I got alfresco to sync to ldap and do passthru authentication to samba, the issue im having is with the web interface where if I navigate to http://server:8080/alfresco i get an apache authentication popup asking for a username and password. I just want the standard the alfresco login box.
If i navigate directly to http://server:8080/alfresco/faces/jsp/login.jsp i get the alfresco box, and I can login ok.
When I log out I get the "You have been logged out of Alfresco." box in the middle of the browser, and If i navigate back to http://server:8080/alfresco/ or click on "Re-login to Alfresco" Im back in without entering a password or I get the apache style auth popup.
Its like it remembers my password like ntlm SSO, but I think i turned this off. here is my global config file:
————
authentication.chain=passthru1
assthru,ldap1:ldap
cifs.domain=WALES
# Configure NTLM passthru to SAMBA Server
ntlm.authentication.sso.enabled=false
passthru.authentication.sso.enabled=false
#ntlm.authentication.authenticateCIFS=false
passthru.authentication.servers=192.168.0.1
passthru.authentication.domain=WALES
passthru.authentication.useLocalServer=false
passthru.authentication.connectTimeout=5000
#Offline server check interval in seconds
passthru.authentication.offlineCheckInterval=300
passthru.authentication.protocolOrder=TCPIP,NETBIOS
passthru.authentication.authenticateCIFS=true
passthru.authentication.authenticateFTP=true
#ntlm.authentication.mapUnknownUserToGuest=false
##### Ldap Synchronisation
ldap.authentication.active=false
ldap.synchronization.active=true
# User Bind settings
ldap.authentication.java.naming.provider.url=ldap://192.168.0.1:389
ldap.authentication.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.principal=cn=alfresco,dc=domain,dc=com
ldap.synchronization.java.naming.security.credentials=alfuser
# what to sync
ldap.synchronization.userSearchBase=ou=People,dc=domain,dc=com
ldap.synchronization.groupSearchBase=ou=Distribution-Lists,dc=domain,dc=com
ldap.synchronization.groupQuery=(objectclass=posixGroup)
ldap.synchronization.personQuery=(objectclass=inetOrgPerson)
synchronization.synchronizeChangesOnly=true
synchronization.syncOnStartup=true
synchronization.syncWhenMissingPeopleLogIn=true
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
# map attributes
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'
ldap.synchronization.personType=inetOrgPerson
ldap.synchronization.groupMemberAttributeName=memberUid
ldap.synchronization.userIdAttributeName=uid
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=cn
ldap.synchronization.userEmailAttributeName=mail
—————-
can someone point me in the right direction to get the proper behavior.
If i navigate directly to http://server:8080/alfresco/faces/jsp/login.jsp i get the alfresco box, and I can login ok.
When I log out I get the "You have been logged out of Alfresco." box in the middle of the browser, and If i navigate back to http://server:8080/alfresco/ or click on "Re-login to Alfresco" Im back in without entering a password or I get the apache style auth popup.
Its like it remembers my password like ntlm SSO, but I think i turned this off. here is my global config file:
————
authentication.chain=passthru1
assthru,ldap1:ldapcifs.domain=WALES
# Configure NTLM passthru to SAMBA Server
ntlm.authentication.sso.enabled=false
passthru.authentication.sso.enabled=false
#ntlm.authentication.authenticateCIFS=false
passthru.authentication.servers=192.168.0.1
passthru.authentication.domain=WALES
passthru.authentication.useLocalServer=false
passthru.authentication.connectTimeout=5000
#Offline server check interval in seconds
passthru.authentication.offlineCheckInterval=300
passthru.authentication.protocolOrder=TCPIP,NETBIOS
passthru.authentication.authenticateCIFS=true
passthru.authentication.authenticateFTP=true
#ntlm.authentication.mapUnknownUserToGuest=false
##### Ldap Synchronisation
ldap.authentication.active=false
ldap.synchronization.active=true
# User Bind settings
ldap.authentication.java.naming.provider.url=ldap://192.168.0.1:389
ldap.authentication.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.principal=cn=alfresco,dc=domain,dc=com
ldap.synchronization.java.naming.security.credentials=alfuser
# what to sync
ldap.synchronization.userSearchBase=ou=People,dc=domain,dc=com
ldap.synchronization.groupSearchBase=ou=Distribution-Lists,dc=domain,dc=com
ldap.synchronization.groupQuery=(objectclass=posixGroup)
ldap.synchronization.personQuery=(objectclass=inetOrgPerson)
synchronization.synchronizeChangesOnly=true
synchronization.syncOnStartup=true
synchronization.syncWhenMissingPeopleLogIn=true
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
# map attributes
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'Z'
ldap.synchronization.personType=inetOrgPerson
ldap.synchronization.groupMemberAttributeName=memberUid
ldap.synchronization.userIdAttributeName=uid
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=cn
ldap.synchronization.userEmailAttributeName=mail
—————-
can someone point me in the right direction to get the proper behavior.
