Hyland Community
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Active Directory Configuration

makram_baaziz
Champ in-the-making
Champ in-the-making

‎03-28-2018 04:19 AM

Hello All,

I have alfresco process services 1.8.1 and wanted to activate the LDAP (active directory) authentication, but I'm facing the following error and don't know what to do:

2018-03-28 09:57:59,578 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] rangeEnabled = false2018-03-28 09:57:59,578 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] rangeSize = 15002018-03-28 09:57:59,578 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] userSearchBase = OU=User Accounts,OU=Alfresco,DC=pgi,DC=com2018-03-28 09:57:59,578 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] userQuery = (&(objectclass=user)(userAccountControl:1.2.840.113556.1.4.803:=512))2018-03-28 09:57:59,594 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] userDifferentialQuery = (&(objectclass=user)(userAccountControl:1.2.840.113556.1.4.803:=512)(!(whenChanged<={0})))2018-03-28 09:57:59,594 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] userIdAttributeName = uid2018-03-28 09:57:59,594 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] userFirstNameAttributeName = givenName2018-03-28 09:57:59,594 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] userLastNameAttributeName = sn2018-03-28 09:57:59,594 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] userEmailAttributeName = 'mail'2018-03-28 09:57:59,594 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] userType = 'user'2018-03-28 09:57:59,594 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] groupSearchBase = 'OU=Security Groups,OU=Alfresco,DC=pgi,DC=com'2018-03-28 09:57:59,594 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] groupQuery = '(objectclass=group)'2018-03-28 09:57:59,594 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] groupDifferentialQuery = '(&(objectclass=group)(!(whenChanged<={0})))'2018-03-28 09:57:59,594 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] groupIdAttributeName = 'cn'2018-03-28 09:57:59,594 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] groupMemberAttributeName = member2018-03-28 09:57:59,594 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] groupType = group2018-03-28 09:57:59,594 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] distinguishedNameAttributeName = dn2018-03-28 09:57:59,594 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] createTimestampAttributeName = whenCreated2018-03-28 09:57:59,594 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] modifyTimestampAttributeName = 'whenChanged'2018-03-28 09:57:59,594 INFO [com.activti.idm.ldap.service.LdapSettingsManager] [localhost-startStop-1] timeStampFormat = yyyyMMddHHmmss'.0Z', locale = (en,GB), timezone = GMT2018-03-28 09:58:00,764 WARN [org.hibernate.hql.internal.ast.HqlSqlWalker] [localhost-startStop-1] [DEPRECATION] Encountered positional parameter near line 1, column 88. Positional parameter are considered deprecated; use named parameters or JPA-style positional parameters instead.2018-03-28 09:58:00,779 WARN [org.hibernate.hql.internal.ast.HqlSqlWalker] [localhost-startStop-1] [DEPRECATION] Encountered positional parameter near line 1, column 77. Positional parameter are considered deprecated; use named parameters or JPA-style positional parameters instead.2018-03-28 09:58:04,180 INFO [com.activiti.service.idm.UserCacheImpl] [activiti-app-rest-Executor-2] User cache statistics: CacheStats{hitCount=0, missCount=0, loadSuccessCount=0, loadExceptionCount=0, totalLoadTime=0, evictionCount=0}2018-03-28 09:58:04,180 INFO [com.activiti.service.idm.UserCacheImpl] [activiti-app-rest-Executor-2] The size of this cache is determined by the 'cache.users.max.size' and 'cache.users.max.age' property.2018-03-28 09:58:04,180 INFO [com.activiti.service.idm.GroupHierarchyCacheImpl] [activiti-app-rest-Executor-2] Group cache statistics: CacheStats{hitCount=0, missCount=0, loadSuccessCount=0, loadExceptionCount=0, totalLoadTime=0, evictionCount=0}2018-03-28 09:58:04,180 INFO [com.activiti.service.idm.GroupHierarchyCacheImpl] [activiti-app-rest-Executor-2] The size of this cache is determined by