldap.authentication.escapeCommasInBind}</value>
            </property>
            <property name="escapeCommasInUid">
                <value>${ldap.authentication.escapeCommasInUid}</value>
            </property> 
        </bean>

    Now why do you insist on using Labs v3? Could you please try upgrading to v3.2? Your repository should be upgraded automatically but please back everything up beforehand just in case…
    0 Kudos

    harishns
    Champ in-the-making
    Champ in-the-making

    ‎09-16-2009 08:44 AM

    Hi,
    I am new to Alfresco, I am trying to login using LDAP , I made following changes in

    %TOMCAT_HOME%\webapps\alfresco\WEB-INF\classes\alfresco\subsystems\Authentication\ldap-ad\ldap-ad-authentication.properties

    ldap.authentication.userNameFormat=uid\=%s,ou\=< values which I got it from LDAP browser>

    ldap.authentication.java.naming.provider.url=ldap://<ldap server ip>:389


    ldap.authentication.java.naming.security.authentication=simple

    ldap.synchronization.java.naming.security.principal=<user name @ domain>

    Remaining settings kept as it is

    After restarting the server, I am not able to login with my LDAP user credentials, it is acting as previous only, then I copied ldap-ad-authentication.properties and ldap-ad-authentication-context.xml file to %TOMCAT_HOME%\webapps\alfresco\WEB-INF\classes\alfresco\ folder to see any effects and found no effect.

    Can any one tell me is there anything wrong in this procedure.

    I am using latest code from SVN  which is 3.2.0 (@build-number@) schema 3002

    Help needed

    Thanks in advance
    0 Kudos

    dward
    Champ on-the-rise
    Champ on-the-rise

    ‎09-16-2009 08:59 AM

    You clearly haven't read any of the information on this thread or the wiki. You should not be editing any files under WEB-INF.

    You need a file called %TOMCAT_HOME%\shared\classes\alfresco-global.properties with your settings in it.

    authentication.chain=ldap1:ldap-ad
    ldap.authentication.userNameFormat=%s@domain
    ldap.authentication.java.naming.provider.url=ldap://domaincontroller.company.com:389
    ldap.authentication.defaultAdministratorUserNames=Administrator
    ldap.synchronization.java.naming.security.principal=alfresco@domain
    ldap.synchronization.java.naming.security.credentials=secret
    ldap.synchronization.groupSearchBase=ou\=Security Groups,ou\=Alfresco,dc=domain
    ldap.synchronization.userSearchBase=ou\=User Accounts,ou=\Alfresco,dc=domain

    Go read

    http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems#LDAP
    0 Kudos

    harishns
    Champ in-the-making
    Champ in-the-making

    ‎09-17-2009 07:41 AM

    Oh!!.
    Thanks for your information.
    I did the changes on alfresco-global.properties and found all my user data are synchronized with local database and I am able to login with my LDAP credentials (username and password).

    Actually my requirement is the login using LDAP credentials and whenever user changed their password, they should be able to login with their new password.

    What I observed is whenever I restart the server. it is synchronizing all the user data and updating with local database. this take huge time due to large user database. I would like to know is there any other method where, I can simply authenticate against my LDAP server credential every time instead of local database?

    Thanks
    0 Kudos

    dward
    Champ on-the-rise
    Champ on-the-rise

    ‎09-17-2009 07:50 AM

    With the settings I sent you, the authentication is performed directly against the LDAP server. When a user logs in, their username and password is checked by trying to bind to the LDAP directly with that username and password.

    The server synchronizes other user attributes such as email address (but never password) so that they are available to the Alfresco repository. By default the server will synchronize this information when it starts up and when an user is successfully authenticated who doesn't yet exist in the repository. These syncs are 'differential' in that they only query the information changed since the last sync. So you shouldn't find that they take very long at all after the first startup.

    Also by default, a scheduled job runs every midnight to do a 'full sync'. This detects deleted users and groups. You can disable this or change it to also do a faster differential sync.

