11-11-2021 11:54 AM
Hola amigos,
acabo de configurar la sincronizacion de mi alfresco con mi LDAP y aun asi no funciona. veo los usuarios y grupos pero no puedo acceder me da un error. No se han reconocido sus datos de autenticacion. Podrian ayudarme tengo Alfresco 7 en un centos 7 y conectado a un servidor mariadb 10.
Adjunto mi global-properties
###############################
## Common Alfresco Properties #
###############################
dir.root=/usr/local/alfresco-community70/alf_data
dir.contentstore=${dir.root}/contentstore
dir.contentstore.deleted=${dir.root}/contentstore.deleted
dir.keystore=/usr/local/alfresco-community70/tomcat/shared/classes/alfresco/extension/keystore
#
# URL Generation Parameters (The ${localname} token is replaced by the local server name)
#-------------
alfresco.context=alfresco
alfresco.host=${localname}
alfresco.port=8080
alfresco.protocol=http
share.context=share
share.host=${localname}
share.port=8080
share.protocol=http
### database connection properties ###
db.username=alfresco
db.password=xxxxxx
db.name=alfresco
db.host=10.10.10.30
db.port=3306
db.driver=com.mysql.jdbc.Driver
db.url=jdbc:mysql://${db.host}:${db.port}/${db.name}?useUnicode=yes&characterEncoding=UTF-8
# Note: your database must also be able to accept at least this many connections. Please see your database documentation for instructions on how to configure this.
db.pool.max=275
db.pool.validate.query=SELECT 1
# The server mode. Set value here
# UNKNOWN | TEST | BACKUP | PRODUCTION
system.serverMode=UNKNOWN
### RMI registry port for JMX ###
alfresco.rmi.services.port=50500
# Default value of alfresco.rmi.services.host is 0.0.0.0 which means 'listen on all adapters'.
# This allows connections to JMX both remotely and locally.
alfresco.rmi.services.host=0.0.0.0
### E-mail site invitation setting ###
notification.email.siteinvite=false
### License location ###
dir.license.external=/usr/local/alfresco-community70
### Allow extended ResultSet processing
security.anyDenyDenies=false
### Smart Folders Config Properties ###
smart.folders.enabled=false
### Remote JMX (Default: disabled) ###
alfresco.jmx.connector.enabled=false
## AMQ And Transformation services
localTransform.core-aio.url=http://localhost:8090/
local.transform.service.enabled=true
messaging.broker.url=tcp://localhost:61616
messaging.subsystem.autoStart=true
#If you have setup username and password for AMQ, then set the below properties. In my case i have kept default admin/admin
messaging.broker.username=admin
messaging.broker.password=admin
################ Solr Search service configurations ###############
#
# Index Recovery Mode
#-------------
#index.recovery.mode=AUTO
# Set this property unless you have explicitly chosen to expose some repository APIs without authentication
solr.host=localhost
solr.port=8983
#none, https
solr.secureComms=none
solr.base.url=/solr
index.subsystem.name=solr6
### FTP Server Configuration ###
ftp.port=2121
ftp.enabled=true
ftp.server.enables=true
############### LDAP : Authentication ############
authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap-ad
ldap.authentication.active=true
ldap.authentication.allowGuestLogin=false
ldap.authentication.userNameFormat=cn=%s,ou=Empleados,dc=TDA
ldap.authentication.java.naming.provider.url=ldap://10.10.10.40:389
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=Administrator
create.missing.people=false
############### LDAP : Sincronizacion ############
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.principal=cn=alfresco,ou=CuentasAdministrativas,dc=PEPE
ldap.synchronization.java.naming.security.credentials=XXXXXX
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.attributeBatchSize=1000
ldap.synchronization.groupQuery=objectclass\=group
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupSearchBase=ou=ECM,ou=Aplicaciones,ou=Grupos,dc=PEPE
ldap.synchronization.groupQuery=(objectclass\=group)
ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(|(memberOf=cn\=ECM_ADMIN,ou=ECM,ou=Aplicaciones,ou=Grupos,dc=TDA)(memberOf=cn\=ECM_USERS,ou=ECM,ou=Aplicaciones,ou=Grupos,dc=PEPE)))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(|(memberOf=cn\=ECM_ADMIN,ou=ECM,ou=Aplicaciones,ou=Grupos,dc=PEPE)(memberOf=cn\=ECM_USERS,ou=ECM,ou=Aplicaciones,ou=Grupos,dc=PEPE))(!(modifyTimestamp<\={0})))
ldap.synchronization.groupSearchBase=ou=ECM,ou=Aplicaciones,ou=Grupos,dc=PEPE
ldap.synchronization.userSearchBase=ou=Empleados,dc=PEPE
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=company
ldap.synchronization.defaultHomeFolderProvider=largeHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupDisplayNameAttributeName=displayName
ldap.synchronization.groupType=group
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=member
ldap.synchronization.enableProgressEstimation=true
synchronization.syncOnStartup=true
synchronization.import.cron=0 0 0 * * ?
