Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Hyland Connect
- Enterprise Platforms
- Alfresco
- Alfresco Archive
- Re: Alfresco Labs 3.0 AD connectivity
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Alfresco Labs 3.0 AD connectivity
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-19-2008 04:21 AM
Hello community,
since a view days is try to setup the Alfresco NTLM Auth Component. I user this (http://wiki.alfresco.com/wiki/3.0_Configuring_NTLM) Tutorial from the Alfresco Wiki to set up the component. Unfortunately I had no success.
My setup: Debian Etch, TomCat 5.5, Mysql5, War Version of Alfresco 3.0.
The Alfresco log tells me the following:
http://www.onlyfree.de/php/pasteservice/show.php?id=15990
Somebody has an idea?
I look forward to your support and thanks in advance.
Best Regards
cassini
since a view days is try to setup the Alfresco NTLM Auth Component. I user this (http://wiki.alfresco.com/wiki/3.0_Configuring_NTLM) Tutorial from the Alfresco Wiki to set up the component. Unfortunately I had no success.
My setup: Debian Etch, TomCat 5.5, Mysql5, War Version of Alfresco 3.0.
The Alfresco log tells me the following:
http://www.onlyfree.de/php/pasteservice/show.php?id=15990
Somebody has an idea?
I look forward to your support and thanks in advance.
Best Regards
cassini
Labels:
- Labels:
-
Archive
8 REPLIES 8
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-06-2009 02:44 PM
Hi there,
In case you are still having problems, I noticed this part of your error message:
org.springframework.beans.MethodInvocationException: Property 'domain' threw exception; nested exception is org.alfresco.error.AlfrescoRuntimeException: Failed to set passthru domain, java.io.IOException: Failed to find domain controller or browse master for HM
Caused by: org.alfresco.error.AlfrescoRuntimeException: Failed to set passthru domain, java.io.IOException: Failed to find domain controller or browse master for HM
at org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl.setDomain(NTLMAuthenticationComponentImpl.java:290)
That looks to me like the domain, or a server to authenticate against is not set properly. Check the wiki page you were using for more details on that…
If that doesn't help you out, I know that the NTLMAuthenticationComponent bean needs to have the ID "authenticationComponent" and not "authenticationComponentImpl"…. In some versions I guess (had to be before my time with alfresco, because I haven't seen it myself, just in the forums) the default ID in the xml file (ntlm-authentication-context.xml in shared/classes/alfresco/extension) has the 'Impl' on it, and that causes errors.
In case you are still having problems, I noticed this part of your error message:
org.springframework.beans.MethodInvocationException: Property 'domain' threw exception; nested exception is org.alfresco.error.AlfrescoRuntimeException: Failed to set passthru domain, java.io.IOException: Failed to find domain controller or browse master for HM
Caused by: org.alfresco.error.AlfrescoRuntimeException: Failed to set passthru domain, java.io.IOException: Failed to find domain controller or browse master for HM
at org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl.setDomain(NTLMAuthenticationComponentImpl.java:290)
That looks to me like the domain, or a server to authenticate against is not set properly. Check the wiki page you were using for more details on that…
If that doesn't help you out, I know that the NTLMAuthenticationComponent bean needs to have the ID "authenticationComponent" and not "authenticationComponentImpl"…. In some versions I guess (had to be before my time with alfresco, because I haven't seen it myself, just in the forums) the default ID in the xml file (ntlm-authentication-context.xml in shared/classes/alfresco/extension) has the 'Impl' on it, and that causes errors.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-07-2009 09:43 AM
Hi,
I have the same problem. But the ID must have the "impl". Otherwise I get a ClassNotFoundException
kind regards
Tobias
I have the same problem. But the ID must have the "impl". Otherwise I get a ClassNotFoundException
kind regards
Tobias
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-17-2009 01:40 PM
Hey at the bottom of this post is my working config for NTLM. This configuration doesn't try to auto discover the domain controllers but declares them. I had issues with only setting a domain and instead had to set the server option.