the 'cache.groups.max.size' and 'cache.groups.max.age' property.2018-03-28 09:58:04,196 INFO [com.activiti.service.runtime.FormStoreServiceImpl] [activiti-app-rest-Executor-2] Form cache statistics: CacheStats{hitCount=0, missCount=0, loadSuccessCount=0, loadExceptionCount=0, totalLoadTime=0, evictionCount=0}2018-03-28 09:58:04,196 INFO [com.activiti.service.runtime.FormStoreServiceImpl] [activiti-app-rest-Executor-2] The size of this cache is determined by the 'cache.forms.max.size' property2018-03-28 09:58:04,196 INFO [com.activiti.service.runtime.integration.alfresco.AlfrescoOnPremiseTicketService] [activiti-app-rest-Executor-1] Alfresco ticket cache statistics: CacheStats{hitCount=0, missCount=0, loadSuccessCount=0, loadExceptionCount=0, totalLoadTime=0, evictionCount=0}2018-03-28 09:58:04,196 INFO [com.activiti.service.runtime.integration.alfresco.AlfrescoOnPremiseTicketService] [activiti-app-rest-Executor-1] The size of this cache is determined by the 'cache.alfresco-tickets.max.size' and 'cache.alfresco-tickets.max.age' property.2018-03-28 09:58:04,196 INFO [com.activiti.service.license.LicenseService] [pool-4-thread-4] Note! License is about to expire in the near future 201804152018-03-28 09:58:04,196 INFO [com.activiti.service.runtime.ScriptFileControllerCacheImpl] [activiti-app-rest-Executor-1] Script file cache statistics: CacheStats{hitCount=0, missCount=0, loadSuccessCount=0, loadExceptionCount=0, totalLoadTime=0, evictionCount=0}2018-03-28 09:58:04,196 INFO [com.activiti.service.idm.PersistentTokenServiceImpl] [activiti-app-rest-Executor-2] Token cache statistics: CacheStats{hitCount=0, missCount=0, loadSuccessCount=0, loadExceptionCount=0, totalLoadTime=0, evictionCount=0}2018-03-28 09:58:04,196 INFO [com.activiti.service.idm.PersistentTokenServiceImpl] [activiti-app-rest-Executor-2] The size of this cache is determined by the 'cache.login-tokens.max.size' and 'cache.login-tokens.max.age' property.2018-03-28 09:58:04,196 INFO [com.activiti.service.runtime.ScriptFileLibraryCacheImpl] [activiti-app-rest-Executor-1] Script file cache statistics: CacheStats{hitCount=0, missCount=0, loadSuccessCount=0, loadExceptionCount=0, totalLoadTime=0, evictionCount=0}2018-03-28 09:58:04,242 INFO [com.activiti.ActivitiApplication] [localhost-startStop-1] Started ActivitiApplication in 42.541 seconds (JVM running for 71.388)2018-03-28 09:58:04,274 INFO [com.activiti.api.idm.AbstractExternalIdmSourceSyncService] [activiti-app-rest-Executor-2] No initial LDAP sync info found. Executing full synchronization.2018-03-28 09:58:04,274 INFO [com.activiti.api.idm.AbstractExternalIdmSourceSyncService] [activiti-app-rest-Executor-2] Starting full LDAP synchronization2018-03-28 09:58:04,274 INFO [com.activiti.api.idm.AbstractExternalIdmSourceSyncService] [activiti-app-rest-Executor-2] Starting to process the LDAP users and groups.2018-03-28 09:58:04,320 INFO [com.activiti.api.idm.AbstractExternalIdmSourceSyncService] [activiti-app-rest-Executor-2] Found 0 groups and 2 users in LDAP2018-03-28 09:58:04,383 INFO [com.activiti.api.idm.AbstractExternalIdmSourceSyncService] [activiti-app-rest-Executor-2] Error while handling user. Could not handle user correctly, user might not have been created.javax.persistence.NonUniqueResultException: result returns more than one elements at org.hibernate.ejb.QueryImpl.getSingleResult(QueryImpl.java:297) at org.hibernate.ejb.criteria.CriteriaQueryCompiler$3.getSingleResult(CriteriaQueryCompiler.java:258) at org.springframework.data.jpa.repository.query.JpaQueryExecution$SingleEntityExecution.doExecute(JpaQueryExecution.java:208) at org.springframework.data.jpa.repository.query.JpaQueryExecution.execute(JpaQueryExecution.java:87) at org.springframework.data.jpa.repository.query.AbstractJpaQuery.doExecute(AbstractJpaQuery.java:116) at org.springframework.data.jpa.repository.query.AbstractJpaQuery.execute(AbstractJpaQuery.java:106) at org.springframework.data.repository.core.support.RepositoryFactorySupport$QueryExecutorMethodInterceptor.doInvoke(RepositoryFactorySupport.java:492) at org.springframework.data.repository.core.support.RepositoryFactorySupport$QueryExecutorMethodInterceptor.invoke(RepositoryFactorySupport.java:475) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.springframework.data.projection.DefaultMethodInvokingMethodInterceptor.invoke(DefaultMethodInvokingMethodInterceptor.java:56) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99) at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:282) at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.springframework.dao.support.PersistenceExceptionTranslationInterceptor.invoke(PersistenceExceptionTranslationInterceptor.java:136) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.springframework.data.jpa.repository.support.CrudMethodMetadataPostProcessor$CrudMethodMetadataPopulatingMethodInterceptor.invoke(CrudMethodMetadataPostProcessor.java:133) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.springframework.data.repository.core.support.SurroundingTransactionDetectorMethodInterceptor.invoke(SurroundingTransactionDetectorMethodInterceptor.java:57) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213) at com.sun.proxy.$Proxy248.findByExternalId(Unknown Source) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) at org.springframework.aop.framework.adapter.MethodBeforeAdviceInterceptor.invoke(MethodBeforeAdviceInterceptor.java:52) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213) at com.sun.proxy.$Proxy249.findByExternalId(Unknown Source) at com.activiti.service.idm.UserServiceImpl.findUserByExternalId(UserServiceImpl.java:527) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99) at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:282) at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213) at com.sun.proxy.$Proxy243.findUserByExternalId(Unknown Source) at com.activiti.api.idm.AbstractExternalIdmSourceSyncService.handleUser(AbstractExternalIdmSourceSyncService.java:498) at com.activiti.api.idm.AbstractExternalIdmSourceSyncService$6.doInTransaction(AbstractExternalIdmSourceSyncService.java:476) at com.activiti.api.idm.AbstractExternalIdmSourceSyncService$6.doInTransaction(AbstractExternalIdmSourceSyncService.java:469) at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:133) at com.activiti.api.idm.AbstractExternalIdmSourceSyncService.insertBatchOfUsers(AbstractExternalIdmSourceSyncService.java:469) at com.activiti.api.idm.AbstractExternalIdmSourceSyncService.handleUsers(AbstractExternalIdmSourceSyncService.java:462) at com.activiti.api.idm.AbstractExternalIdmSourceSyncService.fullSync(AbstractExternalIdmSourceSyncService.java:391) at com.activiti.api.idm.AbstractExternalIdmSourceSyncService.internalExecuteFullSynchronization(AbstractExternalIdmSourceSyncService.java:298) at com.activiti.api.idm.AbstractExternalIdmSourceSyncService$4.run(AbstractExternalIdmSourceSyncService.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source)2018-03-28 09:58:04,414 INFO [com.activiti.api.idm.AbstractExternalIdmSourceSyncService] [activiti-app-rest-Executor-2] Error while handling user. Could not handle user correctly, user might not have been created.javax.persistence.NonUniqueResultException: result returns more than one elements at org.hibernate.ejb.QueryImpl.getSingleResult(QueryImpl.java:297) at org.hibernate.ejb.criteria.CriteriaQueryCompiler$3.getSingleResult(CriteriaQueryCompiler.java:258) at org.springframework.data.jpa.repository.query.JpaQueryExecution$SingleEntityExecution.doExecute(JpaQueryExecution.java:208) at org.springframework.data.jpa.repository.query.JpaQueryExecution.execute(JpaQueryExecution.java:87) at org.springframework.data.jpa.repository.query.AbstractJpaQuery.doExecute(AbstractJpaQuery.java:116) at org.springframework.data.jpa.repository.query.AbstractJpaQuery.execute(AbstractJpaQuery.java:106) at org.springframework.data.repository.core.support.RepositoryFactorySupport$QueryExecutorMethodInterceptor.doInvoke(RepositoryFactorySupport.java:492) at org.springframework.data.repository.core.support.RepositoryFactorySupport$QueryExecutorMethodInterceptor.invoke(RepositoryFactorySupport.java:475) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.springframework.data.projection.DefaultMethodInvokingMethodInterceptor.invoke(DefaultMethodInvokingMethodInterceptor.java:56) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99) at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:282) at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.springframework.dao.support.PersistenceExceptionTranslationInterceptor.invoke(PersistenceExceptionTranslationInterceptor.java:136) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.springframework.data.jpa.repository.support.CrudMethodMetadataPostProcessor$CrudMethodMetadataPopulatingMethodInterceptor.invoke(CrudMethodMetadataPostProcessor.java:133) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.springframework.data.repository.core.support.SurroundingTransactionDetectorMethodInterceptor.invoke(SurroundingTransactionDetectorMethodInterceptor.java:57) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213) at com.sun.proxy.$Proxy248.findByExternalId(Unknown Source) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) at org.springframework.aop.framework.adapter.MethodBeforeAdviceInterceptor.invoke(MethodBeforeAdviceInterceptor.java:52) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213) at com.sun.proxy.$Proxy249.findByExternalId(Unknown Source) at com.activiti.service.idm.UserServiceImpl.findUserByExternalId(UserServiceImpl.java:527) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99) at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:282) at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213) at com.sun.proxy.$Proxy243.findUserByExternalId(Unknown Source) at com.activiti.api.idm.AbstractExternalIdmSourceSyncService.handleUser(AbstractExternalIdmSourceSyncService.java:498) at com.activiti.api.idm.AbstractExternalIdmSourceSyncService$6.doInTransaction(AbstractExternalIdmSourceSyncService.java:476) at com.activiti.api.idm.AbstractExternalIdmSourceSyncService$6.doInTransaction(AbstractExternalIdmSourceSyncService.java:469) at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:133) at com.activiti.api.idm.AbstractExternalIdmSourceSyncService.insertBatchOfUsers(AbstractExternalIdmSourceSyncService.java:469) at com.activiti.api.idm.AbstractExternalIdmSourceSyncService.handleUsers(AbstractExternalIdmSourceSyncService.java:462) at com.activiti.api.idm.AbstractExternalIdmSourceSyncService.fullSync(AbstractExternalIdmSourceSyncService.java:391) at com.activiti.api.idm.AbstractExternalIdmSourceSyncService.internalExecuteFullSynchronization(AbstractExternalIdmSourceSyncService.java:298) at com.activiti.api.idm.AbstractExternalIdmSourceSyncService$4.run(AbstractExternalIdmSourceSyncService.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source)2018-03-28 09:58:04,414 ERROR [com.activiti.api.idm.AbstractExternalIdmSourceSyncService] [activiti-app-rest-Executor-2] Exception while executing full LDAP syncorg.springframework.transaction.TransactionSystemException: Could not commit JPA transaction; nested exception is javax.persistence.RollbackException: Transaction marked as rollbackOnly at org.springframework.orm.jpa.JpaTransactionManager.doCommit(JpaTransactionManager.java:526) at org.springframework.transaction.support.AbstractPlatformTransactionManager.processCommit(AbstractPlatformTransactionManager.java:761) at org.springframework.transaction.support.AbstractPlatformTransactionManager.commit(AbstractPlatformTransactionManager.java:730) at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:150) at com.activiti.api.idm.AbstractExternalIdmSourceSyncService.insertBatchOfUsers(AbstractExternalIdmSourceSyncService.java:469) at com.activiti.api.idm.AbstractExternalIdmSourceSyncService.handleUsers(AbstractExternalIdmSourceSyncService.java:462) at com.activiti.api.idm.AbstractExternalIdmSourceSyncService.fullSync(AbstractExternalIdmSourceSyncService.java:391) at com.activiti.api.idm.AbstractExternalIdmSourceSyncService.internalExecuteFullSynchronization(AbstractExternalIdmSourceSyncService.java:298) at com.activiti.api.idm.AbstractExternalIdmSourceSyncService$4.run(AbstractExternalIdmSourceSyncService.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source)Caused by: javax.persistence.RollbackException: Transaction marked as rollbackOnly at org.hibernate.ejb.TransactionImpl.commit(TransactionImpl.java:72) at org.springframework.orm.jpa.JpaTransactionManager.doCommit(JpaTransactionManager.java:517) ... 11 more ‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

Bellow is \tomcat\lib\activiti-ldap.properties

# --------------------------# LDAP AUTHENTICATION CONFIG# --------------------------# Note that this is AUTHENTICATION only, not synchronization.# For this to work properly, the LDAP synchronization (see below), needs to be # enabled and configured correctly (on one node).ldap.authentication.enabled=true# Set to false to allow for case insensitive logins. By default true if omitted or commented out.ldap.authentication.casesensitive=true# Set this property to 'true' to allow for a fallback to database authentication (default is false).# This can be useful to have a 'system' user for example which does not represent# a real user (and is not in the LDAP user store), but can be used to eg. call the REST API.ldap.allow.database.authenticaion.fallback=false# Property to map the user id entered by the user in the login field to that passed through to LDAP.## If the users are in a flat list (eg one organizational unit), it's easy, simply set the property # to a value, eg. uid={0},ou=users,dc=alfresco,dc=com# This is also the most performant way, as the LDAP bind can be done directly.## However, if the users are in structured folders (organizational units for example), a direct pattern cannot be used.# In this case, leave the property either empty or comment it. # A query will be done using the ldap.synchronization.personQuery with the ldap.synchronization.userIdAttributeName# to find the user, and find it's dn. That dn will then be used to login.ldap.authentication.dnPattern=# Uncomment when using Active directoryldap.authentication.active-directory.enabled=trueldap.authentication.active-directory.domain=pgi.comldap.authentication.active-directory.rootDn=DC=pgi,DC=comldap.authentication.active-directory.searchFilter=(&(objectClass=user)(sAMAccountName={0}))# ----------------------------# LDAP SYNCHRONIZATION CONFIG# ----------------------------# Enables full synchronization. With full sync, all user/groups will be checked whether they are valid or not.# By default, runs at midnight, since this is quite a heavy operation.# Full synchronization is needed because a partial synchronization cannot detect deletes of groups/users. ldap.synchronization.full.enabled=trueldap.synchronization.full.cronExpression=0 0 0 * * ?# Enabled differential synchronization. This will only check the users/groups which are changes since last sync.# A differential sync cannot detect deletes of users/groups. This is done by the full sync.ldap.synchronization.differential.enabled=falseldap.synchronization.differential.cronExpression=0 0 */4 * * ?# Paging (default = no paging).# If enabled, default page size is 100ldap.synchronization.paging.enabled=falseldap.synchronization.paging.size=500# Db batch sizesldap.synchronization.db.insert.batch.size=100ldap.synchronization.db.query.batch.size=100# ----------------------# LDAP CONNECTION CONFIG# ----------------------# The URL to connect to the LDAP server ldap.authentication.java.naming.provider.url=ldap://ActiveDirectory.pgi.com:389# The default principal to use (only used for LDAP sync)ldap.synchronization.java.naming.security.principal=CN\=Alfresco,OU\=User Accounts,OU\=Alfresco,DC\=pgi,DC\=com# The password for the default principal (only used for LDAP sync)ldap.synchronization.java.naming.security.credentials=Start123# The authentication mechanism to use for synchronizationldap.synchronization.java.naming.security.authentication=simple# LDAPS truststore configuration properties#ldap.authentication.truststore.path=#ldap.authentication.truststore.passphrase=#ldap.authentication.truststore.type=# Set to 'ssl' to enable truststore configuration via subsystem's properties#ldap.authentication.java.naming.security.protocol=ssl# The LDAP context factory to use#ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory# Requests timeout, in miliseconds, use 0 for none (default)#ldap.authentication.java.naming.read.timeout=0# See http://docs.oracle.com/javase/jndi/tutorial/ldap/referral/jndi.html#ldap.synchronization.java.naming.referral=follow# -----------# USER CONFIG# -----------# The user search base restricts the LDAP user query to a sub section of tree on the LDAP server.ldap.synchronization.userSearchBase=OU=User Accounts,OU=Alfresco,DC=pgi,DC=com# The query to select all objects that represent the users to import.# Active Directory example: (&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))# The query to select objects that represent the users to import that have changed since a certain time.# Active Directory example: (&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(whenChanged<\={0})))ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(!(whenChanged<\={0})))# The attribute name on people objects found in LDAP to use as the login id in Activiti. Needs to be unique and cannot change!ldap.synchronization.userIdAttributeName=uid# The attribute on person objects in LDAP to map to the first name property of a userldap.synchronization.userFirstNameAttributeName=givenName# The attribute on person objects in LDAP to map to the last name property of a userldap.synchronization.userLastNameAttributeName=sn# The attribute on person objects in LDAP to map to the email property of a userldap.synchronization.userEmailAttributeName=mail# The person type in LDAP# Active Directory: userldap.synchronization.userType=user# Set the dn of the people that need to be made tenant admin (one tenant). Delimit multiple entries with ;, cause we can't use a comma of course. Note: no trimming of spaces will be applied##ldap.synchronization.tenantAdminDn=uid=admin,ou=users,dc=alfresco,dc=com# Set the dn of the people that need to be made tenant manager (multiple tenants). Delimit multiple entries with ;, cause we can't use a comma of course. Note: no trimming of spaces will be applied##ldap.synchronization.tenantManagerDn=uid=admin,ou=users,dc=alfresco,dc=com# ------------# GROUP CONFIG# ------------# The group search base restricts the LDAP group query to a sub section of tree on the LDAP server.ldap.synchronization.groupSearchBase=OU=Security Groups,OU=Alfresco,DC=pgi,DC=com# The query to select all objects that represent the groups to import.# Active Directory example: (objectclass\=group)ldap.synchronization.groupQuery=(objectclass\=group)# The query to select objects that represent the groups to import that have changed since a certain time.# Active Directory example: (&(objectclass\=group)(!(whenChanged<\={0})))ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(whenChanged<\={0})))# The attribute on LDAP group objects to map to the authority name property in Alfrescoldap.synchronization.groupIdAttributeName=cn# The attribute in LDAP on group objects that defines the DN for its membersldap.synchronization.groupMemberAttributeName=member# LDAP Range (default = no range).# If enabled, default range size is 1000.# This is an Active Directory attribute # and should be used when there are groups with more than# 1000 members for AD on Windows Server 2000 or# 1500 members for AD on Windows Server 2003+# see https://msdn.microsoft.com/en-us/library/ms676302(VS.85).aspxldap.synchronization.groupMemberRangeEnabled=falseldap.synchronization.groupMemberRangeSize=1500# The group type in LDAP# Active Directory: groupldap.synchronization.groupType=group# ------------------------# GENERIC ATTRIBUTE CONFIG# ------------------------# The dn of an entry. ldap.synchronization.distinguishedNameAttributeName=dn# The name of the operational attribute recording the last update time for a group or user.# Active Directory: whenChangedldap.synchronization.modifyTimestampAttributeName=whenChanged# The name of the operational attribute recording the create time for a group or user.# Active Directory: whenCreatedldap.synchronization.createTimestampAttributeName=whenCreated# The timestamp format. Unfortunately, this varies between directory servers.# Active Directory: yyyyMMddHHmmss'.0Z'ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'# The timestamp format locale language. 'en' by default. Follows the java.util.Locale semantics.ldap.synchronization.timestampFormat.locale.language=en# The timestamp format locale country. 'GB' by default. Follows the java.util.Locale semantics.ldap.synchronization.timestampFormat.locale.country=GB# The timestamp format timezone. 'GMT' by default. Folloez the java.text.SimpleDateFormat semantics.ldap.synchronization.timestampFormat.timezone=GMT# -----------------------# LDAP CONNECTION POOLING# -----------------------# Options=# nothing filled in: no connection pooling# 'jdk': use the default jdk pooling mechanism# 'spring': use the spring ldap connection pooling facilities. These can be configured further below#ldap.synchronization.pooling.type=spring# Following settings follow the semantics of org.springframework.ldap.pool.factory.PoolingContextSource#ldap.synchronization.pooling.minIdle=0#ldap.synchronization.pooling.maxIdle=8#ldap.synchronization.pooling.maxActive=0#ldap.synchronization.pooling.maxTotal=-1#ldap.synchronization.pooling.maxWait=-1# Options for exhausted action: fail | block | grow#ldap.synchronization.pooling.whenExhaustedAction=block#ldap.synchronization.pooling.testOnBorrow=false#ldap.synchronization.pooling.testOnReturn=false#ldap.synchronization.pooling.testWhileIdle=false#ldap.synchronization.pooling.timeBetweenEvictionRunsMillis=-1#ldap.synchronization.pooling.minEvictableIdleTimeMillis=1800000#ldap.synchronization.pooling.numTestsPerEvictionRun=3# Connection pool validation (see http://docs.spring.io/spring-ldap/docs/2.0.2.RELEASE/reference/#pooling for semantics)# Used when any of the testXXX above are set to true#ldap.synchronization.pooling.validation.base=#ldap.synchronization.pooling.validation.filter=# Search control: object, oneLevel, subTree#ldap.synchronization.pooling.validation.searchControlsRefs=#---------------------------# KERBEROS SSO CONFIGURATION#---------------------------kerberos.authentication.enabled=false#kerberos.authentication.principal=HTTP/test.alfresco.local#kerberos.authentication.keytab=C:/alfresco/alfrescohttp.keytabkerberos.authentication.krb5.conf=C:/Windows/krb5.ini#kerberos.allow.ldap.authentication.fallback=false#kerberos.allow.database.authentication.fallback=false# Set to true if you use the short form (samAccountName) of your AD username to log in to Windows rather than the full UPN#kerberos.allow.samAccountName.authentication=true# Following line must be set to true when Kerberos enabled#security.authentication.use-externalid=true‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍

Any idea ??

Thanks in advance,

Makram

Labels:
0 Kudos
1 REPLY 1

keith_bailey
Champ on-the-rise
Champ on-the-rise

‎05-25-2018 06:32 AM

Hi Makram, 

Appreciate that it has been a while since you asked your question, but I found it whilst trying to problem solve a different issue myself.

Did you get this resolved in the end ?

I notice that you have 

ldap.synchronization.userIdAttributeName=uid

Although 'uid' is an attribute in AD, i'm not sure what it gets populated with. That might be why you are getting non-unique results for a specific user. 

See User Naming Attributes (Windows) 

You might be better off using 

ldap.synchronization.userIdAttributeName=sAMAccountName

- we've had some success with this setting & AD, although my current problem is that disabled AD accounts are not making active users 'inactive'

Caution : Note that this contradicts the example-activiti-ldap-for-ad.properties file which suggests you use 'cn' together as does numerous other examples i've found in google searches.  However, that gives us the users full name in 'external_id' within APS, which is not correct.

See [MNT-18209] AD ldap.authentication.active-directory.* configuration properties cause auth failure - ... 

I also note that there is an open JIRA to improve the documentation.

HTH

Keith

Getting started

Explore our Alfresco products with the links below. Use labels to filter content by product module.

Copyright © 2025 Khoros, LLC
Top