cancel
Showing results for 
Search instead for 
Did you mean: 

LDAP Authentification

mdubois
Confirmed Champ
Confirmed Champ

Hi,

I need to establish a LDAP Authentification on my Alfresco Community.
In Alfresco-global.propertie, I add some lines but when I try to connect on Alfresco Share with my AD account, it didn't work. I add this line :

authentication.chain=alfinst:alfrescoNtlm,ldap1:ldap

ldap.authentication.java.naming.provider.url=ldap://IPAdressOfMyAD:389

ldap.synchronization.userSearchBase=uids=%s,ou=\Utilisateurs,dc=\DOMAIN,dc=\fr 

ldap.authentification.active=true

ldap.synchronization.active=false

Did I need to add other line or edit other files ?

19 REPLIES 19

fedorow
Elite Collaborator
Elite Collaborator

Don't write, don't search, just browse.

Admin Tools > Groups > Browse

( http://youdomain.fr/share/page/console/admin-console/groups#state=panel%3Dsearch%26refresh%3Dfalse)

What do you see? Nothing? Set check box "Show System Groups" and Browse again. Do you see system groups?

Check synchronization logs. Have it some errors? How many groups imported?

As I understand, AD users synchronized properly. Do search base of users the same as groups?

If don't, check groups search base by external LDAP browser. For example, Apache Directory Studio or some thing like this.

When I just browse in Groups, I got Alfresco system groups but not AD Groups.
In my log there is no errors, i give you this in the end of my post

OU "Groupe d'accès" and OU "Utilisateurs" are in the OU "RAPIDO" and it work for Utilisateurs but not Groupe d'accès

This line are from "Alfresco.log" just after I start Alfresco service

19-05-29 11:24:06,982 INFO [org.alfresco.repo.admin] [localhost-startStop-1] Using database URL 'jdbcSmiley Tongueostgresql://localhost:5432/alfresco' with user 'alfresco'.
2019-05-29 11:24:06,984 INFO [org.alfresco.repo.admin] [localhost-startStop-1] Connected to database PostgreSQL version 9.4.12
2019-05-29 11:24:11,765 INFO [org.alfresco.repo.domain.schema.SchemaBootstrap] [localhost-startStop-1] Ignoring script patch (post-Hibernate): patch.db-V4.2-metadata-query-indexes
2019-05-29 11:24:11,766 INFO [org.alfresco.repo.domain.schema.SchemaBootstrap] [localhost-startStop-1] Ignoring script patch (post-Hibernate): patch.db-V5.1-metadata-query-indexes
2019-05-29 11:24:11,766 INFO [org.alfresco.repo.domain.schema.SchemaBootstrap] [localhost-startStop-1] Ignoring script patch (post-Hibernate): patch.db-V5.2-remove-jbpm-tables-from-db
2019-05-29 11:24:18,167 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Starting 'Authentication' subsystem, ID: [Authentication, managed, alfinst]
2019-05-29 11:24:18,361 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Startup of 'Authentication' subsystem, ID: [Authentication, managed, alfinst] complete
2019-05-29 11:24:18,361 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Starting 'Authentication' subsystem, ID: [Authentication, managed, ldap1]
2019-05-29 11:24:23,493 WARN [org.alfresco.repo.security.authentication.ldap.LDAPInitialDirContextFactoryImpl] [localhost-startStop-1] LDAP server supports anonymous bind ldap://SRVDC01.rapido53.com ##adres of ldap server
2019-05-29 11:24:23,525 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Startup of 'Authentication' subsystem, ID: [Authentication, managed, ldap1] complete
2019-05-29 11:24:26,298 INFO [org.springframework.extensions.webscripts.TemplateProcessorRegistry] [localhost-startStop-1] Registered template processor Repository Template Processor for extension ftl
2019-05-29 11:24:26,300 INFO [org.springframework.extensions.webscripts.ScriptProcessorRegistry] [localhost-startStop-1] Registered script processor Repository Script Processor for extension js
2019-05-29 11:24:28,573 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Starting 'ContentStore' subsystem, ID: [ContentStore, managed, unencrypted]
2019-05-29 11:24:28,621 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Startup of 'ContentStore' subsystem, ID: [ContentStore, managed, unencrypted] complete
2019-05-29 11:24:28,671 INFO [org.alfresco.repo.domain.schema.SchemaBootstrap] [localhost-startStop-1] Connecting to database: jdbcSmiley Tongueostgresql://localhost:5432/alfresco, UserName=alfresco, PostgreSQL Native Driver
2019-05-29 11:24:28,672 INFO [org.alfresco.repo.domain.schema.SchemaBootstrap] [localhost-startStop-1] Schema managed by database dialect org.hibernate.dialect.PostgreSQLDialect.
2019-05-29 11:24:28,910 INFO [org.alfresco.repo.domain.schema.SchemaBootstrap] [localhost-startStop-1] No changes were made to the schema.
2019-05-29 11:24:29,898 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Starting 'thirdparty' subsystem, ID: [thirdparty, default]
2019-05-29 11:24:30,047 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Startup of 'thirdparty' subsystem, ID: [thirdparty, default] complete
2019-05-29 11:24:30,047 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Starting 'OOoDirect' subsystem, ID: [OOoDirect, default]
2019-05-29 11:24:30,437 WARN [org.alfresco.util.OpenOfficeConnectionTester] [localhost-startStop-1] Error trying to query Open Office version information. OpenOffice.org's ConfigurationRegistry not implemented in this version of OOo. This should not affect the operation of OOo.
2019-05-29 11:24:30,440 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Startup of 'OOoDirect' subsystem, ID: [OOoDirect, default] complete
2019-05-29 11:24:30,444 INFO [org.alfresco.repo.admin.ConfigurationChecker] [localhost-startStop-1] The root data directory ('dir.root') is: /opt/alfresco-community/alf_data
2019-05-29 11:24:30,445 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Starting 'Search' subsystem, ID: [Search, managed, solr4]
2019-05-29 11:24:30,759 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Startup of 'Search' subsystem, ID: [Search, managed, solr4] complete
2019-05-29 11:24:30,794 INFO [org.alfresco.repo.admin.patch.PatchExecuter] [localhost-startStop-1] Checking for patches to apply ...
2019-05-29 11:24:31,310 INFO [org.alfresco.repo.admin.patch.PatchExecuter] [localhost-startStop-1] No patches were required.
2019-05-29 11:24:31,335 INFO [org.alfresco.repo.module.ModuleServiceImpl] [localhost-startStop-1] Found 4 module package(s).
2019-05-29 11:24:31,375 INFO [org.alfresco.repo.module.ModuleServiceImpl] [localhost-startStop-1] Starting module 'alfresco-aos-module' version 1.1.6.
2019-05-29 11:24:31,401 INFO [org.alfresco.repo.module.ModuleServiceImpl] [localhost-startStop-1] Starting module 'org.alfresco.integrations.google.docs' version 3.0.4.
2019-05-29 11:24:31,420 INFO [org.alfresco.repo.module.ModuleServiceImpl] [localhost-startStop-1] Starting module 'alfresco-share-services' version 5.2.0.
2019-05-29 11:24:31,438 INFO [org.alfresco.repo.module.ModuleServiceImpl] [localhost-startStop-1] Starting module 'alfresco-trashcan-cleaner' version 2.2.
2019-05-29 11:24:31,447 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Starting 'fileServers' subsystem, ID: [fileServers, default]
2019-05-29 11:24:31,789 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Starting 'sysAdmin' subsystem, ID: [sysAdmin, default]
2019-05-29 11:24:31,831 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Startup of 'sysAdmin' subsystem, ID: [sysAdmin, default] complete
2019-05-29 11:24:31,880 WARN [org.alfresco.fileserver] [localhost-startStop-1] CIFS, Unable to get local domain/workgroup name, using default of WORKGROUP. This may be due to firewall settings or incorrect <broadcast> setting)
2019-05-29 11:24:31,888 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Startup of 'fileServers' subsystem, ID: [fileServers, default] complete
2019-05-29 11:24:31,889 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Starting 'imap' subsystem, ID: [imap, default]
2019-05-29 11:24:32,004 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Startup of 'imap' subsystem, ID: [imap, default] complete
2019-05-29 11:24:32,005 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Starting 'email' subsystem, ID: [email, outbound]
2019-05-29 11:24:32,394 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Startup of 'email' subsystem, ID: [email, outbound] complete
2019-05-29 11:24:32,394 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Starting 'email' subsystem, ID: [email, inbound]
2019-05-29 11:24:32,453 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Startup of 'email' subsystem, ID: [email, inbound] complete
2019-05-29 11:24:32,454 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Starting 'Subscriptions' subsystem, ID: [Subscriptions, default]
2019-05-29 11:24:32,494 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Startup of 'Subscriptions' subsystem, ID: [Subscriptions, default] complete
2019-05-29 11:24:32,516 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Starting 'Synchronization' subsystem, ID: [Synchronization, default]
2019-05-29 11:24:32,659 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Startup of 'Synchronization' subsystem, ID: [Synchronization, default] complete
2019-05-29 11:24:32,687 INFO [org.alfresco.service.descriptor.DescriptorService] [localhost-startStop-1] Alfresco JVM - v1.8.0_131-b11; maximum heap size 990,750MB
2019-05-29 11:24:32,688 INFO [org.alfresco.service.descriptor.DescriptorService] [localhost-startStop-1] Server Mode :UNKNOWN
2019-05-29 11:24:32,691 INFO [org.alfresco.service.descriptor.DescriptorService] [localhost-startStop-1] Alfresco Content Services started (Community). Current version: 5.2.0 (re21f2be5-b22) schema 10 057. Originally installed version: 5.2.0 (re21f2be5-b22) schema 10 057.
2019-05-29 11:24:32,708 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Starting 'ActivitiesFeed' subsystem, ID: [ActivitiesFeed, default]
2019-05-29 11:24:32,977 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Startup of 'ActivitiesFeed' subsystem, ID: [ActivitiesFeed, default] complete
2019-05-29 11:24:32,978 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Starting 'Replication' subsystem, ID: [Replication, default]
2019-05-29 11:24:33,000 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Startup of 'Replication' subsystem, ID: [Replication, default] complete
2019-05-29 11:24:34,988 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Starting 'googledocs' subsystem, ID: [googledocs, drive]
2019-05-29 11:24:35,122 INFO [org.alfresco.repo.management.subsystems.ChildApplicationContextFactory] [localhost-startStop-1] Startup of 'googledocs' subsystem, ID: [googledocs, drive] complete
2019-05-29 11:24:38,200 INFO [org.springframework.extensions.webscripts.DeclarativeRegistry] [asynchronouslyRefreshedCacheThreadPool1] Registered 408 Web Scripts (+0 failed), 556 URLs
2019-05-29 11:24:38,203 INFO [org.springframework.extensions.webscripts.DeclarativeRegistry] [asynchronouslyRefreshedCacheThreadPool1] Registered 1 Package Description Documents (+0 failed)
2019-05-29 11:24:38,204 INFO [org.springframework.extensions.webscripts.DeclarativeRegistry] [asynchronouslyRefreshedCacheThreadPool1] Registered 0 Schema Description Documents (+0 failed)
2019-05-29 11:24:40,050 INFO [org.springframework.extensions.webscripts.DeclarativeRegistry] [localhost-startStop-1] Registered 408 Web Scripts (+0 failed), 556 URLs
2019-05-29 11:24:40,051 INFO [org.springframework.extensions.webscripts.DeclarativeRegistry] [localhost-startStop-1] Registered 1 Package Description Documents (+0 failed)
2019-05-29 11:24:40,051 INFO [org.springframework.extensions.webscripts.DeclarativeRegistry] [localhost-startStop-1] Registered 0 Schema Description Documents (+0 failed)
2019-05-29 11:24:40,057 INFO [org.springframework.extensions.webscripts.AbstractRuntimeContainer] [localhost-startStop-1] Initialised Repository Web Script Container (in 4906.8384ms)
2019-05-29 11:24:40,094 INFO [org.springframework.extensions.webscripts.TemplateProcessorRegistry] [localhost-startStop-1] Registered template processor freemarker for extension ftl
2019-05-29 11:24:40,097 INFO [org.springframework.extensions.webscripts.ScriptProcessorRegistry] [localhost-startStop-1] Registered script processor javascript for extension js
2019-05-29 11:24:41,583 INFO [org.springframework.extensions.webscripts.DeclarativeRegistry] [asynchronouslyRefreshedCacheThreadPool1] Registered 408 Web Scripts (+0 failed), 556 URLs
2019-05-29 11:24:41,583 INFO [org.springframework.extensions.webscripts.DeclarativeRegistry] [asynchronouslyRefreshedCacheThreadPool1] Registered 1 Package Description Documents (+0 failed)
2019-05-29 11:24:41,584 INFO [org.springframework.extensions.webscripts.DeclarativeRegistry] [asynchronouslyRefreshedCacheThreadPool1] Registered 0 Schema Description Documents (+0 failed)
2019-05-29 11:24:41,660 INFO [org.springframework.extensions.webscripts.DeclarativeRegistry] [asynchronouslyRefreshedCacheThreadPool1] Registered 13 Web Scripts (+0 failed), 102 URLs
2019-05-29 11:24:41,661 INFO [org.springframework.extensions.webscripts.DeclarativeRegistry] [asynchronouslyRefreshedCacheThreadPool1] Registered 0 Package Description Documents (+0 failed)
2019-05-29 11:24:41,661 INFO [org.springframework.extensions.webscripts.DeclarativeRegistry] [asynchronouslyRefreshedCacheThreadPool1] Registered 0 Schema Description Documents (+0 failed)
2019-05-29 11:24:41,710 INFO [org.springframework.extensions.webscripts.DeclarativeRegistry] [localhost-startStop-1] Registered 13 Web Scripts (+0 failed), 102 URLs
2019-05-29 11:24:41,710 INFO [org.springframework.extensions.webscripts.DeclarativeRegistry] [localhost-startStop-1] Registered 0 Package Description Documents (+0 failed)
2019-05-29 11:24:41,710 INFO [org.springframework.extensions.webscripts.DeclarativeRegistry] [localhost-startStop-1] Registered 0 Schema Description Documents (+0 failed)
2019-05-29 11:24:41,714 INFO [org.springframework.extensions.webscripts.AbstractRuntimeContainer] [localhost-startStop-1] Initialised Public Api Web Script Container (in 1549.6895ms)
2019-05-29 11:24:41,760 INFO [org.springframework.extensions.webscripts.DeclarativeRegistry] [asynchronouslyRefreshedCacheThreadPool1] Registered 13 Web Scripts (+0 failed), 102 URLs
2019-05-29 11:24:41,761 INFO [org.springframework.extensions.webscripts.DeclarativeRegistry] [asynchronouslyRefreshedCacheThreadPool1] Registered 0 Package Description Documents (+0 failed)
2019-05-29 11:24:41,761 INFO [org.springframework.extensions.webscripts.DeclarativeRegistry] [asynchronouslyRefreshedCacheThreadPool1] Registered 0 Schema Description Documents (+0 failed)

fedorow
Elite Collaborator
Elite Collaborator

It's don't synchronize at startup. Strange, I think synchronization.syncOnStartup=true is default settings.

And add crone into global properties to make periodical synchronization. For example:

synchronization.import.cron=0 0/20 8-18 * * ?

After this you will see log of syncing.

I add your line : synchronization.import.cron=0 0/20 8-18 * *

But I don't really know syntax of this line, why this number and why * *

With this line I don't see any difference, no group on my alfresco.

fedorow
Elite Collaborator
Elite Collaborator

It's crone syntax, google bless you. It should syncing AD every 20 minutes from 8AM to 6PM every day.

So you will see results of syncing in alfresco log every 20 minutes. If you testing, you can decrease number of minutes.

fedorow
Elite Collaborator
Elite Collaborator

May be it's your solution? ldap-ad subsystem - sync error 

I never have spaces in OU or DC. You have. So try add spaces after comas.

mdubois
Confirmed Champ
Confirmed Champ

I try this with space afters comas and it didn't work.

I try too "OU=Groupes\ d'accès" it didn't work too.

Sure the problem is the space but how can I go out of this space.

mdubois
Confirmed Champ
Confirmed Champ

I just try with an other OU 

ldap.synchronization.groupSearchBase=OU=Alfresco,DC=rapido53,DC=com

With one group but when I go in admin tools et browse group, i don't have group....

 

This is all line about authentification in my file :

 

authentication.chain=alfinst:alfrescoNtlm,ldap1:ldap
ldap.authentification.active=true
ntlm.authentication.sso.enabled=false
ldap.synchronization.active=false

ldap.authentication.userNameFormat=%s@domain.com 
ldap.authentication.java.naming.provider.url=ldap://SRVDC01.domain.com 
ldap.synchronization.userSearchBase=ou=User,dc=domain,dc=com
ldap.synchronization.groupSearchBase=ou=Alfresco,dc=domain,dc=com

ldap.synchronization.java.naming.security.principal=test@domain.com 
ldap.synchronization.java.naming.security.credentials=SECRET 
ldap.authentication.allowGuestLogin=false
ldap.authentication.defaultAdministratorUserNames=Administrator,alfresco
ldap.synchronization.groupQuery=(objectclass\=group)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(whenChanged<\={0})))

fedorow
Elite Collaborator
Elite Collaborator

1. Do you use Microsoft Active Directory Domain Services? Then change ldap to ldap-ad.

authentication.chain=ldap1:ldap-ad,alfinst:alfrescoNtlm

2. Turn ON synchronization

ldap.synchronization.active=true

3. Add port of you LDAP host. For example standard LDAP AD port 389.

ldap.authentication.java.naming.provider.url=ldap://SRVDC01.rapido53.com:389

4. Make sure you have admin user in AD. I recommend replace it to less privileged user. Don't forget replace it to read only user, after synchronization start to work.

5. Don't use # comments in one line with values. Place # in start or line.

6. Remove double line in upper case:

ldap.authentication.userNameFormat=%s@RAPIDO53.com

mdubois
Confirmed Champ
Confirmed Champ

Ok so now it work with a classic path but when i use path with ou=Groupes d'accès, it didn't work cause of the space