Hyland Connect

marius_dumitrac · ‎07-10-2019

Hi guys,

I have the following problem with my alfresco instance: the login page in alfresco returns the following message

Your authentication details have not been recognized or Alfresco may not be available at this time.

The alfresco installation has the following details:

1. CentOS 6 (up to date)

2. Postgres 9.3 (up to date)

3. Apache 7.0.6

4. Alfresco ver 5.0d

I use AD connection for user management, the AD is up and running and accessible from the Alfresco machine.

Up to 5 hours ago, I had no problem with it.

I've tried shutting it down and restart it (also postgres and apache server) with no success.

I got no errors in the log files - see them attached.

The alfresco app is running (http://server:8080/alfresco, I cannot login to console, because I don't have the initial admin password)

Can anyone help me on this?

heiko_robert · ‎07-11-2019

your ldap config is not correct. Please fix that following the docs I linked. At least your userNameFormat will expect all the users in ou=users,dc=domain,dc=intern.

View answer in original post

marius_dumitrac · ‎07-11-2019

I think the problem is with the AD server - I've stoped the AD server and got the same error at login. Start again the AD server and the admin login works.

I've checked the ldap user format used to retrieve users and it seems ok (the same format from the alfresco-global.properties file).

heiko_robert · ‎07-11-2019

You configured your Alfresco with passthru which is no longer supported and not a good option anyway. You should switch to kerberos. I bet a windows server update killed your passthru authentication with the latest windows update. By enableing ldap authentication you will be able to authenticate users as defined in your ldap config which is:

SearchBase=ou\=users,dc\=domain,dc\=intern

but only the ones sitting directly in users,dc\=domain_name,dc\=intern

please check the ldap-ad properties example which fit better for AD and/or read LDAP configuration properties | Alfresco Documentation

Cesar also posted link to a blog in another post: Best Practices for Using Active Directory with Alfresco which may help you to get the right track. Do you also use CIFS? If yes you also need to configure kerberos authentication on top.

Additionally you should add alfrescoNtlm to your chain as mentioned before since admin and guest are created in the internal store.

marius_dumitrac · ‎07-11-2019

Hi Robert

You are right, the problem appeared after a windows update.

I've taken out the passthru settings and CIFS ones in the config file and restarted alfresco, but the same problem - admin account can login, the rest of the users not (i get the same error message Your authentication details have not been recognized or Alfresco may not be available at this time.).

Do I need to setup kerberos for the login to work properly for the other users? I thought to leave this out for now.

Here is the updated settings file (red line is added as Caesar's post recommends)

### Authentication chains
authentication.chain=ldap1:ldap-ad
ldap.authentication.active=true
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://192.168.19.254:389
ldap.authentication.userNameFormat=cn\=%s,ou\=users,dc\=domain,dc\=intern
ldap.authentication.defaultAdministratorUsernNames=admin
ldap.authentication.java.naming.security.principal=admin@domain
ldap.authentication.java.naming.security.credentials=12345678
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=admin@domain
ldap.synchronization.java.naming.security.credentials=12345678
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.userSearchBase=ou\=users,dc\=domain,dc\=intern
ldap.synchronization.groupSearchBase=ou\=users,dc\=domain,dc\=intern
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.groupIdAttributeName=cn
synchronization.synchronizeChangesOnly=true
synchronization.import.cron=0 0/15 * * * ?

heiko_robert · ‎07-11-2019

your ldap config is not correct. Please fix that following the docs I linked. At least your userNameFormat will expect all the users in ou=users,dc=domain,dc=intern.

marius_dumitrac · ‎07-12-2019

Hi Robert,

Thanks for help. I've modified the ldap settings as you recommended and now it's up&running.

nilesh · ‎08-10-2023

Hello Expert,
Can anyone please help me? trying form last 3 days but had no luck,
alfresco not allowed to log in any user, using community version ( 5.2.g 2001707)

all Subsystems are not starting

2023-08-10 13:49:40,985 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Stopping 'Replication' subsystem, ID: [Replication, default]
2023-08-10 13:49:40,985 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Stopped 'Replication' subsystem, ID: [Replication, default]

and I'm using alfreco native authentication method default one.

@heiko_robert wrote:
your ldap config is not correct. Please fix that following the docs I linked. At least your userNameFormat will expect all the users in ou=users,dc=domain,dc=intern.

Hyland Connect

Cannot login anymore on Alfresco