Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Problem with Share when do the AD synchronization

minhhacker
Champ in-the-making
Champ in-the-making

‎12-11-2008 07:55 AM

Hi all,
I'm using Alfresco Enterprise 3.0. The first feeling is very good in Local account, everything work fine in /Share and /Alfresco, i can create site, invite another users, reject the invitation or whatever. And my problem start when I have done the Active Directory synchronization. When all users in my AD was imported successful, i can login http://mysite:8080/alfresco with AD username and do anything without errors. But when i login http://mysite:8080/share, the first page look like very good, but i CAN NOT search the site, CAN NOT accept or reject the site invitation of Admin, and when i use that AD user to create new site, i CAN NOT see it in My Site panel through it still created (i can see it appearance at Sites space in /alfresco).

I have tried to install on Windows/Tomcat/MySQL and Ubuntu/Tomcat/MySQL, but still the same problem.

I think accounts of AD and Local of Alfresco are different in using. How can i use AD users to login Share like Local users? Somebody said that the username with dot "." have that problem, but i have tried a user without dot ".", and result is still the same if i use the AD user to login Share.

I do not post the errors code here because i know so many members have met them when deploy version 3.c or 3.0 Enterprise version like me.

Please help me, so i can report to my manager about the WORKING of Alfresco, this really a strong point for my manager to decide about buy full license.

Thank you and Best regards,
Minh
Labels:
0 Kudos
4 REPLIES 4

ofrxnz
Champ in-the-making
Champ in-the-making

‎12-17-2008 03:37 PM

Do you have any errors.  I had some similar things i have worked around.

couple of things off the bat i know of.

AD users MUST log in to Alfresco once before going into share. 

share currently hates symbols (.#@ etc) in credentials, i dont know about the enterprise version, but i bet it has similar issues

Test some of those bugs in multiple browsers.  I had a few that were IE specific but worked in Firefox.  If this is the case post the errors and hopefully one of can point you in the right direction.

Take a look in this forum space some of the good bug fixes are floating around

In general Alfresco proper is pretty solid.  While it has its short comings, it is the best over-all product i have seen.  Share still needs some love but is very promising and quite useful.  I think the only querk in Alfresco proper right now has to do with CIFS
0 Kudos

peebles
Champ in-the-making
Champ in-the-making

‎01-16-2009 05:22 PM

I had a different problem, when using LDAP auth/sync, no NTLM, no chaining.  I could log into Share and send an invite, but when invitee clicked on accept link, they would get an error message to the effect that "accept rejected, you have already accepted, of your invitation has been canceled".  And in alfresco.log:

09:38:59,839 ERROR [org.jbpm.graph.def.GraphElement] action threw exception: Get enabled is not supported
org.alfresco.error.AlfrescoRuntimeException: Get enabled is not supported
        at org.alfresco.repo.security.authentication.DefaultMutableAuthenticationDao.getEnabled(DefaultMutableAuthenticationDao.java:179)
        at org.alfresco.repo.web.scripts.invite.AcceptInviteAction.execute(AcceptInviteAction.java:75)
        at org.jbpm.graph.def.Action.execute(Action.java:122)
        at org.jbpm.graph.def.GraphElement.executeAction(GraphElement.java:264)
        at org.jbpm.graph.def.GraphElement.executeActions(GraphElement.java:220)
        at org.jbpm.graph.def.GraphElement.fireAndPropagateEvent(GraphElement.java:190)
        at org.jbpm.graph.def.GraphElement.fireEvent(GraphElement.java:174)
        at org.jbpm.graph.def.Transition.take(Transition.java:138)
(…)

Using this error message, and browsing the source, I found that changing
  tomcat/shared/classes/alfresco/extension/ldap-authentication-context.xml:

    <bean name="authenticationDao" class="org.alfresco.repo.security.authentication.DefaultMutableAuthenticationDao" >
        <property name="allowGetEnabled" value="true" />
        <property name="allowDeleteUser">
            <value>true</value>
        </property>
    </bean>   

(adding the line <property name="allowGetEnabled" value="true" />)

Fixed my problem, and things look pretty functional now.
0 Kudos

wabson
Star Contributor
Star Contributor

‎02-02-2009 04:03 AM

peebles - logged in JIRA as https://issues.alfresco.com/jira/browse/ETHREEOH-1242
0 Kudos

marcus
Champ in-the-making
Champ in-the-making

‎02-02-2009 11:25 PM

The other thing to be aware of when using AD is that typically you'll have set up a user/group importer job. If you have, you'll need to make sure that the "clearAllChildren" flag for the ldapGroupImport bean is set to "false", otherwise all the groups that Share creates for managing sites will be deleted, and your sites will become borked.
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC