Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Hyland Connect
- Enterprise Platforms
- Alfresco
- Alfresco Archive
- Re: Unable to configure LDAD-AD in Comunity4.2
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Unable to configure LDAD-AD in Comunity4.2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-21-2014 05:05 AM
Hi everybody
I'm trying to connecto to a W2008 Server ActiveDirectory but after reading the documentation, the blog, the wiki… I'm still confuse and doesn't work. And nothing appears in the log files. What exactly I need to do?
I modified the file "/alfresco/tomcat/shared/classes/alfresco-global.properties" adding the following
*/****************************************
#authentication chain
authentication.chain=ldap1:ldap-ad,alfrescoNtlm1:alfrescoNtlm
#configuracion LDAP
ldap.authentication.active=true
ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=%s@MYDOMAIN.ES
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://172.16.29.130:389
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=Administrator
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.principal=me@MYDOMAIN.es
ldap.synchronization.java.naming.security.credentials=password
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.attributeBatchSize=1000
ldap.synchronization.groupQuery=(objectclass\=MYGROUP)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=MYGROUP)(!(whenChanged<\={0})))
ldap.synchronization.personQuery=(&(objectclass\=Users)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=Users)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(whenChanged<\={0})))
ldap.synchronization.groupSearchBase=dc=CSG,dc=ES
ldap.synchronization.userSearchBase=ou\=User Accounts,dc=XX,dc=XX
ldap.synchronization.modifyTimestampAttributeName=whenChanged
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=userPrincipalName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=company
ldap.synchronization.defaultHomeFolderProvider=largeHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupDisplayNameAttributeName=displayName
ldap.synchronization.groupType=group
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=member
ldap.synchronization.enableProgressEstimation=true
ldap.authentication.java.naming.read.timeout=0
***********************************
Also use the file "/alfresco/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldad-ad/ldap1/ldap-ad-authentication.properties" with the same lines and nothing.
Best regards
Gonzalo Arroyo
I'm trying to connecto to a W2008 Server ActiveDirectory but after reading the documentation, the blog, the wiki… I'm still confuse and doesn't work. And nothing appears in the log files. What exactly I need to do?
I modified the file "/alfresco/tomcat/shared/classes/alfresco-global.properties" adding the following
*/****************************************
#authentication chain
authentication.chain=ldap1:ldap-ad,alfrescoNtlm1:alfrescoNtlm
#configuracion LDAP
ldap.authentication.active=true
ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=%s@MYDOMAIN.ES
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://172.16.29.130:389
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=Administrator
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.principal=me@MYDOMAIN.es
ldap.synchronization.java.naming.security.credentials=password
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.attributeBatchSize=1000
ldap.synchronization.groupQuery=(objectclass\=MYGROUP)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=MYGROUP)(!(whenChanged<\={0})))
ldap.synchronization.personQuery=(&(objectclass\=Users)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=Users)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(whenChanged<\={0})))
ldap.synchronization.groupSearchBase=dc=CSG,dc=ES
ldap.synchronization.userSearchBase=ou\=User Accounts,dc=XX,dc=XX
ldap.synchronization.modifyTimestampAttributeName=whenChanged
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=userPrincipalName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=company
ldap.synchronization.defaultHomeFolderProvider=largeHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupDisplayNameAttributeName=displayName
ldap.synchronization.groupType=group
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=member
ldap.synchronization.enableProgressEstimation=true
ldap.authentication.java.naming.read.timeout=0
***********************************
Also use the file "/alfresco/tomcat/shared/classes/alfresco/extension/subsystems/Authentication/ldad-ad/ldap1/ldap-ad-authentication.properties" with the same lines and nothing.
Best regards
Gonzalo Arroyo
Labels:
- Labels:
-
Archive
22 REPLIES 22
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-01-2014 07:27 AM
Hi
I try with this config
****
#authentication chain
authentication.chain=ldap1:ldap-ad,alfrescoNtlm1:alfrescoNtlm
ntlm.authentication.sso.enabled=false
#configuracion LDAP
ldap.authentication.active=true
ldap.authentication.allowGuestLogin=false
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.userNameFormat=%s
ldap.authentication.java.naming.provider.url=ldap://172.16.29.130:389
ldap.authentication.defaultAdministratorUserNames=admin
ldap.synchronization.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.principal=cn\=goar,dc\=csg,dc\=es
ldap.synchronization.java.naming.security.credentials=SECRET
ldap.synchronization.groupSearchBase=cn\=com_cos,dc\=csg,dc\=es
ldap.synchronization.userSearchBase=cn\=com_cos,cn\=Users,dc\=csg,dc\=es
****
and get this error message
2014-04-01 12:27:07,007 ERROR [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization aborted due to error
org.alfresco.repo.security.authentication.AuthenticationException: 03010001 Failed to authenticate, username or password is wrong. User name:cn=goar,dc=csg,dc=es Reason [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1 ]
And this user/password is valid int AD.
Is there any debug possible?
Gonzalo
I try with this config
****
#authentication chain
authentication.chain=ldap1:ldap-ad,alfrescoNtlm1:alfrescoNtlm
ntlm.authentication.sso.enabled=false
#configuracion LDAP
ldap.authentication.active=true
ldap.authentication.allowGuestLogin=false
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.userNameFormat=%s
ldap.authentication.java.naming.provider.url=ldap://172.16.29.130:389
ldap.authentication.defaultAdministratorUserNames=admin
ldap.synchronization.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.principal=cn\=goar,dc\=csg,dc\=es
ldap.synchronization.java.naming.security.credentials=SECRET
ldap.synchronization.groupSearchBase=cn\=com_cos,dc\=csg,dc\=es
ldap.synchronization.userSearchBase=cn\=com_cos,cn\=Users,dc\=csg,dc\=es
****
and get this error message
2014-04-01 12:27:07,007 ERROR [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization aborted due to error
org.alfresco.repo.security.authentication.AuthenticationException: 03010001 Failed to authenticate, username or password is wrong. User name:cn=goar,dc=csg,dc=es Reason [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1 ]
And this user/password is valid int AD.
Is there any debug possible?
Gonzalo
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-01-2014 08:43 AM
Hi
I discovered something, if I try to log in, using CSG\GOAR I enter to the system BUT it appears an empty window, this is the new page openend
"http://172.16.29.171:8080/share/page/user/csg%5cgoar/dashboard"
Log in as admin, in the repository I found that the user CSG\GOAR has been created but give me this error when double-clicking it "Failed to retrieve user details for user csg\goar"
Also ALL domain groups has been created…but don't know when…I have made dozens of config and today is the first day I check this.
Any idea? Is the authorization working but NOT the syncro?
Best regards
Gonzalo
I discovered something, if I try to log in, using CSG\GOAR I enter to the system BUT it appears an empty window, this is the new page openend
"http://172.16.29.171:8080/share/page/user/csg%5cgoar/dashboard"
Log in as admin, in the repository I found that the user CSG\GOAR has been created but give me this error when double-clicking it "Failed to retrieve user details for user csg\goar"
Also ALL domain groups has been created…but don't know when…I have made dozens of config and today is the first day I check this.
Any idea? Is the authorization working but NOT the syncro?
Best regards
Gonzalo
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-01-2014 11:21 PM
Hi,
For time bring make synchronization = false, and restart your alfresco. See if its giving any error in startup ?
next take one ldap user say testLdap. login to Alfresco using admin user and check if this user testLdap exists in Alfresco, if yes delete that user and logout from Alfresco.
next try to login using testLdap, and see if you are able to login, check any errors are coming on logs. If you are able to login successfully then Alfresco will have created same user in Alfresco. Later you can login with admin user and check, you should be able to find this user.
<strong>URL from your last post</strong> : http://172.16.29.171:8080/share/page/user/csg%5cgoar/dashboard
I think you have some special characters in your UserName (csg<strong>%5c</strong>goar) in LDAP, try creating a demo user in LDAP which does not have any special characters in username. And then try to login to your Alfresco with this new user, it should work.
For time bring make synchronization = false, and restart your alfresco. See if its giving any error in startup ?
next take one ldap user say testLdap. login to Alfresco using admin user and check if this user testLdap exists in Alfresco, if yes delete that user and logout from Alfresco.
next try to login using testLdap, and see if you are able to login, check any errors are coming on logs. If you are able to login successfully then Alfresco will have created same user in Alfresco. Later you can login with admin user and check, you should be able to find this user.
<strong>URL from your last post</strong> : http://172.16.29.171:8080/share/page/user/csg%5cgoar/dashboard
I think you have some special characters in your UserName (csg<strong>%5c</strong>goar) in LDAP, try creating a demo user in LDAP which does not have any special characters in username. And then try to login to your Alfresco with this new user, it should work.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-02-2014 07:55 AM
Hi
I didn't notice your post, sorry. I try new config and now seems to work but doesn't retrieve users.
Best regards
I didn't notice your post, sorry. I try new config and now seems to work but doesn't retrieve users.
Best regards
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-02-2014 05:01 AM
Hi
I made new modifications and now, at least, it returns no errors but doen' retrieve any users or groups.
*************************
2014-04-02 10:39:06,139 INFO [management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Starting 'Synchronization' subsystem, ID: [Synchronization, default]
2014-04-02 10:39:06,451 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronizing users and groups with user registry 'ldap1'
2014-04-02 10:39:06,556 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Retrieving all groups from user registry 'ldap1'
2014-04-02 10:39:06,601 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Commencing batch of 0 entries
2014-04-02 10:39:06,603 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Completed batch of 0 entries
2014-04-02 10:39:06,609 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Retrieving all users from user registry 'ldap1'
2014-04-02 10:39:06,622 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Commencing batch of 0 entries
2014-04-02 10:39:06,622 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Completed batch of 0 entries
2014-04-02 10:39:06,630 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Finished synchronizing users and groups with user registry 'ldap1'
2014-04-02 10:39:06,630 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] 0 user(s) and 0 group(s) processed
2014-04-02 10:39:06,766 INFO [management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Startup of 'Synchronization' subsystem, ID: [Synchronization, default] complete
********************************
this is my actual "alfresco-global.properties" file
#authentication chain
authentication.chain=ldap1:ldap-ad,alfrescoNtlm1:alfrescoNtlm
ntlm.authentication.sso.enabled=false
#configuracion LDAP
ldap.authentication.active=true
ldap.authentication.allowGuestLogin=false
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.userNameFormat=cn\=%s,cn\=users,dc\=csg,dc\=rd
ldap.authentication.java.naming.provider.url=ldap://172.16.29.130:389
ldap.authentication.defaultAdministratorUserNames=admin
ldap.synchronization.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.principal=cn\=goar,cn\=users,dc\=csg,dc\=es
ldap.synchronization.java.naming.security.credentials=D0ct0r43
ldap.synchronization.groupSearchBase=ou\=domain controllers,dc\=csg,dc\=es
ldap.synchronization.userSearchBase=cn\=com_cos,cn\=users,dc\=csg,dc\=es
ldap.synchronization.groupQuery=(objectclass\=groups)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=com_cos)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(objectclass\=users)
ldap.synchronization.personDifferentialQuery=(&(objectclass\=users)(!(modifyTimestamp<\={0})))
Any idea or need any more config line?
Gonzalo Arroyo
I made new modifications and now, at least, it returns no errors but doen' retrieve any users or groups.
*************************
2014-04-02 10:39:06,139 INFO [management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Starting 'Synchronization' subsystem, ID: [Synchronization, default]
2014-04-02 10:39:06,451 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronizing users and groups with user registry 'ldap1'
2014-04-02 10:39:06,556 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Retrieving all groups from user registry 'ldap1'
2014-04-02 10:39:06,601 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Commencing batch of 0 entries
2014-04-02 10:39:06,603 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Completed batch of 0 entries
2014-04-02 10:39:06,609 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Retrieving all users from user registry 'ldap1'
2014-04-02 10:39:06,622 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Commencing batch of 0 entries
2014-04-02 10:39:06,622 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Completed batch of 0 entries
2014-04-02 10:39:06,630 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Finished synchronizing users and groups with user registry 'ldap1'
2014-04-02 10:39:06,630 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] 0 user(s) and 0 group(s) processed
2014-04-02 10:39:06,766 INFO [management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Startup of 'Synchronization' subsystem, ID: [Synchronization, default] complete
********************************
this is my actual "alfresco-global.properties" file
#authentication chain
authentication.chain=ldap1:ldap-ad,alfrescoNtlm1:alfrescoNtlm
ntlm.authentication.sso.enabled=false
#configuracion LDAP
ldap.authentication.active=true
ldap.authentication.allowGuestLogin=false
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.userNameFormat=cn\=%s,cn\=users,dc\=csg,dc\=rd
ldap.authentication.java.naming.provider.url=ldap://172.16.29.130:389
ldap.authentication.defaultAdministratorUserNames=admin
ldap.synchronization.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.principal=cn\=goar,cn\=users,dc\=csg,dc\=es
ldap.synchronization.java.naming.security.credentials=D0ct0r43
ldap.synchronization.groupSearchBase=ou\=domain controllers,dc\=csg,dc\=es
ldap.synchronization.userSearchBase=cn\=com_cos,cn\=users,dc\=csg,dc\=es
ldap.synchronization.groupQuery=(objectclass\=groups)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=com_cos)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(objectclass\=users)
ldap.synchronization.personDifferentialQuery=(&(objectclass\=users)(!(modifyTimestamp<\={0})))
Any idea or need any more config line?
Gonzalo Arroyo
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-02-2014 09:38 AM
Hi,
Can you check whether you are able to login with any ldap user or not ?
If you check your logs it is trying to sync users & groups from LDAP but its not finding any users or groups. as its clearly shows in logs <strong>0 user(s) and 0 group(s) processed</strong>
Change DifferentialQuery for person & group same as personQuery or groupQuery as below.
ldap.synchronization.groupQuery=(objectclass\=groups)
ldap.synchronization.groupDifferentialQuery=(objectclass\=groups)
ldap.synchronization.personQuery=(objectclass\=users)
ldap.synchronization.personDifferentialQuery=(objectclass\=users)
And see if its working or not ? But before that try to login to Alfresco with any ldap users and check whether your able to login with ldap user credentials or not ?
Regards.
Can you check whether you are able to login with any ldap user or not ?
If you check your logs it is trying to sync users & groups from LDAP but its not finding any users or groups. as its clearly shows in logs <strong>0 user(s) and 0 group(s) processed</strong>
Change DifferentialQuery for person & group same as personQuery or groupQuery as below.
ldap.synchronization.groupQuery=(objectclass\=groups)
ldap.synchronization.groupDifferentialQuery=(objectclass\=groups)
ldap.synchronization.personQuery=(objectclass\=users)
ldap.synchronization.personDifferentialQuery=(objectclass\=users)
And see if its working or not ? But before that try to login to Alfresco with any ldap users and check whether your able to login with ldap user credentials or not ?
Regards.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-03-2014 02:20 AM
Hi Alfsender
I tried what yo say but get the same log
********************
014-04-03 07:55:32,176 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronizing users and groups with user registry 'ldap1'
2014-04-03 07:55:32,279 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Retrieving all groups from user registry 'ldap1'
2014-04-03 07:55:32,324 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Commencing batch of 0 entries
2014-04-03 07:55:32,326 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Completed batch of 0 entries
2014-04-03 07:55:32,332 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Retrieving all users from user registry 'ldap1'
2014-04-03 07:55:32,348 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Commencing batch of 0 entries
2014-04-03 07:55:32,348 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Completed batch of 0 entries
2014-04-03 07:55:32,359 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Finished synchronizing users and groups with user registry 'ldap1'
2014-04-03 07:55:32,360 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] 0 user(s) and 0 group(s) processed
**********************************
I also try to log in with my ldad user but I couldnt.
best regards
Gonzalo Arroyo
I tried what yo say but get the same log
********************
014-04-03 07:55:32,176 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronizing users and groups with user registry 'ldap1'
2014-04-03 07:55:32,279 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Retrieving all groups from user registry 'ldap1'
2014-04-03 07:55:32,324 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Commencing batch of 0 entries
2014-04-03 07:55:32,326 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=1 Group Analysis: Completed batch of 0 entries
2014-04-03 07:55:32,332 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Retrieving all users from user registry 'ldap1'
2014-04-03 07:55:32,348 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Commencing batch of 0 entries
2014-04-03 07:55:32,348 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Synchronization,Category=directory,id1=ldap1,id2=6 User Creation and Association: Completed batch of 0 entries
2014-04-03 07:55:32,359 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] Finished synchronizing users and groups with user registry 'ldap1'
2014-04-03 07:55:32,360 INFO [security.sync.ChainingUserRegistrySynchronizer] [localhost-startStop-1] 0 user(s) and 0 group(s) processed
**********************************
I also try to log in with my ldad user but I couldnt.
best regards
Gonzalo Arroyo
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-04-2014 01:41 AM
Hi,
it should have worked, i am not sure why its not able to find any user from your ldap.
Just check few things.
- users that you are expecting are all in correct userSearchBase (ldap.synchronization.userSearchBase) ?
- Check same for group and groupSearchBase (ldap.synchronization.groupSearchBase) as well.
Other way you can check this is by giving specific user query in personQuery, i tried this when i was facing issue, so it only authenticated ( or synched if sync is enabled ) this user, but it worked.
ldap.synchronization.personQuery= <provide query for only one user, either by attribute or by full path>
ldap.synchronization.personDifferentialQuery= <provide query for only one user, either by attribute or by full path>
Give it a try and let us know ..
it should have worked, i am not sure why its not able to find any user from your ldap.
Just check few things.
- users that you are expecting are all in correct userSearchBase (ldap.synchronization.userSearchBase) ?
- Check same for group and groupSearchBase (ldap.synchronization.groupSearchBase) as well.
Other way you can check this is by giving specific user query in personQuery, i tried this when i was facing issue, so it only authenticated ( or synched if sync is enabled ) this user, but it worked.
ldap.synchronization.personQuery= <provide query for only one user, either by attribute or by full path>
ldap.synchronization.personDifferentialQuery= <provide query for only one user, either by attribute or by full path>
Give it a try and let us know ..
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-04-2014 05:23 AM
Hi
I erased everything and began again, and now (at least) authentication works!!! but not syncronize the users and groups
********
#configuracion LDAP
#Autenticacion Funciona
ldap.authentication.active=true
ldap.authentication.allowGuestLogin=false
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.userNameFormat=cn\=%s,cn\=users,dc\=csg,dc\=es
ldap.authentication.java.naming.provider.url=ldap://172.16.29.130:389
ldap.authentication.defaultAdministratorUserNames=admin
#Sincronizacion
ldap.synchronization.java.naming.security.principal=cn\=goar,cn\=users,dc\=csg,dc\=es
ldap.synchronization.java.naming.security.credentials=D0ct0r43
ldap.synchronization.groupSearchBase=OU\=Domain Controllers,DC\=CSG,DC\=ES
ldap.synchronization.userSearchBase=OU\=Domain Controllers,DC\=CSG,DC\=ES
********
I have tried with different searchbase, UpperCase, lowCase, without "\" with "\"….
Is it possible to you to contact me through TeamViewer to check yourself my config? I have Softerra LdadBrowser if need to check my ldap settings.
Best Regards
Gonzalo
I erased everything and began again, and now (at least) authentication works!!! but not syncronize the users and groups
********
#configuracion LDAP
#Autenticacion Funciona
ldap.authentication.active=true
ldap.authentication.allowGuestLogin=false
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.userNameFormat=cn\=%s,cn\=users,dc\=csg,dc\=es
ldap.authentication.java.naming.provider.url=ldap://172.16.29.130:389
ldap.authentication.defaultAdministratorUserNames=admin
#Sincronizacion
ldap.synchronization.java.naming.security.principal=cn\=goar,cn\=users,dc\=csg,dc\=es
ldap.synchronization.java.naming.security.credentials=D0ct0r43
ldap.synchronization.groupSearchBase=OU\=Domain Controllers,DC\=CSG,DC\=ES
ldap.synchronization.userSearchBase=OU\=Domain Controllers,DC\=CSG,DC\=ES
********
I have tried with different searchbase, UpperCase, lowCase, without "\" with "\"….
Is it possible to you to contact me through TeamViewer to check yourself my config? I have Softerra LdadBrowser if need to check my ldap settings.
Best Regards
Gonzalo
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-04-2014 08:10 AM
Sure, we can do that.. msg me your skype id
Related Content
- Alfresco Customer Newsletter — November 2024 in Alfresco Blog
- Elasticsearch Frequently Asked Question in Alfresco Blog
- Alfresco Dockerfiles Bakery: Streamlining Container Builds for Alfresco Products in Alfresco Blog
- How to create doclib with custom T-Engine in Alfresco Forum
- ldapS configuration for samba-ad in Alfresco Forum
Getting started
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.
