Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Problems with AD + local authentication chaining

aspa
Champ in-the-making
Champ in-the-making

‎10-11-2007 05:32 AM

I'm trying to setup authentication chaining so that logins would be authenticated either Alfresco local user storage or Microsoft Active Directory server.

Local authentication works fine with my chaining setup but AD users are not correctly authenticated. When I try to log in using an AD account I get the following error:

"Unable to login - unknown username/password"

tcpdump shows no indication of a connection attempt to the AD server.
Alfresco is setup to import user/group data from AD and this appears to be working correctly.

Any ideas on what could be wrong here?
How could I try to debug this problem?
I've set the log level for org.alfresco.repo.security.authentication to debug but unfortunately that doesn't seem to provide any additional messages during the login process.

Here's what my ldap-authentication-context.xml (placed in tomcat/shared/classes/alfresco/extension) looks like:


    <bean id="authenticationServiceImpl" class="org.alfresco.repo.security.authentication.ChainingAuthenticationServiceImpl">
        <property name="authenticationServices">
            <list>
                <ref bean="authenticationServiceImplMSAD"/>
                <ref bean="authenticationServiceImplAlfresco"/>
            </list>
        </property>
        <property name="mutableAuthenticationService">
            <ref bean="authenticationServiceImplAlfresco"/>
        </property>
    </bean>

    <bean id="authenticationServiceImplAlfresco" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">
        <property name="authenticationDao">
            <ref bean="authenticationDaoAlfresco"/>
        </property>
        <property name="ticketComponent">
            <ref bean="ticketComponent"/>
        </property>
        <property name="authenticationComponent">
            <ref bean="authenticationComponentImplAlfresco"/>
        </property>
    </bean>

    <bean id="authenticationDaoAlfresco" class="org.alfresco.repo.security.authentication.RepositoryAuthenticationDao">
        <property name="nodeService">
            <ref bean="nodeService"/>
        </property>
        <property name="dictionaryService">
            <ref bean="dictionaryService"/>
        </property>
        <property name="namespaceService">
            <ref bean="namespaceService"/>
        </property>
        <property name="searchService">
            <ref bean="searchService"/>
        </property>
        <property name="userNamesAreCaseSensitive">
            <value>${user.name.caseSensitive}</value>
        </property>
        <property name="passwordEncoder">
            <ref bean="passwordEncoder"/>
        </property>
    </bean>

    <bean id="authenticationComponentImplAlfresco" class="org.alfresco.repo.security.authentication.AuthenticationComponentImpl">
        <property name="authenticationDao">
            <ref bean="authenticationDaoAlfresco"/>
        </property>
        <property name="authenticationManager">
            <ref bean="authenticationManager"/>
        </property>
        <property name="allowGuestLogin">
            <value>true</value>
        </property>
    </bean>

   <bean id="authenticationServiceImplMSAD" class="org.alfresco.repo.security.authentication.AuthenticationServiceImpl">
        <property name="authenticationDao">
            <ref bean="authenticationDaoMSAD"/>
        </property>
        <property name="ticketComponent">
            <ref bean="ticketComponent"/>
        </property>
        <property name="authenticationComponent">
            <ref bean="authenticationComponentImplMSAD"/>
        </property>
    </bean>

    <bean id="authenticationDaoMSAD"class="org.alfresco.repo.security.authentic
ation.ntlm.NullMutableAuthenticationDao"/>
    <bean id="authenticationComponentImplMSAD" class="org.alfresco.repo.security.authentication.ldap.LDAPAuthenticationComponentImpl">
        <property name="LDAPInitialDirContextFactory">
            <ref bean="ldapInitialDirContextFactory"/>
        </property>
        <property name="userNameFormat">
            <value>sAMAccountName=%s</value>
        </property>
    </bean>

    <bean id="ldapInitialDirContextFactory" class="org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl">
        <property name="initialDirContextEnvironment">
        <!– …. –>
        </property>
    </bean>
Labels:
0 Kudos
6 REPLIES 6

aspa
Champ in-the-making
Champ in-the-making

‎10-11-2007 05:55 AM

I'm using Alfresco 2.1.0 community edition.
0 Kudos

xalix79
Champ in-the-making
Champ in-the-making

‎12-14-2007 04:31 AM

hi aspa,

did you find a solution for your problem? I'm facing the same problem too…

thanks
0 Kudos

aspa
Champ in-the-making
Champ in-the-making

‎12-14-2007 04:37 AM

unfortunately, i didn't.
0 Kudos

pachacute
Champ in-the-making
Champ in-the-making

‎01-17-2008 10:11 AM

did you find a solution for your problem? i have the same problem

cristian
0 Kudos

aspa
Champ in-the-making
Champ in-the-making

‎01-17-2008 01:31 PM

i did not.
0 Kudos

proxyprodigy
Champ in-the-making
Champ in-the-making

‎05-01-2008 03:30 PM

I know I'm a little late with this. But, have you tried using the CN instead of the sAMAccountName? I'm having problems getting it to authenticate with the sAMAccountName. Everything works fine when I use the full CN. So, if I log into the site with "The Proxy Prodigy", it works. If I log in with "ProxyProdigy", it fails.

Thought this might point you in the right direction. If you come up with any answers, please post them on here. Maybe it will help me out as well.

Thanks.
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC