cancel
Showing results for 
Search instead for 
Did you mean: 

Unable to configure LDAD-AD in Comunity4.2

cos
Champ in-the-making
Champ in-the-making
Hi everybody

I'm trying to connecto to a W2008 Server ActiveDirectory but after reading the documentation, the blog, the wiki… I'm still confuse and doesn't work. And nothing appears in the log files. What exactly I need to do?

I modified the file "/alfresco/tomcat/shared/classes/alfresco-global.properties" adding the following

*/****************************************
#authentication chain
authentication.chain=ldap1:ldap-ad,alfrescoNtlm1:alfrescoNtlm

#configuracion LDAP
ldap.authentication.active=true

ldap.authentication.allowGuestLogin=false

ldap.authentication.userNameFormat=%s@MYDOMAIN.ES

ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory

ldap.authentication.java.naming.provider.url=ldap://172.16.29.130:389

ldap.authentication.java.naming.security.authentication=simple

ldap.authentication.escapeCommasInBind=false

ldap.authentication.escapeCommasInUid=false

ldap.authentication.defaultAdministratorUserNames=Administrator

ldap.synchronization.active=true

ldap.synchronization.java.naming.security.authentication=simple

ldap.synchronization.java.naming.security.principal=me@MYDOMAIN.es

ldap.synchronization.java.naming.security.credentials=password

ldap.synchronization.queryBatchSize=1000

ldap.synchronization.attributeBatchSize=1000

ldap.synchronization.groupQuery=(objectclass\=MYGROUP)

ldap.synchronization.groupDifferentialQuery=(&(objectclass\=MYGROUP)(!(whenChanged<\={0})))

ldap.synchronization.personQuery=(&(objectclass\=Users)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))

ldap.synchronization.personDifferentialQuery=(&(objectclass\=Users)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(whenChanged<\={0})))

ldap.synchronization.groupSearchBase=dc=CSG,dc=ES

ldap.synchronization.userSearchBase=ou\=User Accounts,dc=XX,dc=XX

ldap.synchronization.modifyTimestampAttributeName=whenChanged

ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'

ldap.synchronization.userIdAttributeName=userPrincipalName

ldap.synchronization.userFirstNameAttributeName=givenName

ldap.synchronization.userLastNameAttributeName=sn

ldap.synchronization.userEmailAttributeName=mail

ldap.synchronization.userOrganizationalIdAttributeName=company

ldap.synchronization.defaultHomeFolderProvider=largeHomeFolderProvider

ldap.synchronization.groupIdAttributeName=cn

ldap.synchronization.groupDisplayNameAttributeName=displayName

ldap.synchronization.groupType=group

ldap.synchronization.personType=user

ldap.synchronization.groupMemberAttributeName=member

ldap.synchronization.enableProgressEstimation=true

ldap.authentication.java.naming.read.timeout=0
***********************************


Also use the file "/alfresco/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldad-ad/ldap1/ldap-ad-authentication.properties" with the same lines and nothing.

Best regards
Gonzalo Arroyo
22 REPLIES 22

mrogers
Star Contributor
Star Contributor
You cant define the authentication chain in the subsystem "/alfresco/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldad-ad/ldap1/ldap-ad-authentication.properties"

But you should get something in the logs, even if its an error.

I find several of your settings curious.
in particular ldap.authentication.userNameFormat and there's a mismatch between your group queries.

cos
Champ in-the-making
Champ in-the-making
Hi Roger

The authentication chain is in "/alfresco/tomcat/shared/classes/alfresco-global-properties" I also included "ntlm.authentication.sso.enabled=false" but doesn't work

