Hyland Connect

jayvrod · ‎06-26-2007

I finally got AD Auth setup.
When a User logs in for the first time. There User Home Space is being created in the Company Home instead of User Homes

I want it to go to User Homes or what ever.. What do I change to make this happen??

Also how do I give another User Admin Privileges??

Thanks
Jay

jey · ‎06-27-2007

Hi

In your file ldap-authentication-context.xml, you have a bean called ldapPeopleExportSource that defines this mapping between LDAP properties and Alfresco properties.

And in this bean you have something like that:

<entry key="cm:homeFolderProvider">
<value>personalHomeFolderProvider</value>
</entry>

This value makes references to an other bean defines in the file Alfresco\tomcat\webapps\alfresco\WEB-INF\classes\alfresco\authentication-services-context.xml

<bean name="personalHomeFolderProvider" class="org.alfresco.repo.security.person.UIDBasedHomeFolderProvider">
        <property name="serviceRegistry">
          <ref bean="ServiceRegistry" />
      </property>
        <property name="path">
           <value>/${spaces.company_home.childname}</value>
        </property>
        <property name="storeUrl">
           <value>${spaces.store}</value>
        </property>
        <property name="homeFolderManager">
         <ref bean="homeFolderManager" />
      </property>
        <property name="inheritsPermissionsOnCreate">
            <value>false</value>
        </property>
        <property name="ownerPemissionsToSetOnCreate">
            <set>
                <value>All</value>
            </set>
        </property>
        <property name="userPemissions">
            <set>
                <value>All</value>
            </set>
        </property>
    </bean>

The property path makes reference to /${spaces.company_home.childname}, the company home folder.
If you want users' home folders to be created in User Homes, you must replace it by: /${spaces.company_home.childname}/${spaces.user_homes.childname}

In this bean you can also defines user rights on their home folders….

About the admin question now:
This can't be done during this importation! You can specify who have admin privileges in the config file authority-services-context.xml (same path as before).

In the bean authorityService you have a property adminUsers. There you can defines as many administrators as you want by adding their user id.

<property name="adminUsers">
      <set>
            <value>admin</value>
            <value>administrator</value>
            <value>userid1</value>
            <value>userid2</value>
      </set>
</property>

Now you should be able to perform all you need!!!

Let me just give you some other advices:
   - first: users home folder won't change even if you modify the path in the config file. You must reset your all repository (database and indexes). When the import will be perform on the new repository, folder will be in the expected places.

   - seccond: PLEASE before posting read the forum!!!! I am sure there is many topic talking about this on this forum…. This time someone replied, but it won't allways be the same! JUST READ GUYS ….

I hope this help.

Regards,
jey.

stk137 · ‎06-28-2007

So do I understand this correctly.
By default, there is a space for User Homes.
By default, Alfresco doesn't create new user homes there. (that was my experience, too, although with JAAS and LDAP instead of AD)

Doesn't that seem like a bug? The default should be put new user homes under User Homes, right?

You can't change this without editing the contents of alfresco.war?
Or is there something in extensions for setting those things in authority-services-context.xml?
I don't see anything for that in extensions.

jayvrod · ‎06-28-2007

Thanks jey

I searched the Forum, but just didn't find an answer..

But I agree.. with 2.0 the Default Home Folder for users is located in User Homes.

However if you use AD it dumps to the Company Home..
To me a Bug also…

Jay

Hi

In your file ldap-authentication-context.xml, you have a bean called ldapPeopleExportSource that defines this mapping between LDAP properties and Alfresco properties.

And in this bean you have something like that:
<entry key="cm:homeFolderProvider">
         <value>personalHomeFolderProvider</value>
   </entry>

This value makes references to an other bean defines in the file Alfresco\tomcat\webapps\alfresco\WEB-INF\classes\alfresco\authentication-services-context.xml

<bean name="personalHomeFolderProvider" class="org.alfresco.repo.security.person.UIDBasedHomeFolderProvider">
        <property name="serviceRegistry">
          <ref bean="ServiceRegistry" />
      </property>
        <property name="path">
           <value>/${spaces.company_home.childname}</value>
        </property>
        <property name="storeUrl">
           <value>${spaces.store}</value>
        </property>
        <property name="homeFolderManager">
         <ref bean="homeFolderManager" />
      </property>
        <property name="inheritsPermissionsOnCreate">
            <value>false</value>
        </property>
        <property name="ownerPemissionsToSetOnCreate">
            <set>
                <value>All</value>
            </set>
        </property>
        <property name="userPemissions">
            <set>
                <value>All</value>
            </set>
        </property>
    </bean>

The property path makes reference to /${spaces.company_home.childname}, the company home folder.
If you want users' home folders to be created in User Homes, you must replace it by: /${spaces.company_home.childname}/${spaces.user_homes.childname}

In this bean you can also defines user rights on their home folders….

About the admin question now:
This can't be done during this importation! You can specify who have admin privileges in the config file authority-services-context.xml (same path as before).

In the bean authorityService you have a property adminUsers. There you can defines as many administrators as you want by adding their user id.

<property name="adminUsers">
      <set>
            <value>admin</value>
            <value>administrator</value>
            <value>userid1</value>
            <value>userid2</value>
      </set>
</property>

Now you should be able to perform all you need!!!

Let me just give you some other advices:
   - first: users home folder won't change even if you modify the path in the config file. You must reset your all repository (database and indexes). When the import will be perform on the new repository, folder will be in the expected places.

   - seccond: PLEASE before posting read the forum!!!! I am sure there is many topic talking about this on this forum…. This time someone replied, but it won't allways be the same! JUST READ GUYS ….

I hope this help.

Regards,
jey.

andy · ‎07-02-2007

Hi

Users created outside LDAP import and the UI are made according to the default home folder provider. This will be used when auto-creating user via NTLM.

See http://wiki.alfresco.com/wiki/Security_and_Authentication#Creating_home_spaces_-_from_1.4_onwards and the the config file authentication-services-context.xml from which you probably want to over-ride the bean …


  <bean name="homeFolderManager" class="org.alfresco.repo.security.person.HomeFolderManager">
        <property name="nodeService">
            <ref bean="nodeService" />
        </property>
        <property name="policyComponent">
            <ref bean="policyComponent" />
        </property>
        <property name="defaultProvider">
            <!– Create people in company home
            <ref bean="personalHomeFolderProvider" />
            –>
            <ref bean="userHomesHomeFolderProvider" />
        </property>
    </bean>

‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

Also see http://issues.alfresco.com/browse/AR-1558

Andy

stk137 · ‎07-02-2007

Hi

Users created outside LDAP import and the UI are made according to the default home folder provider. This will be used when auto-creating user via NTLM.
…
Also see http://issues.alfresco.com/browse/AR-1558

Andy

I am having difficulties with this work around.
In this database I inherited, there's "user_spaces" instead of "user_homes"
So I tried

/${spaces.company_home.childname}/${spaces.user_spaces.childname}

but got an error on login (with new user from JAAS)


javax.faces.FacesException: Error calling action method of component with id loginForm:submit
caused by:
javax.faces.el.EvaluationException: Exception while invoking expression #{LoginBean.login}
caused by:
org.alfresco.service.cmr.repository.XPathException: Error executing xpath:
xpath: /app:company_home/${spaces.user_spaces.childname}
caused by:
org.jaxen.XPathSyntaxException: Expected one of '.', '..', '@', '*', <QName>
caused by:
class org.jaxen.saxpath.XPathSyntaxException: /app:company_home/${spaces.user_spaces.childname}: 18: Expected one of '.', '..', '@', '*', <QName>

‍‍‍‍‍‍‍‍‍‍‍‍‍

So I tried adding "user_homes" (under company_home) and then used what you had said

/${spaces.company_home.childname}/${spaces.user_homes.childname}

but got this error after logging in


javax.faces.FacesException: Error calling action method of component with id loginForm:submit
caused by:
javax.faces.el.EvaluationException: Exception while invoking expression #{LoginBean.login}
caused by:
java.lang.IllegalStateException: Non-unique path: found : /app:company_home/app:user_homes 0‍‍‍‍‍‍

I deleted user_homes and left the path the same, but still got the non-unique path error.
(Although I thought it was returning multiple but now I think it was returning none)

I am little confused about what these expressions and paths are supposed to be. I was trying to find stuff in the database, to figure it out, but I am not sure where "path" is stored. In the case of "company_home", the name and title in alf_properties was changed to "Content Home", but where's the path that still equals "company_home"?
Anyway, how do I determine what to put there to get user_spaces to work? or to make make user_spaces work like your user_homes?

FWIW here's what my user_spaces node says in the browser

Primary Path:   /{http://www.alfresco.org/model/application/1.0}company_home/{http://www.alfresco.org/model/content/1....
Reference:   workspace://SpacesStore/ca52e0dc-80d5-11db-b31e-bb584255ad7e
Type:   {http://www.alfresco.org/model/content/1.0}folder
Parent:    workspace://SpacesStore/3c2c673d-7902-11db-8697-e79e4834e0e9

BTW My main concern with the workaround (assuming I get it to work, is that I have to edit inside the WAR. Is it possible to just put a copy of this xml file in extensions and just make the changes there?

thanks

Steve

stk137 · ‎07-02-2007

Anyway, how do I determine what to put there to get user_spaces to work? or to make make user_spaces work like your user_homes?

alternatively, how do I properly create a user_homes folder when there's not one?

stk137 · ‎07-02-2007

Anyway, how do I determine what to put there to get user_spaces to work? or to make make user_spaces work like your user_homes?

alternatively, how do I properly create a user_homes folder when there's not one?

If someone can answer that you can ignore my longer message.

I got my user_spaces working with path=/app:company_home/cm:user_spaces, but I'd like to know how to create the /app:user_homes folder. I see that may solve our problem of wanting to change the display name in the navigator (in the bootstrap property file).

thanks,

Steve

andy · ‎07-06-2007

Hi

The user folder is created at bootstrap time only. We can not make this in a patch as there may be a name collision with existing folders. If you have an older set up you will probably want to stick with the structure.

You could create this folder by exporting the folder from a new Alfresco instance and importing it into your existing server. You can not create this folder from the UI (as it uses the app namespace and not cm)

Andy

warren_h · ‎08-21-2007

Hi

Users created outside LDAP import and the UI are made according to the default home folder provider. This will be used when auto-creating user via NTLM.

See http://wiki.alfresco.com/wiki/Security_and_Authentication#Creating_home_spaces_-_from_1.4_onwards and the the config file authentication-services-context.xml from which you probably want to over-ride the bean …

Andy

Editing /opt/alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/authentication-services-context.xml
works fine. But my attempts at creating this file /opt/alfresco/tomcat/shared/classes/alfresco/extension/custom-authentication-services-context.xml
only end up breaking login. My latest attempt looks like this :


<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>

<beans>

    <bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.AuthenticationComponentImpl">
        <property name="authenticationDao">
            <ref bean="authenticationDao" />
        </property>
        <property name="authenticationManager">
            <ref bean="authenticationManager" />
        </property>
        <property name="allowGuestLogin">
            <value>false</value>
        </property>
    </bean>

    <bean name="homeFolderManager" class="org.alfresco.repo.security.person.HomeFolderManager">
        <property name="nodeService">
            <ref bean="nodeService" />
        </property>
        <property name="policyComponent">
            <ref bean="policyComponent" />
        </property>
        <property name="defaultProvider">
            <ref bean="companyHomeFolderProvider" />
        </property>
    </bean>

</beans>
‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

But it just doesn't work. How should I be doing this?

Thanks,

Warren.

Hyland Connect

New User Default Home Space??