    See http://wiki.alfresco.com/wiki/The_Synchronization_Subsystem
    0 Kudos

    harishns
    Champ in-the-making
    Champ in-the-making

    ‎09-17-2009 09:45 AM

    Cool !!. it is working !!  Smiley Happy

    Thank you
    0 Kudos

    harishns
    Champ in-the-making
    Champ in-the-making

    ‎09-18-2009 03:59 AM

    Hi,
    I am facing problem with NTML SSO which I wanted to chain with my LDAP configuration .
    I have made glocal properties changes

    authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap-ad

    ldap.authentication.userNameFormat=%s@<url>
    ldap.authentication.java.naming.provider.url=<url>
    ldap.authentication.defaultAdministratorUserNames=Id
    ldap.synchronization.java.naming.security.principal=email id
    ldap.synchronization.java.naming.security.credentials=
    ldap.synchronization.groupSearchBase=<LDAP url>
    ldap.synchronization.userSearchBase=<URL>

    ntlm.authentication.sso.enabled=true

    after restarting the server, if I try to browse, I will get windows dialog to enter user name and passwd , in that whatever I enter, it is not accepting , I was expecting to get username and password from my system automatically, but it is neither taking credentials from my system nor it is accepting credentials what I enter in the dialog.

    I would like to know is there any thing else, I am missing.

    Thanks
    0 Kudos

    harishns
    Champ in-the-making
    Champ in-the-making

    ‎09-18-2009 08:21 AM

    Hi,
    I didn't notice one thing in the LDAP is that. after the Synchronization is done, if I change the password on my LDAP server, my application is accepting the new password as well as old password also. Smiley Happy 
    I would like to know is there any place where I can disable authentication with local database.

    Thanks
    0 Kudos

    oferprtz
    Champ in-the-making
    Champ in-the-making

    ‎12-06-2009 11:42 AM

    Hello all,

    I'm quite new at the Alfresco system.

    first of all im using: Alfresco 3.2 CE with Microsoft windows server 2003 r2.
    i tried to configure ldap on the alfresco but with no success.
    among the articles i've read, i've tried configuration especially from these sites:
    http://forums.alfresco.com/en/viewtopic.php?f=9&t=14741
    http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems#LDAP

    ive been told not to touch this directory at all: e:\Alfresco\tomcat\webapps\share\WEB-INF
    with all the configuration files inside… mmm…

    so i tried to do the following:
    1. I've changed the file: e:\Alfresco\tomcat\shared\classes\alfresco-global.properties
    authentication.chain=ldap1:ldap-ad
    ldap.authentication.userNameFormat=%s
    ldap.authentication.java.naming.provider.url=ldap://my-server:389
    ldap.authentication.defaultAdministratorUserNames=ofer
    ldap.synchronization.java.naming.security.principal=ofer@mycompany.com
    ldap.synchronization.java.naming.security.credentials=**********
    ldap.synchronization.groupSearchBase=ou\=Security Groups,ou\=MYGROUP,dc=MYCOMPANY,dc=MYCOMPANY_SUFFIX
    ldap.synchronization.userSearchBase=ou\=User Accounts,ou\=MYGROUP,dc=MYCOMPANY,dc=MYCOMPANY_SUFFIX