I'm looking in /alfresco/tomcat/logs and there are these files


total 562772
drwxr-xr-x.  2 root root     4096 mar 21 13:03 .
drwxr-xr-x. 12 root root     4096 mar 10 12:44 ..
-rw-r–r–.  1 root root        0 mar 21 13:03 1
-rw-r–r–.  1 root root     8379 mar 10 13:18 catalina.2014-03-10.log
-rw-r–r–.  1 root root     4410 mar 11 09:58 catalina.2014-03-11.log
-rw-r–r–.  1 root root    29028 mar 13 19:39 catalina.2014-03-13.log
-rw-r–r–.  1 root root    20615 mar 20 18:02 catalina.2014-03-20.log
-rw-r–r–.  1 root root     8259 mar 21 10:51 catalina.2014-03-21.log
-rw-r–r–.  1 root root  8222328 mar 21 12:51 catalina.out
-rw-r–r–.  1 root root        0 mar 10 12:48 host-manager.2014-03-10.log
-rw-r–r–.  1 root root        0 mar 11 09:51 host-manager.2014-03-11.log
-rw-r–r–.  1 root root        0 mar 13 18:02 host-manager.2014-03-13.log
-rw-r–r–.  1 root root        0 mar 20 09:47 host-manager.2014-03-20.log
-rw-r–r–.  1 root root        0 mar 21 09:04 host-manager.2014-03-21.log
-rw-r–r–.  1 root root    43007 mar 10 13:18 localhost.2014-03-10.log
-rw-r–r–.  1 root root      425 mar 11 09:58 localhost.2014-03-11.log
-rw-r–r–.  1 root root     5064 mar 13 19:39 localhost.2014-03-13.log
-rw-r–r–.  1 root root     4211 mar 20 18:02 localhost.2014-03-20.log
-rw-r–r–.  1 root root     1688 mar 21 10:51 localhost.2014-03-21.log
-rw-r–r–.  1 root root   558767 mar 10 23:59 localhost_access_log.2014-03-10.txt
-rw-r–r–.  1 root root 22794065 mar 11 23:59 localhost_access_log.2014-03-11.txt
-rw-r–r–.  1 root root 47912980 mar 12 23:59 localhost_access_log.2014-03-12.txt
-rw-r–r–.  1 root root 48344180 mar 13 23:59 localhost_access_log.2014-03-13.txt
-rw-r–r–.  1 root root 47653425 mar 14 23:59 localhost_access_log.2014-03-14.txt
-rw-r–r–.  1 root root 56572637 mar 15 23:59 localhost_access_log.2014-03-15.txt
-rw-r–r–.  1 root root 60650717 mar 16 23:59 localhost_access_log.2014-03-16.txt
-rw-r–r–.  1 root root 63489731 mar 17 23:59 localhost_access_log.2014-03-17.txt
-rw-r–r–.  1 root root 58392365 mar 18 23:59 localhost_access_log.2014-03-18.txt
-rw-r–r–.  1 root root 61789180 mar 19 23:59 localhost_access_log.2014-03-19.txt
-rw-r–r–.  1 root root 64451259 mar 20 23:59 localhost_access_log.2014-03-20.txt
-rw-r–r–.  1 root root 35192159 mar 21 13:02 localhost_access_log.2014-03-21.txt
-rw-r–r–.  1 root root        0 mar 10 12:48 manager.2014-03-10.log
-rw-r–r–.  1 root root        0 mar 11 09:51 manager.2014-03-11.log
-rw-r–r–.  1 root root        0 mar 13 18:02 manager.2014-03-13.log
-rw-r–r–.  1 root root        0 mar 20 09:47 manager.2014-03-20.log
-rw-r–r–.  1 root root        0 mar 21 09:04 manager.2014-03-21.log
-rw-r–r–.  1 root root        0 jul 29  2013 NOTEMPTY


what is the exact file I need to look for any ldap error messsage?

Thanks for your help
Best Regards
Gonzalo Arroyo

cos
Champ in-the-making
Champ in-the-making
Hi

I think I found something in "catalina.out"