I tried reproducing this problem with a v3.2 install and couldn't.
I have
authentication.chain=passthru1assthru,alfresco:ldap-ad
ntlm.authentication.sso.enabled=false
and I get the login screen when I go to http://localhost:8080/alfresco
Are you using a vanilla Tomcat 6 install? Is Apache HTTP server sitting in front of it and how is that configured?
I have
authentication.chain=passthru1
assthru,alfresco:ldap-adntlm.authentication.sso.enabled=false
and I get the login screen when I go to http://localhost:8080/alfresco
Are you using a vanilla Tomcat 6 install? Is Apache HTTP server sitting in front of it and how is that configured?
fixed it now…..Ldap sync and passthru auth is working…
I had to install alfresco 3.3 to get the ldap sync working (build from Aug 11th), and the passthru is fine, it may have been some settings I changed.
Here is the updated part of the alfresco-globals.properties
—————–
authentication.chain=passthru1assthru,ldap1:ldap
cifs.domain=WALES
# Configure NTLM passthru to SAMBA Server
ntlm.authentication.sso.enabled=false
ntlm.authentication.authenticateCIFS=false
passthru.authentication.sso.enabled=false
passthru.authentication.allowGuestLogin=true
#alfresco.authentication.allowGuestLogin=true
#alfresco.authentication.authenticateCIFS=false
passthru.authentication.servers=192.168.0.1
passthru.authentication.domain=WALES
passthru.authentication.useLocalServer=false
passthru.authentication.defaultAdministratorUserNames=adminusers
passthru.authentication.connectTimeout=5000
passthru.authentication.offlineCheckInterval=300
passthru.authentication.protocolOrder=TCPIP,NETBIOS
passthru.authentication.authenticateCIFS=true
passthru.authentication.authenticateFTP=true
#ntlm.authentication.sso.enabled=true
#ntlm.authentication.mapUnknownUserToGuest=false
##### Ldap Synchronisation
———-
hope this helps someone. Alfresco is working great now except for the dot files with os x clients using cifs and webdav. This can be overcome with using Blueharvest shareware to stop os x writing .DS_STORE and resource fork files to network drives.
The only issue I found is that if i create a content rule that emails certain people when a file is updated or uploaded because the mac uses a resource fork and a data fork that's 2 files. Eventhough the Blueharvest stops the dot files from being left on the alfresco drive, i think they are written there and then deleted because I still get 2 emails through. anyway.
I had to install alfresco 3.3 to get the ldap sync working (build from Aug 11th), and the passthru is fine, it may have been some settings I changed.
Here is the updated part of the alfresco-globals.properties
—————–
authentication.chain=passthru1
assthru,ldap1:ldapcifs.domain=WALES
# Configure NTLM passthru to SAMBA Server
ntlm.authentication.sso.enabled=false
ntlm.authentication.authenticateCIFS=false
passthru.authentication.sso.enabled=false
passthru.authentication.allowGuestLogin=true
#alfresco.authentication.allowGuestLogin=true
#alfresco.authentication.authenticateCIFS=false
passthru.authentication.servers=192.168.0.1
passthru.authentication.domain=WALES
passthru.authentication.useLocalServer=false
passthru.authentication.defaultAdministratorUserNames=adminusers
passthru.authentication.connectTimeout=5000
passthru.authentication.offlineCheckInterval=300
passthru.authentication.protocolOrder=TCPIP,NETBIOS
passthru.authentication.authenticateCIFS=true
passthru.authentication.authenticateFTP=true
#ntlm.authentication.sso.enabled=true
#ntlm.authentication.mapUnknownUserToGuest=false
##### Ldap Synchronisation
———-
hope this helps someone. Alfresco is working great now except for the dot files with os x clients using cifs and webdav. This can be overcome with using Blueharvest shareware to stop os x writing .DS_STORE and resource fork files to network drives.
The only issue I found is that if i create a content rule that emails certain people when a file is updated or uploaded because the mac uses a resource fork and a data fork that's 2 files. Eventhough the Blueharvest stops the dot files from being left on the alfresco drive, i think they are written there and then deleted because I still get 2 emails through. anyway.
