Hyland Connect

craig · ‎12-16-2007

When I try to delete user, I get the following message in web client…

Failed to delete User due to error: Not implemented

catalina.out shows (small clip)
12:25:16,132 ERROR [ui.common.Utils] Failed to delete User due to error: Not implemented
org.alfresco.error.AlfrescoRuntimeException: Not implemented
        at org.alfresco.repo.security.authentication.ntlm.NullMutableAuthenticationDao.deleteUser(NullMutableAuthenticationDao.java:94)
        at org.alfresco.repo.security.authentication.AuthenticationServiceImpl.deleteAuthentication(AuthenticationServiceImpl.java:95)

I look at this link…
http://forums.alfresco.com/viewtopic.php?t=9038

which suggests that the ntlm config examples should show me how to do this but my sample/configuration doesn't show anything like that…

My ntlm-authentication-context.xml includes this instead of useLocalServer
        <property name="servers">
            <value>MyDOMAIN\MyDomainPDC</value>
        </property>

and users have no problem authenticating to CIFS (NTLM) or to webclient (LDAP) and LDAP sync works fine but I need to delete users that don't exist in LDAP any longer.

craig · ‎12-20-2007

If I execute
mv ntlm-authentication-context.xml ntlm-authentication-context.xml-hold
and then restart tomcat
I can then delete users but without ntlm-authentication-context.xml, I can't use the CIFS server

so I have to move it back and restart tomcat again.

removing all of the commented lines from ntlm-authentication-context.xml leaves…

<beans>

    <bean id="authenticationDao" class="org.alfresco.repo.security.authentication.ntlm.NullMutableAuthenticationDao" />

    <bean id="authenticationComponent" class="org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl">
<!–
–>
        <property name="useLocalServer">
            <value>false</value>
        </property>
<!–
–>
        <property name="servers">
            <value>MY_OBSCURED_DOMAIN\MY_PDC</value>
        </property>
        <property name="personService">
            <ref bean="personService" />
        </property>
        <property name="nodeService">
            <ref bean="nodeService" />
        </property>
        <property name="transactionService">
            <ref bean="transactionComponent" />
        </property>
        <property name="guestAccess">
            <value>true</value>
        </property>
    </bean>

</beans>

andy · ‎01-16-2008

Hi

The UI tries to delete the person from Alfresco and the user from the authentication system. If the authentication system is Alfresco this is fine. If authentication is external to Alfresco this can fail unless there is an appropriate DAO.

You could configure the DAO as
org.alfresco.repo.security.authentication.DefaultMutableAuthenticationDao which can then be configured to allow some operations to pass through without rejection (such as silently ignoring a delete of an authentication from LDAP or NTLM). See the default LDAP authentication configuration.
The user will remain in NTLM.

Andy

craig · ‎01-17-2008

You could configure the DAO as
org.alfresco.repo.security.authentication.DefaultMutableAuthenticationDao which can then be configured to allow some operations to pass through without rejection (such as silently ignoring a delete of an authentication from LDAP or NTLM). See the default LDAP authentication configuration.
The user will remain in NTLM.

ldap-authentication-context.xml has…

    <bean name="authenticationDao" class="org.alfresco.repo.security.authentication.DefaultMutableAuthenticationDao" >
        <property name="allowDeleteUser">
            <value>true</value>
        </property>
    </bean>
‍‍‍‍‍‍

but I can't delete a user that no onger exists in LDAP (and thus would never be re-imported) and isn't available in NTLM because he isn't available in LDAP.

Craig

Hyland Connect

NTLM and LDAP - can't delete user