2014-03-24 16:27:21,923  INFO  [management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Starting 'Authentication' subsystem, ID: [Authentication, managed, ldap1]
2014-03-24 16:27:21,970  WARN  [management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Startup of 'Authentication' subsystem, ID: [Authentication, managed, ldap1] failed
org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Failed to import bean definitions from relative location [../common-ldap-context.xml]
Offending resource: file [/opt/alfresco-4.2.e/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap-ad/ldap1/ldap-ad-authentication-context.xml]; nested exception is org.springframework.beans.factory.BeanDefinitionStoreException: IOException parsing XML document from URL [file:/opt/alfresco-4.2.e/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap-ad/ldap1/../common-ldap-context.xml]; nested exception is java.io.FileNotFoundException: /opt/alfresco-4.2.e/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap-ad/ldap1/../common-ldap-context.xml (No such file or directory)
   at org.springframework.beans.factory.parsing.FailFastProblemReporter.error(FailFastProblemReporter.java:68)
   at org.springframework.beans.factory.parsing.ReaderContext.error(ReaderContext.java:85)
   at org.springframework.beans.factory.parsing.ReaderContext.error(ReaderContext.java:76)
   at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.importBeanDefinitionResource(DefaultBeanDefinitionDocumentReader.java:218)
   at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.parseDefaultElement(DefaultBeanDefinitionDocumentReader.java:147)
   at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.parseBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:132)
   at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.registerBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:93)
   at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.registerBeanDefinitions(XmlBeanDefinitionReader.java:493)
   at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:390)
   at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:334)
   at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:302)
   at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:143)
   at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:178)
   at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:149)
   at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:212)
   at org.springframework.context.support.AbstractXmlApplicationContext.loadBeanDefinitions(AbstractXmlApplicationContext.java:126)
   at org.springframework.context.support.AbstractXmlApplicationContext.loadBeanDefinitions(AbstractXmlApplicationContext.java:92)
   at org.springframework.context.support.AbstractRefreshableApplicationContext.refreshBeanFactory(AbstractRefreshableApplicationContext.java:130)
   at org.springframework.context.support.AbstractApplicationContext.obtainFreshBeanFactory(AbstractApplicationContext.java:467)
   at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:397)
   at org.alfresco.repo.management.subsystems.ChildApplicationContextFactory$ApplicationContextState.start(ChildApplicationContextFactory.java:803)
   at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.start(AbstractPropertyBackedBean.java:991)
   at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.getState(AbstractPropertyBackedBean.java:274)
   at org.alfresco.repo.management.subsystems.ChildApplicationContextFactory.getApplicationContext(ChildApplicationContextFactory.java:437)
   at org.alfresco.repo.management.subsystems.DefaultChildApplicationContextManager$ApplicationContextManagerState.getApplicationContext(DefaultChildApplicationContextManager.java:360)
   at org.alfresco.repo.management.subsystems.DefaultChildApplicationContextManager$ApplicationContextManagerState.start(DefaultChildApplicationContextManager.java:306)
   at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.start(AbstractPropertyBackedBean.java:991)
   at org.alfresco.repo.management.subsystems.AbstractPropertyBackedBean.getState(AbstractPropertyBackedBean.java:274)
   at org.alfresco.repo.management.subsystems.DefaultChildApplicationContextManager.getInstanceIds(DefaultChildApplicationContextManager.java:180)
   at org.alfresco.repo.security.authentication.subsystems.SubsystemChainingAuthenticationService.refreshBeans(SubsystemChainingAuthenticationService.java:89)
   at org.alfresco.repo.security.authentication.subsystems.SubsystemChainingAuthenticationService.getUsableAuthenticationServices(SubsystemChainingAuthenticationService.java:185)
   at org.alfresco.repo.security.authentication.AbstractChainingAuthenticationService.getDefaultAdministratorUserNames(AbstractChainingAuthenticationService.java:566)
   at org.alfresco.repo.security.authority.AuthorityServiceImpl.getRoleAuthorities(AuthorityServiceImpl.java:271)
   at org.alfresco.repo.security.authority.AuthorityServiceImpl.access$000(AuthorityServiceImpl.java:52)
   at org.alfresco.repo.security.authority.AuthorityServiceImpl$UserAuthoritySet.<init>(AuthorityServiceImpl.java:756)