    and give it a shot, but no success im still getting this error:
    18:24:29,338  INFO  [alfresco.config.JndiPropertyPlaceholderConfigurer] Loading
    properties file from class path resource [alfresco/alfresco-shared.properties]
    18:24:29,776  INFO  [management.subsystems.ChildApplicationContextFactory] Start
    up of 'Authentication' subsystem, ID: [Authentication, managed, ldap1] complete
    18:24:29,807  INFO  [management.subsystems.ChildApplicationContextFactory] Start
    up of 'fileServers' subsystem, ID: [fileServers, default] complete
    18:24:29,807  INFO  [management.subsystems.ChildApplicationContextFactory] Start
    ing 'imap' subsystem, ID: [imap, default]
    18:24:29,854  INFO  [alfresco.config.JndiPropertyPlaceholderConfigurer] Loading
    properties file from class path resource [alfresco/alfresco-shared.properties]
    18:24:29,948  INFO  [management.subsystems.ChildApplicationContextFactory] Start
    up of 'imap' subsystem, ID: [imap, default] complete
    18:24:29,948  INFO  [repo.usage.UserUsageTrackingComponent] Enabled - calculate missing user usages …
    18:24:30,010  INFO  [repo.usage.UserUsageTrackingComponent] Found 0 users to recalculate
    18:24:30,010  INFO  [repo.usage.UserUsageTrackingComponent] … calculated missing usages for 0 users
    18:24:30,010  INFO  [management.subsystems.ChildApplicationContextFactory] Starting 'Synchronization' subsystem, ID: [Synchronization, default]
    18:24:30,432  INFO  [alfresco.config.JndiPropertyPlaceholderConfigurer] Loading properties file from class path resource [alfresco/alfresco-shared.properties]
    18:24:30,870 User:System INFO  [security.sync.ChainingUserRegistrySynchronizer] Synchronizing users and groups with user registry 'ldap1'
    18:24:30,885 User:System INFO  [security.sync.ChainingUserRegistrySynchronizer] Retrieving all groups from user registry 'ldap1'
    18:24:30,963 User:System ERROR [security.sync.ChainingUserRegistrySynchronizer] Synchronization aborted due to error
    org.alfresco.repo.security.authentication.AuthenticationException: 11060000 LDAP authentication failed.
            at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.buildInitialDirContext(LDAPInitialDirContextFactoryImpl.java:116)
            at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.getDefaultIntialDirContext(LDAPInitialDirContextFactoryImpl.java:91)
            at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.getDefaultIntialDirContext(LDAPInitialDirContextFactoryImpl.java:82)
            at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry$3.<init>(LDAPUserRegistry.java:596)
            at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getGroups(LDAPUserRegistry.java:593)
            at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncWithPlugin(ChainingUserRegistrySynchronizer.java:521)
            at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:396)
            at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$7.doWork(ChainingUserRegistrySynchronizer.java:1217)
            at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:514)
            at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.onBootstrap(ChainingUserRegistrySynchronizer.java:1211)
            at org.alfresco.util.AbstractLifecycleBean.onApplicationEvent(AbstractLifecycleBean.java:62)
            at org.springframework.context.event.SimpleApplicationEventMulticaster$1.run(SimpleApplicationEventMulticaster.java:77)
            at org.springframework.core.task.SyncTaskExecutor.execute(SyncTaskExecutor.java:49)
            at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:75)
            at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:246)
            at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:617)
            at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:355)
            at org.alfresco.repo.management.subsystems.ChildApplicationContextFactory$ApplicationContextState.start(ChildApplicationContextFactory.java:637)
            at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.start(AbstractPropertyBackedBean.java:454)
            at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.onApplicationEvent(AbstractPropertyBackedBean.java:377)
            at org.springframework.context.event.SimpleApplicationEventMulticaster$1.run(SimpleApplicationEventMulticaster.java:77)
            at org.springframework.core.task.SyncTaskExecutor.execute(SyncTaskExecutor.java:49)
            at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:75)
            at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:246)
            at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:617)
            at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:355)
            at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:246)
            at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:189)
            at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:49)
            at org.alfresco.web.app.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:69)
            at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3843)
            at org.apache.catalina.core.StandardContext.start(StandardContext.java:4342)
            at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
            at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
            at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525)

            at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:627)
            at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:553)
            at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:488)
            at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1149)
            at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
            at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
            at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)

            at org.apache.catalina.core.StandardHost.start(StandardHost.java:719)
            at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)

            at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
            at org.apache.catalina.core.StandardService.start(StandardService.java:516)
            at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
            at org.apache.catalina.startup.Catalina.start(Catalina.java:578)
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
            at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
            at java.lang.reflect.Method.invoke(Method.java:597)
            at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288)
            at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308:  LdapErr: DSID 0C090334, comment: AcceptSecurityContext error, data 525, vece ]

            at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3041)
            at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987)
            at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2789)
            at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2703)
            at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293)
            at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)