in this code
when i use DOMAIN it is the "test" portion of "test.com" in all caps.
and <ip of DC 1> and <ip of DC 2> are replaced by the IP address of a my two domain controllers
so if I have "test.com" and my domain controllers are at 10.0.0.1 and 10.0.0.2 It would look something like this
<property name="servers">
<value>TEST\10.0.0.1,TEST\10.0.0.2,10.0.0.1</value>
</property>
There are some more configurations you can put in here
take a look at the "NTLM Passthru Properties" and "Domain Mappings" sections of this page for Alfresco 3
http://wiki.alfresco.com/wiki/3.0_Configuring_NTLM
My Working config with network configuration stuff blinded
in this code
when i use DOMAIN it is the "test" portion of "test.com" in all caps.
and <ip of DC 1> and <ip of DC 2> are replaced by the IP address of a my two domain controllers
so if I have "test.com" and my domain controllers are at 10.0.0.1 and 10.0.0.2 It would look something like this
<property name="servers">
<value>TEST\10.0.0.1,TEST\10.0.0.2,10.0.0.1</value>
</property>
There are some more configurations you can put in here
take a look at the "NTLM Passthru Properties" and "Domain Mappings" sections of this page for Alfresco 3
http://wiki.alfresco.com/wiki/3.0_Configuring_NTLM
My Working config with network configuration stuff blinded
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE beans PUBLIC '-//SPRING//DTD BEAN//EN' 'http://www.springframework.org/dtd/spring-beans.dtd'>
<beans>
<bean id="authenticationDao" class="org.alfresco.repo.security.authentication.DefaultMutableAuthenticationDao" >
<property name="allowSetEnabled" value="true" />
<property name="allowGetEnabled" value="true" />
<property name="allowDeleteUser" value="true" />
<property name="allowCreateUser" value="true" />
</bean>
<!– The authentication component. –>
<!– Use the passthru authentication component to authenticate using –>
<!– user accounts on one or more Windows servers. –>
<!– Properties that specify the server(s) to use for passthru –>
<!– authentication :- –>
<!– useLocalServer use the local server for authentication –>
<!– domain use domain controllers from the specified domain–>
<!– servers comma delimted list of server addresses or –>
<!– names –>
<bean id="authenticationComponent"
class="org.alfresco.repo.security.authentication.ntlm.NTLMAuthenticationComponentImpl"
parent="authenticationComponentBase">
<property name="useLocalServer">
<value>false</value>
</property>
<property name="servers">
<value>DOMAIN\<ip of DC 1>,DOMAIN\<ip of DC 2>,<ip of DC 1></value>
</property>
<property name="personService">
<ref bean="personService" />
</property>
<property name="nodeService">
<ref bean="nodeService" />
</property>
<property name="transactionService">
<ref bean="transactionComponent" />
</property>
<property name="guestAccess">
<value>false</value>
</property>
</bean>
</beans>
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-30-2009 02:37 AM
Hi team,
I'm new to Alfresco and i'm using alfresco labs 3.0 stable version.
In the user guide i found the NTLM under security but in that there is no explanation about it.
Can anyone tell me the exact use of this NTLM ?
Thanks in advance.
I'm new to Alfresco and i'm using alfresco labs 3.0 stable version.
In the user guide i found the NTLM under security but in that there is no explanation about it.
Can anyone tell me the exact use of this NTLM ?
Thanks in advance.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-30-2009 06:32 AM
NTLM is a Microsoft authentication protocol
http://en.wikipedia.org/wiki/NTLM
It is the primary protocol Windows/Microsoft use for most system-system authentication through 2003/xp. I believe they are phasing it out but dont know for sure. It is a Windows NT holdover.
In Alfresco, NTLM can replace all other authentication mechanisms. So, basically when a user enters their username and password, alfresco will ask the NTLM (active directory) server if this is a valid username and password.
If AD says yes its valid, Alfresco creates a local userprofile/account if the dont have one on alfresco and logs them in. In all subsequent authentication attempts, Alfresco always polls AD. If a user is locked out because of bad password attempts or their account is disabled or deleted in AD, they can not get into Alfresco. I believe this should work with AD log on hours but have never tried it.
NTLM in alfresco is only good for authentication against AD. It will not care about AD groups and it will not pull over user metadata (phone numbers, email address, etc) those must be managed in alfresco by an administrator.
If you need more than authentication and your application requires, for lack of a better term, "syncing" groups and metadata with AD you will need to use LDAP syncing.
I service about 50 users and have never had trouble with only NTML. Inserting the metadata and group management is simply part of our setup procedure and typically doesn't take me more than 15 minuets per user.
IF you use NTLM and LDAP syncing, NTLM will be the preferred authentication protocol, and LDAP should only be used for syncing.
http://en.wikipedia.org/wiki/NTLM
It is the primary protocol Windows/Microsoft use for most system-system authentication through 2003/xp. I believe they are phasing it out but dont know for sure. It is a Windows NT holdover.
In Alfresco, NTLM can replace all other authentication mechanisms. So, basically when a user enters their username and password, alfresco will ask the NTLM (active directory) server if this is a valid username and password.
If AD says yes its valid, Alfresco creates a local userprofile/account if the dont have one on alfresco and logs them in. In all subsequent authentication attempts, Alfresco always polls AD. If a user is locked out because of bad password attempts or their account is disabled or deleted in AD, they can not get into Alfresco. I believe this should work with AD log on hours but have never tried it.
NTLM in alfresco is only good for authentication against AD. It will not care about AD groups and it will not pull over user metadata (phone numbers, email address, etc) those must be managed in alfresco by an administrator.
If you need more than authentication and your application requires, for lack of a better term, "syncing" groups and metadata with AD you will need to use LDAP syncing.
I service about 50 users and have never had trouble with only NTML. Inserting the metadata and group management is simply part of our setup procedure and typically doesn't take me more than 15 minuets per user.
IF you use NTLM and LDAP syncing, NTLM will be the preferred authentication protocol, and LDAP should only be used for syncing.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-30-2009 06:43 AM
IF you use NTLM and LDAP syncing, NTLM will be the preferred authentication protocol, and LDAP should only be used for syncing.
Hi ofrxnz, thanks for your time. And i got clear idea about NTLM by seeing your post. And i just get a bit confusion on the above. what is "LDAP syncing/(synchronising)"…? I understood it is to change the password/editing the first name,last mae,mail …etc am i right?
But there was a problem, if i'm right, the labs 3.0 stable version is not allowing the users (even admin) to change their password/edit profile if we use LDAP. i think this was a bug reported in the following JIRA.
https://issues.alfresco.com/jira/browse/ETHREEOH-1634?page=com.atlassian.jira.plugin.system.issuetab...
can you explan a bit about using the files ldap-authentication-context.xml and ldap-synchronisation-context.xml files and what is ldap syncing(synchronising) ?? .
I'm just confusing on these two files.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-30-2009 07:22 AM
In AD, each user has meta data such as fname, lname, mail, phone, etc. the only thing NTLM cares about is Username and password.
Alfresco also supports LDAP authentication and AD also supports LDAP authentication so, with the Alfresco LDAP authentication mechanism, you can have Alfresco automatically pull these things over and put them in the alfresco profile.