   at org.alfresco.repo.security.authority.AuthorityServiceImpl.getAuthoritiesForUser(AuthorityServiceImpl.java:262)
   at org.alfresco.repo.security.authority.AuthorityServiceImpl.isAdminAuthority(AuthorityServiceImpl.java:180)
   at org.alfresco.service.cmr.workflow.WorkflowPermissionInterceptor.invoke(WorkflowPermissionInterceptor.java:52)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
   at org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor.invoke(ExceptionTranslatorMethodInterceptor.java:46)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
   at org.alfresco.repo.audit.AuditMethodInterceptor.invoke(AuditMethodInterceptor.java:161)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
   at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:110)
   at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
   at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
   at com.sun.proxy.$Proxy57.isDefinitionDeployed(Unknown Source)
   at org.alfresco.repo.workflow.WorkflowDeployer.init(WorkflowDeployer.java:293)
   at org.alfresco.repo.workflow.WorkflowDeployer$1$1.doWork(WorkflowDeployer.java:469)
   at org.alfresco.repo.security.authentication.AuthenticationUtil.runAs(AuthenticationUtil.java:548)
   at org.alfresco.repo.workflow.WorkflowDeployer$1.execute(WorkflowDeployer.java:465)
   at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:452)
   at org.alfresco.repo.workflow.WorkflowDeployer.onBootstrap(WorkflowDeployer.java:460)
   at org.springframework.extensions.surf.util.AbstractLifecycleBean.onApplicationEvent(AbstractLifecycleBean.java:56)
   at org.alfresco.repo.management.SafeApplicationEventMulticaster.multicastEventInternal(SafeApplicationEventMulticaster.java:209)
   at org.alfresco.repo.management.SafeApplicationEventMulticaster.multicastEvent(SafeApplicationEventMulticaster.java:180)
   at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:303)
   at org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:911)
   at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:428)
   at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:276)
   at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:197)
   at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:47)
   at org.alfresco.web.app.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:63)
   at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4939)
   at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5434)
   at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
   at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:901)
   at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:877)
   at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:633)
   at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:976)
   at org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1653)
   at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
   at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
   at java.util.concurrent.FutureTask.run(FutureTask.java:166)
   at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
   at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
   at java.lang.Thread.run(Thread.java:724)
Caused by: org.springframework.beans.factory.BeanDefinitionStoreException: IOException parsing XML document from URL [file:/opt/alfresco-4.2.e/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap-ad/ldap1/../common-ldap-context.xml]; nested exception is java.io.FileNotFoundException: /opt/alfresco-4.2.e/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap-ad/ldap1/../common-ldap-context.xml (No such file or directory)
   at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:341)
   at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:302)
   at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:143)
   at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:178)
   at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.importBeanDefinitionResource(DefaultBeanDefinitionDocumentReader.java:207)
   … 73 more
Caused by: java.io.FileNotFoundException: /opt/alfresco-4.2.e/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldap-ad/ldap1/../common-ldap-context.xml (No such file or directory)
   at java.io.FileInputStream.open(Native Method)
   at java.io.FileInputStream.<init>(FileInputStream.java:138)
   at java.io.FileInputStream.<init>(FileInputStream.java:97)
   at sun.net.www.protocol.file.FileURLConnection.connect(FileURLConnection.java:90)
   at sun.net.www.protocol.file.FileURLConnection.getInputStream(FileURLConnection.java:188)
   at org.springframework.core.io.UrlResource.getInputStream(UrlResource.java:124)
   at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:328)
   … 77 more
2014-03-24 16:27:21,983  INFO  [management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Starting 'Authentication' subsystem, ID: [Authentication, managed, alfrescoNtlm1]
2014-03-24 16:27:22,370  INFO  [management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Startup of 'Authentication' subsystem, ID: [Authentication, managed, alfrescoNtlm1] complete