            at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
            at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
            at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
            at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
            at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
            at javax.naming.InitialContext.init(InitialContext.java:223)
            at javax.naming.InitialContext.<init>(InitialContext.java:197)
            at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
            at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.buildInitialDirContext(LDAPInitialDirContextFactoryImpl.java:111)
            … 53 more
    18:24:31,010 User:System WARN  [security.sync.ChainingUserRegistrySynchronizer] Failed initial synchronize with user registries org.alfresco.repo.security.authentication.AuthenticationException: 11060000 LDAP authentication failed.
            at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.buildInitialDirContext(LDAPInitialDirContextFactoryImpl.java:116)
            at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.getDefaultIntialDirContext(LDAPInitialDirContextFactoryImpl.java:91)
            at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.getDefaultIntialDirContext(LDAPInitialDirContextFactoryImpl.java:82)
            at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry$3.<init>(LDAPUserRegistry.java:596)
            at org.alfresco.repo.security.sync.ldap.LDAPUserRegistry.getGroups(LDAPUserRegistry.java:593)
            at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.syncWithPlugin(ChainingUserRegistrySynchronizer.java:521)
            at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.synchronize(ChainingUserRegistrySynchronizer.java:396)
            at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer$7.doWork(ChainingUserRegistrySynchronizer.java:1217)
            at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:514)
            at org.alfresco.repo.security.sync.ChainingUserRegistrySynchronizer.onBootstrap(ChainingUserRegistrySynchronizer.java:1211)
            at org.alfresco.util.AbstractLifecycleBean.onApplicationEvent(AbstractLifecycleBean.java:62)
            at org.springframework.context.event.SimpleApplicationEventMulticaster$1.run(SimpleApplicationEventMulticaster.java:77)
            at org.springframework.core.task.SyncTaskExecutor.execute(SyncTaskExecutor.java:49)
            at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:75)
            at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:246)
            at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:617)
            at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:355)
            at org.alfresco.repo.management.subsystems.ChildApplicationContextFactory$ApplicationContextState.start(ChildApplicationContextFactory.java:637)
            at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.start(AbstractPropertyBackedBean.java:454)
            at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.onApplicationEvent(AbstractPropertyBackedBean.java:377)
            at org.springframework.context.event.SimpleApplicationEventMulticaster$1.run(SimpleApplicationEventMulticaster.java:77)
            at org.springframework.core.task.SyncTaskExecutor.execute(SyncTaskExecutor.java:49)
            at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:75)
            at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:246)
            at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:617)
            at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:355)
            at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:246)
            at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:189)
            at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:49)
            at org.alfresco.web.app.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:69)
            at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3843)
            at org.apache.catalina.core.StandardContext.start(StandardContext.java:4342)
            at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
            at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
            at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525)
            at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:627)
            at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:553)
            at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:488)
            at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1149)
            at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
            at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
            at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
            at org.apache.catalina.core.StandardHost.start(StandardHost.java:719)
            at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
            at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
            at org.apache.catalina.core.StandardService.start(StandardService.java:516)
            at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
            at org.apache.catalina.startup.Catalina.start(Catalina.java:578)
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
            at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
            at java.lang.reflect.Method.invoke(Method.java:597)
            at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288)
            at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
    Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece ]

            at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3041)
            at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987)
            at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2789)
            at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2703)
            at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293)
            at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
            at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
            at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
            at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
            at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
            at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
            at javax.naming.InitialContext.init(InitialContext.java:223)
            at javax.naming.InitialContext.<init>(InitialContext.java:197)
            at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:82)
            at org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl.buildInitialDirContext(LDAPInitialDirContextFactoryImpl.java:111)
            … 53 more
    18:24:31,041  INFO  [management.subsystems.ChildApplicationContextFactory] Startup of 'Synchronization' subsystem, ID: [Synchronization, default] complete
    18:24:31,620  INFO  [service.descriptor.DescriptorService] Alfresco JVM - v1.6.0_16-b01; maximum heap size 506.313MB 
    18:24:31,620  INFO  [service.descriptor.DescriptorService] Alfresco started (Community): Current version 3.2.0 (r2 2440) schema 3300 - Originally installed version 3.2.0 (r2 2440) schema 3300
    18:24:32,666  INFO  [module.vti.VtiServer] Vti server started successfully on port: 7070

    2. i've also changed the file: E:\Alfresco\tomcat\webapps\alfresco\WEB-INF\classes\alfresco\subsystems\Authentication\ldap-ad\ldap-ad-authentication.properties
    but still the same error when the server is starting up… :cry: 

    # This flag enables use of this LDAP subsystem for authentication. It may be
    # that this subsytem should only be used for synchronization, in which case
    # this flag should be set to false.
    ldap.authentication.active=true

    #
    # This properties file brings together the common options for LDAP authentication rather than editing the bean definitions
    #
    ldap.authentication.allowGuestLogin=true