11-15-2021 11:58 AM
Por si a alguien le sirve esto con configure en alfresco 7 y windows 2012 r2 a mi me funciono correctamente.
############### LDAP : Authentication ############
authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap-ad
ldap.authentication.active=true
ldap.authentication.userNameFormat=
#ldap.authentication.userNameFormat=uids=%s,ou=VPN,ou=Empleados,dc=PEPE
ldap.authentication.allowGuestLogin=false
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://pepe.local:389
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=Administrador
create.missing.people=false
############### LDAP : Sincronizacion ############
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.principal=CN\=alfresco,OU=CuentasAdministrativas,DC=PEPE
ldap.synchronization.java.naming.security.credentials=1nf0rmat1cA
#ldap.synchronization.queryBatchSize=0
#ldap.synchronization.attributeBatchSize=0
ldap.synchronization.groupQuery=(objectclass\=group)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(|(memberOf=cn\=Alf_Administrador,ou=Alfresco_ECM,ou=Aplicaciones,ou=Grupos,dc=PEPE)))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(|(memberOf=cn\=Alf_Administrador,ou=Alfresco_ECM,ou=Aplicaciones,ou=Grupos,dc=PEPE))(!(modifyTimestamp<\={0})))
ldap.synchronization.groupSearchBase=OU=Alfresco_ECM,OU=Aplicaciones,OU=Grupos,DC=PEPE
ldap.synchronization.userSearchBase=OU=VPN,OU=Empleados,DC=PEPE
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=company
ldap.synchronization.defaultHomeFolderProvider=largeHomeFolderProvider
ldap.synchronization.groupDisplayNameAttributeName=displayName
ldap.synchronization.groupType=group
ldap.synchronization.personType=person
ldap.synchronization.groupMemberAttributeName=member
ldap.synchronization.enableProgressEstimation=true
synchronization.synchronizeChangesOnly=false
# secs min hour dom mon dow
synchronization.import.cron=0 */10 8-19 * * ?
#Every minutes, Alfresco sync.
synchronization.syncOnStartup=true
11-12-2021 03:30 AM
La causa del error puedes encontrarla en alfresco.log / catalina.out
11-12-2021 04:32 AM
Hola @angelborroy
Adjunto el log , yo es que la verdad no encuentro un error salvo algo de http token pero es que de alli no veo ningun error. no se si deba de hacer algo mas. como te comento veo los usuarios de los grupos pero no accedo.
11-15-2021 11:58 AM
Por si a alguien le sirve esto con configure en alfresco 7 y windows 2012 r2 a mi me funciono correctamente.
############### LDAP : Authentication ############
authentication.chain=alfrescoNtlm1:alfrescoNtlm,ldap1:ldap-ad
ldap.authentication.active=true
ldap.authentication.userNameFormat=
#ldap.authentication.userNameFormat=uids=%s,ou=VPN,ou=Empleados,dc=PEPE
ldap.authentication.allowGuestLogin=false
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://pepe.local:389
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false
ldap.authentication.defaultAdministratorUserNames=Administrador
create.missing.people=false
############### LDAP : Sincronizacion ############
ldap.synchronization.active=true
ldap.synchronization.java.naming.security.authentication=simple
ldap.synchronization.java.naming.security.principal=CN\=alfresco,OU=CuentasAdministrativas,DC=PEPE
ldap.synchronization.java.naming.security.credentials=1nf0rmat1cA
#ldap.synchronization.queryBatchSize=0
#ldap.synchronization.attributeBatchSize=0
ldap.synchronization.groupQuery=(objectclass\=group)
ldap.synchronization.groupDifferentialQuery=(&(objectclass\=group)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(|(memberOf=cn\=Alf_Administrador,ou=Alfresco_ECM,ou=Aplicaciones,ou=Grupos,dc=PEPE)))
ldap.synchronization.personDifferentialQuery=(&(objectclass\=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512)(|(memberOf=cn\=Alf_Administrador,ou=Alfresco_ECM,ou=Aplicaciones,ou=Grupos,dc=PEPE))(!(modifyTimestamp<\={0})))
ldap.synchronization.groupSearchBase=OU=Alfresco_ECM,OU=Aplicaciones,OU=Grupos,DC=PEPE
ldap.synchronization.userSearchBase=OU=VPN,OU=Empleados,DC=PEPE
ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss'.0Z'
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=company
ldap.synchronization.defaultHomeFolderProvider=largeHomeFolderProvider
ldap.synchronization.groupDisplayNameAttributeName=displayName
ldap.synchronization.groupType=group
ldap.synchronization.personType=person
ldap.synchronization.groupMemberAttributeName=member
ldap.synchronization.enableProgressEstimation=true
synchronization.synchronizeChangesOnly=false
# secs min hour dom mon dow
synchronization.import.cron=0 */10 8-19 * * ?
#Every minutes, Alfresco sync.
synchronization.syncOnStartup=true
Tags
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.