I dont believe you can change your password in alfresco with NTLM. you may be able to do it with LDAP but i dont know. You would probably have to give the LDAP bind user administrative rights. Typically LDAP users only have Read-Only access and cant change a thing. I dont know how this works with their own LDAP profile
I dont believe the LDAP issue you mention was a bug. LDAP Sync literally over writes all of the user profiles when ever it runs. This is the nature of the relation ship. LDAP is the repository/Authority, and Alfresco should respect that. I dont remember this when i used LDAP but this may be part of the design–no point letting you change your profile if its just going to get over written. I have not used LDAP in production for a version or two so i dont know for labs 3
LDAP-authentication-context.xml is the file you configure to allow alfresco to connect to and authenticate against an LDAP repository. LDAP-Synchronization-context.xml is the file that tells Alfresco to scan a portion or all of the LDAP directory and maps certain attributes for user to groups to their alfresco equivalent. This file says that each DN with Attribute X should be a user so create a profile for them if they dont have one. it also maps ldap attributes such as fname, lname, o, mail, etc to alfresco profile attributes. Basically, it copies the LDAP user and their attributes to their Alfresco profile. On top of this, it can also find groups in the LDAP server and copy them over to alfresco. the group will have the same name, and it will populate the alfresco group with the LDAP users already in the group. If there is a conflict between alfresco and the LDAP directory, the default behavior is to overwrite Alfresco with what is in the LDAP directory. you can configure how frequently it syncs alfresco to the LDAP directory
There should be 4 ldap files in there 2 that are the configuration and 2 that hold the variables. all you need to do is rename the the two that hold the variables and configure them for your server. the other two will execute and suck the variables over from them. I would give you names but im at home right now
Here is some LDAP stuff to get you started
http://wiki.alfresco.com/wiki/Enterprise_Security_and_Authentication_Configuration#LDAP_Configuratio...
I personally never liked using the LDAP mechanism with AD. works greatewith open LDAP but its a bit strange with AD
Alfresco also supports LDAP authentication and AD also supports LDAP authentication so, with the Alfresco LDAP authentication mechanism, you can have Alfresco automatically pull these things over and put them in the alfresco profile.
I dont believe you can change your password in alfresco with NTLM. you may be able to do it with LDAP but i dont know. You would probably have to give the LDAP bind user administrative rights. Typically LDAP users only have Read-Only access and cant change a thing. I dont know how this works with their own LDAP profile
I dont believe the LDAP issue you mention was a bug. LDAP Sync literally over writes all of the user profiles when ever it runs. This is the nature of the relation ship. LDAP is the repository/Authority, and Alfresco should respect that. I dont remember this when i used LDAP but this may be part of the design–no point letting you change your profile if its just going to get over written. I have not used LDAP in production for a version or two so i dont know for labs 3
LDAP-authentication-context.xml is the file you configure to allow alfresco to connect to and authenticate against an LDAP repository. LDAP-Synchronization-context.xml is the file that tells Alfresco to scan a portion or all of the LDAP directory and maps certain attributes for user to groups to their alfresco equivalent. This file says that each DN with Attribute X should be a user so create a profile for them if they dont have one. it also maps ldap attributes such as fname, lname, o, mail, etc to alfresco profile attributes. Basically, it copies the LDAP user and their attributes to their Alfresco profile. On top of this, it can also find groups in the LDAP server and copy them over to alfresco. the group will have the same name, and it will populate the alfresco group with the LDAP users already in the group. If there is a conflict between alfresco and the LDAP directory, the default behavior is to overwrite Alfresco with what is in the LDAP directory. you can configure how frequently it syncs alfresco to the LDAP directory
There should be 4 ldap files in there 2 that are the configuration and 2 that hold the variables. all you need to do is rename the the two that hold the variables and configure them for your server. the other two will execute and suck the variables over from them. I would give you names but im at home right now
Here is some LDAP stuff to get you started
http://wiki.alfresco.com/wiki/Enterprise_Security_and_Authentication_Configuration#LDAP_Configuratio...
I personally never liked using the LDAP mechanism with AD. works greatewith open LDAP but its a bit strange with AD
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-30-2009 07:44 AM
Thanks ofrxnz ,
Now i got a clear picture about these thinks.
Thanks again for ur support.
Now i got a clear picture about these thinks.
Thanks again for ur support.
Related Content
- Connection problem with Alfresco in Alfresco Forum
- Anyone upgraded alfresco 7.3 to 23.x via ansible? Please connect need help in Alfresco Forum
- History of Alfresco Versions in Alfresco Blog
- Alfresco Community Edition 23.2 Release Notes in Alfresco Blog
- Alfresco is unable to connect to DB but connection is working in Alfresco Forum
Getting started
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.