    # How to map the user id entered by the user to taht passed through to LDAP
    # In Active Directory, this can either be the user principal name (UPN) or DN.
    # UPNs are in the form <sAMAccountName>@domain and are held in the userPrincipalName attribute of a user
    ldap.authentication.userNameFormat=%s

    # The LDAP context factory to use
    ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory

    # The URL to connect to the LDAP server 
    ldap.authentication.java.naming.provider.url=ldap://myserver.com:389

    # The authentication mechanism to use
    ldap.authentication.java.naming.security.authentication=simple

    # Escape commas entered by the user at bind time
    # Useful when using simple authentication and the CN is part of the DN and contains commas
    ldap.authentication.escapeCommasInBind=false

    # Escape commas entered by the user when setting the authenticated user
    # Useful when using simple authentication and the CN is part of the DN and contains commas, and the escaped \, is 
    # pulled in as part of an LDAP sync
    # If this option is set to true it will break the default home folder provider as space names can not contain \
    ldap.authentication.escapeCommasInUid=false

    # Comma separated list of user names who should be considered administrators by default
    ldap.authentication.defaultAdministratorUserNames=ofer

    # This flag enables use of this LDAP subsystem for user and group
    # synchronization. It may be that this subsytem should only be used for 
    # authentication, in which case this flag should be set to false.
    ldap.synchronization.active=true

    # The default principal to bind with (only used for LDAP sync). This should be a UPN or DN
    ldap.synchronization.java.naming.security.principal=admin@mycompany.com

    # The password for the default principal (only used for LDAP sync)
    ldap.synchronization.java.naming.security.credentials=***********

    # If positive, this property indicates that RFC 2696 paged results should be
    # used to split query results into batches of the specified size. This
    # overcomes any size limits imposed by the LDAP server.
    ldap.synchronization.queryBatchSize=1000

    # The query to select all objects that represent the groups to import.
    ldap.synchronization.groupQuery=(objectclass\=group)

    # The query to select objects that represent the groups to import that have changed since a certain time.
    ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(modifyTimestamp<\={0})))

    # The query to select all objects that represent the users to import.
    ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))

    # The query to select objects that represent the users to import that have changed since a certain time.
    ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(modifyTimestamp<\={0})))

    # The group search base restricts the LDAP group query to a sub section of tree on the LDAP server.
    ldap.synchronization.groupSearchBase=ou\=Security Groups,ou\=MYOU,dc=MYCOMPANY

    # The user search base restricts the LDAP user query to a sub section of tree on the LDAP server.
    ldap.synchronization.userSearchBase=ou\=User Accounts,ou\=MYOU,dc=MYCOMPANY

    # The name of the operational attribute recording the last update time for a group or user.
    ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp

    # The timestamp format. Unfortunately, this varies between directory servers.
    ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'

    # The attribute name on people objects found in LDAP to use as the uid in Alfresco
    ldap.synchronization.userIdAttributeName=sAMAccountName

    # The attribute on person objects in LDAP to map to the first name property in Alfresco
    ldap.synchronization.userFirstNameAttributeName=givenName

    # The attribute on person objects in LDAP to map to the last name property in Alfresco
    ldap.synchronization.userLastNameAttributeName=sn

    # The attribute on person objects in LDAP to map to the email property in Alfresco
    ldap.synchronization.userEmailAttributeName=mail

    # The attribute on person objects in LDAP to map to the organizational id  property in Alfresco
    ldap.synchronization.userOrganizationalIdAttributeName=MYCOMPANY

    # The default home folder provider to use for people created via LDAP import
    ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider

    # The attribute on LDAP group objects to map to the gid property in Alfrecso
    ldap.synchronization.groupIdAttributeName=cn

    # The group type in LDAP
    ldap.synchronization.groupType=group

    # The person type in LDAP
    ldap.synchronization.personType=user

    # The attribute in LDAP on group objects that defines the DN for its members
    ldap.synchronization.groupMemberAttributeName=member

    # If true progress estimation is enabled. When enabled, the user query has to be run twice in order to count entries.
    ldap.synchronization.enableProgressEstimation=true



    Im actually spent 2 full days to make it work, ive read tons of articles in the internet and wiki's but with no success… :cry:

    can someone please help me?
    what ive did wrong?

    thank you for reading this..

    ofer.
    0 Kudos
    Getting started

    Tags

    Find what you came for

    We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

    Copyright © 2024 Khoros, LLC