Best regards
Gonzalo Arroyo

mrogers
Star Contributor
Star Contributor
That is indeed a problem.   You have copied the subsystem config to the extensions folder but missed that file.

However unless you are going to do something special or configure multiple ldap-ad instances there's no need to have any of that config in the extensions folder.

cos
Champ in-the-making
Champ in-the-making
Hi Roger.

I have done several things

first I delete the folder "/opt/alfresco-4.2.e/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldad-ad/ldap1

I modified the file "/opt/alfresco-4.2.e/tomcat/shared/classes/alfresco-global.properties"  and this is the LDAD Config

****************
#configuracion LDAP
ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=CN=paloaltoid,CN=Users,DC=CSG,DC=ES
ldap.authentication.java.naming.provider.url=ldap://172.16.29.130:389
ldap.authentication.defaultAdministratorUserNames=admin
ldap.synchronization.java.naming.security.principal=paloaltoid@csg.es
ldap.synchronization.java.naming.security.credentials=paloaltoid
ldap.synchronization.groupSearchBase=ou=COM_COS,dc=CSG,dc=ES
ldap.synchronization.userSearchBase=ou\=User Accounts,dc=CSG,dc=ES
**********************

still not working but seems better.

this is the error message

2014-03-25 18:54:53,836  ERROR [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization aborted due to error
org.alfresco.error.AlfrescoRuntimeException: 02250001 Error during LDAP Search. Reason:[LDAP: error code 32 - 0000208D: NameErr: DSID-0310020A, problem 2001 (NO_OBJECT), data 0, best match of:
   'DC=CSG,DC=ES'
]
Do my config need any more?

And also I found this error




2014-03-25 18:55:32,656  ERROR [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization aborted due to error
org.springframework.dao.DataIntegrityViolationException:
### Error querying database.  Cause: org.postgresql.util.PSQLException: ERROR: invalid byte sequence for encoding "UTF8": 0x00
### The error may involve alfresco.propval.select_PropertyValueByStringValue-Inline
### The error occurred while setting parameters
### Cause: org.postgresql.util.PSQLException: ERROR: invalid byte sequence for encoding "UTF8": 0x00
; SQL []; ERROR: invalid byte sequence for encoding "UTF8": 0x00; nested exception is org.postgresql.util.PSQLException: ERROR: invalid byte sequence for encoding "UTF8": 0x00


Does the file "alfresco-global.properties" need to be in a specific format?

best regards

Gonzalo Arroyo

mrogers
Star Contributor
Star Contributor
http://en.wikipedia.org/wiki/.properties
java properties files are in latin-1 format so any non latin-1 characters need to be encoded thus \uNNNN.

I do note that you are missing the \ char in your group search base and user search base.

e.g. ou\=User Accounts,dc\=CSG,dc\=ES

cos
Champ in-the-making
Champ in-the-making
Hi Roger

I didn't modified any java file, at least I don't remember. only "alfresco.global-properties" Do this file be in latin-1 format?

I included the \ but still not working. I will ask my Domain admin if I misunderstand the OU


cos
Champ in-the-making
Champ in-the-making
Hi Roger

This is my new configuration

*************
#authentication chain
authentication.chain=ldap1:ldap-ad,alfrescoNtlm1:alfrescoNtlm
ntlm.authentication.sso.enabled=false

#configuracion LDAP
ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=cn=%s,dc=csg,dc=es
ldap.authentication.java.naming.provider.url=ldap://172.16.29.130:389
ldap.authentication.defaultAdministratorUserNames=admin
ldap.synchronization.java.naming.security.principal=goar@csg.es
ldap.synchronization.java.naming.security.credentials=SECRET
#ldap.synchronization.groupSearchBase=cn=com_cos,dc=csg,dc=es
ldap.synchronization.userSearchBase=cn=com_cos,cn=users,dc=csg,dc=es
**************************


And this is the error message,

2014-03-31 08:26:12,609  INFO  [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronizing users and groups with user registry 'ldap1'
2014-03-31 08:26:12,694  INFO  [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Retrieving all groups from user registry 'ldap1'
2014-03-31 08:26:12,746  ERROR [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization aborted due to error
org.alfresco.error.AlfrescoRuntimeException: 02310001 Error during LDAP Search. Reason:domain:389


is it possible to debug the ldapd subsytem to track the complete process?

best regards

Gonzalo Arroyo

alfsender
Champ in-the-making
Champ in-the-making
Hi COS,

As Roger mentioned you need to modify your userSearchQuery as below. .
ldap.synchronization.userSearchBase=cn\=com_cos,cn\=users,dc\=csg,dc\=es (Adding \ )

also try with this porperty ldap.authentication.userNameFormat=%s (later you can modify it as per your requirement).